#ubuntu-server 2006-04-17
<spike> who was that was playing with LUKS around here?
<spike> I cant make it work for a normal user, luksOpen just fails
<maswan> hmm.. is there a server-oriented backport of 2.6.14 or later to breezy?
<maswan> (or a generic one for that matter)
<maswan> I'd like to get the new tcp stack with minimum fuzz. :)
<infinity> maswan: Backporting kernels is generally considered a non-starter, due to the userspace requirements.  When I want new kernels on old distributions, I tend to just build a monolithic kernel.
<infinity> maswan: Either with the kernel.org souce, or the dapper source, pick whichever you like better.
<BlankC> Are there any control panels built into ubuntu-server? Things like ISPConfig, VHCS, or web-cp.
<infinity> BlankC: Nope.
<infinity> BlankC: Nothing is "built in" to ubuntu-server, it's not an appliance distribution, it's more of an IKEA distribution.
<infinity> BlankC: We give you a base system and a mess of software, you install what you need.
<BlankC> What I meant to ask was...is there a repository that has ISPConfig in it?
<infinity> Not that I know of.
<BlankC> Thanks. I will keep working at it. Im trying to get it to work on a new server.
<infinity> It just looks like a big PHP application anyway, no big deal.
<infinity> (As long you don't use their scary installer that appears to want compile its own copy of apache/php/vsftp/etc)!
<BlankC> I hope so. I was hoping I could just do: apt-get install ispconfig
<BlankC> it compiles a custom version that runs separate from the normal apache. Its just for running the admin interface.
<neuralis> that's.. unpleasant.
<BlankC> Its a fresh server so I'm willing to experiment.
<ajmitch> unpleasant doesn't begin to describe that, from the sound of it
<BlankC> If it works...its like turning the entire system over to a php script....scary.
<neuralis> even if it works, the "developers" that wrote a php application that compiles its own apache and php should be hurt.
<BlankC> I'm sure they say its for 'security reasons'...move along nothing to see here. 8)
* infinity sheds a tear, because no one wants to use his packaged versions of apache and php.
<neuralis> BlankC: that's really a terrible reason.
<infinity> BlankC: Well, I assume they run it as root, so the PHP application has full root access to your whole machine.  Which means any number of the small-scale holes found in php and apache over the years would now be root holes.  ROCK.
<BlankC> It doesn't replace the packaged version. It uses its version for giving root I guess. I'm still just in the beginning stages of installing it.
<infinity> (Somehow, I'm doubting they were smart enough to use a well-audited root helper to do config mangling, but instead use a apache/php as root)
<neuralis> infinity: what? you're saying php doesn't have a crystal-clean security record? oh noes, say it ain't so!
<fabbione> ROFL
<fabbione> GO PHP
<infinity> PHP's security record really isn't that bad.
<BlankC> compared to sendmail. 8)
<fabbione> UHUHU I am down to 14 personal bugs
<infinity> It's their security HANDLING that sucks (ie: "fix it in CVS, note it in the changelog, don't bother giving anyone patches, let them dig for themselves)
<fabbione> and about 600 to X
<fabbione> neuralis: do you know anything about autofs?
<infinity> Anyhow, neither Apache nor PHP have a security record good enough for anyone to say "Hey, I should run that as root!"
<fabbione> i mean i know it.. but i don't use it
<infinity> "... And open a port to it, too!"
<neuralis> infinity: yeah, that's what i was getting at.
<neuralis> fabbione: haven't used it, never had the need
<fabbione> ok
<fabbione> thanks
<neuralis> fabbione: what're you trying to find out?
<fabbione> neuralis: trying to figure if the patches i have in the bugs are good enough
<neuralis> ah. sorry, can't help much there.
<fabbione> i will manage..
<fabbione> don't worry
<fabbione> yeah no problem
<jsgotangco> fabbione: are we going to have a test plan of sorts for -server (like break me challenge hehe)
<fabbione> jsgotangco: it's enough people will test installs and lamp installs
<fabbione> it's not really a security context
<fabbione> but stress testing the kernel is good
<fabbione> speaking of which.. i need to switch default scheuler
<fabbione> scheduler
<jsgotangco> dunno anything about stress testing the kernel i could research are there resources for that online?
<jsgotangco> ah top and sar
<neuralis> jsgotangco: look at the server testing/certification spec, i mention some tools and an example stress test schedule
<jsgotangco> ok i'll check it out
<jsgotangco> i was looking at LTP too
<infinity> fabbione: We're stress-testing kernels on some buildds (sparc and powerpc right now), do you figure it's about time to upgrade one i386 and one x86_64 buildd to dapper's -server kernels and give them a spin?
<fabbione> infinity: from the next upload yes
<fabbione> i am just changing the default IOSCHEDULER to deadline on -server
<fabbione> infinity: i also have some sparc SMP patches we want to test on faure
<fabbione> ajmitch: so did you manage to play with the T2000 ?
<infinity> fabbione: Is deadline known-stable on all arches?
<ajmitch> talking to them tomorrow
<ajmitch> so probably tomorrow afternoon or next week
<infinity> fabbione: I mean, I realise it's simpler code, and SHOULD be stable, but it's also not the default, which means less testing..
<fabbione> infinity: it's common code.. block/ and it's only for x86 and x86_64 -server
<fabbione> infinity: elmo did test it for the last 3 releases at least
<infinity> Good point, elmo does use it a lot. :)
<infinity> Fair enough.
<fabbione> eheh
* ajmitch will be back tomorrow
<infinity> At 100Hz and deadline, this kernel won't really be great for a massive multiuser shell box.
<jsgotangco> by ajmitch
<infinity> But, I guess that type of "server" isn't very common anymore anyway.
<infinity> Only us nerds have those.
<infinity> Should rock for pgsql/mysql.
<infinity> And fileserving.
<fabbione> infinity: right
<fabbione> neat!
<fabbione> ppc crashes as hell if i ask it to blank a cd
<fabbione> score...
<Stonekeeper> Hi! I set up my first US yesterday and am looking for a newbies guide to administering it. Any help much appreciated.
<spike> Stonekeeper: that means everything and nothing...
<spike> Stonekeeper: you can have a look at the linux administration guide on tldp.org
<Stonekeeper> sure. Sorry. I have found a guide from the forums
<spike> that might be a start
<Stonekeeper> out of interest, what is the difference between a Breezy install with "server" and a ubuntu server install?
<spike> Stonekeeper: link? I'm curios about what ppl recommends in such cases
<spike> Stonekeeper: assuming an ubuntu ->breezy<- server install,  nothing iirc, things changed a lot in dapper
<Stonekeeper> http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
<spike> I see
<spike> Stonekeeper: this is way more complete even if not ubuntu specific: http://www.tldp.org/LDP/sag/html/index.html
<Stonekeeper> yeah, that other doc is a bit thin on the ground
<neuralis> Stonekeeper: we'll have the official ubuntu book out soon, with a server chapter as a crash course to administering ubuntu server
<infinity> neuralis: Does the server chapter have anything saying "if you disagree with how a package works, it's your fault, not the package's.  infinity says so."?
<neuralis> infinity: yes. it's in section 4, "things infinity says, and other collected proverbs."
<infinity> Excellent.
<spike> is there any plan to have something like this: http://bencer.cauterized.net/projects/debsums/
<spike> just posted on debian-sec
<spike> online database with files/packages md5/sha hashes
<spike> and permissions/owner as installed by the package
<Stonekeeper> neuralis: great
<fabbione> spike: it was done already
<fabbione> spike: but our admins were not fast enough to provide the server
<fabbione> spike: so basically the code is there but can't be used
<tepsipakki> hmm, my nwu installation seems to be a bit limited in functionality.. should it be possible to say "nwu upgrade host" on the server?
<spike> fabbione: I see, nice. and does it happen you included code to generate a bz2 so ppl can download and check it offline? (provinding a script to run the check would be nice too).
<fabbione> spike: my code is meant to run offline from the installer rescue mode
<spike> fabbione: eeer, guess then there's just a bit of confusion on my side about what code for what. from my POV I see 2 apps, a script that generates and check against a db of hashes, and one offering a web service do search and download that db.
<fabbione> spike: mine does the former
<spike> unless you consider the web one useless, so you just need former and some page to make the link to the db available (unless you even plan to make the whole thing working remotely, with the script querying the db directly on the ubuntu server, but that'd be lots of traffic I guess)
<fabbione> spike: the code is available here: http://people.ubuntu.com/~fabbione/archives/system-integrity-check/
<spike> fabbione: can I download it somehwere?
<fabbione> it's a bzr archive
<spike> oh :)
<spike> ta
<fabbione> but without a server you can't do much
<spike> yeah, np, just curios about the code
<spike> fabbione: do you see any use of that web interface?
<fabbione> spike: no
<spike> we could actually use packages.ubuntu.com too
<fabbione> but i might be wrong
<spike> includeing the piece of info there
<spike> that's already working and in place, so it might make more sense to extend that with a couple more fields rather than creating a new dedicated one
* spike posts on the ML
<fabbione> spike: don't post if you didn't read the code first
<fabbione> mine can be integrated directly into archive.ubuntu.com
<fabbione> and there are different other things
<fabbione> please do NOT get overexicted to something that we have been looking at already
<spike> ehehe :) I do not get overexcited for anything CS related :)
<spike> sorry if I gave that impression
<neuralis> fabbione: is it really that much work for elmo et al to enable the server side of this, particularly after dapper was delayed?
<fabbione> neuralis: we are still in deep feature freeze.. it's unlikely that i am going to push partially untested code in dapper
<fabbione> neuralis: and given they never come back to me, i guess it is an issue
<fabbione> neuralis: anyway at this point in time i don't feel confortable to push code that's brand new
<neuralis> fabbione: fair enough
<jjesse> has anyone tried running ubuntu server on microsofts virtual server software?
<thefish> jjesse: not yet, but i would not be all that surprised if it was a bit iffy
<thefish> in vmware its great though
<thefish> (vmware server is also free)
<jjesse> thefish: i know it works well in vmware server
<mgalvin> jjesse: not yet... but it does run in virtual pc so i would think it *might* work
<jjesse> thefish: however in virtual server i just get a blan screen and no login prompt
<thefish> hrm
<thefish> it would be pretty typical for them to "See! look how bad linux is!" when running on their vm
<jjesse> only way i can get a prompt is in recovery mode
<jjesse> well they are now support red hat and SuSE
<jjesse> http://suport.microsoft.com/?id=917437
<jjesse> do you think there could a resolution problem that might be screwing things up, if so how would i change what resolution ?
<hunger> ~.
#ubuntu-server 2006-04-18
<h3sp4wn> can ubuntu-server be installed over a serial console ?
<tepsipakki> yes
<tepsipakki> at least the netboot-version can
<h3sp4wn> any idea where I could get that from
<h3sp4wn> Would it just work by default (machine has no video card keyboard or monitor) or would I have to mount the image and add console=/dev/* or similar)
<h3sp4wn> to the boot line
<tepsipakki> console=ttyS0,9600n8
<tepsipakki> for the kernel
<tepsipakki> that's what the netboot-image runs
<h3sp4wn> thanks
<tepsipakki> and that you can find from http://archive.ubuntu.com/ubuntu/dists/dapper/main/
<LuckyLuke> hello there. I'm not sure if it's 100% ontopic here, but I'm looking for info about how to set up a personal mirror for ubuntu (I have to keep updated lots of systems). I tried looking around in the web but I couldn't find anything...
<LuckyLuke> (to be a little more ontopic, I would use an ubuntu-server :D)
<spike> LuckyLuke: debmirror?
<LuckyLuke> I'll give a look at it, thanks
<spike> LuckyLuke: debpartial-mirror even
<spike> guess you'r not interested in "the whole thing"
<LuckyLuke> I'm interested in a mirror for apt-get update & dist-upgrade some x86 & x86-64 machines
<spike> are you sure you actually want to mirro ubuntu archives and not just cache downloaded packages?
<LuckyLuke> depends on the size of the archives
<LuckyLuke> if it's too big I would use a squid configured to cache big files, but that would mean telling people to use a proxy.
<LuckyLuke> or maybe there's a smarter way I don't know :D
<spike> yes, there is, it's called transparent proxy
<spike> basically you set on the GW a rule that redirect all outgoing connections on port 80 to the proxy
<LuckyLuke> I thought transp proxy would just work on a lan
<LuckyLuke> I already did some transp proxies. But the mirror would be used by other people on the 'net, in this case
<spike> oh, ok, nm then, it wont work
<spike> thought you were on a LAN
<LuckyLuke> basically, I already run a gentoo-portage (rsync) and a freebsd (cvsup) mirrors
<LuckyLuke> I use them for my systems at work (lan) but they are also used by friends and other people of the local LUG
<LuckyLuke> or some systems located in customers offices (internet)
<LuckyLuke> I'll take a look at debmirror, thanks
<tepsipakki> I've used "apt-mirror" for our U. mirror
<tepsipakki> it's quite handy
<LuckyLuke> on garr.it the ubuntu-archive mirror is 110Gb, but it keeps hoary, warty, dapper and breezy, each with backports and so on. I would only keep the current stable (breezy now, dapper when it'll be the time) without backports and proposed... I hope I'll stay under 50Gb
<tepsipakki> with apt-mirror you can choose which versions to hold
<LuckyLuke> yep
<spike> LuckyLuke: isnt the one garr.it for different arch as well?
#ubuntu-server 2006-04-19
<LuckyLuke> I would try apt-mirror and try to write a script to do the same, because the system I use for mirrors is a freebsd machine
<spike> I remembered the debian one for i386 to be kinda small compared to that...
<LuckyLuke> spike: probably yes. I'm interested in x86 and x86-64 only.
#ubuntu-server 2006-04-22
<ivoks> anyone? :)
<fabbione> nobody
<ivoks> :)
<ivoks> fabbione: i have q. regarind one universe package... i would like advise
<ivoks> it's about spamassassin... is it better to include support for SPF by default or not?
<fabbione> dunno
<fabbione> i use the default config for it
<ivoks> default config in ubuntu is broken :)
<ivoks> it enables SPF, but spamassassin doesn't depend on needed library
<ivoks> ok, i'll just leave it as is and make it depend on libmail-spf-query-perl
<cf_> Hello! Has anyone experience with HP Proliant Servers?
<neuralis> cf_: sure, what's the issue?
<cf_> neuralis: systems installs on raid-system, but does'nt boot afterwards
<neuralis> have you been able to track down the problem any more specifically than that?
<neuralis> specific errors, etc?
<fabbione> our DC runs on proliants in raid...
<fabbione> you need to be more specific
<cf_> neuralis: i think the raiddriver is not included in the initramfs
<neuralis> this is dapper?
<cf_> neuralis: i tried breezy and dapper flight 4
<neuralis> that's strange. i run a number of proliants on raid with breezy, and i never had a problem with it.
<neuralis> are you sure you configured raid properly in the installer/
<neuralis> s/\//?/
<cf_> neuralis: i use the hardware-raid (smart array 5i/6i). there's not much to do in the installer.
<neuralis> cf_: ok, so when you say 'raid driver', you actually mean 'cciss storage driver'.
<cf_> neuralis: that's correct!
<neuralis> works perfectly for me and a bunch of other people. please paste the exact error messages you're getting.
<cf_> neuralis: i'm not at work now, but grub says something like 'root partition not found'
<fabbione> that's probably udev and initramfs
<fabbione> we need the exact error message
<cf_> fabbione: ok, i'll get it and post it tomorrow. thx so far!
<J_P> hi all
#ubuntu-server 2006-04-23
<munzir> Hi, I downloaded http://cdimage.ubuntu.com/dvd/20060411/dapper-dvd-amd64.iso and it gave me a root prompt after this error: kernel direct mapping tables upto ffff810100000000 @ .... can't access tty; job control turned off.
<fabbione> munzir: wrong channel and please try the new image that will be published today
<fabbione> or file a bug in malone
<munzir> fabbione: ok thx.
<munzir> fabbione: why is it wrong channel, isn't that dvd contains the server edition too?
<fabbione> because that's a kernel error
<fabbione> and it is common to both server and desktop
<fabbione> so you could try #ubuntu-kernel
<fabbione> or perhaps it's just a bad burn?
<fabbione> did you verify the md5sum of the download and the dvd with the one on the site?
<munzir> fabbione: I didn't know there is an #ubuntu-kernel. I will check there and I did understand your point. thx
<munzir> fabbione: for the server edition there is a default installation and a lamp installation. isn't it confusing what the difference between them?
<fabbione> no
<fabbione> if you know what LAMP is.. if you don't, you mostlikely don't need it
<munzir> fabbione: the default will install what?
<fabbione> the installation is exactly the same anyway
<fabbione> LAMP adds Apache2 php5 and mysql
<munzir> fabbione: so the default doesn't install apache, php5 and mysql, right?
<fabbione> right
<munzir> fabbione: the confusing point is the L stands for linux so it also means it won't install linux? ;)
<fabbione> no comment
<munzir> fabbione: ;)
<munzir> fabbione: and what does that OEM installation means please?
<fabbione> munzir: please these are FAQ. you can ask in #ubuntu
<fabbione> and same as lamp, if you don't know what it means you don't need it
<munzir> fabbione: ok thx again and sorry for any disturbance
<fabbione> np
<spike> eeer, is there any more robust alternative to acct/sa/sac ? from time to time I stop receiving reports I scheduled with cron, at times it crashes, but I'm pretty sure the system is fine, ie, no rootkits or anything
<spike> only thought I could come up with is problems to deal with broken wtmp because of dead ssh connections... ie, the record isnt properly closed 'cause ssh died so I didnt logout
<spike> it's very annoying, and but for that idea I cant really trace down the problem
<Kolan> Hi, does anyone have experience in using a MegaRaid 105-4 controller with Ubuntu?
<Kolan> Hi, does anyone have experience in using a MegaRaid 105-4 controller with Ubuntu?
<neuralis> Kolan: what's the problem?
<Kolan> I got it installed with Raid 1
<Kolan> it seems like that the server is running quite slow
<Kolan> I ran hdparm -tT
<Kolan> and the buffered reading is about 1MB/s
<Kolan> which isnt good
<Kolan> neuralis: any idea?
<neuralis> bad performance on a hardware raid device doesn't usually have anything to do with the operating system.
<Kolan> neuralis: ok, well this is my first RAID1 system so Im not that experienced in it.
<neuralis> Kolan: experience isn't really a factor here -- with hardware raid, the OS doesn't even know you're using raid.
<Kolan> neuralis: I get an error message when booting. sda: asking for cache data failed
<Kolan> sda: assuming drive cache: write through
<Kolan> can this have something to do with it?=
<neuralis> sure, but that wouldn't make reads slow.
<neuralis> (if you had write-through set as policy on your raid controller, you'd see write performance degradation.)
<neuralis> in your case, you can safely ignore the message.
<neuralis> the kernel is asking the drive for caching parameters, but the request is getting intercepted by the raid card that doesn't know what to do with it, causing the problem report you're seeing.
<allee> Kolan, neuralis: a collegue had trouble with megaraid and a Intel SRCS 16?? card.  AFAIR 2.4.30 as okay, 2.4.31 and all 2.6 kernels he tired where horrible slow.
<allee> he found no solution and eventually gave up frustrated
<neuralis> allee: that's possible, but surprising.
<Nite_Hawk> heya guys, are any of you using ubuntu-server in a production environment?
<neuralis> allee: although the transition you mentioned is the new megaraid code branch, if i remember correctly -- so the problem can be fixed by manually compiling the kernel with the old megaraid driver.
<neuralis> Nite_Hawk: yes.
<allee> neuralis: yeah, seems counterintuitive but happens (I've a problem that raids disk are not detected at all.  But I've to investigate more on this ...)
<allee> neuralis: mhmm, I'll ask him.  but with all the 2.6 API changes I doubt that old megaraid will compile with 2.6
<Nite_Hawk> neuralis: I'm an old debian guy, but at my new place of employment almost everyone are RHEL/SLES fans.  I may have a chance to introduce an ubuntu/debian solution if I play my cards right.
<neuralis> allee: i *believe* the old megaraid module was kept in-tree, and still works. you'd have to check, though.
<neuralis> Nite_Hawk: sounds good.
<neuralis> Nite_Hawk: let us know if you have any questions, certainly.
<Nite_Hawk> neuralis: Cool.  One question, do you know if there are any problems doing TSM backups?
<neuralis> Nite_Hawk: i'm not a tivoli user; wouldn't know, sorry.
<allee> Nite_Hawk: I use TSM client on dapper.  Works fine afaics, but I had not to recover much yet on dapper
<allee> Nite_Hawk: you need sun java with TSM.  dsmj does not the free one
<Nite_Hawk> oh, was ubuntu-server hit with the installer plaintext password bug that was present in breezy?
<allee> dsmj does not like that is
<Nite_Hawk> allee: ok, that's probably fine.  You can build a sun jvm easily enough using java-package right?
<allee> neuralis: thx.  I'll forward the info to him.  2.6.15 has at least CONFIG_MEGARAID_LEGACY=m
<neuralis> allee: yeah, i thought that was still there.
<allee> Nite_Hawk: yes.  I've run in some problem but at least for dsmj they are not critical ;)
<allee> Nite_Hawk: something about mimetype registrationa and java policy stuff failed because install script tries to update them below /etc/
<Nite_Hawk> allee: hrm...
<allee> Nite_Hawk: normal user can't and of course those changes would not find their way into the deb
<allee> if run by root
<allee> Nite_Hawk: try.  maybe they fixed it in the last ~ 3 months ;)
<Nite_Hawk> allee: yeah, I may try to install ubuntu-server on one of my test machines.
<allee> Nite_Hawk: ah, one addition.  that was on i386.  TSM on amd64 is still on TODO.
<allee> Nite_Hawk: up to now all closed source stuff refused to work on amd64 because they still expect some i386 apps. I keep my fingers crossed TSM is different.  Pah!  Dreamer! :)
<Nite_Hawk> hrm... It won't affect my machines, but possibly some others around here.
<Nite_Hawk> Good to know though, thanks! :)
<allee> Nite_Hawk: yeah, I hope that amd64-has-no-32bit-libs will not eventually kill kubuntu usage on my cluster.  Unfortunately some (stupid?) apps need more that 4 GB of mmaped address space :(
<Nite_Hawk> allee: Yeah, I think it's going to be a major uphill battle around here.
<neuralis> Nite_Hawk: what are the reasons that rhel/sles are preferred at the moment? support?
<Nite_Hawk> allee: We run CentOS right now on the premise that Redhat offers support contracts for basically the same thing, and even though we don't buy the support, it must be good if they "offer" it.
<Nite_Hawk> On some of the larger systems we actually run SLES or RHEL for the support contract (and presumed better compatability with things like TSM).
<Nite_Hawk> A couple of the admins are pretty rabidly anti-debian.
<allee> :)
<Nite_Hawk> allee: I'd rather be running suse than redhat, but a number of people just left that is going to cause a lot of confusion/power vacuum, so I'm trying to decide what I can get away with. ;)
<allee> neuralis: FWIW here, we need oracle server due to 3rd party software.  So sles for this.
<neuralis> allee: we've got ubuntu certified for DB2; i'm hoping oracle isn't too far off.
<Nite_Hawk> neuralis: actually, oracle server support would be a big consideration for us on some (though not all) of our systems too.
<neuralis> Nite_Hawk: canonical should have support options on par with redhat for dapper.
<allee> Nite_Hawk: fwiw: there were not big stress tests but at least oracle client runs on amd64
<neuralis> Nite_Hawk: that won't solve pacify the rabid anti-debian crowd, of course. what's their problem with debian?
<neuralis> that's "solve or pacify".
<h3sp4wn> If it is just to run oracle what is wrong with solaris x86 ? If you need support sun's is second to none (anything is better than rpm)
<allee> Nite_Hawk: I've created some i386 debs for TSM ba client.  Much better than alien deb, nevertheless there are still quite somethings that could be enhanced, aka Works for me quality
<Nite_Hawk> neuralis: they haven't been willing to go into it, and I haven't pushed them very hard yet.
<neuralis> Nite_Hawk: reluctance and/or inertia doesn't equate with being rabidly anti-debian. which is it? (the ofrmer is obviously a lot easier to deal with.)
<Nite_Hawk> neuralis: Well, it's "There's no way we will run debian on these machines and I'm not going to talk about it"
<Nite_Hawk> or more "We will run debian over my dead body"
<neuralis> Nite_Hawk: i see. buy a gun? :)
<Nite_Hawk> neuralis: Still, I may be able to sneak ubuntu-server in if I can present some advantages and they keep refusing to say why they don't like it.
<Nite_Hawk> I'm trying to guess what their arguments will be before hand (TSM compat, support, etc) so that I can be ready for them. ;)
<Nite_Hawk> And also so that I don't present it too early (IE, oracle should be supported soon, but isn't quite yet)
<Nite_Hawk> I'd rather wait 6 months if it means I have a much stronger argument.
<neuralis> Nite_Hawk: i don't know if there are any official negotiations with oracle, actually.
<Nite_Hawk> neuralis: Hrm... ok.  btw, do you have any kind of rough idea what the costs of a support contract will be like through canonical?  SLES seems to be quite a bit more expensive than RHEL.
<Nite_Hawk> gotta run to a meeting, bbl
<neuralis> Nite_Hawk: http://www.ubuntu.com/support/supportoptions/paidsupport
<nicola_> hallo, I'm planning to install ubuntu 5.10 on a HP Proliant DL380 G4, I've tried to find some certification for the hardware but I could'nt has anybody installed ubuntu on such hardware? Some problems? NIC or other?
<fabbione> we do have DL380 at the Ubuntu Datacenter and we do run hmm.. Ubuntu on them.. i guess ;)
<nicola_> Ok, that makes me very happy :)
<Nite_Hawk> neuralis: any advantages to Canonical paid support vs other distros?
<neuralis> Nite_Hawk: you'd want to ask jbailey@canonical.com, likely.
<Nite_Hawk> thanks!
<neuralis> sure.
<intelnux> does ubuntu require anything other then telling bios not to worry for headless operation? or are there some tweeks that need to be made to the system?
<neuralis> intelnux: no tweaks, it'll work fine.
<intelnux> thanks
<nawty> gday matey's :)
<Nite_Hawk> ahoy
<nawty> :)
<nawty> Nite_Hawk: any ideas why ubuntu-server isn't on the lists.ubuntu.com front page?
<Nite_Hawk> nawty: huh... no idea. :)
<fabbione> a bug in mailman
<fabbione> it's not exported for some reasons to the web interface
<fabbione> but it's there
<spike> do you know of any alternative to acct to get info about commands ran/resource usage per user?
<spike> acct isnt being very stable, and I've read of quite a few cases where it misbehaves
<spike> I know of other couple accounting patches, wondering if there's any alternative to them
<spike> actually what I want to do is monitoring, not billing, so I'm fine with not so high precision
<spike> but I cant really think of anything else but accounting patches/sw to extract info like those mentioned
<Nite_Hawk> spike: there's http://oss.sgi.com/projects/csa/, but I'm not sure it'd be very useful to you over acct.
<nawty> spike: no ideas here. I'm an unfortunate single use system person.
<nawty> fabbione: logged it in launchpad ? ;)
<Nite_Hawk> spike: I actually am the primary developer on the accounting system for a super computer institute.
<nawty> Nite_Hawk: too many toys then ;)
<Nite_Hawk> nawty: tell me about it.  Each supercomputer vendor uses their own queueing systems and job schedulars.  IBM's AIX systems don't even provide ascii logs.
<spike> Nite_Hawk: I know csa, it was one of the two of the "couple accounting patches" I mentioned above
<Nite_Hawk> spike: yeah, I figured as much.
<spike> Nite_Hawk: have you actually used it in production?
<spike> I played with it but never had a chance to see it even used in production...
<Nite_Hawk> spike: Nope.  I don't think it will actually do anything for me over acct.
<nawty> Nite_Hawk: don't mention that evil world there :P
<nawty> s/world/word/
<nawty> s/there/here/
<nawty> damn, it's too late.
<spike> Nite_Hawk: sounds like you've never had a proble with acct...
<Nite_Hawk> spike: Well, it's not so much that I've never had a problem with it, as I've got about 20 fires that are 10 times as big to worry about until I finish rewriting our accounting system. ;)
<Nite_Hawk> Right now I'm a lot more concerned with getting accurate data from our job queues.
<Nite_Hawk> btw, when I said AIX systems, I specifically meant load leveler, not AIX itself. ;)
<nawty> Nite_Hawk: aah, :)
<Plug> Hi all.  The Dapper Flight 5 CD detects my Areca SATA-RAID controller and installs to it, but seems the installed kernel doesn't support the controller and can't find the disk?  Anyone got around this?
<allee> Plug: check it device name during install and on boot are the same (been there ;). If they are, add the missing driver(s) to /etc/mkinitramfs/modules and dpkg-reconfigure linux-image-<vers>
<allee> Plug: and last but not least open a lauchpad bug (I assume pkg hw-detect)
<Plug> I will have to see if I can use the installer CD to get a shell on the installed FS :)
#ubuntu-server 2007-04-16
<dballester> hi to all
<dballester> hi again
<lionel> hi dballester
* [diablo]  nudges lionel
* [diablo]  is also known as [miles]  , yet formally known as the artist once known as prince
<lionel> Hi [diablo]  :)
<[diablo] > bonjour
<J_P> hi all
<pse> Hi! I'd like to know the differences between the ubuntu server and desktop edition.. is it only LAMP? The server edition didn't work getting this error: "codec_read: codec 0 is not valid [0xfe0000] " so I'm thinking of changing to desktop edition and installing LAMP manually.
<ivoks> pse: kernel, only kernel
<ivoks> everything else is the same
<ivoks> this is the same distribution, same packags, same code
<pse> ah ok
<pse> you've got any idea what that codec_read error is?
<ivoks> you get that for what?
<pse> when I boot up linux I get that
<pse> on like the third row
<ivoks> i doubt that's kernel error
<ivoks> are you running mythtv or something like that?
<ivoks> could be alsa, tough...
<pse> "Starting up...
<pse> Uncompressing Linux... ok, booting the kernel.
<pse> codec_read: codec 0 is not valid [0xfe0000] 
<pse> codec_read: codec 0 is not valid [0xfe0000] 
<pse> codec_read: codec 0 is not valid [0xfe0000] 
<pse> codec_read: codec 0 is not valid [0xfe0000] "
<pse> that's what I get when booting
<pse> and I just tried to install the ubuntu server edition with LAMP
<pse> it was my first boot so I haven't installed anything myself
<ivoks> i guess it's related to alsa
<pse> ok
<ivoks> you could report it as a bug
<shawarma> pse: Edgy?
<shawarma> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.17/+bug/51281
<shawarma> Gotta run
<pse> ok
<pse> I'm not sure what edgy is
<pse> I just used this http://www.ubuntu.com/getubuntu/download and picked Ubuntu 6.10 - Supported to 2008 on standard pers. comp.
<mralphabet> pse: yes, that's edgy
<pse> ok
<pse> anyway.. how am I supposed to correct the error I got, when I can't even boot..? :] 
<ivoks> you can't even boot?
<ivoks> so, you didn't install it yet?
<ivoks> pse: booting is related to something else, not this..
<pse> ivoks: I have installed it.. but it doesn't start linux very well since it freezes after the codec_read errors.. the comp I'm currently on is not the same comp..
<ivoks> you should edit grub option before booting
<ivoks> and then remove quiet and splash
<ivoks> then you'll see the real reason why it doesn't boot
<ivoks> did you change order of drives after install?
<mtc> Is the iptables firewall open by default
<[diablo] > mtc yes
<[diablo] > oh he's gone
<mralphabet> lots and lots of patience
<mtc> is ftp-server enabled as default on the ubuntu server edition?
<mralphabet> mtc: nothing is enabled by default
<mralphabet> mtc: or to phrase it better, there are no open services on ubuntu server at install
<mralphabet> mtc: you can do whatever you would like at that point
<mralphabet> mtc: ie to install ssh server, sudo apt-get install openssh-server
<mtc> I'm be doing an install on a remote server.
<mtc> is webserver not enabled?
<mralphabet> nothing is
<mtc> I would have thought that SSH would be enabled..
<shawarma> mtc: No. No open ports by default. It's policy.
<dballester> hi again
<shawarma> Hello
<dballester> where is the url to inform about a bug in the configuration specs for any ubuntu-server package ? TIA
<dballester> or at least for an error between dependencies ;)
<shawarma> dballester: Report it against one of the packages involved.
<shawarma> dballester: Preferably the one what a potential fix would be applied to, if you can figure out which that is.
<dballester> ok
<dballester> launchpad ?
<shawarma> Always. :-)
<mtc> is it possible to customise the iso so that certain ports are open.
#ubuntu-server 2007-04-17
<[miles] > morning guys
<[miles] > is anyone building their own packages?
<shawarma> Sure
<lionel> hi [miles] 
<ajmitch> packages of what?
<[miles] > gentlemen
<[miles] > well, building .deb's from source tarballs
* ajmitch frequently builds things
<[miles] > ajmitch: I used to package RPM's
<[miles] > ajmitch: but not done .deb 's yet
<[miles] > hi vpol
<[miles] > and welcome
<vpol> thnx.
<ajmitch> ok, are you wanting information on debian packaging?
<[miles] > ajmitch: well, just some tip's really as to the best methods
<[miles] > ajmitch: I see there is a load of packages to assist
* ajmitch tries..
<ajmitch> 20:32 <ubotu> The packaging guide is at http://doc.ubuntu.com/ubuntu/packagingguide/C/index.html - See https://wiki.ubuntu.com/MOTU/Packages/New for information on getting a 
<ajmitch>               package integrated into Ubuntu - Other developer resources are at https://wiki.ubuntu.com/DeveloperResources - See also !backports
<[miles] > ok thanks ajmitch
<ajmitch> that, and the debian NM guide
<ajmitch> and #ubuntu-motu
<[miles] > ajmitch: you also do RPM's ?
<[miles] > ajmitch: ie, can you say which is the easier to package... .deb or .rpm
* ajmitch hasn't touched rpm packaging for about 5-6 years
<[miles] > ah ok
<[miles] > lol
<ajmitch> I've only done debian packaging in that time
<[miles] > vpol: your using server version yeah?
<vpol> [miles] : yup. on many servers.
<[miles] > vpol: which country u in?
<vpol> [miles] : russia.
<[miles] > ah jeje
<[miles] > ok
<[miles] > vpol: your nick is familar
<[miles] > vpol: you doing something with jabber?
<vpol> [miles] : messaging :)
<[miles] > damn it, I hate Horde
<[miles] > having to set it all up
<[miles] > it's bloated to hell
<dballester> hi to all
<dballester> sorry for this nerd question but, anyone knows what password is generated by default for postgresql ( 8.1 )? or at least where i can get this info...
<fabbione> dballester: ask pitti on irc
<fabbione> he is the maintainer
<dballester> thanks fabbione 
<dballester> fabbione, do you remember who is the mantainer for the bacula-postgresql packages ?
<fabbione> dballester: dpkg -p $packagename 
<dballester> fabbione, good idea :) polite one 
<fabbione> :)
<dballester> John Goerzen
<knix_> Is it possible to upgrade Ubuntu server 6.06 to feisty?
<knix_> If so, how?
<mralphabet> knix_: 6.06 ---> 6.10 ---> 7.04
<hirs> hello
<knix_> mralphabet, just change the sources and update -dist accordingly?
<mralphabet> knix_: http://www.debianadmin.com/upgrade-ubuntu-606-dapper-drake-to-ubuntu-10-edgy-eft.html
<knix_> mralphabet, ty
<knix_> mralphabet, will this break my server, if I go from dapper-edgy-feisty?
<knix_> mralphabet, also that site is showing for a gui version.  My server is headless, so just edit the sources and so forth?
<mralphabet> knix_: further down it lists cli instructions
<mralphabet> knix_: will it break your server? . . . probably ;)
<mralphabet> knix_: dapper to edgy is not nearly as smooth as edgy to feisty
<mralphabet> knix_: you should be fine, though
<knix_> mralphabet, ty
<hirs> he guys
<knix_> wassssabie
<hirs> will anyone of you be so kind to spend yome time for me and my problems?
<mralphabet> no, but you are welcome to ask your question anyway!
<knix_> lets here it..   Throw it out there and someone will get it
<hirs> i am trying to install ubuntu-server 6.06.1 amd64 on a hp ml310 g4 machine
<knix_> good man
<hirs> but if i choose the country i am coming from(austria) and pressing enter, nothing happens
<hirs> there will be only a blue screen
<hirs> then i have changed to tty4
<hirs> and theres the party going on
<hirs> error error error
<hirs> but its to fast for me to read is
<hirs> i only can read about: usb, usb hub, usb hp virtual mouse, usb disconnected
<hirs> then i have disabled all usb ports in bios
<hirs> but the same thing happens again
<hirs> i dont know what to do?
<hirs> is it possible that 6.06.1 is not so compatible with intel chipsets?
<mralphabet> hirs: I would put that in the bug category, you may want to search launchpad to see if anybody else has similar issues / possible fixes
<hirs> ok i'll try to follow your instrunctions
<hirs> i have to ask some experts in engish, im not so good at
<hirs> ------------
<hirs> ok now i have tried to install ubuntu-server 6.10
<hirs> it works
<shawarma> w/in 17
<Shane-S> where does the server store network related logs and error logs?
<Shane-S> I had an issue where it seems to have cause Windows DC's to never win elections, and apache failed and would not bind to port 80. I reboot seems to have corrected the problem, but I need to find out what it was
<Shane-S> if it was the Ubuntu server at all or just a coincidence the problem cleared up when I rebooted
<ivoks> Shane-S: samba logs are in /var/log/samba/
<ivoks> Shane-S: apache logs are in /var/log/apache2/
<Shane-S> what about general networking logs? I have samba on there but not setup for the domain
<ivoks> you've probably already had apache running, so new instance couldn't bind to port 80
<ivoks> general networking logs? like...?
<ivoks> problems with kernel par of network are recoreded in /var/log/kern.log
<Shane-S> if like eth0 had an error, bad packet, loss of connectivity?
<ivoks> dmesg
<ivoks> or /var/log/syslog
<ivoks> or /var/log/kern.log
<Shane-S> alrioght ty
<ivoks> if you have samba in network, it will probably win elections
<ivoks> you should configure it to loose or not try at all
<Shane-S> yeah I may have to disable that, not very good with getting it running
<ivoks> domain master = no
<ivoks> local master = no
<Shane-S> work with ip of system and asks for a local system account, but nothing AD based
<ivoks> preferred master = no
<ivoks> you want to set it up as BDC?
<ivoks> it can be BDC only for NT4 stlye network
<ivoks> or AD client
<ivoks> it can't be BDC for AD
<ivoks> (yet :)
<Shane-S> no actually I only wanted Samba so my dumb users could "browse" to it
<Shane-S> I use winSCP3
<ivoks> ah.. i see..
<ivoks> with authentication or without it?
<Shane-S> well I was trying to get guest access, but i only got it with local Ubuntu account working
<ivoks> do you want users to authenticate when connect or just get files, without entering username/password
<Shane-S> but, its i9n production now, not sure if I want to play other then disabling it
<ivoks> it's easy to make it with guest account
<ivoks> for non-auth share, you need:
<ivoks> in [global] 
<Shane-S> well I am sharing the public web folder so teachers can upload their webpages
<ivoks> security = share
<ivoks> server string = name of your server
<ivoks> and then, for a share:
<ivoks> [share_name] 
<ivoks> path = /path/to/shared/folder
<ivoks> guest ok = yes
<Shane-S> I will have to come back and link you to my conf
<ivoks> :)
<Shane-S> I am pretty sure I did all of that
<Shane-S> I am almost out of battery power :(
<Shane-S> I was out troubleshooting this building
<ivoks> it's very important to set it security as share, not leave it as default
<Shane-S> cause wireshark was showing me all kinds of Browser elections
<Shane-S> and then someone called and is like the website just went down
<Shane-S> reboot that and poof, issues here died
<Shane-S> but problem is there are 4 buildings
<Shane-S> and I could not tell if the others were having those issues
<Shane-S> as wireshark can't read across routers :P
<Shane-S> ohh well, I will be back in like an hour or so, thank you
<ivoks> ah... beauty of the job :)
<ivoks> i won't be here
<ivoks> i'm just leaving...
<Shane-S> alright
<Shane-S> well I am sure someone can help
<ivoks> yes
<ivoks> well, bye
<Shane-S> hmm
<Shane-S> http://ww.mantuaschools.com/smb.txt
<Shane-S> http://www.mantuaschools.com/smb.txt
<Shane-S> there, I had linked it from when I was setting it up :P
<ivoks> security = user is bad
<ivoks> as i said, it must be share
<Shane-S> ok
<ivoks> cause, if it's user, then every time one connects she has to enter username/password
<ivoks> with share security, when you choose share, you have to enter pass only if it requiers
<ivoks> if it's guest = ok, then no passwd is asked
<Shane-S> you see anything there that would mess with server elections?
<ivoks> this is 'advanced' setup :)
<ivoks> no, meaning it's default
<ivoks> if it's default, samba will try to become master of your network
<mralphabet> Shane-S: http://jonpeck.blogspot.com/2006/11/how-to-configure-80-fileserver-in-45.html
<ivoks> take a look at man smb.conf and seach for 'master'
<mralphabet> Shane-S: great tips for setting up a quick file server
<ivoks> mralphabet: making things complicate with swat? :)
<Shane-S> thanks, I followed some tutorial to get the conf
<Shane-S> but it did what I needed kinda
<Shane-S> thanks all I will be save this and bbl
<mralphabet> ivoks: it works . .. usually
<ivoks> Shane-S: domain master = no
<mralphabet> ivoks: quick guide, that's all it is
<mralphabet> ;)
<ivoks> mralphabet: once you will not have access to swat on your server (cause of firewall or something else) and then you will look at smb.conf
<ivoks> mralphabet: that will be the last day you had swat on your mind :D
<ivoks> or any other non-vim tool for configuration :D
<ivoks> anyway, take care guys...
<mralphabet> lol
<ivoks> see you later
<mralphabet> later ivoks
<Shane-S> same with me
<Shane-S> bbl ty
<AlexC_> Hey hey,
<lionel> Hi AlexC_
<AlexC_> could someone point to a good guide for getting email working, so I can use it as a mail server as well? I belive I need to install Postfix?
<Nafallo> AlexC_: help.ubuntu.com
<AlexC_> =) ok, let me check it out
<AlexC_> huh? why do I have to set a mail name?
<AlexC_> say for example I was hosted at   myhost.com  my email address would not look like  account@myhost.com but account@mydomain.com
<AlexC_> its telling me to set the mail name that email will be sent/received from :S
<AlexC_> does that mean everyone will then have to use  account@myhost.com  and not their own domain name?
<Nafallo> you found the serverguide?
<Nafallo> I used one of the community ones :-)
<AlexC_> yes I used server guide
<AlexC_> so, does that mean I've just done it weong lol
<AlexC_> s/weong/wrong
<Nafallo> depends on your needs
<Nafallo> my server uses PostgreSQL to lookup stuff
<AlexC_> hum, is there a way to use a Virtual postfix ... like you do with Apache and Virtual Hosts?
<Nafallo> thats what I do
<Nafallo> help.ubuntu.com and look at the community section
<AlexC_> wow, this postfix thing is making me go dizzy lol
<AlexC_> if only I could afford cPanel =D
<[GK] > Does anyone know how to configure a network in the Ubuntu Server Edition? I just installed it on the old computer I have lying around to test it out, but I installed it where I didn't have my network connected and now it won't connect to my internet for apt-get.
<mralphabet> [GK] : /etc/network/interfaces
<[GK] > awesome, thanks
<[GK] > oh and more thing is it possible to install the ubuntu-desktop so I can have an interface to help me?
<[GK] > I realize it will make it slower, but it will just be for configuring
<mralphabet> sudo apt-get install ubuntu-desktop
<[GK] > thought so
<[GK] > thanks
<mralphabet> sure thing, my paypal is <bleep>@bleep.com
<[GK] > Hi, everyone I was hoping to get some help with installing the ubuntu-dektop on the server I am trying to set up. I have used sudo apt-get update and then sudo apt-get install ubuntu-desktop. The problem is that when I agree to allowing it to install it says to insert the 'Ubuntu-Server 6.06.1 _Dapper Drake_ - Release i386 (20060807.1)' disc into the drive. The problem is I do not have it on me. Also, I had used sudo apt-get dist-
<mralphabet> [GK] : your sources.list has a cd as a repository
<[GK] > mralphabet: And if I remove it, the install should work?
<mralphabet> well . . . comment it ou
<mralphabet> t
<[GK] > ok thanks I'll try it
<theacolyte> yes
<theacolyte> it will
<theacolyte> btw
<theacolyte> I always do that for any ubuntu install
<theacolyte> server/desktop dapper/feisty doesn't matter
<theacolyte> all the packages on the cd are in the default repos
<[GK] > great
<[GK] > oh and where is the sources.list?
<theacolyte> it's in /etc/apt
<theacolyte> asdf I kicked the network cable out in my cacti box
<theacolyte> gg gap in my graphs
<[GK] > lol
<[GK] > perfect its working now, thanks again
<theacolyte> np
<knix_> Where can I find documentation on feisty server?
#ubuntu-server 2007-04-18
<knix_> alright, i upgraded my dapper server to edgy then to feisty.  On reboot after upgrade my server hangs on running local boot scripts etc/rc.local    any thougts?
<notapsychic> knix_: what did you do to upgrade to feisty?
<knix_> ya i went to edgy then to feisty
<knix_> and now my vmware image is corrupt and I cant revert back.  Not my day, heehee
<mralphabet> my question was "what did you do to upgrade to feisty", as in did you just update the sources list or did you follow the recommended upgrade procedure from edgy to feisty
<knix_> I did the same thing from dapper to edgy to feisty, I followed this - Now you need to update the source list using the following command
<knix_> sudo apt-get update
<knix_> Upgrade using the following command
<knix_> sudo apt-get dist-upgrade
<knix_> Double check your process was finished properly using the following commd
<knix_> sudo apt-get -f install
<knix_> sudo dpkg --configure -a
<knix_> Now you need to Reboot your machine to take your new ubuntu 7.04 installation to effect all changes.
<knix_> so from dap to edge, i replace edgy in sources, and to feisty, I replaced to feisty in sources
<mralphabet> http://www.ubuntugeek.com/upgrade-ubuntu-610-edgy-eft-to-ubuntu-704-feisty-fawn.html
<knix_> yes, i didt that
<knix_> i am on the reboot part, but it hangs after that reboot
<mralphabet> for edgy to feisty that's not actually the recommended way
<mralphabet> there's an updated tool for feisty
<mralphabet> I'm finding it
<knix_> gty
<knix_> ty
<mralphabet> https://help.ubuntu.com/community/FeistyUpgrades
<knix_> mralphabet, i am using the headless server so update manager -d wont work in this situation.  I was upgrading my headless dapper server to edgy, then to feisty
<mstrzele> hi all, what is the preffered way in Ubuntu to run iptables on startup? making bash script or iptables-save/restore in /etc/network/interfaces?
<Nafallo> knix_: what? you do want do-release-upgrade, no?
<mralphabet> knix_: I am using a headless server as well, and update-manager -d is a command line app
<knix_> Nafallo, it's not that.  I upgraded to feisty, and now hangs and wont go any further.  My revert image for vmware is corrupt or something like that.  so I am at a "very big and thorny brick wall"
<Nafallo> knix_: wonderful
<knix_> mralphabet, funny thing is that before I did the upgrade I took a snapshot of it
<Nafallo> knix_: why does it hang? and where? :-)
<knix_> Nafallo, it hangs at the local boot scripts
<Nafallo> mralphabet: is it?
<Nafallo> knix_: S99 then... odd
<knix_> yup, there goes all my data.   :(
<Nafallo> mralphabet: in my feisty update-manager-core contains do-release-upgrade anyway. and no update-manager bin.
<knix_> am I screwed ?
* knix_ hears nothing, 
<mralphabet> knix_: it's not something I have troubleshot personally, I have no insight for you
<knix_> mralphabet, no prob.  this is how I learn, by messing up.. Ty anyway
<Chi_0> Hello all
<Burgundavia> hello
<Chi_0> can point me in the right direction?
<Chi_0> I want to setup a small lamp server should i use the new release on the 19th or just use dapper
<Burgundavia> well, it depends on how long you need to support it for
<Burgundavia> if you are comfortable updating it every 6 months, go with Feisty
<Burgundavia> if not, go with dapper
<Chi_0> i was thinking of going that way b\c it's been out for a while and lots of peeps use it now and if i do need support their are places to find it
<Chi_0> but will the new release have any features that i can't get in dapper
<Burgundavia> yep
<Chi_0> anything big?
<Chi_0> or would be good for a home server?
<Burgundavia> depends entirely on your needs
<Burgundavia> what are you trying to do
<Burgundavia> ?
<Chi_0> well test a site locally and share media 
<Chi_0> is dapper setup like a lamp by default?
<Burgundavia> dapper does have that option, yes
<mralphabet> there's straight server which is barebones, there is LAMP and there is DNS
<mralphabet> LAMP and DNS have appropriate packages / services installed
<mralphabet> barebones has no services enabled, you can however install whatever you want
<Chi_0> ok b\c i have a option to install to hard disk and lamp.
<Chi_0> so i should start w/ lamp to make it easy right?
<Chi_0> then add services form their
<malder> Is there any good reason my server would all of the sudden reject my admin account's password or is this something I should be worried about?
* netjoined: irc.freenode.net -> brown.freenode.net
<dballester> good morning/afternoon/evening or night to all ;)
<ivoks> hi
<dballester> ops... ext2online is not on ubuntu-server ?
<ivoks> resize online? :)
<ivoks> that's redhat's tool
<ivoks> iirc
<dballester> no
<dballester> ext2online is used by redhat, but not liomited only to this ditribution
<shawarma> dballester: The description for package ext2resize says it does online resizeing as well.
<dballester> http://ext2resize.sourceforge.net/online.html
* dballester /panic_mode off :)
<shawarma> It also says "Online resizing support was added to the linux kernel in version 2.6.10"
<ivoks> there you go :)
<shawarma> So it appears there's kernel support as well.
<dballester> seems to be the samed tool with different names
<ivoks> probably redhat repacked it...
<shawarma> I use xfs. It's been doing it since forever.
<ivoks> i know they had big "we can now do this" in their release notes for 4 series
<dballester> ivoks, surelly, in fact RedHat supports a very limited number of filesystems
<ivoks> i know
<dballester> well, I hope that ext2resize handles ext3 journaling, I've expanded a lv from 100MB to 100GB :) time to test how ext2resize do his job ;)
<dballester> mmmhhh... supoorts shrinking... well done :)
<dballester> in fact, installing ext2resize package install ext2online too
<dballester> it's a link :)
<dballester> nope, are different apps but I think that are the same one
<dballester> :/ not working very well...
<dballester> ext2resize is not able  to work with ext3 
<dballester> and ext2online detects new size correctly, but is unable to expand filesystem accordingly :/
<Nafallo> resize2fs isn't good enough? :-)
<ajmitch> resize2fs is the suggested tool to use
<ajmitch> supports online expansion
<Nafallo> ajmitch: kewl! didn't know it did :-)
<ajmitch> just read its manpage
<dballester> seems that resize2fs is doing the job well
<ivoks> newsflash: ODF just became standard office document in croatia
<ajmitch> ivoks: excellent
<Nafallo> awesome! :-)
<ivoks> yeah :)
<ivoks> PDF and ODF are standards, everything else is bonus :)
<dballester> immo, ext2online and ext2resize should be deprecated, confuses the user ( me :) )
<ajmitch> well it is in universe
<dballester> ajmitch, yes, and i had it installed, but if you search in the net for info about online resizing ext3 a lot of info points to ext2online app
<dballester> then, your first intention is use ext2online
<ivoks> cause redhat is most used OS on systems that need something like this
<ivoks> ext2online was their big announcement...
<ivoks> i guess it's their work, since they had it in 2.6.9 kernel
<dballester> yes
<dballester> time to make a new entry with a testcase in the blog, now that i've time and the resources ;)
<dballester> ouch : resize2fs: Argumento invlido While trying to add group #8224
<dballester> :/ time to dive into resize2fs source code :( google not helped this time
<dballester> mmmhh... i was using generic kernel, before creating a bug in launchpad i will try first to use server kernel package
<fabbione> dballester: you can use a very simple trick for that
<fabbione> just temporary disable journals and resize.. then re-enable
<dballester> fabbione, tried it with the filesystem umounted with same result
<dballester> may be is a ext3 limitation ? curiously stopped when filesystem was 65318330 and i get EXT3-fs warning (device dm-10): verify_reserved_gdb: reserved GDT 259 missing grp 1 (8451)
<dballester> i'm trying to know exactly what is saying ;)
<dballester> but a lot of info to read about ext3 :/
<dballester> disabling journaling was something like tune2fs ^O journal ? don't remember well
<dballester> tune2fs ^Ohas_journal
<dballester> tune2fs -O ^has_journal <- correct
<dballester> fabbione, i've disabled journaling and now executing e2fsck -f  prior resize2fs
<dballester> hi again
<dballester> seems that today is "problems vs. dballester" and by now the counter is 2 -0 :/
<dballester> attached a 800 firewire disk ( Western Digital MyBook Pro Edition II ) and after few seconds I get   a lot of 2:0:1:0: rejecting I/O to dead device
<dballester> and disk 'shutdowns'
<dballester> I will try this disk in my ubuntu desktop with firewire 400 ( under usb 2 the disk goes well )
<dballester> mmmhhh
<dballester> if doing lsmod | grep spb2 I get
<dballester> sbp2                   36616  6 
<dballester> iirc sbp2 is not being used by any other module, isn't it?
<newtokubuntu> I have a question. I changed my MOTD. BUt when i reboot its not there anymore
<newtokubuntu> any reason why?
<mralphabet> on an ubuntu server?
<newtokubuntu> Yes
<newtokubuntu> wtf i change it and it doesnt work
<AlexC_> Hey
<mralphabet> newtokubuntu: http://www.google.com/search?q=ubuntu+motd
<AlexC_> before installing Webmin, do I have to install Apache etc first? or will Webmin also install that?
<mralphabet> webmin really isn't recommended
<AlexC_> mralphabet: do you have any reccomendation on a control panel I can use?
<AlexC_> ISPconfig?
<dballester> mralphabet, why do you say that webmin is not recommended ?
<AlexC_> well it has been removed from the repos, and it's pretty damm confusing I'd say
<Nafallo> dballester: because it's not :-)
<dballester> mmmhhh.. this answers reminds me aswers typo redmon guys :P
<dballester> ;)
<AlexC_> shall I got for ISPconfig then?
<AlexC_> s/got/go
<mralphabet> because it requires root access
<mralphabet> the default install is not very secure and has a fair amount of options that are not "ubuntu friendly"
<AlexC_> or human friendly
<mralphabet> it's a topic of discussion, but those further up the food chain then I don't like it
<AlexC_> mralphabet: which would you suggest then?
<AlexC_> it doesn't have to be open-source, though ... would be good if it was, how about ServerCP?
<dballester> thanks for the info mralphabet 
<mralphabet> AlexC_: I don't have a recommendation ;( I don't use control panels
<AlexC_> ah I see, if I was hosting one site I wouldn't use one, however .... my users will want a panel,
<AlexC_> ServerCP seems quite nice, I may go with that
<mralphabet> dballester: if you google for ubuntu + webmin you will come across many of the discussions for and against
<dballester> ok ;)
<dballester> need to reboot dns server :/ see you in few minutes
<mralphabet> dballester: for me, the arguements against hold more weight as the arguements for are usually "it's so easy to use!"
<dballester> agree
<dballester> ;)
<newtokubuntu> I found out that MOTD issue
<newtokubuntu> ubuntu does it diffrent
<newtokubuntu> tails off 2 files
<newtokubuntu> anyone know how hard it is to get mail server up and running. And if so , it always asked me for the server cd... anyway to have those files installed localy?
<ivoks> easy
<newtokubuntu> can i get those cd files installed local so it doesnt ask for the cd?
<ivoks> yes sudo find /media/cdrom -name *.deb -exec cp {} /var/cache/apt/archives \;
<ivoks> my bad
<ivoks> sudo find /media/cdrom -name \*.deb -exec cp {} /var/cache/apt/archives \;
<newtokubuntu> what sucks... 
<newtokubuntu> not in my cd drive and im remote :)
<mralphabet> newtokubuntu: take the cd drive out of the sources list
<n00t2> anyone have experience with installing from the 6.06 (dapper) cd to a software RAID 5 setup?
<n00t2> using the disk to create the software RAID 5?
<n00t2> feel free to msg me when you get back from AFK >_<
<ratshell> Hi all
<n00t2> welcome... I'm the only one here
<n00t2> for the past 30 minutes anyways
<ratshell> lol
<ratshell> I am here now :)
<ratshell> so nootz what you up to?
<n00tz> you're back
<n00tz> and so am I
<ratshell> yep
<ratshell> lol
<ratshell> What you up to man?
<n00tz> I'm trying to install Ubuntu Server (Edgy) on a server I just bought off ebay
<n00tz> Software RAID is new to me and it's giving me a hassle
<ratshell> Hows that going?
<ratshell> lol answered my question
<n00tz> you wouldn't happen to have any experience with it woudl ya?
<ratshell> I am going to install the server on a old laptop I have tommorrow
<ratshell> nope sorry not with raid
<n00tz> darn
<theacolyte> software raid?
<theacolyte> like lvd?
<n00tz> yup
<n00tz> nop
<n00tz> like MDADM
<theacolyte> ah, yeah
<theacolyte> what do you need to know?
<n00tz> which is what I'm assuming is built into the installer disk
<theacolyte> I can't honestly remember if ubuntu does or not... you mean... set up the raid partitions in the installer itself
<n00tz> I'm using the installer to create a RAID5 Array out of 6 drives (18.2 GB SCSI's)
<theacolyte> I know you can do it after the fact :)
<theacolyte> Ah
<n00tz> yeah..  that's the problem
<n00tz> I'm gonna be using this as  a production web/sql server
<n00tz> and it creates all the directories on the install that I want to put on the RAID
<theacolyte> well
<theacolyte> you could set up 1 drive as the OS drive
<n00tz> otherwise I wouldn't have a problem with mirroring two of them for the sys drive and 5'ing the rest after the install
<n00tz> I'm open to suggestions
<theacolyte> honestly, I'd suggest hardware raid :)
<theacolyte> you can buy Dell PERC's for real cheap on ebay now
<n00tz> I was actually gonna get the RAID card that this server would have come with originally - IBM ServeRAID-4
<n00tz> which are cheap too
<theacolyte> no exp with that card, I have plenty of PERC's ranging from 2 to 4... and I love em
<theacolyte> and it's supported natively
<theacolyte> no extra stuff involved
<n00tz> the problem is... I'm on a limited budget and I've already spent as much as I paid for the server in shipping costs >_<
<theacolyte> what server?
<n00tz> http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&ih=019&sspagename=STRK%3AMEWN%3AIT&viewitem=&item=290101955084&rd=1&rd=1
<theacolyte> http://cgi.ebay.com/Dell-Perc3-SC-AMI-475-SCSI-RAID-Controller-2H794-Perc-3_W0QQitemZ220102336201QQihZ012QQcategoryZ39968QQrdZ1QQcmdZViewItem
<theacolyte> is that cheap enough :)
<n00tz> LOL
<n00tz> yeah.. that's the point
<theacolyte> lol.
<theacolyte> 4x 700mgz xeons
<n00tz> I'm gonna be using it as a DNS/SQL/Apache mirror for an already existing server
<theacolyte> you know you could have gotten a p4 desktop for cheaper and it'd be faster right? hehe
<theacolyte> of course it isn't rackable
<n00tz> that was the key
<theacolyte> you should have talked to me, I'm selling a dual opteron 2gb 1tb disk server right now for 900
<n00tz> I work at a web hosting/colocation/web streaming company
<n00tz> so rack was kinda the key
<n00tz> I've built a nice server in the past.. but being just a mirror server I wasn't really in it for the big costs
<theacolyte> i hear ya
<n00tz> too bad cfdisk isn't on the installer disk.. it's so much nicer than fdisk
<n00tz> anyways, I appreciate at least getting a response and some input on my troubles
<n00tz> I've been in #ubuntu all day with nobody knowing jack crap about it
<theacolyte> hehe
<theacolyte> this is the better channel for it
<n00tz> and I've google'd just about everything I can think of.. apparently nobody uses software RAID 5 setups
<theacolyte> yeah
<theacolyte> because it's slow 
<theacolyte> very slow
<n00tz> well.. i've bit the bullet and bid on http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=280106261998
<n00tz> hardware it is
<n00tz> any idea where the hardware compatibility list is?
<theacolyte> not offhand
<theacolyte> i know it's out there though
<n00tz> it's not a complete one...
<n00tz> I'm making a post on the forums.. 
<theacolyte> I suggested a PERC just because I know they are supported natively... not sure about that card though it's Adaptec so I'd be suprised if it wasn't
<n00tz> yeah.. that's my thoughts too
<n00tz> http://ubuntuforums.org/showthread.php?t=413001
#ubuntu-server 2007-04-19
<n00tz> /exit
<knix_> How do you rescue a broken system with a iso?
<knix__>  I upgraded my dapper server to edgy, then to feisty, and now when it boots it hangs on "running local scripts etc/rc.local  and just hangs there.   I have no idea how to fix this.  any help is greatly appreciated
<sahafeez> i am looking at a replacement for a w2k3 box for a windows network. i have looked at rhle5 and sles10. both have have left me a bit underwelmed. 
<sahafeez> sles10 has very nice ldap-samba-user controller. is that something i can find in ubuntu
<knix__> sahafeez, go with Ubuntu server - its rox
<knix__> sahafeez, I would search the forums for that
<sahafeez> hum, not what i hoped to hear. i have looked and it looks like a bit of jumping thru hoops. the nice thing about the sles10 is the integration is out of the box. if i have too do a lot of work, i would be inclined to just use gentoo
<knix__> Kewl, we thats what you get when you pay for sles10
<ajmitch> right, ubuntu server is lacking some of that integration still, but it's a definite focus for the next release
<sahafeez> question, i see that the desktop is at 7.x but server is at 6.10?
<Burgwork> nope
<Burgwork> 7.04 is out tomorrowish, for both desktop and server
<Burgwork> what do you do with that 2k3 box?
<ajmitch> hi Burgwork 
<Burgwork> hey ajmitch
<sahafeez> file, print, AD, exchange. 
<knix__> anyone feel llike helping with a server ish?
<Burgwork> the full gammit, eh?
<sahafeez> i have settled on opengroupware for the exchange replacemnet.
<sahafeez> should i wait for 7.04 to test?
<Burgwork> hmm, I would use 6.06 for that, as you need longer term suppor
<Burgwork> t
<Burgwork> don't need, but it is nice to have
<sahafeez> so there will be no support for the 7.04 release?
<ajmitch> there will be the standard 18 months support
<Burgwork> no, there is support, just not as long
<ajmitch> 5 years for 6.06 server
<sahafeez> what is the kernel on 6.06/6.10 - i ask because one of the big issues i have had with sles is that my new 9650se is not supported out  of the box. it was easy enough to install the driver in the install, however the yast update to anew kernel, which says it has the support, did not and now i have an unbootable box that is not easy to fix 
<sahafeez> btw, i am looking for a list of the difference between desktop and server on the ubuntu site. cannot seem to find it.
<Burgwork> in what way?
<Burgwork> they have similar kernels, with the same low level userspace stuff
<sahafeez> sorry what did the in what way question apply to? the difference?
<Burgwork> the desktop and server for a specific Ubuntu version share the same package respositories
<sahafeez> btw, thanks for answering the questions. it is always a good sign when the irc group is responsive and polite. 
<Burgwork> setting up what you have will take a bit of work
<sahafeez> ok, but what makes server = server and not desktop
<Burgwork> the default server install is basically the bare minimum to get the computer up
<Burgwork> the default desktop is GNOME plus some bits
<Burgwork> you can see what they contain via looking at the seeds
<Burgwork> just a sec for the url
<Burgwork> http://codebrowse.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.feisty/files
<sahafeez> looking....thanks
<sahafeez> i see that the support company is in the postgres biz. that is good as opengroupware is postgres only for the most part.
<sahafeez> i see the bit about the support diff between 6.06 and 6.10. will there be support offerd for 7.04
<Burgwork> yes
<Burgwork> all versions of Ubuntu are supported for 18 months
<Burgwork> 6.06 is unique in that it is supported for 3 years on the desktop and 5 on the server
<sahafeez> can you buy support past that?
<sahafeez> i think i will wait for 7.04 as i have had major issues with the others on the hardware i am useing as it is very very new
<Burgwork> for that you need to contact Canonical
<Burgwork> the support I mentioned is for security and is free
<Burgwork> actual somebody-on-the-phone support costs money
<sahafeez> ok. thanks for your help. i will try it out.
<hirs> hi
<hirs> he guys
<hirs> i have a little problem with installing the vmware-server on ubuntu 6.10
<hirs> Trying to find a suitable vmmon module for your running kernel.
<hirs> None of the pre-built vmmon modules for VMware Server is suitable for your
<hirs> running kernel.  Do you want this program to try to build the vmmon module for
<hirs> your system (you need to have a C compiler installed on your system)? [yes] 
<hirs> then i type yes, or only enter, its equal
<hirs> then the install script asks me
<hirs> What is the location of the directory of C header files that match your running kernel? [/usr/src/linux/include] 
<hirs> and there is my problem
<hirs> there is no folder
<hirs> or any other folder with includes
<hirs> ok fine
<hirs> i havent installed linux-headers
<hirs> lool
<hirs> sorry
<eikke> will ubuntu-server feisty include Xen support? if so, which version?
<gubluntu> anyone here have any experiance setting up software raid on ubuntu server with SATA ?
<ivoks> yes
<gubluntu> can you point me in the right direction?
<ivoks> put server install CD and start installation
<ivoks> on disk partitionig create linux raid partitions and then configure software raid
<ivoks> and... that's it
<gubluntu> oh
<gubluntu> okay
<ivoks> you can't miss
<gubluntu> if i have 2 500gb sata drives
<gubluntu> and i have already installed the server onto one
<ivoks> and you want mirror?
<gubluntu> using the guideed partition
<gubluntu> but left the other unpartitioned.. can i do it now?
<ivoks> eh, then it's manual work
<ivoks> yes, you can, but... urgh :)
<gubluntu> lol
<ivoks> you want mirror, right?
<gubluntu> what would you suggest.. its a mial server
<gubluntu> mail*
<gubluntu> striping or mirror?
<ivoks> mirror
<gubluntu> k
<mralphabet> http://knowledge76.com/index.php/Ubuntu_Server_Install_With_Software_RAID
<mralphabet> http://www.google.com/search?q=ubuntu+software+raid+install
<gubluntu> ubuntu server install with raid
<gubluntu> oops
<gubluntu> ignore that
<gubluntu> what should i use?
<gubluntu> parted?
<gubluntu> is there any console gui i can use?
<gubluntu> qt parted looks like it wants to installover100mb of kde junk
<gubluntu> lol.. console gui
<[miles] > oh guys
<[miles] > check this
<[miles] > www.milesbarry.info/bugger.png
<mralphabet> oO
<eikke> will ubuntu-server feisty include Xen support? if so, which version?
<ivoks> 3.0.3
<ivoks> it's in universe
<eikke> cool
<eikke> is it the same package as the debian etch one?
<[miles] > haha
<[miles] > ubuntu+1 has dissaperared
<[miles] > :D
<ivoks> eikke: Version: 3.0.3-0ubuntu10 - so, that's a no
<eikke> right
<eikke> any idea which kernel version?
<mgalvin> has anyone used Ubuntu Server (preferably dapper) on a Sun Fire X2100?
<fabbione> mgalvin: let me check... i think we have one of those
<mgalvin> it's not "officially" supported but a quick look at the specs seems to indicate it should work... just wondering if anyone knows for sure
<mgalvin> fabbione: oh, cool thanks for looking
<fabbione> i just need to make sure about the model
<fabbione> i don't recall if we have that one or the bigger one
<fabbione> mgalvin: no sorry we had a bigger model
<fabbione> i guess it should work with that one too
<mgalvin> fabbione: ok, thats anyway for looking... it does seem like it will work... i guess i will find out ;)
<fabbione> mgalvin: in case let us know :)
<mgalvin> i sure will!
<[g2] > is there a way to get a ubuntu-server from a debootstrapped feisty ?
<[g2] > meaning can I use apt-get to get something very close to a server install ?  I specifically would like to run in a chroot without an install
<lionel> [g2] : yes
<lionel> just do a classical deboostrap and install ubuntu-minimal and ubuntu-standard meta packages
* [g2]  hugs lionel 
<lionel> :)
<[g2] > :)
<[g2] > lol
<[g2] > so just those 2 are all that's needed ?
<[g2] > and do you know if the same kernel will be used as desktop ?
<lionel> no, it is not the same kernel
<mralphabet> [g2] : that's one of the only differences, server uses a slightly different kernel
<lionel> server kernel is suffixed by "-server"
* [g2]  has been running the ivtv drivers
<[g2] > I could probably just install linux-image-.....
<[g2] > apt-get that is
<[g2] > mralphabet, I'm guessing the headers used are all the same, meaning I could chroot from a desktop to a server chroot and there wouldn't be any issues
<mralphabet> [g2] : shouldn't be for an experienced user
<sahafeez> hum, i am installing server and i am having issues with the partition tool. is there an expert mode or something. this ncurse interface is driving me nuts
<JavaGeek> hello, ubuntuers
<lionel> Hi JavaGeek
<sahafeez> so no one on a differnet partition tools
<sahafeez> i am going nuts trying to setup this up...
<JavaGeek> I was trying to upgrade an ubuntu server installation following the instructions from http://www.ubuntu.com/getubuntu/upgrading
<JavaGeek> they mention something about installing update-manager-core, but that package is only on feisty, not on edgy
<Nafallo> JavaGeek: edgy-updates
<ratshell> Hello all
<JavaGeek> Nafallo: I have edgy-updates on my sources.list
<Nafallo> JavaGeek: hmm. try edgy-proposed then.
<ratshell> hey
<ratshell> nafallo can you help me
<JavaGeek> Nafallo: I just wish that was in the documentation :)
<Nafallo> ratshell: no idea. you haven't asked a question yet.
<Nafallo> JavaGeek: agreed :-)
<Nafallo> JavaGeek: or pushed to -updates ;-)
<ratshell> Lol during my install of Ubuntu Server I didn't have a network card
<ratshell> After install of server, I installed one
<ratshell> how do I get ubuntu server to detect and use it
<ratshell> what command?
<Nafallo> ratshell: sudo vi /etc/network/interfaces
<Nafallo> ratshell: so two commands. maybe man interfaces aswell :-)
<ratshell> I will go try now
<sacater> anyone know where i can get admin on a server for free?
<mralphabet> you really aren't back to asking that are you?
<sacater> yeh
<sacater> Lighty was very nice
<sacater> let me have a space on his server for blog
<sacater> and i like ALOT
<sacater> but ni indexing
<sacater> and no admin
* mralphabet shakes his head
<JavaGeek> sure, you can have admin on my server for free... the IP is 127.0.0.1
<theacolyte> IM GOING TO HACK THAT IP NOW
<theacolyte> theacolyte has quit IRC
<sahafeez> what packages should i install if i want to put a min gnome gui on the server
<sahafeez> why does the installer insist on formating things between changes. seems dumb. how about waiting until you say go and install
<sahafeez> seriously. how do you stop that. i want it to let me lay everything out before it formats..
#ubuntu-server 2007-04-20
<sahafeez> anyone want to talk about file system performance, acls etc...i am thinking of formating my file store with xfs
<sahafeez> anyone tell me the diff between the kernel choices when doing a new install. i cannot find it documented anywhere
<BHSPitMonkey> I have a box with no video output; I need to somehow be able to ssh into it immediately after (or during) install.
<BHSPitMonkey> is this doable with *ubuntu?
<shadou> no video output at al?
<shadou> You might be able to serial in but I doubt it.
<aalex> hi all
<aalex> nice that this channel exists
<aalex> all the noise on #ubuntu....
<aalex> I need to mount a CD (rockridge) on ubuntu-server
<aalex> mount doesnt show me that CD<
<aalex> http://madwifi.org/wiki/UserDocs/Distro/Ubuntu :: weird. I cannot see my network card
<aalex> pcmcia
<knix_> hello all
<knix_> why is update-manager-core missing when I try and upgrade my server?
* Starting logfile irclogs/ubuntu-server.log
<ay_> Hi guuys. We've been running Debian and RH for about 10 years and now recently swithced to Ubuntu for our servers becaus of the excellent LTS. We can't upgrade servers every 18 months so LTS are our only choise. The problem is that ubuntu dapper server edition does not install on newer dell servers (1950 2950, 1955) and IBM servers (Blades) Because of the raid-drivers version (megaraid and friends)  and networks cards (e1000 and friends). RH releases update
<ay_> Is there any plan for updated installation medias?
<fabbione> ay_: you want to file a bug and talk to the kernel team
<fabbione> it's important to know if it's just a matter of pci-id's or it requires new code
<fabbione> the latter is more difficult
<ay_> I belive everything works with a newer kernel from security.ubunut.org. So All you really need is a newer installmedia. This is problably just the case for servers. Desktops will happily run edgy of feisty installers instead.
<ay_> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/55138
<ay_> IMHO, the LTS server-edition is the only one in need of updated installer media.
<ay_> http://linux.dell.com/ for example has alternative installmedias for most distributions, but not ubuntu (it's community driven) Is there a howto to make your own updated installation media somewhere?
<ay_> Or how to bootstrap using a edgy og feisty installers or even debian ones?
<maswan> ay_: does netbooting work btw?
<ay_> maswan: Haven't tried. Is it using another kernel?
<ay_> Trying it out now.
<maswan> I don't know
<ay_> maswan: There is not netbooting cd. Did you mean pxe-booting?
<maswan> ay_: yeah
<dballester> hi to all
<dballester> I'm having several problems with firwire ( 800 ) disk with edgy ubuntu-server, anyone is using similar scenario without problems ? When I power on the disc I can mount lv without problems but inmediately sbp2 claims that the drive is dead. With usb runs well ( I/O is not good ). Now i will try to attach a new firewire ( 400 ) disk to see the behavior
<LaszloKv> Hi, would anyone here maybe be able to help me with sharing a directory with samba?
<dballester> another question for you :) We can modify some kernel parameter 'on the fly' but I'm trying to be able to ask for some module parameters, in other words, could be able to ask ( for example ) what value is actually for max_speed parameter in sbp2 module ? TIA
<n00tz> hello all.
<Burgwork> hey
<n00tz> anyone have any experience with MyDNS, specifically setting up a DNS mirror 
<n00tz> or have a link to a good article/howto
<theacolyte> I have
<theacolyte> but... no instructions
<theacolyte> are you talking about failover?
<n00tz> I actually just found what I need.
<n00tz> simple replication
<n00tz> http://forums.gentoo.org/viewtopic.php?t=241123
<n00tz> on a particular databas
<n00tz> e
#ubuntu-server 2007-04-21
<Malder> should I worry about how I partition my server as far as security is concerned? Most articles I've been reading about security are very brief about this topic...
<theacolyte> a couple considerations
<theacolyte> like if you'll be having people keep user directories, you may consider keeping them on a seperate drive/partition/filesystem
<theacolyte> often times people do /boot and /root as well
<Malder> like having a xxGB partion /home ? or are we talking about /usr
<theacolyte> it depends
<theacolyte> what is the box for
<Malder> hehe
<theacolyte> i was referring to /home though
<Malder> ok
<Malder> it serves a couple small website and also a file server for a small office
<Malder> so it is not dedicated in either way and really can't be...
<theacolyte> ah... it really wouldn't matter
<theacolyte> although best practices would dictate you cared
<theacolyte> I wouldn't though :)
<theacolyte> is the web server public facing?
<Malder> yes
<theacolyte> ehhh
<theacolyte> it's not necessary
<theacolyte> you can though
<Malder> It got cracked a couple days ago and I'm starting from scratch with 7.04
<theacolyte> permissions takes care of the majority of issues
<theacolyte> cracked? how?
<theacolyte> what?
<theacolyte> hgehe
<Malder> my best guess is brute force (weak password... I was lazy)
<theacolyte> that'll do it every time
<Malder> there were multiple accepted logins from a Bulgarian IP address through ssh
<Malder> ;(
<Malder> got a few thousand error messages from postfix saying that xyz domain is bad or some such... not from anytthing I did...
<theacolyte> how do you know you were hacked?
<Malder> admin password didn't work. Looked at auth.log and it was growing by about 10x each day....
<Malder> so you would advise to just go with basically one big partition and then just lock everything down with file permissions? Don't worry about trying to mess with boot options for security...?
<Malder> and obviously strong passwords...
<Burgwork> don't activate your root account
<Burgwork> there is a nifty iptables script I saw to prevent brute forcing of ssh via looking at multiple connections
<Malder> I think I am going to go with fail2ban for that... pretty neat little package...
<Malder> I didn't have any root account active, but still did no good. Everything was done through sudo
<Malder> I didn't turn off root login for ssh, but didn't think that would matter since there was essentially no root user... right?
<Nafallo> do you need to permit password login?
<Nafallo> I just use public key
<Malder> I'm not sure. I would like to look into just using keys.. is that what you're thinking?
<Nafallo> yea
<Nafallo> I've turned off all other ways of logging in.
<Nafallo> that and serial cable :-)
<Malder> do you have a reference article on that? When are passwords necessary? I've never used keys...
<Malder> hehe
<Nafallo> I never uses passwords anymore. I think there is something on help.ubuntu.com/community about that.
<Malder> I do have physical access so I can do that too... always nice
<Nafallo> or rather. I use passwords for sudo :-)
<Malder> right, but that's after login to SSH with your key, right?
<Nafallo> yes
<Malder> Sounds good to me
<Malder> ok. Off to partition. Thanks for the help.
<Nafallo> no problem :-)
<theacolyte> sorry about that Malder, had to go AFK
<theacolyte> you may try also installing rkhunter, apf, and bfd
<theacolyte> i've used them before, and they work great for brute force attacks
<theacolyte> http://www.rfxnetworks.com/proj.php
<Nafallo> I hope you meant against :-)
<theacolyte> hehe
<theacolyte> maybe!
<defendguin> i'm trying to install feisty server and it's telling me it can't mount my cdrom drive
<defendguin> obviously its able to read the cdrom or it wouldn't have booted
<theacolyte> what kind of controller is the cdrom attached to?
<defendguin> ide 
<theacolyte> mobo?
<defendguin> yeah right to the motherboard
<defendguin> nothing very special about the box no odd hardware 
<theacolyte> well, if feisty isn't finding the cdrom when you load up the installer, 100% of the time it's because your controller isn't supported through normal channels
<theacolyte> what motherboard?
<defendguin> i couldn't tell you off hand
<theacolyte> ah
<defendguin> it was supported when i installed edgy desktop
<theacolyte> a good example of it would be my jmicron controller is hated by 99% of the distros out there
<defendguin> does server edition support less hardware than desktop?
<Burgwork> no
<defendguin> besides wireless card
<defendguin> hmmm i wonder why it had no problem with edgy 
<theacolyte> distros change
<theacolyte> but without knowing the specific hardware, there's no way of knowing for sure
<defendguin> well i can just boot up without the CD and let you know what hal says
<Burgwork> that is why big orgs keep testing hardware around
<defendguin> what item am i looking at in the device manager
<defendguin> ?
<defendguin> says intel brookdale chipset 
<Burgwork> if it is wireless, do you need the firemaer
<defendguin> no wireless on this computer
<theacolyte> defendguin: what's under either RAID controller or IDE/ATA/ATAPI controllers?
<defendguin> intel 82801BA ide U100
<theacolyte> that it?
<defendguin> oem vendor HP
<defendguin> pci_8086_244b
<defendguin> i'm just poking through what the hal device manager says is there a specific field you would like to know about?
<theacolyte> no just the device names under ide controller, i'm just a little slammed right now
<defendguin> maybe i could just do a dist upgrade 
<theacolyte> you could
<defendguin> nah i like fresh installs
<defendguin> how could the installer even get started if the cdrom isn't supported
<defendguin> i guess i could rip the CD to an iso on this machine and mount the iso and do a net install?
<theacolyte> well
<theacolyte> it will boot because your BIOS takes care of that
<theacolyte> to actually copy files from the cd to your hard drive, it needs a driver to mount it
<theacolyte> not quite the best explanation of it, but like I said, i'm slammed
<defendguin> i understand
<Atlas95> hello
<Atlas95> anybody here pleasE?
<Atlas95> i have a big problem
<Atlas95> i follow perfect setup guide
<Atlas95> and i have this error when i try to install some packages:
<Atlas95> E: Le sous-processus /usr/sbin/dpkg-preconfigure --apt || true a renvoy un code d'erreur (100)
<sahafeez> is the only diff between desktop and server what is installed by default?
<Burgundavia> sahafeez: the default kernel is slightly different
<sahafeez> can you install desktop and then apt-get the server kernel
<Burgundavia> yes
<sahafeez> i take it that the desktop installs tons of stuff and it is better to just do server and then install a gui if you need it. 
<Kamping_Kaiser> desktop installs a desktop. if its not going to be a desktop, its probably a bad choice of intall
<Kamping_Kaiser> *install
<sahafeez> i am replacing a w2k3 server at work and have tried sles, rhel. i think i am settling on ubuntu
<sahafeez> i need to have ldap+samba+postfix+cryusimap+postgress+opengroupware
<sahafeez> and everything needs to auth on ldap
<Kamping_Kaiser> i havent tried setting up those services, so i cant comment. ldap+samba+postfix+postgres are in the repos, not sure about the other two you meantion
<Burgundavia> install the server, then install what you need
<sahafeez> ok, thanks.
<Burgundavia> then you can absolutely control what is on the server
<Burgundavia> desktop will leave you with all kinds of stuff you don't need
<Burgundavia> I would also spread out those services across multiple servers
<Burgundavia> ldap+samba on one, mail on the other
<sahafeez> it is for 10 people.
<Burgundavia> still worth it
<Burgundavia> hardware is cheap
<sahafeez> one box with 2gb of ram, 3ware raid5 and core 2 is easier
<Burgundavia> then kvm it up
<sahafeez> trying to cut down on the support.
<sahafeez> have another box running slack + asterisk pbx
<Burgundavia> ahh
<sahafeez> have openbsd box for vpn/firewall
<Burgundavia> I would have a common platform
<sahafeez> and the w2k3 sbs file+exchange. guess which box gives me issues?
<Burgundavia> except asterisk is not in main
<sahafeez> going to move the asterisk box to whatever disto i put on the file server. so ubuntu if it works out.
<sahafeez> i will do asterisk from source
<Burgundavia> hmm, I distrust source
<Burgundavia> security updates are a headache
<sahafeez> naw, asterisk is simple.
<Burgundavia> setting it up is a royal pain
<Burgundavia> and debugging is a bigger one
<sahafeez> took me forever the 1st time. 
<sahafeez> after that it got simple. just had to learn it
<Burgundavia> we have a lot of moving pieces, with two offices
<sahafeez> server installs compile tools by default or no?
<Burgundavia> no
<Burgundavia> server installs enough to run the hardware and login
<Burgundavia> that is it. No open ports, no running services, nothing
<sahafeez> 2 offices, one east one west, openbsd vpn. 3 houses with vpn and remote phones. all ip phones. just works
<sahafeez> very openbsd like
<sahafeez> i am a bsd person. i am forced onto linux by hardware/or software that i need.
<Burgundavia> ahh
<Burgundavia> personally, I like having a common server platform
<Burgundavia> having 3 distros like that means 3 times as much security
<sahafeez> settled on opengroupware for the exchange replacement so i need to run it on linux for the most part. it runs on bsd, etc but its a pain to setup and i need the blackberry push stuff 
<sahafeez> i would run every thing on solaris if i could or openbsd. those would be my main choices
<sahafeez> i would do gentoo for linux however i need something a bit simpler because others may have to touch it. i started looking at SLES and RHEL because of that.
<sahafeez> RHEL sucks
<volvoguy> can i ask you guys a support question or is this just a dev channel?
<sahafeez> and SLES is very very good cept the updated make the system unbootable as the hardware is too new and i do not feel like figuring it out 
<Burgundavia> volvoguy: both
<volvoguy> woohoo!
<Burgundavia> I have heard good things about SLES
<sahafeez> very clean and polished. comes out of the box with samba+ldap setup correct. YAST is a great tool.
<volvoguy> i'd like to upgrade my breezy server to at least edgy, if not feisty. the support pages recommend not using apt-get for this, but i don't exactly have "update-manager" which they DO recommed. is there a safe way to use non-gui tool?
<Burgundavia> some of the integration stuff is better in SLES/RHEL
<Burgundavia> volvoguy: release cycle was breezy --> dapper --> edgy
<Burgundavia> I would keep servers on dapper, as it is supported longer
<Burgundavia> sadly, there is no tool yet
<volvoguy> oh, i'm sorry. i meant I'm on dapper, not breezy.
<Burgundavia> ahh
<Burgundavia> if you update past dapper, you will have to update a lot
<Burgundavia> just to be aware
<volvoguy> that's what i want to avoid though - having to upgrade through many releases. 
<Burgundavia> then you should stay on dapper until the next LTS
<Burgundavia> in april 2008
<Burgundavia> I am a very conservative person when it comes to my servers, however
<volvoguy> and not bother with performance/feature updates until then?
<Burgundavia> less headaches > a bit of performance
<volvoguy> Burgundavia, yeah - i can understand that. this is a simple file server and part-time web-dev server. it doesn't do much.
<Burgundavia> backup your data and do the edgy update manually
<Burgundavia> then use the edgy --> feisty update
<volvoguy> Burgundavia, so you'll do a clean install for every LTS release?
<sahafeez> i would love to see zfs ported to linux. that would be the best of all worlds, well zfs and pf
<Burgundavia> no, LTS --> LTS supported
<volvoguy> right.
<Burgundavia> thus 6.06 will update to 8.04
<volvoguy> and will do so with less complication?
<Burgundavia> or you can do 6.06 --> 6.10 --> 7.04 --> 7.10
<ajmitch> (assuming that 8.04 is LTS, and that significant work is put in to support upgrades)
<Burgundavia> ajmitch: the latter is assumed. Canonical has large paying customers that will demand it
<Burgundavia> and what better way to test an update tool than on the community, no?
<ajmitch> what I mean is that many packages will need to be checked & modified for upgrades
<volvoguy> ajmitch, that was my concern. it seemed to me that smaller updates made more sense, but if canonical is going to try to make a smooth upgrade path to 8.04 - i'll wait for that.
<ajmitch> little things like directories moving around, symlinks, handling corner cases in maintainer scripts
<ajmitch> it'll take a bit of work, but I'd say that it's expected
<volvoguy> ok. cool. :)
<Burgundavia> the cool stuff is on the desktop anyway
<ajmitch> the next LTS release would probably end up with less cool new stuff, and more time spent polishing
<volvoguy> yeah. feisty looks great. 
<ajmitch> Burgundavia: pfft, server is getting cool stuff :)
<sahafeez> the fact that i can buy support is the reason i am looking at ubuntu
<Burgundavia> so I keep my laptop running the absolutely latest and my servers and work desktops running the LTS
<volvoguy> my "production" server is a virtual ubuntu server at unixshell. hopefully their xen system will be upgradable to 8.04 easily too. :)
<volvoguy> they're probably one of those paying customers though - so they'll be one demanding it. hehe.
<volvoguy> well, thanks for the quick updates guys. i'm not involved and online anymore as much as i'd like to be, but i know i can always turn to you for help! talk to you later.
<Burgundavia> cya
<sahafeez> what is with the delay in the partitioning when doing anything - switching between stuff, lvm, etc. 
<Burgundavia> on the installer?
<sahafeez> yes
<Burgundavia> no idea
<sahafeez> it could tell you something you know.
<fabbione> sahafeez: known issue
<fabbione> it was in the release notes.. there is a bug linked from there
<fabbione> it's only annoying but it doesn't affect final installation or functionality
<sahafeez> no, but it makes the install take, oh, 2 hours longer ;)
<fabbione> i know.. it adds 3 minutes wait on each lv you create
<fabbione> there is really nothing we could do to fix it when i first found out of the problem
<fabbione> it was too late in the release process :(
<sahafeez> oh well. just happy it is not just me
<fabbione> it's a good excuse for a cup of coffee
* sahafeez thinks i should read this release note things 
<fabbione> the bug is generic.. 
* sahafeez has a beer
<fabbione> that'd work too :)
<sahafeez> this is my 1st install of ubuntu. i was having debian flash backs. 
* sahafeez hates debian
<sahafeez> still waiting ....
<fabbione> sahafeez: as i said... 3 minutes for each lv you created
* fabbione goes back to bed
<sahafeez> well i am on 6 mins now and all i am trying to do is active an existing lvm setup
<fabbione> sahafeez: read the bug or you will keep waiting and asking herre
<fabbione> here even
<sahafeez> yes, i am reading now..
* fabbione &
<sahafeez> since i have the time and all.
<sahafeez> between this and the broken ide on my sparc copying files....
<sahafeez> :)
<sahafeez> i am kinda wondering why your servers got so hammered, being large network scaling guy
<Burgundavia> lots and lots of people
<Burgundavia> we did better than suse and fedora last releas
<Burgundavia> they went off the air
<sahafeez> yah, but it is so simple to fix
<maswan> sahafeez: well, it depends, if you can answer me why suddenly there were thousands of CLOSE_WAITs on my mirrors, filling up all the apache slots?
<maswan> with 0 bytes in send-q too
<sahafeez> nice.
<sahafeez> how many servers
<maswan> for my mirror? 6
* sahafeez is still trying to find a server that will let me look at the release notes
<maswan> (i'm se.releases.ubuntu.com)
<sahafeez> how does your SLB work?
<Burgundavia> maswan: you guys are the big ones, no?
<maswan> what's slb? :)
<sahafeez> ah, server load balancers 
<maswan> Burgundavia: we peaked at 3.8Gbit/s, so yeah.
<maswan> ah, large requests (.isos etc) get http-redirected to one of the frontends depending on hash (so that one iso always ends up on the same backend, to keep cache locality)
<sahafeez> was it a load issue or an apache bug issue. 3.8 is not alot
<maswan> sahafeez: don't know, afaik they blame eachother
<maswan> or go "huh?" when reported
<sahafeez> what box is doing that? a linux box or switch hardware
<maswan> the frontend[s]  that's in dns, they have to handle the small files (deb:s etc that can't be http-redirected), and also ftp&rsync
<maswan> individual isos that have more demand than one frontend can satisfy, we manually identify and spread out on more frontends
<maswan> it actually works really well, except when we get that CLOSE_WAIT issue
<sahafeez> was the traffic balanced over the servers - after action - looking that the mrtg or whatever you use
<maswan> http://www.acc.umu.se/technical/statistics/ftp/monitordata/index.html.en
<sahafeez> rrdtool
<maswan> so, not very well balanced, but then the servers are not equal either
<maswan> well enough balanced after 21:00 local time yesterday though
<sahafeez> question, and this is because i am not a linux guy, using ext3 on a lvm for a postgress db. any mount options i should look at
<sahafeez> ok. it would be interesting to see the network drawing.
<sahafeez> i love this kind of stuff.
<sahafeez> setup a network that took a 10gb/s DoS once and kept working
<maswan> well, remember, this is just my mirror at the academic computer club at umea university
<maswan> we're depending on what hardware gets donated to us, and whatever bandwidth the university feel like giving us
<sahafeez> ok.
<maswan> the canoncial setup (main servers) is not public, AFAIK
<sahafeez> no big. i am a nut about network design.
<maswan> so in short, out of those machines orion,vega,napoleon are on a separate 2Gbit/s network [borrowed machines from the hpc center at the uni] , the rest share a 2Gbit/s uplink too.
<maswan> then it ends up roughly like this: http://www.umdac.umu.se/netmaster/net/Campusnetpresentationumu.jpg
<maswan> and then: http://stats.sunet.se/stat-q/load-map/optosunet-kunder,,traffic,peak
<maswan> and sorry, can't think of anything for your mount options question
<sahafeez> no prob
<sahafeez> interesting. it looks abit over complex for my taste...the network
<maswan> the campus one or the optosunet?
<sahafeez> the 2nd one.
<sahafeez> the campus - those are routed or layer2 links
<sahafeez> between the cisco switches
<maswan> sahafeez: remmeber that on the second one, all those names are different universities accross sweden that requires redundant paths
<maswan> the campus one shows the routers on campus, not all the dumb switches
<sahafeez> based on as the cable runs and build out time no doubt vs what would be logical
<sahafeez> ok, so you are using the 65xx as swtich/routers to distribute
<sahafeez> 6509 is a switch cisco just added a router card as an after thought
<maswan> yeah, that's my understanding of it. the next-gen campus network is in next year or so
<maswan> well, there aren't very big routing decisions that needs to be made within campus
<sahafeez> whatever you do do not fill them with gige ports and run them flat out. it will crash ;)
<maswan> :)
<loVolt> mind if I pose a fiesty/samba question ?
<sahafeez> as i am trying to setup samba myself sure
<maswan> loVolt: go ahead, don't be surprised if noone is around to answer
<loVolt> thx , I give it a try
<loVolt> walking though any number of howto's 
<maswan> sahafeez: actually, the optosunet one is based on the returns of a single tender for dark fiber across sweden
<loVolt> I can get everything cept' getent passwd/group to work
<loVolt> like nssswitch is ignored
<loVolt> like bank in 2000/2001 
<loVolt> er bank/back
<loVolt> wbinfo and others work fine
<maswan> sahafeez: and the weirdness comes from requiring a "red" and a "green" network connection to all sites, and there not being enough fiber in the ground to make the most logical extension to all sites
<loVolt> is there a ubuntu-samba chan?
<ajmitch> loVolt: 'winbind enum users = true' in smb.conf
<ajmitch> that allows enumeration of users with getent
<ajmitch> it should be able to resolve normally anyway
<maswan> sahafeez: http://basun.sunet.se/karta/opto2.gif a bit more geographical
<loVolt> yes
<sahafeez> ah, makes sense.
<sahafeez> maswan thanks for sharing the info. i love looking at this stuff
<loVolt> getent only show local pass/groups
<loVolt> shot in the dark
<maswan> sahafeez: btw, sthml is clickable on the optosunet map and you can get to nordunet that way too
<ajmitch> and you restarted winbind after changing that option?
<loVolt> I ran cvs and samba4 last night on fiesty ...semms to go well
<sahafeez> looking..
<loVolt> ajmitch, rebooted even
<ajmitch> loVolt: sorry, it's 'winbind enum users = yes'
<ajmitch> and the corresponding one for groups
<loVolt> ajmitch, yeah users and groups
<ajmitch> getting users/groups off an AD server?
<loVolt> yeah
<ajmitch> security=ads, and realm is set?
<loVolt> yeup
<maswan> sahafeez: everything goes into the a[123] sth routers, using virtual routers in those junipers, AIUI
<ajmitch> wbinfo -u returns the right info?
<loVolt> yes
<loVolt> wbinfo -g as well
<sahafeez> junipers are the best routers right now so that is good.
<ajmitch> loVolt: you could increase the debug output on winbindd
<loVolt> checking
<ajmitch> in /etc/default/winbind
* ajmitch recently had issues with this, and it just took the smb.conf options for getent to work properly
<loVolt> log level = 3 in defaults/winbind do ?
<sahafeez> what is the deal with using a custom kernel on ubuntu. no issues?
<loVolt> sahafeez, haven't found any issues
<loVolt> lots of apt-getting :)
<sahafeez> ok, cool. 
<sahafeez> i want to mount an mac hfs drive ;)
<loVolt> don't forget autoconf if you want other pcakacges
<ajmitch> loVolt: no, I'd put "-d 3 -n" in WINBINDD_OPTS
<loVolt> k 
<loVolt> heh screaming about invalid option :)
<loVolt> fixing
* sahafeez is new to ubuntu and is trying to get my head around it. used to gentoo for linux
<loVolt> I've got two boxes , one fiesty dns only no devl tools and 2nd is fiesty dns with devl / samba4
<loVolt> darned is samba4 didn't "just work"
* loVolt shivvered
<loVolt> k' started again , lets tail the chaos
<loVolt> cool idmap went boom
<loVolt> fatal error uid range full
<ajmitch> wonderful
<loVolt> max 200000
<loVolt> lets up that a bit
<ajmitch> enum users/groups may not be a good thing if you have that many :)
<loVolt> I don't 
<loVolt> about 150 not inc a/d spare parts 
<loVolt> doubled it and rebooting
<loVolt>  load average: 5.64, 5.71, 5.64
<loVolt> different box
<loVolt> :)
<loVolt> wierdness
<loVolt> still says full , could not lookup domain user luser
<loVolt> wonder if I lower the level
<loVolt> trying 2000-10000
<loVolt> same
<loVolt> I need coffee to live
<sahafeez> silly question. how do i see what to install when i do not know the package name. i want to install sshd
<lionel> sahafeez: for ssh the package name is openssh-server
<lionel> in general, you use apt-cache search for package search
<sahafeez> ok. i need to read about apt as it is new to me.
<sahafeez> thanks
<loVolt> gnite
<foxiness> hi, am on step of create " Virtual Server Scenario " url: https://help.ubuntu.com/community/RubyOnRails? , on this line sudo nano /etc/apache2/sites-available/<servername> , <servername> = ??? its not clear to me if i need to <domain.net> or domin.net or domaindotnet
<ivoks> it is irrelevant
<ivoks> you can put there 000-mambo-jambo
<ivoks> content of that file is important
<foxiness> k,now it clear thanks i need now to figure out ,next step port 80 
<ivoks> heh
<ivoks> first time configuring apache?
<foxiness> :) yes
<ivoks> grab a book or something :D
<foxiness> host@home
<foxiness> book? or something? , like what ?
<ivoks> howtos, tutorials, etc..
<ivoks> i have two apache books, both are over 300 pages :)
<ivoks> and these are small apache books
<ivoks> bbl; bye
<foo> Hm, what's your mta of preference? exim? postfix? hopefully not sendmail.
<Nafallo> postficx
<Nafallo> postfix
<sahafeez> telnet mail 25
<sahafeez> ;)
<foo> Nafallo: What's your reasoning? Have you used exim? Someone recently told me to check out ensim, I'm a postfix fan too
<Nafallo> foo: it's built with security in mind and is extendible into infinity. also it's what are recommended from the distroteam.
<foo> Nafallo: Hm, ok, then I think I'll just stick with that.
<Nafallo> good choice :-)
<foo> Hm, now, this system has 5 domains. I've never set up "virtual domains" or something before with postfix, I'll need to figure that one out
<foo> Nafallo: eh, actually, I just remember, this server has debian etch. The data center couldn't put ubuntu on them, eh. I'll still use postfix, though, hehe
<Nafallo> foo: help.ubuntu.com/community/Servers is a good one
<foo> ah, thanks
<foo> Nafallo: Hm, I'm checking out that wiki. I guess, my main concern is say, this server hosts about 5 domains... it only sends mail via the web scripts, it does not receive. How does postfix distinguish which @domain to send mail from if 5 different domains are on the system?
<Nafallo> not sure. I use MUA to send mail myself.
<foo> Mail User Agent ?
<Nafallo> yes
<foo> Nafallo: yeah, seems like the best way to change From: field is just in the code
<foo> Nafallo: thanks
<Nafallo> that's probably right. no problem.
<Impaque> hello, is anyone using AMD64 on Intel-based 64-bit machines?
<Impaque> (amd64 version of ubuntu-server)
<sahafeez> if i want software raid, that is not part of LVM right. i have to make the raid 1st then put the LVM over it'
<soothsay_> Anyone know how to use DHCPD to set (some) fixed ip addresses?
<sahafeez> man dhcpd.conf
<sahafeez> you have to create a static entry via the mac address in the config file
#ubuntu-server 2007-04-22
<J_P> hi all
<J_P> anyone are using with sucess KVM on 7.4 ?
<foo> Hm, what is a better scenario for better IO throughput: a server with 6 500GB drives on RAID5, or 6 separate 500GB drives? 
<foo> We're going to try the former with the dell 2950
<Kamping_Kaiser> foo, i'd go with raid
<foo> That's what I thought. Someone is telling me he thinks 6 drives without RAID and storing files across all the drives and what not will result in better throughput, but I'm not too sure
<foo> But, I'm not too sure
<foo> Any input is appreciated, thanks
<Kamping_Kaiser> i'm asuming scsi, but i dont think 6 drives would be better
<foo> oh, SATA, I think
<foo> Yeah, pretty sure it's SATA
<foo> Yeah, I don't think so either
<foo> Thanks 
<Impaque> foo: the RAID5 is not the speed king
<Impaque> foo: RAID1 is ;)
<foo> Hm, you're kidding - right?
<foo> heh
<Impaque> sorry, 0
<Kamping_Kaiser> 0=striped?
<Impaque> yep
<Impaque> 1 is mirrored
<foo> Right
<foo> 0 does not have redundancy
<Impaque> but still, raid5 should be faster than n independent drives
<Kamping_Kaiser> 0 is fast to write, but reading theres no speed gain is ther?
<foo> We do more reads than writes as well
<Impaque> Kamping_Kaiser: hm, the reads should also be alleviated via striping, so reads should be faster as well
<Kamping_Kaiser> Impaque, but on mirroring it can read both discs, for any data, with striping it has to read set bits of each disc
* Kamping_Kaiser shuts up - cant remember, shouldnt argue it
<Impaque> the data is read in parallel from several discs, less seeking occurs
<foo> Impaque: Are you still implying RAID0 is faster than RAID5 ?
<foo> Only difference between RAID0 and RAID5 is that RAID5 has data redundancy, IIRC
<Impaque> but that also means you use n-1 drives (the capacity of one drive, spread across all of them, is used for parity only. thus, data "spreading" is less than RAID0 with same amount of drives, where even less seeking occurs while reading)
<Impaque> RAID0 is used in video/audio production a lot
<Impaque> take a look: http://www.xbitlabs.com/articles/storage/display/400gb-raid0510.html
<mralphabet> does anybody here have any experience with the arco ide products? specifically, installing the linux module / app?
<burner> anyone having problems with mysql being unable to start?
<foo> burner: That's pretty vague
<foo> burner: Check the error log 
<foo> burner: /var/lib/mysql/*err IIRC
<foo> Impaque: Makes sense, interesting. 
<burner> foo: disregard, seems i never tried it since feisty became final :)
<foo> burner: oh, hehe :D 
<yashton> question: I'm running Ubuntu server 7.04, on original install, i selected dvorak keyboard layout, thinking i'd want to try it, but now i want a regular qwerty setup. I've tried to install console-data and run dpkg-config on that. Also tried to use loadkeys, but i can't find where ubuntu stores keyboard layouts.
<dj-fu> lol
<dj-fu> owned by dvorak
<nictuku> :-)
<nictuku> I don't use 7.04 so I don't know. usually dpkg-reconfigure -plow console-data should work
* dj-fu plows console-data
<yashton> why the -plow?
<yashton> hokay, so i did that, is it going to need a reboot?
<Yakshaver> Anyone have serial consoles working on feisty server i386?  I have grub output, and boot messages, but no login prompt...
<coNP> Hey, does anyone know how to fix squirrelmail address books after an edgy -> feisty server upgrade?
<coNP> I am told "Address book is corrupted. Required fields are missing."
<r00tintheb0x> eeh... eek.
* r00tintheb0x shrugs
<shawarma> coNP: If you fetch the squirrelmail source, there's an UPGRADE file that might be helpful.
<shawarma> coNP: I don't use squirrelmail, though, so I don't know if it actually *is* helpful, but it seems like a sensible place to start.
<shawarma> coNP: It's interesting though that noone reported this. Neither to us, nor to Debian. Do you have a very specialised setup?
<coNP> shawarma: no, actually it is very basic
<shawarma> coNP: http://www.mail-archive.com/squirrelmail-users@lists.sourceforge.net/msg25205.html
<coNP> shawarma: thanks I guess I got the answer
<coNP> I converted the address books with a script and was not aware that all fields are mandatory now
<coNP> shawarma: thanks for helping
<shawarma> np
<Yakshaver> Has anyone actually gotten a serial console working on feisty?  I have grub output, and boot messages, but I don't get a login prompt.
<flowolf> hi all
* netjoined: irc.freenode.net -> brown.freenode.net
<Impaque> compared to LTS version, what are the pitfalls of upgrading the non-LTS server versions (like Feisty) ?
<Impaque> some general experience hints would be appreciated, because i don't know whether to stick with LTS and it's prolonged EOL, or to grab the bleeding edge
<ivoks> upgrading to...?
<Impaque> new version which appears after 18mo
<ivoks> 6, not 18
<ivoks> new version is every 6 months
<ivoks> and you can upgrade step by step
<ivoks> so... you can upgrade 6.06 to 6.10, and then 6.10 to 7.04
<ivoks> you can't upgrade 6.06 to 7.04
<ivoks> it really depends on what your server will do
<ivoks> i have only one server on Edgy (will promote it to Feisty soon), and all others are on LTS
<flowolf> is anyone using software raid in ubuntu server?
<ivoks> (others ~ 30)
<ivoks> flowolf: yes
<flowolf> ivoks: could you take a look on my bug report? https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/108971
<ivoks> so, you don't have devices listed in mdadm conffile
<flowolf> that file is auto created
<ivoks> your /etc/mdadm/mdadm.conf is empty?
<flowolf> no
<flowolf> it is attached
<flowolf> check it :)
<flowolf> http://librarian.launchpad.net/7386866/mdadm.conf
<ivoks> oh, sorry :)
<ivoks> looks ok
<flowolf> mmm
<flowolf> looks like it isn't always working
<flowolf> it just failed to init the system
<ivoks> what does vol_id -u /dev/md0 says?
<ivoks> (as root)
<flowolf> let me reboot
<flowolf> it's on the (initramfs) now
<ivoks> eh...
<ivoks> i have to go now, so i don't have time...
<ivoks> check if uids are correct and status of /proc/mdstat
<ivoks> bye
<h4wk> Getting a very nice error :/
<h4wk> checking for libpq++.h... configure: error: Unable to find libpq++.h 
<h4wk> Got all the postgre packages
<foo> Hmm, looks like the tech had issues installing ubuntu 6.06 on the dell 2950, and 6.10 ... so he installed 7.04 and he said it worked like a charm. Is this ok for production use?
<h4wk> I dont see why not :)
<h4wk> (However you will need to upgrade as support isnt as long as 6.06)
<h4wk> Im just getting annoying postgresql doesnt have libpq++.h anymore
<foo> h4wk: hmm, upgrade... yeah. Odds are that will be a dist-upgrade and won't be too bad, right? I really wish 6.06 worked.
<h4wk> Well ive got 6.06 on my dedi server atm
<h4wk> No regrets, just install 7.04 on my desktop
<h4wk> Shame i still have vista on the laptop
<foo> Yes, that is a shame. Those are the kind of things you keep to yourself.
<foo> :D 
<foo> Do they fix up 6.06 with better hardware support?
<h4wk> Keep to myself :P
<h4wk> id get asked to many questions if i had ubuntu on my laptop!
<foo> hehe
<foo> Ubuntu + beryl
<foo> :)
<benlake> anyone having issues with fiesty needing to have the network modules reloaded to work?
<benlake> after a reboot, I should say.
<h4wk> Humm
<h4wk> indeed foo unbuntu+beryl ftw
<benlake> anyone have MD arrays showing [fail]  to stop on reboot in Fiesty?
<foo> h4wk: :)
* benlake feels unloved
<h4wk> foo
<h4wk> Im having a problem with ubuntu 7.04, beryl and emerald :(
<foo> ah
<foo> #beryl, hm, there are some good guides online
<foo> I have it on 6.06
<foo> :D 
<okaratas> hello
<benlake> anyone have network module issues after an upgrade to fiesty?
<benlake> bI have to rmmod then modprobe my network modules for them to work after a reboot. They are loaded on boot but simply dont work.
<benlake> ....
<Burgundavia> fresh install or udpate?
<benlake> upgrade
<Burgundavia> hmm
<Burgundavia> from 6.10?
#ubuntu-server 2008-04-14
<symtab> plugged the external cable from server A into the external network card in server B
<symtab> and it works
<symtab> this means there is something wrong with the gateway
<symtab> right?
<Deeps> i wouldn't say "wrong"
<Deeps> something in the gateway is preventing you from configuring a second machine using the IP you did
<symtab> yes
<symtab> i'm gonna kill them
<symtab> i told them its something wrong
<symtab> because i configured and reconfigured and reconfigured
<symtab> and all settings where ok and it didnt work
<Deeps> it's not "wrong" if it's by design ;)
<symtab> :)))
<Deeps> the tv pc here wasn't working as the user was expecting, because i'd told iptables to drop all traffic to/from it
<Deeps> it wasn't wrong, it was intentional. running bittorrent on my tvpc. ass.
<symtab> ii hope they made a mistake, or forgot to configure something, if they did it on purpose and i lost almost 3 hours its not good
<Deeps> are you sure the IP you were trying to use on server B wasn't in use by another machine already?
<symtab> they said it isnt
<Deeps> i dont suppose you're newer to linux than they are?
<Deeps> or that you're a renegade linux user in a network full of windows supremists?
<symtab> i use linux for a long time
<symtab> i dont know to much about networks
<symtab> i use linux for web development
<symtab> i think i didnt use windows for like 7 years now
<symtab> i dont use ubuntu on my home desktop box though
<symtab> archlinux
<Deeps> cli network configuration is the same on all distros, same tools at hand
<symtab> they should know more then me about networking for sure
<symtab> yeah i know
<symtab> i configured it ok from the start
<Deeps> is it possible that they might wanna.. "fuck with your shit" and play a prank on you?
<symtab> it didnt work because of some problem on their part
<symtab> no idea
<symtab> :))
<symtab> possible
<symtab> :))
<symtab> ok now the weird thing
<symtab> i put the cable back in the server A and configured it to use .29 as the ip and it works
<Deeps> .29 being....?
<symtab> A = xxx.xxx.xx.28
<symtab> B = xxx.xxx.xx.29
<Deeps> ok
<Deeps> did you spoof the mac address on B?
<Deeps> to match that of A?
<symtab> no
<symtab> i just plugged the A external cable into B, changed the ip to .28 and it also works on B
<symtab> i'm already getting to confusing
<symtab> even for myself
<Deeps> ok, so As cable works on both machines
<Deeps> but Bs cable doesnt?
<symtab> yes
<symtab> B cable doesnt
<Deeps> and you're sure the switchport light for that port is blinking when the cable's plugged in?
<Deeps> try swapping switchports for A and B's cables, try plugging B's cable into a different switchport, fool around, the problem isn't at at the IP level then, it's either with your cable or your switch
<Deeps> shoulda remembered we swapped cables, sorry
<faulkes-> entirely possible that the switch is configured for specific vlans on specific ports
<faulkes-> (noting if it's a switch which supports vlans)
<symtab> problem solved
<symtab> the network cable from server B was the problem
<symtab> :)))
<Deeps> so you get a link light now?
<Deeps> (that you weren't getting before)
<symtab> everything works now
<symtab> thank you very much for helping me
<buzzsaw> good afternoon
<buzzsaw> last night i installed ubuntu-server and had no problems getting onto the interent, i did run into a few proplems latter on and decided to reinstall now it does not seem to want to connect to the internet
<christoz> hello ...an Http cache cleaner app starts running every 10 mins
<christoz> but apache is turned off already
<christoz> why is this happening?
<Kamping_Kaiser> what is the app?
<christoz> Http cache cleaner
<christoz> application
<Kamping_Kaiser> you must have installed it. apache doesnt have a cache cleaner 'by default'
<christoz> hmm...maybe i don't need this one...are you saying to unistall it..?
<Kamping_Kaiser> yes. or work out what it is, and disable it
<christoz> is it possible to use this app and other programs
<christoz> ?
<christoz> oops sorry
<christoz> *without and
<christoz> the Http is only for server right?
<Kamping_Kaiser> not sure what you mean
<christoz> nevermind  I'll google about it ...thanks
<warchief_ryan> can anyone help me with Squid proxy?
<warchief_ryan> does it run in SSL mode by defualt... is that why yahoo and irc only work when added to the SSL_ports acl?
<warchief_ryan> also which entry allows the Safe_ports and SSL_ports acls? I dont see one at all, I thought it would need a "http_access allow Safe_ports
<warchief_ryan> Or does there even need to be one or does it just know to allow any ACLs with the Safe_ports name?
<Kamping_Kaiser> by default irc/"yahoo" wont go through squid anyway
<Kamping_Kaiser> so it sounds like youve done something screwy with your firewalling
<Kamping_Kaiser> and re ssl by default, no it doesnt
<warchief_ryan> my firewall allows the IRC and Yahoo ports, I also added them to the Safe_ports in squid
<warchief_ryan> it wasent till I placed them in the SSL_ports that they worked
<warchief_ryan> Im guessing the "http_access deny !Safe_ports", means any port not in the Safe_ports acl is allowed right?
<warchief_ryan> i mean blocked
<warchief_ryan> I see now its webmin it what is set to require ssl, so I did need to add it to ssl acl...
<warchief_ryan> I don't see way 6667 has to be in the SSL acl...
<hansin> Excuse my ignorance if this should be obvious, but I want to clarify: I know one of the main differences between Ubuntu and Ubuntu Server is the kernel, in particular the compile time options/flags.  I read a comparison once that went through these.  One difference I think had to do with the timer, one kernel set at 250 hz and the other at 1000 hz (something like this I think; these being ticks?).  With the advent of the 'tickless'
<stwange_> can anyone point me in the right direction for having my server handle email from multiple domains please? I don't know anything at all about it, I've been looking at exim but I'm not sure if it's the right solution
<buzzsaw> i installed ubuntu server eduition and i was able to get the dhcp client up and working
<buzzsaw> however i have been un successful in getting my masquerading to work
<buzzsaw> i have tried several different tutorials/guids but... still unsuccessful
<linux2464> anyone know how i can enable more tty# screens?
<Kamping_Kaiser> what version?
<linux2464> ubuntu hardy
<Kamping_Kaiser> no i dont
<linux2464> any, it should be the same
<linux2464> from debian up to ubuntu hardy
<Kamping_Kaiser>  /etc/inittab if your lucky
<Kamping_Kaiser> should be? lol
<linux2464> i am knew to cli
<linux2464> i tried screen, but it just froze one of my tty windows
<linux2464> *new
<Kamping_Kaiser> you scroll probably locked it or something
<linux2464> yeah, i tried to kill it with no luck
<Kamping_Kaiser> how?
<linux2464> screen -wipe name-of-screen
<linux2464> i guess there is no easy way to add tty screens besides ssh?
<Kamping_Kaiser> your on a remote host?
<linux2464> no
<linux2464> local
 * Kamping_Kaiser wonders why ssh would be relevent
<linux2464> but if i had to use a remote host to get more tty screens
<linux2464> i would
<Kamping_Kaiser> learn some basics of screen, you only need 3/4 commands to get by.
<linux2464> do you know what they are (+) descriptions?
<linux2464> that would help me a ton
<linux2464> if there are only 3 - 4
<Kamping_Kaiser> ^a (control a) == next character is a screen command.
<Kamping_Kaiser> d == detach
<Kamping_Kaiser> x == lock
<Kamping_Kaiser> esc (escape key) == copy mode (which can be used for scrolling up/down), or (iirc) shift+[ == scroll
<linux2464> thanks Kamping_Kaiser, i'll try that now (does x toggle?)
<Kamping_Kaiser> linux2464, when you use x it asks for a password before unlocking
<linux2464> oh, thats cool
<linux2464> very useful
<Kamping_Kaiser> the standard ^s and ^w for lock and unlock of scrolling apply as per normal
<linux2464> i'll have to play around with those commands
<linux2464> terminal is a very nice environment
<Kamping_Kaiser> nicely portable too
<arstanj> Hi is there a way to list services on runlevels?  update-rc.d add/remove only so far...
<ShiroUsagi> Hi, could anyone here help me with samba on Gutsy?
<ShiroUsagi> Two machines are connected via a netgear switch to an adsl-modem set up as router, file sharing via network suddenly stops working at some point.
<ShiroUsagi> And I can`t even access my shared folder on the local machine.
<spiekey> hey
<spiekey> does anyone know how i can transfer a file with a tftp client?
<spiekey> i seem to google for the wrong search expressions. :-(
<\sh> spiekey, tftp <server> -> standard commands? :)
<spiekey> oh.
<\sh> spiekey, the magic part is to setup a tftpd so it can save your files
<spiekey> i got that working without any problems ;)
<spiekey> argh...any idea what i am doing wrong here? http://pastebin.ca/984566
<mok0> spiekey: do you have the directory /var/lib/ftp?
<mok0> spiekey:  By default, tftpd  will  only  allow upload  of files that already exist
<spiekey> mok0: yes the dir exists
<mok0> spiekey: the file must also exist
<spiekey> yey! Thanks!
<spiekey> what a weird ftp server ;)
<faulkes-> it's not called tiny for just any reason
<faulkes-> s/tiny/trivial/
<_ruben> the "file must exist" feature has bitten me in the arse as well in the past :)
 * delcoyote hi
<kirkland> MatthewMetzger: ping
<MatthewMetzger> hello kirkland
<kirkland> MatthewMetzger: hey there, sorry for the delay in getting back with you
<kirkland> MatthewMetzger: my inbox is stacked up
<MatthewMetzger> no problem. It was the weekend. :)
<MatthewMetzger> I took a little break.
<kirkland> MatthewMetzger: that it was ;-)
<kirkland> MatthewMetzger: so a couple of questions for you....
<kirkland> MatthewMetzger: first, here's my memory information on my squid proxy at home:
<kirkland>              total       used       free     shared    buffers     cached
<kirkland> Mem:          3834       3794         39          0        112       3228
<kirkland> -/+ buffers/cache:        454       3380
<kirkland> Swap:         5999         42       5957
<MatthewMetzger> so it caches a lot, too.
<kirkland> fairly high cache usage too
<kirkland> MatthewMetzger: yep, I agree
<`6og> !tell kirkland about pastebin
<kirkland> `6og: I understand, it was only 4 lines
<`6og> perhaps you need the !enter one then (that was almost 10 lines from you in a row)
<kirkland> MatthewMetzger: are you using swap?
<MatthewMetzger> It's all free right now: Swap:         2870          0       2870
<kirkland> MatthewMetzger: hmm, that looks very similar to mine too
<MatthewMetzger> I haven't had problems over the weekend, but almost no one was using the machine.
<MatthewMetzger> I've been running the update as often as possible via aptitude.
<kirkland> okay, i'm going to talk to some kernel guys to find out if high cached usage is a bad thing
<kirkland> MatthewMetzger: i'm not convinced it is, yet
<MatthewMetzger> I'll be performing an upgrade of Koha library system software. I think a mysql search in Koha is what actually caused the machine to crash because it didn't have the memory it needed.
<kirkland> MatthewMetzger: except that you're saying that machine crashed
<MatthewMetzger> kirkland: I really appreciate your help.
<kirkland> MatthewMetzger: do you have that bug number handy?
<kirkland> MatthewMetzger: no problem
<MatthewMetzger> kirkland: we live in the same time zone. I'm in Iowa right now, I will be relocating to Wisconsin
<MatthewMetzger> https://bugs.launchpad.net/bugs/215998
<ubotu> Launchpad bug 215998 in squid "possible memory leak in Hardy's squid" [Undecided,Incomplete]
<kirkland> MatthewMetzger: perfect, thanks, saved me a trip down the inbox
<kirkland> MatthewMetzger: http://gentoo-wiki.com/FAQ_Linux_Memory_Management#Overview_of_memory_management
<MatthewMetzger> checking it out...
<kirkland> MatthewMetzger: when your machine "crashes", can you describe that a bit more?
<kirkland> MatthewMetzger: is it a kernel oops?
<kirkland> MatthewMetzger: does it go unresponsive?
<kirkland> MatthewMetzger: does it just start killing processes?
<MatthewMetzger> well, it's only happened two times. It gets real sluggish, eventually it stops responding. Once, when I was able to run top, it showed a load of "22". It was so sluggish that I had to reboot. I saw squid "out of memory errors" on the screen, which initially made me think the problem was squid.
<kirkland> MatthewMetzger: okay, that might actually sound like *extreme* disk swapping
<kirkland> MatthewMetzger: the kernel is trying to dump all of memory to swap disk space
<MatthewMetzger> If I remember right, it was swapping at that point. I should have taken a picture of the screen when it happened.
<kirkland> MatthewMetzger: were you near the machine at the time?  If so, you might have heard a *whole lot* of disk noise
<MatthewMetzger> It's a Mac mini. The fan was running hot. Can't hear much else (nice and quiet even under heavy load).
<MatthewMetzger> I was in the server room.
<thesyko> guys
<ghostnob> one quick question: I'm seting up WIndows server 2003 in addition to my ubuntu server at home, should they both have the same domain names but different hostname? (2) Will they not confilct? Ubuntu is going to be used for my web development database server and other backups and windows is going to be used for my main back ups and antivirus scan for each file I back up on it.
<kirkland> a mac mini server....  kirkland snickers :-)
<thesyko> wanna ask
<kirkland> (in good nature, of course, MatthewMetzger )
<thesyko> the std ubuntu server kernel is it hardened already ?
<MatthewMetzger> kirkland: isn't ubuntu wonderful :) The Mac mini was a perfect solution for the amount of traffic that our server actually handles. Takes less power to run than a light bulb.
<kirkland> MatthewMetzger: yes indeed, mac mini's are great, i have a powerpc one
<MatthewMetzger> :)
<thesyko> kirkland, how much does a mac mini retail for now a days?
<MatthewMetzger> So it looks like this might be a normal memory issue.
<MatthewMetzger> thesyko: around $600
<MatthewMetzger> they raised the price for the intel due chip.
<thesyko> with 1gig of memory?
<MatthewMetzger> it used to be around $500
<MatthewMetzger> thesyko: I GB, yes
<thesyko> and ubuntu runs smoothly on it?
<thesyko> the server edition?
<thesyko> you have to use the i386 or x64 edition?
<MatthewMetzger> thesyko: works great, except for my current problem which probably isn't related to hardware.
<kirkland> thesyko: craigs list, i got mine for $200
<MatthewMetzger> server edition.
<MatthewMetzger> i386
<MatthewMetzger> The one thing is that you have to use the Mac disk utility to format the drive before trying to install ubuntu.
<MatthewMetzger> that took me a few hours to figure out.
<thesyko> cool
<thesyko> i may also try and 1 one for myself
<thesyko> and get rid of my bulky intel dual core server
<kirkland> ghostnob: that sounds right
<thesyko> i have like 8 of them
<thesyko> its bloody hell noise and hot
<kirkland> they also make great mythfrontends
<MatthewMetzger> Mac minis are nice and quite.
<kirkland> MatthewMetzger: okay, i'm creating a virtual machine to mirror your environment right now
<thesyko> ok btw any of u guys know if the ubuntu server kernel are hardened ?
<thesyko> i mean i wanna run them for a router/firewall for my servers
<ghostnob> ok... which one should I install first? I'm thinking of installing ubuntu first, but I want windows 2003 to be accessible by the public so I can link my ubuntu to it.
<MatthewMetzger> kirkland: thanks so much. mysql. apache, with webdav. squid. perl with Koha. I'm thinking that koha was the straw that broke the camel's back (caused it to crash). Like I said, I'll hopefully be upgrading from alpha to beta in a day or two.
<kirkland> MatthewMetzger: to summarize where we are, I think the Linux kernel is behaving properly, caching all memory, clearing the cache as necessary, allocating cached memory to Squid, swapping to disk when Mysql pounds it
<kirkland> MatthewMetzger: it's the swapping to disk that I *think* is what you perceived (or perhaps even caused) a full out system crash
<MatthewMetzger> kirkland: that sounds correct to me.
<kirkland> MatthewMetzger: that problem could be exacerbated or accelerated by a memory leak in Squid
<kirkland> MatthewMetzger: ie, imagine squid demanding more memory at the same time mysql is demanding more memory all the while you're swapping in and out of disk
<MatthewMetzger> kirkland: Yes, it seems to happen more quickly when squid is running and one time squid stopped working and I ran /etc/init.d/squid restart and it came back up.
<kirkland> MatthewMetzger: hang on a second...  what's alpha?
<MatthewMetzger> I believe it stopped working because it ran out of memory. At that time, mysql would not have been seeing much use.
<kirkland> MatthewMetzger: is this Hardy alpha?
<kirkland> MatthewMetzger: I thought you were aptitude up-to-date?
<MatthewMetzger> kirkland: not that I know of. I am aptitude up to date. My Koha install (library server software) is alpha. Will be upgrading to beta2 soon.
<kirkland> ghostnob: I don't know which is better to install first....  Usually, if I buy a new machine, and it has Windows preinstalled, I just leave that there, and then install Ubuntu
<kirkland> thesyko: defined "hardened"?
<kirkland> thesyko: Hardy supports both Apparmor and SELinux, you can use either one
<kirkland> MatthewMetzger: gotcha, sorry.
<ghostnob> kirkland: I have like 4 machines here and they are both on different machines
<thesyko> hardened
<thesyko> = something suitable to be run on a firewall/ router
<pr0le> thesyko: I wouldn't count on it.  Build your own kernel if you're concerned about it.
<pr0le> and use apparmor for userland
<MatthewMetzger> thesyko: I love ubuntu, but I'm using pfsense as a firewall now and I like it a lot.
<pr0le> pfsense++
<kirkland> thesyko: jdstrand is knowledgable on security and firewalls, he might be able to help answer your question
<MatthewMetzger> pr0le: I'm looking to get the time to compare pfsense with ubuntu + ebox. It looks like ebox has some router functions.
<pr0le> haven't heard of ebox
<thesyko> honestly ebox sucks
<thesyko> 1 reasons why it sucks
<MatthewMetzger> thesyko: It's touted by ubuntu, I haven't used it yet.
<thesyko> 1 ) never run a fileserver on the samebox as you firewall /  router
<thesyko> its a big NO NO
<pr0le> looks like it's got lots of features
<thesyko> 2) it doesnt even have a PPPOE dialer for heaven sake
<thesyko> whats the purpose of a router if you cant even connect via PPPOE, not every 1 has static ip or DSL
<dexem> thesyko: 1) Install 1 ebox just with a firewall as a router and another one with samba, it's easy to have them separately
<thesyko> yeah
<thesyko> i used to run a debian firewall before
<thesyko> with iptables and all
<thesyko> it was a sarge box on a old crap piece of hardware
<thesyko> pentium 166 with 256 ram
<dexem> and for 2) you can access trough ssh and install PPPOE while it's done that feature ;) or you can do it for the project :D
<pr0le> pfSense is designed just for firewall/routing and uses OpenBSDs pf
<thesyko> for number 2) i tried that
<thesyko> the problem is ebox keeps overiding my setting with their default setting
<jdstrand> thesyko: hardy actually has a lot of kernel and compiler hardening. ASLR, stack protection, heap protection, non-exec memory, kernel memory address protection and NULL address space protection
<thesyko> but best to get hardy in like 10days time :)
<thesyko> both my desktop and notebook are running hardy beta
<jdstrand> thesyko: more on all of this will be on http://www.ubuntu.com/products/whatisubuntu/serveredition/features (when it is published, which should be very soon)
<MatthewMetzger> thesyko: Yes, fileserver and router are bad on the same machine, but it doesn't mean that you have to run it that way. You could just use the routing ebox modules on the router and the filesharing modules on another ebox machine.
<MatthewMetzger> jdstrand: Sorry, the page you are looking for was not found
<thesyko> i'm even finishing my apt-mirror for hardy :)
<jdstrand> thesyko: it's always a real trade-off compiling your own kernel, cause it's no longer 'supported', and you will have to do it for all upgrades
<dexem> thesyko: to "hack" ebox configuration is better to modify its templates instead the config files
<jdstrand> MatthewMetzger: yes, hence the 'when it is  published, which should be very soon
<dexem> then, everytime the template is used your changes are kept
<MatthewMetzger> jdstrand: okay, thanks :)
<thesyko> yeah, i think i'll stick with the good ol's way of doing a firewall
<thesyko> btw any of u guys know how to get upnp working in a router /  firewall
<MatthewMetzger> thesyko: then definitely check out pfsense. It's a good solution.
<thesyko> pfsense :) its BSD based right?
<MatthewMetzger> thesyko: yes.
<thesyko> cool
<thesyko> i'm downloading pfsense now
<thesyko> does pfsense have transparent smtp relaying and squid?
<pr0le> Squid is available as a package - I don't think transparent SMTP is supported
<thesyko> i need something that can do trasparent smtp relaying so that it'll capture all smtp trafic and forward it to my mail relay box
<pr0le> thesyko: you might be able to install something seperately
<thesyko> ok
<thesyko> let me see if pfsense has any add ons
<thesyko> nvm let me ask on the pfsense chat room and see :)
<wo0f> hi
<wo0f> do i have to manually grade unbuntu-server 7.04
<wo0f> ?
<wo0f> im not getting an update option in aptitude
<wo0f> :S
<wo0f> etc/apt/sources.list is still showing 7.04 repos :S
<kirkland> wo0f: do you have a graphical desktop?
<kirkland> wo0f: if so, you should be able to run "update-manager -c -d"
<kirkland> wo0f: or use Synaptic to upgrade
<kirkland> MatthewMetzger: are you running the server kernel, or the generic kernel?
<kirkland> MatthewMetzger: uname -a
<MatthewMetzger> Linux document-server 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
<nijaba> wo0f: if you do not have a GUI:  sudo aptitude install update-manager-core
<nijaba> wo0f: sudo do-release-upgrade --devel-release
<MatthewMetzger> kirkland: Yes, I'm running the server kernel.
<kirkland> MatthewMetzger: good, thanks.
<kirkland> MatthewMetzger: what's your memory-to-swap ratio again?
<kirkland> MatthewMetzger: memsize, swapsize?
<MatthewMetzger> 1 GB RAM, 3 GB swap
<kirkland> MatthewMetzger: wow, okay.
<kirkland> MatthewMetzger: plenty of swap ;-)
<MatthewMetzger> kirkland: I think I set it up a bit odd, but I thought extra swap wouldn't hurt.
<MatthewMetzger> Swap:         2870          0       2870
<MatthewMetzger> from free -m
<kirkland> MatthewMetzger: should not hurt
<kirkland> MatthewMetzger: I tend to use swapfiles, myself
<kirkland> MatthewMetzger: much easier to adjust
<kirkland> MatthewMetzger: I'm hoping to help get the installer to support that in intrepid...we'll see....
<MatthewMetzger> kirkland: that would be great. I've never played with swap files (probably because they weren't an installer option) :)
<kirkland> MatthewMetzger: it's trivially 3 steps: 1) create the file, 2) format it swap, 3) tell the kernel about it
<kirkland> MatthewMetzger: : 1) dd if=/dev/zero of=/path/to/swapfile bs=1M count=3000
<kirkland> MatthewMetzger: 2) mkswap /path/to/swapfile
<kirkland> MatthewMetzger: 3) swapon /path/to/swapfile
<MatthewMetzger> I'm copying and pasting that to my notes right now. Thanks :)
<MatthewMetzger> kirkland: does that mean that if you already have a swap partition, there will be two swap locations?
<MatthewMetzger> or will it switch to the new one?
<kirkland> MatthewMetzger: yup
<kirkland> MatthewMetzger: cat /proc/swaps
<kirkland> MatthewMetzger: that'll show you all of the swap partitions the kernel knows about
<kirkland> MatthewMetzger: historically, swap partitions were faster than swap files
<kirkland> MatthewMetzger: but modern linux kernels, the performance difference isn't noticable
<MatthewMetzger> Excellent. Thanks for the tip.
<kirkland> MatthewMetzger: IMHO, swapfiles are far more flexible
<wo0f> kirkland, nijaba; cheers for you help (no i dont have gui)
<kirkland> MatthewMetzger: which apache?
<mathiaz> wo0f: it seems that you're upgrading from 7.04 - then don't use the --devel-release option
<mathiaz> wo0f: upgrade from 7.04 to 8.04 are *not* supported
<mathiaz> wo0f: you need to upgrade to 7.10 first
<wo0f> ah cheers mathiaz
<wo0f> and omg 8.04 is out:O
<mathiaz> wo0f: not yet
<mathiaz> wo0f: if you use the --devel-release option you'll see it
<mathiaz> wo0f: 8.04 is still the development release
<wo0f> ah
<wo0f> i only want to upgrade too the stable realease
<wo0f> with is still 7.10 right?
<mathiaz> wo0f: yes
<mathiaz> wo0f: sudo do-release-update will do the right thing
<mathiaz> wo0f: s/do-release-update/do-release-upgrade/
<MatthewMetzger> kirkland: Server version: Apache/2.2.8 (Ubuntu)
<MatthewMetzger> Server built:   Feb  2 2008 04:03:01
<wo0f> mathiaz: cheers mate =]
<kirkland> MatthewMetzger: and webdav?
<MatthewMetzger> kirkland: yes
<kirkland> MatthewMetzger: what package are you using for webdav?
<kirkland> MatthewMetzger: ie, what package provides webdav?
<mathiaz> kirkland: mod-webdav is part of the apache2 package
<MatthewMetzger> kirkland: I just enabled the apache module. How would I find out?
<mathiaz> kirkland: have look in /etc/apache2/mods-available/
<MatthewMetzger> mathiaz is right.
<mathiaz> kirkland: and the a2enmod command
<nxvl> soren: around?
<kirkland> mathiaz: MatthewMetzger: gotcha
<nxvl> soren: can you give a try: https://code.edge.launchpad.net/~nvalcarcel/+junk/qemu-dist
<nxvl> i need some testers
<kirkland> MatthewMetzger: fyi, "dpkg -S <filename>" will tell you what package provides a given file
<MatthewMetzger> kirkland: You should probably definitely keep testing this problem, but I think I found the bug that caused the crash.
<kirkland> MatthewMetzger: pray tell......
<MatthewMetzger> kirkland: thanks of the dpkg -S thing....
<kirkland> MatthewMetzger: mathiaz: so I don't have a mod-webdav included in the apache2 package I installed...
<kirkland> MatthewMetzger: would you run dpkg -S on the mod-webdav file?
<MatthewMetzger> a mysql query in Koha (the library software) that contains an "and" has the url formated as containing "+and+". This seemed to cause a loop.
<mathiaz> kirkland: look under dav
<kirkland> mathiaz: thanks.
<MatthewMetzger> kirkland: apache2.2-common: /usr/lib/apache2/modules/mod_dav.so
<MatthewMetzger> regarding Koha: I'm talking on the koha IRC channel now. The devs there helped me isolate the problem. I'm not sure if an upgrade will help solve the problem yet or not.
<kirkland> MatthewMetzger: okay, i'm doubtful that there is a leak in hardy's squid
<kirkland> MatthewMetzger: shall we close 215998?
<MatthewMetzger> kirkland: I think you are right. I'm sorry to have sent you on a wild goose chase.
<MatthewMetzger> kirkland: yes.
<kirkland> MatthewMetzger: ah, it's okay.  you were asking smart questions, that's what counts.
<MatthewMetzger> kirkland: I'm learning a lot. I love this stuff :)
<CarlFK> u-server is installed to /dev/sda1.  what would it take to add a usb drive and make that a mirror (raid 0 i guess)
<CarlFK> hoping to make a 'live' backup, so if sda crashes, the usb drive can be moved to a new box and booted
<kirkland> CarlFK: mirror is RAID1
<kirkland> CarlFK: striping is RAID0
<CarlFK> kirkland: oh yeah - right
<kirkland> CarlFK: so I've done this before, but it is sketchy--how sensitive is your data on sda1 right now?
<CarlFK> doesn't even exist yet
<kirkland> CarlFK: it's not installed?
<CarlFK> don't even own the hardware :)
<kirkland> CarlFK: :-)  in that case, the Ubuntu installer supports installation to RAID
<CarlFK> http://koolu.com/Koolu-WE-Appliance/Works-Everywhere-Appliance.html
<kirkland> CarlFK: you'd just set up RAID1 when partitioning
<CarlFK> thinking of getting one of those, and didn't want to bother re-installing
<CarlFK> more of a curiosity than a need
<kirkland> CarlFK: okay, in that case, i'll give you the no-warranty one-paragraph description of how to do this ;-)
<kirkland> CarlFK: you'd boot off of some live media (ubuntu live cd, knoppix, dsl, the like)
<kirkland> CarlFK: you'd use fdisk to change the partition type from Linux filesystem to Linux RAID (0xfd)
<kirkland> CarlFK: that's on sda1
<kirkland> CarlFK: you'd then partition your usb drive too
<kirkland> CarlFK: mark it as 0xfd too
<kirkland> CarlFK: then, you'd create your md0 in degraded mode
<kirkland> CarlFK: so you'd tell it make a raid1 mirror device, but start it out with only 1 of the 2 devices in the mirror active
<kirkland> CarlFK: the command would be something like:
<CarlFK> is the 'active' device sda1?
<kirkland> CarlFK: yes
<kirkland> CarlFK: mdadm --create /dev/md0 --force --level 1 --raid-devices 1 /dev/sda1
<kirkland> CarlFK: then you'd check the status with `cat /proc/mdstat` and `mdadm --detail /dev/md0`
<kirkland> CarlFK: if you see if you've started the device, and it's running in degraded mode (1 of the 2), then you're good, next you add the second device
<kirkland> CarlFK: mdadm /dev/md0 --add /dev/sdb1
<kirkland> CarlFK: that should trigger a resync, which can take a few minutes or a few hours depending on disk size and bus speed
<kirkland> CarlFK: monitor that with `watch -n 1 cat /proc/mdstat`
<kirkland> CarlFK: when that completes, you'll have a sync'd raid
<kirkland> CarlFK: oh, we need to take one giant step back....  before booting the live media, make sure the mdadm tools packages are installed on the os running on /dev/sda1
<CarlFK> so the bytes on sda1 are the same?
<kirkland> CarlFK: yep
<CarlFK> i thought there was a bit of a header
<kirkland> CarlFK: at that point, you can mount /dev/md0
<kirkland> CarlFK: still in the livecd boot
<kirkland> CarlFK: you'll need to mark up /etc/mdadm.conf and /etc/fstab
<kirkland> CarlFK: to make sure that it's mounting / off of the raid device
<kirkland> CarlFK: and if you want to be able to boot off of the usb drive, you'll need to grub-install it
<CarlFK> i wonder how much of that I need to do with the live cd
<mathiaz> kirkland: you can create md0 with sda1 ?
<CarlFK> fdisk /dev/sda - I bet I could do that on the live system.  then reboot
<mathiaz> kirkland: I'd tought I do it the other way around
<mathiaz> kirkland: create md0 with sdb1 in degraded and cp file from sda1 to md0
<mathiaz> kirkland: then add sda1 to md0
<mathiaz> kirkland: isn't there some modification needed to the partition to make it RAID-aware ?
<CarlFK> mathiaz: that's what I am thinking too
<CarlFK> bb in 20
<kirkland> mathiaz: yes, see my comments about fdisk and 0xfd
<mathiaz> kirkland: right - but you also need to create the RAID metadata on the partition
<mathiaz> kirkland: setting the partition type to 0xfd isn't enought
<mathiaz> kirkland: that takes some space - and you  may loose some data on the existion partition
<mathiaz> kirkland: I haven't tested that though - I'm just gessing here
<kirkland> mathiaz: hmm, i haven't seen that
<kirkland> mathiaz: i'd think the mdadm --create handles that
<mathiaz> kirkland: right - and so you'd scrap some data on the existing partition
<mathiaz> kirkland: altough I don't know where the RAID metadata is written on the partition
<mathiaz> kirkland: it may be at the end, so you wouldn't loose any data on sda1 if you're lucky
 * kirkland goes look at his Linux Raid book
<MatBoy> what package do I need to use sudo /etc/init.d/mysql reset-password ?
<kirkland> MatBoy: well, /etc/init.d/mysql is provided by the mysql-server-5.0 package
<MatBoy> kirkland, yes, but it doens't recognize that command
<MatBoy> I mean, the reset-password
<kirkland> MatBoy: agreed, doesn't look like that's a supported option
<kirkland> MatBoy: what led you in that direction?
<MatBoy> kirkland, test install and my laptop HD crashed
<MatBoy> and my pass was on that machine in a temp file
<kirkland> MatBoy: http://ubuntu.flowconsult.at/en/mysql-set-change-reset-root-password/
<kirkland> MatBoy: https://help.ubuntu.com/community/MysqlPasswordReset
<MatBoy> kirkland, yep, the know way. but I liked that option too :)
<MatBoy> thanks btw
<kirkland> CarlFK: mathiaz: http://howtoforge.com/set-up-raid1-on-a-running-lvm-system-fedora8
<kirkland> mathiaz: that article confirms your suggestion, copy to sdb first
<CarlFK> kirkland: thanks
<kirkland> CarlFK: there are some differences there (LVM, Fedora8), but it's a very well don article
<mathiaz> kirkland: right - you need to copy to sdb first
<leonel> ScottK: Clamav 0.93 on the mirrors  not officially announced ..
<kirkland> CarlFK: http://howtoforge.com/software-raid1-grub-boot-fedora-8  <= that one is without LVM
<Griz> Hey Gang. I'm used to looking in  /etc/inittab  to find out what the machine has set for the default run-level. That doesn't exist here in ubuntu-server so which file IS specifying this??
<zul> Griz: to find out which runlevel you can run the command runlevel
<Griz> zul, Thank You. Now, how can I specify, at boot-time which runlevel I want the box to boot too? (not at grub or lilo time, but default setup)
<zul> Griz: runlevel --set= should work
<Griz> zul, Thank You, Again. :-)
 * kirkland wonders if we should put a couple of notes to that effect in /etc/inittab ....  that question comes up a lot (from RH/SUSE/Debian users, presumably)
<zul> kirkland: shouldnt it be in help.ubuntu.com shouldnt it?
<kirkland> zul: yeah, probably, but most any reasonably informed experience Linux/UNIX user would start with /etc/inittab, which doesn't exit
<leonel> ScottK: CVE-2008-1100   for  hardy and Dapper
<zul> yep yep
<ubotu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100)
<Griz> kirkland, imho, yes, there should be something for us old pharts. :-)
<GH-VAIO> hello, antbody here wanna trade shell accout?
<trappist> I've just tried to install update-manager-core on a dapper server, and there doesn't seem to be any such package.  any ideas why?
<trappist> or, what's the proper upgrade path from dapper to devel release?
<sommer> trappist: do you have the dapper-updates repository enabled?
<trappist> sommer: oops, apparently not, thanks
<sommer> trappist: np
<sommer> trappist: you'll want to update to the latest packages before upgrading :)
<trappist> yeah that part's done
<sommer> ah, then you should be able to do do-release-upgrade -d, once you've installed update-manager-core
<trappist> that's the plan
<sommer> heh, I love it when a plan comes together
<Goosemoose> hi guys, how's testing of the latest ubuntu coming along? Anyone testing the Active Directory logins?
<trappist> dependency issues :/ comes down to python2.4-apt depending on libapt-inst-libc6.3-6-1.1 and libapt-pkg-libc6.3-6-3.11, both of which are virtual packages with no installation candidate
<|Lee|> How can I open up another window on server edition? Like, one for irssi, one for lynx.
<nijaba> |Lee|: use screen
 * nijaba -> food
 * kraut eats nijaba 
<kirkland> |Lee|: ctrl-alt-f1 , ctrl-alt-f2 ... ctrl-alt-f8
<zul> kirkland: ewww :) screen is your friend
<kirkland> |Lee|: that'll give you 8 separate consoles, screen is much, much nicer, though
<kirkland> zul: is screen in the server seed?
<zul> it should be
<faulkes-> afaik screen should be in there
<Griz> screen should be in EVERY install. :-)
<kirkland> okay, i couldn't remember if i added that myself or not
<zul> kir: its in main anyways
 * Griz LIVES in screen(s)
<kirkland> it's not in a "cli" install from a mini.iso
<Griz> yeah, i know.   :-(
<|Lee|> When something tells me to install linux-headers-'uname -r', what package do I install?
<trappist> |Lee|: replace the ' with `
<trappist> |Lee|: run uname -r to get an idea what it's doing
<|Lee|> Danke, trappist.
<Griz> |Lee|, run   uname -r   and it will show you what kernel you are on.
<trappist> so you'd literally type sudo apt-get install install linux-headers-`uname -r`
<Griz> |Lee|, then, append that to the  linux-headers-  and yer set.
<|Lee|> Oh.
<Griz> :-)
<trappist> or just use the backticks :)
<nealmcb> sommer: are you gonna be there tomorrow morning, bright and early(!)?  https://wiki.ubuntu.com/CommunityCouncilAgenda
<Griz> |Lee|, or, just make sure you're using a  back quote  and then the command itself will run. :-)
<cellofellow> how can I clean up my PostgreSQL installation so I can start over?
<cellofellow> looks like purging and reinstalling did the trick
<sommer> nealmcb: planning to be, thanks for the Testimonial, I appreciate it
<nealmcb> you deserve it!
<sommer> heh, thanks
<nealmcb> yo folks - put in a good word for our next Ubuntu member candidate - sommer!  :-)
<trappist> any reason /boot is empty?
<cellofellow> how do I get in to my PostgreSQL configs with phpPgAdmin?
<Griz> trappist, yeah, you forgot to mount it.
<trappist> Griz: I guess so, but mounting it says "mount: /dev/sda1 already mounted or /boot busy", and mount says it's not mounted and lsof doesn't report anything using it
<soren> check /proc/mounts..
<soren> Stuff that gets mounted before /etc is remounted read-write might not be in /etc/mtab (which is what mount reads from).
<trappist> soren: good thinkin, thanks
<bdmurray> mathiaz: ping
<trappist> I'm running do-release-upgrade -d from dapper and it aborts without any useful info that I can see.  Calculating the changes, then Restoring original system state, then Aborting
<trappist> anyone seen this?
<Kamping_Kaiser> trappist, try #ubuntu+1 theres probably people there who can help
<trappist> thanks
<mathiaz> bdmurray: hellowwww
<mathiaz> kirkland: what's you doc idea ?
<kirkland> mathiaz: I've been thinking about a tool that searches a hierarchical list of locations where Ubuntu documentation might be found, in parallel, and organized
<kirkland> mathiaz: starting with manpages, info pages, community documentation in the wiki, forums, and launchpad, then just google
<mathiaz> kirkland: humm... There is a lot of abstract words in that statement
<mathiaz> kirkland: could you be more concrete ?
<kirkland> mathiaz: sure...
<kirkland> mathiaz: define a list of locations where documentation on a given topic might be found
<kirkland> mathiaz: and a logical order for searching those
<kirkland> mathiaz: let's start with (1) man pages, (2) help.ubuntu.com, (3) ubuntuforums.org, (4) launchpad (answers/bugs)
<mathiaz> kirkland: right - something like: for apache2 you should look at : 1. man apache2, 2. the server guide (url to the apache2 section) 3. wiki pages, etc...
<kirkland> mathiaz: yes, the server guide, i forgot about those
<kirkland> mathiaz: so you'd submit your terms to the search engine
<kirkland> mathiaz: all 4 or 5 of those sources are searched in parallel
<mathiaz> kirkland: ok - like google, but the ranking would be different
<kirkland> mathiaz: results are presented back to you using twisties
<kirkland> mathiaz: yep, could even use google with the site:foo.com switch
<mathiaz> kirkland: man pages would be ranked higher than ubuntuforums for example
<kirkland> mathiaz: yes, exactly
<kirkland> mathiaz: but ubuntuforums is in there
<kirkland> mathiaz: then, as documentation becomes better/more pertinent, perhaps it gets "promoted" over time
<kirkland> mathiaz: from the forums, into the wiki documentation
<kirkland> mathiaz: maybe into a man page once the information is golden and very static
<mathiaz> kirkland: well - that could be interesting
<kirkland> mathiaz: I had a conversation with esr about this several years ago, before Ubuntu existed, so long before help.ubuntu.com, and ubuntuforums.org were useful
<bdmurray> mathiaz: I'm trying to update from gutsy server to hardy server and was unable to today
<mathiaz> kirkland: I wonder how much overlap there is with google
<kirkland> mathiaz: let me take it one step further....
<mathiaz> kirkland: you can already use google to narrow your search
<kirkland> mathiaz: it could all be implemented using google, with a few site:'s
<kirkland> mathiaz: I'll hack up a prototype in php late one night
<mathiaz> bdmurray: oups... what did we do ? ;)
<kirkland> mathiaz: the next step, though....
<kirkland> mathiaz: is that I'd like to do this on the command line too
<mathiaz> kirkland: right - but you'd need access to the internet
<kirkland> mathiaz: yep, that would be required
<mathiaz> kirkland: I'm not sure how usefull this would be on a server
<kirkland> mathiaz: pull the info, and page it nicely
<bdmurray> mathiaz: I'm not certain.  Logs are in bug 217435 and slangasek says it is isn't pam.
<ubotu> Launchpad bug 217435 in update-manager "Internal Error, Could not perform immediate configuration (2) on libpam0g" [Undecided,New] https://launchpad.net/bugs/217435
<mathiaz> kirkland: may be a website would be enough
<kirkland> mathiaz: i'd like it to be a replacement for "man"
<kirkland> mathiaz: "superman"
<kirkland> mathiaz: where man is only one of a number of documentation sources
<kirkland> mathiaz: perhaps the preferred one
<kirkland> mathiaz: i'll hack on the website for you demo
<mathiaz> kirkland: that seems to be an interesting concept..
<mathiaz> kirkland: of course I wouldn't use php to do that
<mathiaz> kirkland: but that's just my personal preference... ;)
<kirkland> mathiaz: ;-)  python?
<mathiaz> kirkland: yes - and django
<kirkland> mathiaz: cool, well, if it takes off, we can port it to python+django
<mathiaz> bdmurray: hum.. I'm not sure what the problem is
<mathiaz> bdmurray: you may wanna ask mvo about it
<bdmurray> mathiaz: okay, just wanted to let you know
<mathiaz> bdmurray: right - I know there has been some issues/upload with volumeid lately
<mathiaz> bdmurray: not sure if it's related to your problem though
<mathiaz> bdmurray: thanks for the report :)
#ubuntu-server 2008-04-15
<Scunizi> Is there a download link to hardy server beta?  I can't seem to find it on the main site.
<mathiaz> Scunizi: http://releases.ubuntu.com/hardy/
<Scunizi> thanks.. couldn't find that page..
 * Kamping_Kaiser finds downloading ubuntu images unnessarily complex
<Invisionfree> How do I get X started?
<Invisionfree> How do I get X started?
<Invisionfree> Hello?
<sommer> Invisionfree: what are you wanting to do?
<sommer> oh woops you'll need to install X and it's dependencies
<sommer> !servergui
<ubotu> Ubuntu server does not install a desktop environment or X11 by default in order to enhance security, efficiency and performance.  !eBox provides a GUI system management option via a web interface.  See https://help.ubuntu.com/community/ServerGUI for more background and options.
<sommer> should get you started
<Invisionfree> sommer
<Invisionfree> I installed KDE and x11-common
<Invisionfree> But I don't know what to do now ..
<Invisionfree> sommer?
<sommer> Invisionfree: did you follow the instrucions in the link?
<sommer> instructions even
<Invisionfree> sommer, it's hard to open a link without any GUIs ..
<sommer> ah, you can use w3m, it's installed by default... or another computer with a browser :)
<Invisionfree> Well
<Invisionfree> One is watching a movie
<Invisionfree> Oh well
<Invisionfree> It's installiong kubuntu-desktop.
<sommer> Invisionfree: make sure you have: sudo apt-get install xserver-xorg x-window-system-core
<sommer> and if you want gui login install kdm
<Invisionfree> Ok.
<Invisionfree> sommer, if I did apt-get install kde, do I need to install kubuntu desktop?
<sommer> I'm not sure, I've never installed kde on a server before... I'd say give it a try and see how it goes :)
<Invisionfree> Hmm...
<Invisionfree> 5 minutes to restart.
<sommer> I would think that kubuntu-desktop would include other packages like openoffice that you may not need
<Invisionfree> sommer: If Idid, I couldinstall them
<Scunizi> just trying to install hardy server.. At the grub install page it fails to install into "/target/".  Several retrys and nothing .. Any ideas?
<Invisionfree> Restarting in 3 minutes!
<Invisionfree> Two..
<Scunizi> boom
<sommer> Invisionfree: what are you trying to accomplish?  it may be easier for you to install the desktop edition and add server packages to it
<sommer> Scunizi: did it give you any errors?
<sommer> Scunizi: are you trying on a x86 or amd64?
<Scunizi> x86 and the only error is the one about grub
<sommer> mmm... nothing in /var/log/syslog?
<Scunizi> sommer >>>>>  ^ <<<<<<
<Scunizi> sorry..
<Scunizi> haven't got past the grub part yet.. can't boot the machine.
<sommer> you can get another console by hitting alt+f2 - f4
<Scunizi> forgot about that.. let me check
<lee__> sommer, I installed it, it still goes to KDE.
<lee__> Er, CLI*
<sommer> I believe the install log output is on alt+f4
<sommer> lee__: did you install kdm?
<sommer> try startx
<lee__> Yes sommer.
<lee__> I did
<lee__> It gave me some error
<sommer> what was the error?
<lee__> error 104
<lee__> No useable screens or something?
<sommer> lee__: you probablty need to configure X then
<lee__> How?
 * lee__ forgets command
<Scunizi> sommer.. got to ctrl-alt F2 and activated that tty. looked at the log and turned around to type here.. when turning back the screen was black with a few white squares.. however ctrl-alt-F1 takes me back to the normal install screen.. weird
<lee__> sommer ran away, Scunizi :(
<sommer> Scunizi: ya, sometimes the install display can be a little flaky, did you find anything on alt+f4?
<lee__> Oh
<sommer> lee__: looking
<lee__> He just ran away from me then :x
<Scunizi> sommer.. nothing.. however I decided to try lilo and it looks like it's moving along.. strange that grub wouldn't install but lilo would/is
<sommer> lee__: try installing xdebconfigurator, I guess
<sommer> Scunizi: ah, I think there was an issue with grub in the .iso's a few days ago, did you recently download the iso file?
<Scunizi> never used lilo before.. this is a stand alone machine that I want to use in the house wirelessly..  .. Yep.. just got the iso tonight.
<lee__> sommer: Installed, now what?
<sommer> lee__: run the command I guess
<Scunizi> rebooting into the sys.. lots of messages .. starting services and whatnot.. running local boot scripts now..
<sommer> I've never actually used it... don't run X on my servers :)
<lee__> sommer: I tried, its not a cmd
<Scunizi> lee__: you trying to get the gui up?  which one gnome or kde?
<sommer> lee__: dpkg -L xdebconfigurator | grep bin
<sommer> should show you the executable files in the package
<lee__> Scunizi: KDE
<Scunizi> lee__: sudo /etc/init.d/kdm start
<lee__> Says it's already running..
<lee__> Scunizi: ^
<sommer> lee__: it may be easier for you to install the desktop edition and add server packages then the other way around
<lee__> sommer: Aw.
<Scunizi> ping
<Scunizi> sommer, scunizi here.. internet goes up and down tonight.. did lee__ get my message about how to start kde desktop?
<warchief_ryan> Anyone know if theres a way to setup my ubuntu box as a NAT with out using iptables?
<_ruben> why without iptables?
<warchief_ryan> why with them?
<_ruben> because its the default and easy way of doing it? .. and 'setup my ubuntu as a NAT' doesnt make very much sense either .. tho im assuming you want a NAT-capable router
<_ruben> squid would be another solution, tho that wouldnt cover all protocols (far from it) .. socks being yet another, but requires support in the client apps
<warchief_ryan> iptables seem complicated, I tried squid but im not really looking for something to filter anything
<warchief_ryan> maybe Ill just have to learn how to setup iptables
<_ruben> http://iptables-tutorial.frozentux.net/iptables-tutorial.html .. that's a decent tutorial to start with
<warchief_ryan> geez
<_ruben> NAT (and networking in general, up to a certain point) is complex matter, if you dont want to dive into that, get yourself a simple hardware router (like one of those 4 port home dsl routers for like $30)
<warchief_ryan> Im fine with networking, but iptables seem overly complicated to me
<warchief_ryan> well thanks for the link ima need to start reading, later
<spiekey> hey
<spiekey> i need some "language" help :)
<spiekey> how would you write the following in english?: Hereby i declare that the following parts work.
<_ruben> sounds a bit "official", but is ok otherwise i'd say, though im not a native english speaker either
<spiekey> hehe, its supposed t be official :)
<spiekey> thanks!
<sergevn> Hello, is there someone with experience with Freeradius?
<kraut> moin
<Kamping_Kaiser> sergevn, no. no one in the world
<sergevn> Kamping_Kaiser: bummer, than I am the only one
<sergevn> Kamping_Kaiser: who tries to make it work
<sergevn> Kamping_Kaiser: It is easier to ask if someone CAN help me, then spam my whole problem trough the channel :)
<Kamping_Kaiser> sergevn, it say in the /topic - ||  Be patient.  Don't ask to ask, just ask.  |
<Kamping_Kaiser> :)
<Kamping_Kaiser> its entirely posible we/i cant help, but i dont know until you ask :)
<sergevn> Kamping_Kaiser: true, sorry. well the problem is I am getting the following error during authentication:
<sergevn> rlm_eap_md5: User-Password is required for EAP-MD5 authentication
<sergevn> It's a problem with the way freeradius handles the password.
<sergevn> Freeradius is authenticating with OpenLDAP
<sergevn> with a md5hash as password, so hashing is not the problem either.
<Kamping_Kaiser> mm. i did freeradius+passwd file :/ looks like a problem i cant help with
<sergevn> yeah, but plaintext passwd-file is out of option, because it's not secure and we have an existing ldap server
<sergevn> it works with mschapv2 and the samba-NT hash in ldap
<sergevn> but now It needs to authenticate with the MD5 hash in ldap, using ttls for this.
<Kamping_Kaiser> i wasnt using plain text *hmf*. i was using system passwd
<sergevn> Kamping_Kaiser: ah ok :)
<kraut> "It may be necessary that grsecurity instead track the Ubuntu LTS kernel so that users can have a stable kernel with up-to-date security fixes. I will update this page when a final decision has been reached. "
<_ruben> kraut: grsecurity .. heh .. been ages since i last touched that :)
<kraut> _ruben: i run my private servers with grsec
<kraut> but actually a hybrid of ubuntu/debian
<kraut> that's ugly as hell :/
<kraut> if grsec really goes into the LTS repo, it would be interesting to reinstall the boxes with the new LTS...
<robin92> Hello! I try to installed "jeos-8.04-beta" on vmware GSX, but during the installation, a message appear to say that he can not install GRUB, can you help me? please I ask my question on several chanel because I need an answer quickly
<_ruben> robin92: you might wanna check the various tty's to check for clues when that error is presented
<robin92> _ruben: no error on tty
<robin92> And I don't know why when I try I tried  on VMw are GSX Server the live CD does not even load
<_ruben> live cd? jeos doesnt come on a live cd, its an install cd only
<_ruben> gsx and vmware server being pretty much the same product, i doubt it wouldnt work with gsx
<_ruben> unless gsx would be too old
<mludi> hi, is there a mechanism for /etc/skel that is able to replace variables defined in the skel template files. e.g. to set the username inside a skel template file to the user whos home directory is being created?
<kraut> x4100 (non M2) aren't supported by ubuntu dapper?
<kraut> the setup won't boot.
<J-_> Where is the inadyn configuration file store at?
<J-_> I'm using dapper
<J-_> There's no file in /etc/ called inadyn.conf
<J-_> I guess I'll just have to create one.
 * delcoyote hi
<ivoks> helou
<_ruben> damnit .. stupid debian installer :p .. cant seem to figure out how i performed an install over ssh the other .. i know i need to install the network-console module, but for some reason the installer just wont let me .. grr
<ivoks> it's easy
<ivoks> you need preseed file with
<ivoks> d-i   network-console/password password install
<ivoks> d-i   network-console/password-again password yoursupersecurepassword
<_ruben> ivoks: that was gonna be my next attempt: custom cd .. tho last time i did it with a "standard" server install cd
<ivoks> and append this to boot manager:
<ivoks> preseed/url=http://path/to/your/preseed/file anna/choose_modules=network-console
<ivoks> a kickstart file would also be nice
<_ruben> i really should look into preseeding, had smth similar setup for my sles9 machines/installs
<GH-VAIO> hello.. anybody here wanna trade shell account?
<ivoks> _ruben: good luck
<ivoks> take care guys, bye
<_ruben> ivoks: thanks, i'll need it ;)
<_ruben> cya
<mathiaz> bye ivoks
<ivoks> _ruben: just make sure to put the same password for both password and password-again
<ivoks> _ruben: in my example, one is install, other is yoursupersec...
<ivoks> mathiaz: hi :)
<_ruben> ivoks: figured as much ;)
<ivoks> _ruben: you'll need kickstart file to eliminate all the pre-partitioning stuff
<\sh> GH-VAIO, wrong channel wrong topic pls join #scriptkiddies kthxbye :)
<ivoks> \sh: :D
<saltedlight> hi. i'm trying to setup virtual hosts on my server but i cant find the configuration file. httpd.conf is empty. where should be the configuration file? i'm using ubuntu 8.04Ã
<\sh> saltedlight, /etc/apache2/sites-available/*
<\sh> saltedlight, check the "default" file
<_ruben> ivoks: guess that'll all be part of the plan to setup a complete installation rig .. if only the days for like 3 times as long
<saltedlight> what is the difference  between sites-available and sites-enabled ? i just cant figure it out...
<PecisDarbs> err, people, what strange protection it is on Hardy server and how to change it's behaviour?
<PecisDarbs> I can't write custom log file in place where I want
<sommer> PecisDarbs: what application are you trying to log?
<PecisDarbs> bind
<sommer> PecisDarbs: it's most probably the AppArmor profile
<PecisDarbs> where to check that?
<PecisDarbs> oh, so many config files :)
<sommer> PecisDarbs: the bind9 apparmor config is in /etc/apparmor.d/usr.sbin.bind9
<mathiaz> PecisDarbs: you should see some apparmor related messages in /var/log/syslog
<PecisDarbs> yeah, found it
<PecisDarbs> thanks people
<PecisDarbs> mathiaz: I did it, it was reason I asked :)
<sommer> PecisDarbs: for details on bind logging see: http://doc.ubuntu.com/ubuntu/serverguide/C/dns-troubleshooting.html
<PecisDarbs> heh, rather easy config file
<sommer> the logging section, has an example of setting up a seperate log file
<mathiaz> PecisDarbs: https://wiki.ubuntu.com/DebuggingApparmor
<juliux> hi
<juliux> i next wednesday also a server team meeting?
<sommer> mathiaz: heh, good call
<mathiaz> juliux: yes - tomorrow at 21:00 UTC - https://wiki.ubuntu.com/ServerTeam/Meeting
<juliux> mathiaz, also next week?
 * juliux is searching for free slot for the loco counciol;)
<mathiaz> juliux: yes
<juliux> mathiaz, thxs
<damjan> I just installed jeos-8.04 (daily) ... I wonder why 'apt-get install apache2' by default would install mpm-worker and not mpm-prefork?? is there a special reason or it's just so
<Deeps> heh, anyone in here know why openssh-server defaults to PermitRootLogin yes now?
<Deeps> heh, i see a number of bug reports have already been filed, and ignored on account of upstream maintainers
<trappist> Deeps: I guess theoretically it doesn't matter, what with root being passwordless and all
<trappist> but I'm pretty sure it should be no by default
<Deeps> heh, my root password on my dev box was 'root'
<Deeps> in the process of reinstalling it now
<trappist> that's the worst thing I've ever heard
<W8TAH> im doing an install on 6.06lts right now - ive entered apt-get install build-essential libmysqlclient15-dev python-dev  i have a list of extras that will be installed, new packages that will be installed, suggested and recomended packages - how do i tell it i want to install the entire list? (including the suggested and recomended)?
<seisen> use aptitude instead of apt
<W8TAH> whats that?
<Invisionfree> Help. I tried installing KDE, kubuntu-desktop both, now it won't start, but my resolution is wayy too big, how can I fix this?
<W8TAH> Invisionfree, this is ubuntu-server -- you might get better results in #ubuntu or #kubuntu
<Invisionfree> W8TAH: ... I installed it on Ubuntu server ...
<W8TAH> aptitude install .... got the same package list without the optionals
<W8TAH> Invisionfree, oh.. ouch
<seisen> boot into recovery mode and sudo apt-get remove kubuntu-desktop
<seisen> usually aptitude will pull everything
<W8TAH> not sure
<Invisionfree> seisen: When I do that, it says "Give root password for maintenance (or type Control-D to continue) but I'm not sure what the root password is, because it's not taking my sudo password.
<seisen> it should automatically boot into root in recovery mode
<Invisionfree> It doesn't ..
<seisen> what does Control+D do?
<Invisionfree> Boots as my normal user
<seisen> hmm.....
<Invisionfree> I got them removed, seisen.
<seisen> recovery mode?
<Invisionfree> Wow, it's being slow when I boot normally though ..
<Invisionfree> How do I remove all the packages it installed when I did apt-get install kde and apt-get install kubuntu-desktop?
<Invisionfree> seisen: ?
<blueyed> !openvz
<ubotu> Sorry, I don't know anything about openvz - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<blueyed> Does linux-openvz work for anybody?
<seisen> press CTRL+ALT+F2 and it will send you to a terminal session log in and remove the packages there
<Invisionfree> What packages?
<seisen> did you kde-4 and kubuntu-desktop
<seisen> *install
<Invisionfree> Just kde
<Invisionfree> And kubuntu-desktop
<seisen> you mean kde-core? I assume you want to remove kubuntu-desktop, correct
<mathiaz> blueyed: dantalizing was interested in openvz
<Invisionfree> I typed these two commands: "sudo apt-get install kde" and "sudo apt-get install kubuntu-desktop"
<seisen> if it messed up after installing kubuntu-desktop remove that package
<blueyed> dantalizing: does openvz work for you? (it seems to be a common problem, that it does not boot; bug 210672)
<ubotu> Launchpad bug 210672 in linux "linux-image-2.6.24-13-openvz refuses to boot" [High,Fix committed] https://launchpad.net/bugs/210672
<Invisionfree> I did seisen, it installed a load of other stuff with it seisen, and it didn't remove all that when I removed it ..
<seisen> hold on
<seisen> which version of Ubuntu?
<Invisionfree> server 7.10
<seisen> !pastebin
<ubotu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the channel topic)
<Invisionfree> ..?
<seisen> http://paste.ubuntu-nl.org/63328/
<Invisionfree> holy ..
<seisen> ya
<seisen> thats why I didn't post it to the channel
<Invisionfree> Lmfao
<Invisionfree> I SSHed in to do it
<Invisionfree> But I can hear the box straining to do all this
 * seisen goes to get fire extinguisher
<Invisionfree> Lolol
<Invisionfree> seisen: How can I fix my resolution on it, it's still bad,
<seisen> I believe its sudo dpkg-reconfigure xserver-xorg
<Invisionfree> seisen: What if I removed that package?
<seisen> did you remove it?
<Invisionfree> No, but it's tempting..
<seisen> then you won't anything but a terminal
<dantalizing> blueyed: openvz is working for me ...sorry been back and forth...nneed to go to a meeting now...bbiab
<Invisionfree> seisen: I only want a terminal, would removing that fix my res problems?
<seisen> ya
<seisen> so why did you install kde?
<W8TAH> hi folks -- was doing a build of zenoss on 6.06 got this error message -- what do i need to install
<W8TAH> http://www.pastebin.ca/986221
<W8TAH> the server is a 6.06 fully built and dist-upgraded today
<seisen> autoconf
<seisen> I believe
<W8TAH> apt-get install autoconf?
<seisen> ya
<W8TAH> ok - its runnin we'll see boout 20 min build
<PodMan99b> hey all for 7.10 is there a vhost-mysql package for apache?? i cant get it to start says stuff is missing ... anyone used this?
<\sh> vhost-mysql?
<PodMan99b> yea configure apache vhosts with mysql
<GH-VAIO> hello.. anybody here wanna trade shell account?
<infinity> *blink*
<sommer> is that like trading baseball cards?
<zul> sommer: no we do hockey cards
<sommer> zul: lol, hockey's cool too
<zul> sommer: when we were kids we through them in the school yards and there were mad dashes to get the cards
<sommer> heh, did they come with a stick of nasty gum in the pack?
<zul> sommer: well when they were in the package :)
 * sommer always ate the gum anyway
<zul> hey Koon
<Koon> hello zul !
<mathiaz> Hi Koon
<Koon> Hello mathiaz (& everyone else)
<Koon> I'll be missing tomorrow's meeting, I've to go to Beaune to meet a last time with my ex-boss-above-my-boss
<nxvl> http://www.iaps.com/2008-server-reliability-survey.html
<zul> nxvl: are we first?
<nxvl> zul: kind of
<nxvl> zul: we are one of the firsts
<nxvl> Linux distributions from Novell and Red Hat as well as open source Ubuntu were the clear winners
<Invisionfree> If I do a port scan, and it says port 80 is open, why can't I access 12.203.90.214:80?
<zul> Invisionfree: firewall upstream maybe?
<nxvl> apache is down
<nxvl> or it's fitered
<Invisionfree> A couple of people on another network said they can access it
<Invisionfree> But I don't see how ..
<nxvl> or it's blocking all non localhost connections
<nxvl> by telnet i have connected
<nxvl> by i can't via web browser
<nxvl> Invisionfree: 80 responds here
<nxvl> Invisionfree: it is a router, doesn't it?
<nxvl> Invisionfree: it was slow, but is works
<Invisionfree> nxvl: What do you see? Vonage?
<nxvl> yup
<nxvl> and a login screen
<nijaba> nxvl: thanks for the link.  I love the "22% of the survey respondents
<nijaba> are running at least one Ubuntu server at their sites".  This is GREAT
<nxvl> nijaba: yes it is!
<nxvl> nijaba: i was so happy reading that note
<Invisionfree> How can my ports still be closed? http://img390.imageshack.us/img390/8184/vonageportsan5.png and http://img177.imageshack.us/img177/2638/linksysportswe1.png and http://img291.imageshack.us/img291/5340/routeriphr3.png
<nxvl> Invisionfree: you are publiching to much information about your private network, don't do that
<Invisionfree> nxvl: I want this fixed :(
<nxvl> Invisionfree: you are not enabling the redirectiong of port 80 -> http://img390.imageshack.us/img390/8184/vonageportsan5.png
<nxvl> Invisionfree: there are PM
<Invisionfree> nxvl: I am using non-standard ports, it's getting actively refused on port 803, and port scans say port 803 is closed ..
<nxvl> Invisionfree: even internaly?
<Invisionfree> nxvl: As in http://192.168.1.107:803?
<nxvl> yup
<Invisionfree> Firefox can't establish a connection to the server at 192.168.1.107:803.
<nxvl> that's the problem
<nxvl> :D
<nxvl> telnet it
<Invisionfree> Say wha? On which comp?
<nxvl> "telnet 192.168.1.107 80"
<Invisionfree> You mnean 803?
<nxvl> yes, sorry
<nxvl> "telnet 192.168.1.107 803"
<Invisionfree> telnet: Unable to connect to remote host: Connection refused
<nxvl> your apache isn't listening on port 803
<Invisionfree> Oh, how does I change that?
<nxvl> mmm
<nxvl> let me check
<Koon> /etc/apache2/ports.conf apparently
<Invisionfree> nxvl: I got it
<nxvl> #ServerName www.example.com:80
<nxvl> on apache.conf
<nijaba> just in case some of you have some time, feel free to test some Release Candidate isos....  http://iso.qa.ubuntu.com/
<Invisionfree> nxvl: What do you get on http://12.203.90.214:803
<nxvl> Apache/2.2.4 (Ubuntu) Server at 12.203.90.214 Port 803
<nxvl> and "It works!" on http://12.203.90.214:803/apache2-default/
<Invisionfree> nxvl: What do you get on http://12.203.90.214:803 <- Screenshot please?
<Invisionfree> nxvl: Where is ssh server conf?
<nxvl> mm
<nxvl> /etc/ssh/ ?
<nxvl> /etc/ssh/sshd_config
<nxvl> Invisionfree: http://nvalcarcel.aureal.com.pe/stuff/Screenshot.png
<Invisionfree> nxvl: ssh -p 22000 12.203.90.214
<Invisionfree> Yes!
<nxvl> Invisionfree: it responds
<Invisionfree> YES!
<Invisionfree> Now
<Invisionfree> All I gotta do
<Invisionfree> Is figure out how to make my router issue that box a static IP
<nxvl> easy, don't use dhcp
<nxvl> :D
<JaxxMaxx_> or use a static DHCP mapping to the MAC addr
<nxvl> JaxxMaxx_: yes, but it dependr on the router model
<Invisionfree> Linksys WRT54G
<sommer> nijaba: do you know if there is a list of mirros that have daily ISOs?
<Invisionfree> sommer
<Invisionfree> My resolution is still ****ed, so I've been booting into recovery mode.
<nijaba> sommer: I get a message about it each time I start rsync, hold on
<Invisionfree> I'm going to try something as soon as I edit boot scripts
<Invisionfree> How do I make Ubuntu server do something when it boots
<Invisionfree> So I don't need to type it every time?
<nijaba> sommer: https://launchpad.net/ubuntu/+cdmirrors
<Invisionfree> So I don't need to type it every time?
<Invisionfree> sommer, nxvl?
<sommer> nijaba: ya, I did some checking of the US links, but the ones I checked don't seem to have the daily builds.  only releases
<Invisionfree> sp,,er
<Invisionfree> How do I make Ubuntu server do something when it boots <- Please halp sommer
<nijaba> Does anyone one have a VMware-ESX and/or a VMWare server at hand.  Jeos needs some test love: http://iso.qa.ubuntu.com/qatracker/result/1469/257
<sommer> Invisionfree: sorry I'm in the middle of a couple of other things... what do you want it to do?
<nijaba> http://iso.qa.ubuntu.com/qatracker/result/1469/258
<Invisionfree> sommer: When it boots, run these commands: sudo ifconfig wlan0 up - sudo iwconfig wlan0 essid linksys - sudo dhclient
<sommer> Invisionfree: create a shell script with those commands and add the script path to rc.local, but if you just want to configure network /etc/network/interfaces is the proper place
<Invisionfree> How do I make a shell script?
<Invisionfree> .sh?
<bipolar> kirkland: are you here?
<kirkland> bipolar: hi
<bipolar> kirkland: I got your nick handle from your comment in bug 155947.
<ubotu> Launchpad bug 155947 in libnss-ldap "ldap config  causes Ubuntu to hang at a reboot" [Undecided,Incomplete] https://launchpad.net/bugs/155947
<bipolar> kirkland: about ldap issues. I'm hoping you may be able to help me with something related.
<kirkland> bipolar: okay.  are you able to reproduce that bug exactly, or something similar?
<bipolar> kirkland: I havn't gotten that far yet. I'm still working on getting ldap auth working on Hardy. my current workstations are Feisty.
<bipolar> it seems that 'dpkg-reconfigure -plow ldap-auth-config' doesn't create any config files that I can find. :(
<kirkland> bipolar: okay, that sounds like that path of this bug
<bipolar> yes.
<kirkland> bipolar: so you have ldap authentication working successfully on your feisty workstations?
<bipolar> yes
<bipolar> I have about 20 workstations
<bipolar> this Hardy one is a fresh install
<kirkland> and youre trying this on one test hardy machine?
<bipolar> yep.
<bipolar> I found this bug searching for the ldap config file issue. google led me to https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/155947/comments/3
<ubotu> Launchpad bug 155947 in libnss-ldap "ldap config  causes Ubuntu to hang at a reboot" [Undecided,Incomplete]
<bipolar> I don't know what debconf is doing with the info I'm giving it, but it's not putting it anywhere I can find :(
<kirkland> dendrobates-: are you around?  I think you might have helpful info about this.
<kirkland> bipolar: let me try something
<dendrobates-> kirkland: yep
<kirkland> dendrobates-: see the last few lines by bipolar
<dendrobates-> kirkland: a debconf issue.
<Invisionfree> sommer?
<blueyed> Is it possible to install the ubuntu-server .iso on a server without a physical cdrom drive? E.g. by installing a minimal system and then making grub mount from a prepared partition, where the iso has been unpacked?
<kirkland> bipolar: and this hardy system... is it a fresh install, or an upgrade from feisty or gutsy?
<bipolar> kirkland: fresh install
<bipolar> although I played with making an ldap.conf file by hand at one point. I've moved the old one out of the way though.
<bipolar> maybe there is an option saved somewhere that's still telling debconf not to overwrite the now nonexistant ldap.conf file?
<W8TAH> Will Server 8.04 be a LTS release as well, and will it be released on the same date as Desktop 8.04?
<kirkland> bipolar: it should generate /etc/ldap.conf
<kirkland> blueyed: it is possible.  you can use pxe/tftp, or i've even kicked off an install by booting from a usb stick
<bipolar> # ls /etc/ldap.conf
<bipolar> ls: cannot access /etc/ldap.conf: No such file or directory
<kirkland> W8TAH: yes, 8.04 is an LTS release, all of the release dates are the same day
<W8TAH> ok cool - -thanks kirkland
<kirkland> do you have ldap-auth-config installed?
<kirkland> W8TAH: Desktop and Server are mostly just different groupings of packages
<bipolar> kirkland: yes
<W8TAH> kirkland, yes, im aware of that -- i have several builds ahead of me and would prefer to do the new version - -i thought i had read someplace that one of the relases wasnt going to be an LTS, but i couldnt find it on the website again
<W8TAH> it MAY have been the kubuntu that is using kde4 but im not positive
<kirkland> bipolar: hmm, interesting, I see that too
<kirkland> bipolar: if i move /etc/ldap.conf out of the way, and then do the dpkg-reconfigure, i answer the questions but it doesn't create a new file
<blueyed> kirkland: I guess pxe does not work so well over the internet? (it's a dedicated server, and they do not seem to support pxe in their network)
<bipolar> kirkland: well, that narrows it down
<kirkland> bipolar: let me run an strace
<kirkland> blueyed: yeah pxe over the internet isn't advised
<Evil-MoBo> any web developers? who might be able to tell me the name of a good program for editing and createing flash on ubuntu
<Invisionfree> libsasl2-modules-gssapi-heimdal: Depends: libsasl2-modules (= 2.1.22.dfsg1-12) but 2.1.22.dfsg1-9ubuntu2 is to be installed
<Invisionfree>  
<Invisionfree> What's this mean and how do I fix it?
<Invisionfree> !repos
<ubotu> The packages in Ubuntu are divided into several sections. More information at https://help.ubuntu.com/community/Repositories and http://www.ubuntu.com/ubuntu/components - See https://wiki.ubuntu.com/RecommendedSources for the recommended way to set up your repositories
<Invisionfree> sommer, nxvl?
<sommer>  Invisionfree what version are you running?  what are you trying to install?
<Invisionfree> sommer, Ubunt 7.10 server, and I'll give you the command, here's my sources.list
<Invisionfree> http://paste.ubuntu-nl.org/63350/
<Invisionfree> apt-get install heimdal-clients heimdal-docs heimdal-kcm heimdal-servers libgssapi4-heimdal libpam-heimdal libsasl2-modules-gssapi-heimdal libsasl2-2 libsasl2-modules-ldap ldap-utils libnss-ldap libpam-ldap libpam-cracklib libldap2 nscd ssh-krb5 ntpdate ntp
<sommer> nijaba: doh, us.cdimage.ubuntu.com... much faster for me :)
<nijaba> sommer: sounds like a good pick :)
<sommer> Invisionfree: I'd try commenting the backports lines in your sources.list, then do sudo apt-get update, then try installing
<Invisionfree> sommer: Already did, Seveas in #Ubuntu says I'm missing some repos.
<sommer> Invisionfree: either that or leave the backports in and do sudo apt-get upgrade
<Invisionfree> I did sommer.
<kirkland> bipolar: so it appears that at least part of this is "by design"
<kirkland> bipolar: ldap-auth-config honors the fact that the user deleted the file
<bipolar> oh, boy
<bipolar> any way to reset that? or maybe it should be changed?
<bipolar> if the file is deleted... why not put a new file in it's place? sounds a bit odd.
<bipolar> maybe there is a situation I'm not concidering
<kirkland> bipolar: i'm still digging
<bipolar> k. thanks :)
<Invisionfree> FUCK
<kirkland> bipolar: you can purge the package, and reinstall it
<kirkland> bipolar:  looks like that's the preferred mechanism for getting fresh, clean conf for it
<kirkland> bipolar: note, "purge", remove is not enough
<bipolar> kirkland: ok. I'll try that
<bipolar> kirkland: that did it. it created an ldap.conf file
<Stev> hi
<Stev> i'm logged via ssh on a remote system, booted from a rescuecd, i would like to install ubuntu server. Someone can give me some tips? Tnx
<kirkland> bipolar: good.  did you customize it accordingly?
 * faulkes- repeatedly slams head into desk
<kirkland> Stev: I'm not sure you can install from a rescue cd
<bipolar> kirkland: I havn't made it work yet... we use ssl certs.
<bipolar> gotta put that data in. the stuff I told debconf is in there though.
<kirkland> bipolar: oh, good
<kirkland> bipolar: so did you re-run dpkg-reconfigure?
<kirkland> bipolar: or did debconf prompt you on the install of ldap-auth-config?
<bipolar> it prompted on install
<kirkland> bipolar: very good
<Stev> kirkland: can't i dd a disk into the hd? i've two hd's.. maybe i can copy the cd to one and install to the other..
<kirkland> sorry, Stev, i personally don't have that expertise
<Stev> ok, thank you anyway :)
<Invisionfree> kirkland: Can you help me CHROOT into my sewrver oinsstall?
<Invisionfree> Er, server install* :P
<kirkland> Invisionfree: um, possibly.  what's the holdup?
<Invisionfree> kirkland: I have no idea how to do it :P
<bipolar> hmmm.... whats the equv of the TLS_CACERT, TLS_CERT, and TLS_KEY lines from the old /etc/ldap/ldap.conf for the new /etc/ldap.conf? without them nss can't talk to the ldap server.
<kirkland> Invisionfree: it would be best for you to start with some documentation, like https://help.ubuntu.com/community/BasicChroot
<Invisionfree> kirkland: I really need to fix my passwords, will you tell me what commands to run if I promise to read that later? :x
<bipolar> If install the old /etc/ldap/ldap.conf file, it works. weird
<bipolar> at least 'getent password' shows my ldap users
<kirkland> Invisionfree: have you booted a rescue cd or a live cd?
<bipolar> stranger... if i put JUST THOSE LINES in /etc/ldap/ldap.conf it works :P
<kirkland> bipolar: the encryption lines?
<bipolar> the TLS_CACERT, TLS_CERT, and TLS_KEY lines
<bipolar> all three paths to cert files
<kirkland> bipolar: you copied those lines from /etc/ldap/ldap.conf to /etc/ldap.conf ?
<bipolar> I tried that. it didn't work.
<kirkland> ok....?
<bipolar> but putting just those lines in /etc/ldap/ldap.conf makes it work.
<kirkland> bipolar: as in, wc -l /etc/ldap/ldap.conf == 3
<bipolar> yeah
<kirkland> hmmf
<bipolar> well... without comments
<bipolar> let me remove all the comments
<kirkland> bipolar: nothing else of substance in there
<kirkland> bipolar: oh, right....  i get it
<kirkland> that file is what's used by the command line ldap utilities
 * kirkland just remembered that
<bipolar> yep. thats all it needs
<bipolar> with just those lines in /etc/ldap/ldap.conf getent works. without them, nothing.
<kirkland> bipolar: right, that makes sense to me, if you have a secure ldap server
<kirkland> bipolar: so have you tried logging in yet with an ldap user?
<bipolar> no. pam not configured yet... unless debconf took care of it.
<bipolar> yes. it did
<bipolar> I just sshed into it
<bipolar> with my ldap account. it works.
<bipolar> so, now I should disconnect the network and see if it boots, right?
<kirkland> debconf handled your pam correctly too
<bipolar> yeah
<bipolar> I logged in anyway :)
<kirkland> bipolar: yup, booting is what I'm most interested in
<bipolar> ok. I'll do it.
<kirkland> bipolar: are you near the machine, in case it hangs?
<kirkland> bipolar: ie, can you get it into a recovery mode?
<bipolar> The machine is in my office
<bipolar> it's rebooting now
<kirkland> bipolar: the other machines in your office, will you be reinstalling those with hardy from scratch, or doing a live upgrade?
<bipolar> it's hung at "*Starting kernel log daemon..."
<bipolar> kirkland: from scratch
<kirkland> bipolar: whoa
<kirkland> bipolar: that's *exactly* what the bug says, and I've been trying to reproduce that for 3 weeks
<bipolar> tell me what you want... I'll help you debug it. ;)
<kirkland> sweet
<bipolar> maybe I should get food first... :P
<kirkland> okay, let's be very clear about hung
<kirkland> bipolar: up to you, but i'm very, very interested in getting to the bottom of this
<bipolar> no disk activity, nothing moving on the screen.
<kirkland> bipolar: responds to ping?
<bipolar> pressing return puts a newline on the screen.
<bipolar> I disconnected the network.
<kirkland> aha
<bipolar> so, no ;)
<kirkland> okay, capslock/numlock?
<kirkland> toggling those, does it affect the lcd's?
<bipolar> yes
<bipolar> it's not really "hung"
<bipolar> I wonder if it will timeout....
<kirkland> bipolar: it should in 60seconds
<kirkland> bipolar: that's what I get when I try to reproduce it
<bipolar> ok.
<kirkland> bipolar: people swear that it's a "hang" but I've never hung the kernel doing this
<bipolar> hasn't been a min yet.
<kirkland> bipolar: can you switch to another tty?
<kirkland> ctrl-alt-f2 ?
<bipolar> most people use the word 'hung' and 'it's not doing anything' interchangably :)
<bipolar> let me try...
<bipolar> yes
<bipolar> can't login though
<bipolar> although vt's 2-7 show a getty prompt
<kirkland> bipolar: a login prompt?
<bipolar> yeah
<kirkland> bipolar: and it takes your username?
<bipolar> yep
<bipolar> but never asks for pw
<kirkland> bipolar: prompts for a password?
<kirkland> bipolar: okay, good
<bipolar> then come sup with "Login timed out after 60 seconds", and does not return to a prompt
<jdstrand> bipolar: getty's show that it is not 'hung' in the way described
<bipolar> I hate to do this, but I really gotta go get something to eat. I haven't eaten all day. mind if I just run though the drivethru down the street?
<kirkland> bipolar: okay, so it timed out the ldap login, but did not fall back to local authentication
<jdstrand> bipolar: the problem is that tty1 gets console messages on boot
<kirkland> bipolar: sure, that's fine
<kirkland> bipolar: find me here in a bit
<bipolar> won't be long... 10 min
<jdstrand> normally just pressing 'enter' will be good, but as the login process hangs, you don't see it
<bipolar> kirkland: I'm back... food in hand
<kirkland> bipolar: hey, enjoy your fast food, I'm chatting with a few people about this
<bipolar> ok
<bipolar> wow... it does this even with the network connected
<bipolar> unpingable... probbly because the network hasn't been brought up yet
<kirkland> bipolar: reboot with the network attached
<bipolar> I did.
<bipolar> same thing
<bipolar> it's trying to reach the ldap server before the network is brought up
<bipolar> and not falling back to local auth
<bipolar> I can see how this would be annoying
<kirkland> bipolar: boot back into single user, and pastebin your /etc/nsswitch.conf
<bipolar> ok
<bipolar> ouch
<bipolar> recovery menu :)
<bipolar> recovery menu doesn't work... prints codes on the screen for up and down arrow keys :P
<bipolar> I'll try init=/bin/sh
<kirkland> bipolar: try appending "single" onto the end of the first kernel boot line
<bipolar> thats what I tried first :(
<bipolar> maybe I should have used the grub menu recovery one, but I'm old school ;P
<bipolar> damn... it's hung. and I mean HUNG. numlock key doesn't work. no activity at all
<bipolar> during usb config
<kirkland> whoa
<bipolar> how did it get there when I used init=/bin/sh
<bipolar> using the grub recovery menu worked.
<bipolar> ran dhclient eth0, logging into w/ ssh
<kirkland> bipolar: okay, so i've confirmed the work around in the bug
<bipolar> http://pastebin.com/m6418b32f
<kirkland> bipolar: bind_policy soft
<bipolar> kirkland: where do I put that?
<kirkland> grep for it in /etc/ldap.conf
<kirkland> should be commented out and "hard"
<bipolar> yep
<bipolar> changed... rebooting
<kirkland> bipolar: i think it'll prompt you twice
<kirkland> the second time, letting you straight in
<bipolar> for the password?
<kirkland> yup
<bipolar> I've seen that before.
<kirkland> ldap first, then local
<bipolar> on other machines
<kirkland> (when ldap doesn't respond)
<bipolar> it's booted
<bipolar> well, it doesn't ask twice
<bipolar> seems to work
<kirkland> bipolar: ah, right, yours is compat ldap
<kirkland> bipolar: mine was different
<bipolar> so, is this a real fix or a workaround that needs to be cleaned up?
<kirkland> bipolar: well, it's all configuration
<kirkland> bipolar: i don't think "bind policy soft" is appropriate
<bipolar> and it shouln't 'hang' either way....
<kirkland> bipolar: okay....
<kirkland> bipolar: so back to your "hang"
<bipolar> k
<kirkland> bipolar: when/how did that happen?
<bipolar> the real one?
<bipolar> where the numlock wouldn't work?
<kirkland> bipolar: yeah, the one where capslock didn't work
<kirkland> bipolar: right...  what were the conditions?
<bipolar> I appended 'init=/bin/sh' to the end of the boot line
<kirkland> bipolar: hmm, i'm not familiar with that one
<bipolar> it got to initing usb devices, and hung hard. had to hold down the power button until it shut off
<bipolar> that init thing might not work any more on modern systems :P
<bipolar> due to... god knows what
<bipolar> but the recovery menu worked
<bipolar> I should have tried that first :)
<kirkland> bipolar: okay, but using the recovery option in the grub menu
<bipolar> yes
<bipolar> using the recovery option in the grub menu worked
<bipolar> adding 'single' to the standard grub menu item did not... the arrow keys didn't work once the menu popped up.
<kirkland> right, well, the recovery menu item is the supported one
<kirkland> so that's only one I'm going to concern myself with now
<kirkland> bipolar: cool, i think I have everything I need from you
<bipolar> understandable... I'm happy! it works! :)
<kirkland> bipolar: I need to add some documentation to this bug
<bipolar> hopefuly an eligant solution can be found
<kirkland> bipolar: well, it's entirely a configuration issue
<bipolar> it is?
<kirkland> bipolar: yup
<kirkland> bipolar: I've been talking to jdstrand
<bipolar> I suppose it has something to do with it looking for the ldap server before the network is up?
<kirkland> bipolar: huh?
<bipolar> well, why exactly does it fail to fallback properly?
<bipolar> even with the network connected it fails
<kirkland> bipolar: does getent work?
<bipolar> now? yes
<kirkland> so with the network, if fails to authenticate against ldap, but getent queries ldap properly?
<bipolar> er... wait a min...
<bipolar> without the "bind policy soft" it won't boot weather it's got a network cable hooked up to it or not.
<bipolar> with "bind policy soft" everything works as expected.
<bipolar> when the cable is connected, and the network configured, getent shows the users, and I can log in as them.
<bipolar> with the cable disconnected, or the network unconfigured, getent does not show the users, and I can't log in as them
<jdstrand> bipolar: with the cable disconnected, or the network unconfigured, do you get to a login prompt (or at least can you see one with 'ctrl-alt-f2'?
<kirkland> jdstrand: my understanding is, yes, he get's the prompt, no he can't login
<kirkland> jdstrand: sounds like its the fallback that's failing
<kirkland> jdstrand: because the bind_policy is hard
<jdstrand> kirkland: it is my opinion that it is a configuration problem.
 * jdstrand nods
<kirkland> jdstrand: and ldap just keeps the machine spinning until it gets a connection
 * kirkland lightbulb moment
<jdstrand> kirkland: if the bind policy is hard, and the user and group only exists in ldap or ldap is queried first or required for authentication, then it is doing what it is supposed to do (ie nothing until the ldap server is available)
<kirkland> jdstrand: hmm, what about root?
<kirkland> jdstrand: i'm seeing the same behavior when trying to login as root
<kirkland> jdstrand: perhaps we need to excuse all users below a certain uid?
<jdstrand> kirkland: it all depends on your nsswitch.conf and pam settings
<jdstrand> kirkland: IIRC, you can do exactly that iwth pam-ldap
<bipolar> the failure to boot isn't even getting to a login prompt without switching vt's manully
<kirkland> jdstrand: perhaps the 'fix' is that we sanitize those defaults
#ubuntu-server 2008-04-16
<Invisionfree> kirkland: I'm on my livecd, help me CHROOT into my server install?
<jdstrand> kirkland: putting on my sysadmin hat, I am not sure there is a sane default
<jdstrand> we don't have a server that we can target our authentication/authorization lookups against
<jdstrand> as such, it's all manual
<Invisionfree> kirkland: I'm on my livecd, help me CHROOT into my server install? Please?
<kirkland> jdstrand: i was thinking we should allow users with uid<N to fallback locally
<kirkland> Invisionfree: are you at a command prompt?
<Invisionfree> Terminal, and by the time you tell me what to type I will be :P
<jdstrand> kirkland: right, I understand, but what is 'N'-- some people may want to override some groups/users for some reason
<kirkland> Invisionfree: do you know the device that has your / partition?
<Invisionfree> hda1
<kirkland> jdstrand: at the very least 0/root
<kirkland> jdstrand: i don't there's ever a case where root would ONLY exist in LDAP
<jdstrand> kirkland: no, that is true
<kirkland> Invisionfree: mount /dev/hda1 /mnt
<kirkland> Invisionfree: chroot /mnt
<jdstrand> kirkland: but, you can't get that fine-grained with libc/nss lookups, only pam
<kirkland> jdstrand: i know, i know, inadvisable to login as root
<kirkland> jdstrand: perhaps users in the admin group?
<kirkland> jdstrand: we specify those in pam
<jdstrand> kirkland: yeah, pam_krb5 has a minimum_uid setting
<jdstrand> eg account sufficient      pam_krb5.so minimum_uid=1001
<jdstrand> I'm checking pam_ldap now, but am almost 100% it has it too
<kirkland> jdstrand: that's kinda the opposite, though
 * kirkland smacks kirkland, nevermind
 * Invisionfree smacks kirkland for the hell of it
<Invisionfree> :D
<jdstrand> kirkland: man pam_ldap-- ignore_unknown_user
<bipolar> is it pam or nss thats causing the issue on boot?
<Invisionfree> Help
<Invisionfree> bipolar?
<bipolar> hmm?
<Invisionfree> The following packages have unmet dependencies:
<Invisionfree>   libsasl2-modules-gssapi-heimdal: Depends: libsasl2-modules (= 2.1.22.dfsg1-12) but 2.1.22.dfsg1-9ubuntu2 is to be installed
<Invisionfree> E: Broken packages
<Invisionfree> How do I fix that?
<bipolar> how did you get there?
<Invisionfree> A Debian shell script to install ldap
<bipolar> umm.... what shell script?
<Invisionfree> http://noc.cluenet.org/distconf2.allinone.sh
<bipolar> that script calls other scripts. it must be part of a package you downloaded.
<Invisionfree> How do I get that version it needs?
<bipolar> it probbly doesn't work on ubuntu
<Invisionfree> ..
<Invisionfree> All it needs is a different version, why the hell wouldn't it?
<Deeps> ubuntu packages aren't always exact replicas of the debian packages with different numbers on them
<bipolar> Invisionfree: are you running gutsy?
<Invisionfree> Yes.
<bipolar> Invisionfree: the first thing I would try is running 'apt-get -f install' just to see if it can clean itself up.
<Invisionfree> I did, no solve.
<bipolar> libsasl2-modules-gssapi-heimdal may be broken
<bipolar> packages.ubuntu.org says exactly the same thing apt is telling you
<bipolar> it requres libsasl2-modules  (= 2.1.22.dfsg1-12) but ubuntu has libsasl2-modules (2.1.22.dfsg1-9ubuntu2)
<bipolar> I would remove that package, unless you absolutly need it.
<Invisionfree> I absolutely need it.
<bipolar> I'm afriaid your screwed
<Deeps> would rebuilding it from the source package (And modifying it's dependancy manually) resolve this?
<Deeps> or at least, get past the dependancy issue (while potentially creating new issues down the line)
<bipolar> it's strange, the universe package looks newer then the non-universe one.
<Invisionfree> bipolar:
<Invisionfree> E: Version '2.1.22.dfsg1-12' for 'libsasl2-modules' was not found
<bipolar> yes, because 2.1.22.dfsg1-9ubuntu2 is what is available
<Invisionfree> How can I get that version then..
<bipolar> You would need to download the source package, modify it's config file, and recompile
<bipolar> that version is not in the repositories
<bipolar> which is strange.
<bipolar> Maybe you could download the deb, and install it manualy
<bipolar> tell dpkg to ignore dependancys
<bipolar> Invisionfree: here is someone else with the same issue: http://ubuntuforums.org/showthread.php?t=599141
<bipolar> Invisionfree: and there is already a bug reported for this issue: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2-heimdal/+bug/157035
<ubotu> Launchpad bug 157035 in cyrus-sasl2-heimdal "libsasl2-modules-gssapi-heimdal not installable" [Undecided,Fix released]
<bipolar> looks like it's fixed for Hardy
<nullbnx> ok so im working on getting a wap setup... iv followed a few guides and am stuck... i can connect to the network, and when i try to ping to the outside world, dns resolves the ip address but no ping
<nullbnx> any ideas?
<Deeps> is IP forwarding enabled?
<Deeps> is WAP a wireless access point? if so, do you need to NAT wireless clients (have you got appropriate rules in iptables for this?)
<nullbnx> if dns works but not the ping... ip tables? bridge?
<nullbnx> yes ip fowarding is
<nullbnx> i have these ip table rules....
 * Deeps hopes he pastebins
<Deeps> you can dump nice output using iptables-save (if no args specified it outputs on stdout)
<nullbnx> k just a sec
<nullbnx> http://pastebin.com/dbc2e250
<Deeps> ok, which is your lan interface, which is your external interface, and is your wireless point a wireless card in your linux machine, or an external wap connected within your lan?
<nullbnx> eth0 is the lan connected to the internet; ath0 is the wap (in this linux machine)
<Deeps> and eth1?
<Deeps> actually nm, eth0 always matches first
<Deeps> from a wireless client, can you ping a) the ip assigned to ath0, b) the ip assigned to eth0?
<nullbnx> i can ping 10.1.1.1 which is the network setup by ath0
<nullbnx> not 192.168.1.44 the ip address assigned to eth0
<nullbnx> but when i ping (for example www.google.com); it resolves the ip address, just no return ping
<Deeps> what's your nameserver ip?
<Deeps> same as ath0?
<nullbnx> nameserver is 192.168.1.1; the network assigned to eth0
<Deeps> what OS on the wireless client?
<nullbnx> ubuntu desktop
<nullbnx> same thing happens with windows though
<nullbnx> tested both
<Deeps> my thought was that it was possible that dns was being cached from an earlier state
<nullbnx> no, i thought that too, but google has so many different addresses that it changes per each ping almost...
<nullbnx> so i dont know what is stopping me
<Deeps> what's the output of route -n
<Deeps> from what you've told me, unless i'm being dense, it should look like:
<Deeps> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
<Deeps> 10.1.1.0        0.0.0.0         255.255.255.0   U     0      0        0 ath0
<Deeps> 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
<nullbnx> yup
<nullbnx> exactly except on eth0 flags = UG; Metric = 100
<Deeps> you dont have any other routes for destination 0.0.0.0?
<Deeps> ok, double check that "cat /proc/sys/net/ipv4/ip_forward" returns 1
<Deeps> and possibly cat /proc/sys/net/ipv4/ip_dynaddr" also returns 1, if your WAN ip isn't static
<nullbnx> 2nd command returns 0
<nullbnx> 1st command returns 0
<Deeps> ok, if the 1st returns 0, then that's definately your problem, you dont have IP forwarding enabled (the first thing i asked ;)
<Deeps> echo 1 > /proc/sys/net/ipv4/ip_forward
<Deeps> and try your pings again
<nullbnx> hold on a sec, this is what i did to enable it... (i thought i had it on, oops)
<nullbnx> nano /etc/sysctl.conf
<nullbnx> net.ipv4.conf.forwarding=1
<Deeps> that'll enable it at startup
<Deeps> so if you've not rebooted, you still need to enable it now
<Deeps> either through /proc/sys
<nullbnx> and i restarted... any idea why that didnt work?
<Deeps> or through calling sysctl
<Deeps> oh
<Deeps> oh, that looks like the ipv6 forwarding
<Deeps> in ipv6, its net.ipv6.conf.forwarding, in ipv4, it's net.ipv4.ip_forward
<Deeps> although you can do the conf route too, you need to specify the interface(s) you want to enable forwarding on
<nullbnx> minus the .conf and foward instead of fowarding?
<Deeps> cd /proc/sys/net/ipv4
<Deeps> see the files that exist in there
<Deeps> follows the same hierarchy as the sysctl calls
<Deeps> i suspect net.ipv4.ip_forward=1 and net.ipv4.conf.all.forwarding=1 both do the same thing
<nullbnx> just a sec, let me see if those changes changes fixed the problem
<Deeps> if echo 1 > /proc/sys/net/ipv4/ip_forward
<Deeps> has resolved your problem, then that was definately it
<nullbnx> sure did
<nullbnx> so how do i make those changes permanent?
<nullbnx> cool worked
<Deeps> modify your /etc/sysctl.conf to contain net.ipv4.ip_forward=1
<Deeps> instead of net.ipv4.conf.forwarding=1
<nullbnx> so how do i make those changes permanent?
<Deeps> save the file?
<Deeps> ctrl+x i think, Y, enter
<nullbnx> and thats it?
<Deeps> pretty much
<nullbnx> with that setup i have for ipconfig, does that allow everything through without any restrictions? im pretty new to ipconfig...
<Deeps> iptables?
<nullbnx> sorry, yea
<Deeps> http://pastebin.com/m53f1d0d0
<Deeps> i've removed the 'eth1' entries
<Deeps> i'm not sure what that is, but having a second masquerade rule isn't going to be matched against anyway
<Deeps> urrr
<Deeps> mistakes in there
<Deeps> http://pastebin.com/m5c04e4f9
<Deeps> line 19: should be -o ath0 and not -d ath0
<nullbnx> ic k
<nullbnx> so will those rules allow anything other than port 80 through?
<Deeps> those rules will allow everything, and log port 80
<Deeps> twice
<nullbnx> ahh yea, so i need to delete line 16 also then
<Deeps> if you only want it logged once, and then the connection dropped:
<Deeps> http://pastebin.com/pastebin.php?diff=m55773a4e
<Deeps> i guess
<nullbnx> well i want everything fowarded through so i can use it like it were attached to any other server
<nullbnx> btw, i really appreciate the assistance
<Deeps> then remove the DROP line
<Deeps> line 17
<nullbnx> k
<Deeps> when dumping traffic, 2 easy ways to do it is with -j DROP or -j REJECT
<Deeps> DROP silently drops the packets, resulting in a timeout
<Deeps> REJECT dumps the traffic and responds with an icmp unreachable
<Deeps> so the other machine knows fairly quickly that the connection cant be made
<nullbnx> ok so when i start closing the ports up to secure it, use one of the two...
<Deeps> the approach i tend to take is drop all, accept specific ports that i want
<nullbnx> is there a good guide to getting all that setup?
<Deeps> no idea
<Deeps> i went from getting a chat like this to google to giving this chat, heh.
<nullbnx> i want everything between the wap --> clients open and then close things off between the server and the internet
<nullbnx> so you just googled all this?
<Deeps> no, when i was in your position i spent a lot of time on google
<Deeps> finding and reading guides
<nullbnx> ohh ok
<nullbnx> i was going to say, thats pretty impressive if you did, lol
<Deeps> hell, i still do, trying to work out routing between multiple links
<nullbnx> so... http://pastebin.com/m5c04e4f9 will allow all the traffic between the wap & client?
<Deeps> yep
<Deeps> the best approach is to play around
<Deeps> worst that can happen is you prevent any traffic from reaching the machine
<nullbnx> sweet... so whats the basics to disabling ports, if lets say i wanted to disable ports on eth0? or even easier to allow just a select number of ports?
<nullbnx> yea
<Deeps> given that it's local, hook up and keyboard + monitor and undo it
<Deeps> well you want to drop all traffic coming into eth0
<Deeps> but still allow inbound traffic with state related,established, otherwise you wont get any replies from remote machines when you make requests
<Deeps> (like you've done with clients behind ath0)
<Deeps> (only it's not forwarding data now, its incoming data to that machine)
<Deeps> and then to allow specific ports, -I INPUT -p <tcp/udp> --dport <portnum[:endportnum]>
<nullbnx> so with my iptables now everything is being fowarded to ath0 and skipping eth0?
<Deeps> eg -I INPUT -p tcp --dport 1000:2000 would allow input to ports 1000-2000 inclusive
<Deeps> no, if a wireless client requests, say, a webpage
<Deeps> wifi client [request] -> ath0 -[nat]-> eth0 -> [interweb]
<Deeps> [interweb responds] -> eth0 -[nat, state related/established]-> ath0 -> wireless client
<Deeps> [interweb tries to create new connection] -> eth0 -> [if there's a service running on the target port, it handles it, if not, it rejects the request]
<Deeps> in your current state
<nullbnx> k, so if lets say [client outside network] ---ssh request--> [eth0 responds by default]
<Deeps> indeed
<Deeps> in your current setup, anyone able to reach the machine will be able to get a response from ssh
<Deeps> oh, be careful, if you set a root password on your machine (instead of using sudo), it's worth updating yor /etc/ssh/sshd_config to reflect PermitRootLogin no (defaults to yes)
<Deeps> your*
<nullbnx> gotcha, so the basics are that if a wireless client makes a request, it can get that specific request back...
<Deeps> yep.
<nullbnx> so lets say i just want to only allow specific ports period to eth0, which command would i use in iptables?
<Deeps> 02:11:09 < Deeps> well you want to drop all traffic coming into eth0
<Deeps> 02:11:27 < Deeps> but still allow inbound traffic with state related,established, otherwise you wont get any replies from remote machines when you make requests
<Deeps> 02:11:49 < Deeps> (like you've done with clients behind ath0)
<Deeps> 02:12:06 < Deeps> (only it's not forwarding data now, its incoming data to that machine)
<Deeps> 02:12:49 < Deeps> and then to allow specific ports, -I INPUT -p <tcp/udp> --dport <portnum[:endportnum]>
<nullbnx> ahh ok, i thought that was a little different
<Deeps> http://pastebin.com/m2439a18e
<Deeps> things i've changed: your default INPUT policy to REJECT
<Deeps> added a rule to allow tcp/22 from anywhere
<Deeps> and allowing all established traffic already back in
<nullbnx> so if i send a request out for something, it all can come back... except for ssh, which can recieve also
<nullbnx> just trying to get this straight
<Deeps> that said, i dont think you can set polciy to reject
<Deeps> so you probably wanna change that to DROP
<Deeps> that's correct
<Deeps> means ssh can listen for new connections
<Deeps> while any other random ports cant, they can only listen for established connections already
<nullbnx> will this setup cause any complications if...  i run a file server off of that box, just for the wireless clients?
<Deeps> shouldn't do
<nullbnx> k so change :INPUT REJECT to :INPUT DROP
<Deeps> yep
<Deeps> you can dump all of that in a file btw (remove the line numbers)
<Deeps> and then iptables-restore < /path/to/file
<Deeps> to have your rules replaced entirely
<Deeps> iptables-save > /path/to/file to see what the file should look like
<nullbnx> if you don't mind me asking, what are you using your box for?
<Deeps> which one?
<Deeps> heh
<Deeps> most closely matched to you, i've got one routing my adsl connection
<nullbnx> haha
<Deeps> usb adsl modem, 2 10/100 ethernet nics
<nullbnx> then you set a server behind that?
<Deeps> no, that is the server
<Deeps> server has the usb adsl modem plugged into it, so my wan ip presents itself on atm0
<Deeps> my local lan is on eth0, and the flat downstairs is on eth1
<Deeps> the box doesn't do much eles
<nullbnx> icic, so what kinda servers are you running?
<Centaur5> I know this is slightly off topic but I was wondering if anyone could tell me from your experience which hardware raid has been faster 5 or 10?
<Deeps> mrtg graphing, simple web serving from there
<Deeps> nullbnx: got a few boxes online that i used to host services on for friends and family
<Deeps> currently sitting idle as i cant think of anything to do with them anymore
<nullbnx> lol ic
<nullbnx> well i appreciate the help
<Deeps> no problem
 * Kamping_Kaiser puts his ubuntu mirror on a diet
<nullbnx> im thinking about putting my removable (usb) hard drive on the server and using samba to share it
<Kamping_Kaiser> wonder how much room i'll have after this :D
<Deeps> gl
<nullbnx> any advice?
<Deeps> guides on how to use samba are on ubuntu.com :)
<nullbnx> haha i know how to do that
<Deeps> most of the problems you'll encounter have already been resolved on ubuntuforums.org
<nullbnx> i think ill remove all permissions other than read after mounting the hard drive (other than read) so i dont risk someone removing anything
<nullbnx> hmmm oops, xorg crashed on me
<nullbnx> do you need to restart before iptables become active?
<Deeps> you never need to restart
<Deeps> unless you've installed a new kernel (and even that has ways around it)
<Deeps> you can either apply the rules manually, or you can apply the through iptables-restore as i explained earlier
<nullbnx> so the new iptables should be good to go?
<nullbnx> i applied the tables in the .conf, and thats it?
<Deeps> in which conf?
<nullbnx> iptables.conf
<Deeps> there's an iptables.conf?
<nullbnx> /etc/iptables.conf
<Deeps> ok, you've created that yourself
<nullbnx> yea, i was just following a guide
<Deeps> ok, well then i'd recommend finishing that guide as to how to apply the rules
<Deeps> if you've used the same format as would be generated by using iptables-save, you can apply the rules with iptables-restore < /etc/iptables.conf
<nullbnx> i found what looks to be a pretty good guide, im going to read a whole bunch... i appreciate the help
<Deeps> Good plan! A well written guide will do more for you than I can. :)
<nullbnx> you checked out 8.04 yet?
<Deeps> nope, i dont do well with beta software, barely have the patience for stuff that's considerred stable, heh
<nullbnx> lol
<nullbnx> im just wondering how secure 8.04 will be when it first comes out...
<nullbnx> has me a little worried, i might upgrade my lappy but not the server
<Kamping_Kaiser> not sure if this usb port is USB 1.1 or 2 :S. deleting 40gb at 40mb/s will take a while
<Deeps> wouldn't worry about that kind of thing, security is rarely a concern with new releases, stability on the other hand...
<Deeps> that and the upgrade process
<Deeps> i kid, ubuntu's been through many upgrade cycles now, i'd expect the gutsy->hardy upgrade to be as smooth as a baby's bottom
<Deeps> ..within a month of release, at least, heh.
<Kamping_Kaiser> heh
<nullbnx> yea... do you have any other recommendations for the server security other than iptables n no root ssh
<nullbnx> hah, well i was reading around, seems like they got it well setup bc so many brave souls tried the beta & upgrading
<Deeps> dont run lots of random daemons that you dont need, if you do run them, have them bind only to interfaces that need them (ie, if it's only that machine, bind to localhost, if it's only for wireless clients, to ath0's ip, etc.)
<Deeps> have a strong secure password, dont give shell access to anyone you cant trust until you've learnt to harden up the machine
<Deeps> make sure you apt-get update + upgrade regularly
<Deeps> dont forget to lock your machine when you're not at it ;)
<Deeps> dont leave root shells lying around ;)
<nullbnx> lol, i knew #2, 3, 4, 5
<nullbnx> ill have to look into bind
<Deeps> bind has 2 meanings
<nullbnx> pretty easy to setup bind?
<Deeps> bind, the application
<lamont> ScottK: you around?
<Deeps> or binding to interfaces, where an application picks what IPs to accept connections on
<nullbnx> is there a quick and easy way to do that?
<Deeps> eg, chances are your ssh server is listening for connections on 0.0.0.0:22 (and ::22 if you have ipv6 enabled), ie, all interfaces
<ScottK> lamont: Yes.
<lamont> I'm looking at the delta between 2.5.2-rc{1,2}....
<Deeps> however, if you need, say, an snmp daemon, but only for local logging/monitoring purposes, you'd configure it to only listen on 127.0.0.1 (localhost)
<ScottK> OK.
<Deeps> each application has it's own configuration file
<nullbnx> ic
<Deeps> sudo netstat -anp will show you all applications that are running, sockets that they're using, sockets that they're listening on
<lamont> if we pulled the warn_if_reject check back into 2.5.1-ubuntu, is it worth separating out the qmgr fix that's there as well?
<lamont> my life would be easier if Wietse just released 2.5.2
<ScottK> lamont: I don't know.  I was aware of the warn if reject one because it was discussed on the ML.
 * ScottK just got back into down and just downloaded 1749 new mails.
<lamont> heh
<nullbnx> deeps, well iv only got ssh and named available to all..., so prolly not a huge problem
<ScottK> lamont: Without looking, I'd say upload the RC and we'll deal with it.
<nullbnx> deeps, prolly don't need named to the outside either
<ScottK> lamont: Then if it's not released before we do, just SRU to the final.
<lamont> I really don't want an RC in the LTS...
<lamont> the alternative is to upload a 2.5.1 that happens to have a few backported fixes.
<lamont>  bzr commit -m'[LJ, trivial] dist-upgrade'
<lamont> my favorite commit ever
<ScottK> Yeah, and then if 2.5.2 happens to make it, we go with it, if not, oh well.
 * lamont will stare at the diff en toto, and then maybe poke you again in a bit.
<ScottK> K
<nullbnx> what would be the purpose of running a dns server on a home server?
<Nafallo> nullbnx: learning
<nullbnx> Nafallo, haha other than that...
<Nafallo> nullbnx: and well... the "because I can" thing is usually a strong one as well :-)
<nullbnx> Nafallo, haha, so no real use running named in a network that looks like this...
<Nafallo> nullbnx: well... caching would be good I guess :-)
<Nafallo> depends on if you use to go to the same addresses a ot.
<Nafallo> lot even
<nullbnx> [internet] <---> [dsl modem] <----> [ubunut server (home network) w/ named] <----> [wireless clients]
<nullbnx> (named was installed during installation by accident and im debating shutting it down
<nullbnx> )
<Nafallo> :-P
<Deeps> from my lan:
<Deeps> chocha.truman.lan has address 192.168.1.49
<Deeps> 49.1.168.192.in-addr.arpa domain name pointer chocha.truman.lan.
<Deeps> forward and reverse dns created automatically by dhcpd when it assigns the client's IP
<Deeps> reverse dns is almost entirely asthetic, forward proves useful if i want to connect to another machine, e.g. one not using NetBIOS
<Deeps> can connect to it's name rather than trying to work out it's ip
<nullbnx> yea, so no real point...
<nullbnx> i have dhcp set up also, and that takes care of everything internally
<nullbnx> what does bind9 do?
<Deeps> dns
<Deeps> what you're calling named
<Deeps> (that's the user it runs as )
<nullbnx> ok thats what i thought, how do stop it from starting during boot?
<nullbnx> i know i can stop it by /etc/init.d/bind9 stop
<Deeps> update-rc.d
<Deeps> update-rc.d -f bind9 remove
<nullbnx_> can you setup wpa on a wap?
<Deeps> i dont see why not
<nullbnx_> hopefully this works...
<AnthonyC> hello?
<nullbnx_> heyt
<AnthonyC> hello I am having trouble with an Ubuntu mysql server
<AnthonyC> I am getting a "cannot connect to remote server" error upon attempting to connect remotely to it
<AnthonyC> I can ping it and access it locally, but not remotely
<AnthonyC> there is no firewaill between the 2 LAN'd machines
<AnthonyC> any suggestions?
<nullbnx_> do you connect through a cable/dsl modem/router?
<AnthonyC> no, they are on a LAN
<AnthonyC> TCP/IP, same subnet
<AnthonyC> can ping each other
<nullbnx_> and your sure that you dont have iptables (the default ubuntu firewall) blocking you?
<AnthonyC> no, the only firewall is the NAT router itself
<AnthonyC> between the servers and the internet
<nullbnx_> hmmmm not to sure then....
<nullbnx_> how would i be able to monitor what computers are connecting through my server?
<AnthonyC> by IP? try netstat
<AnthonyC> see the man page
<AnthonyC> also try snort
<AnthonyC> for logging
<nullbnx_> thanks =)
<nullbnx_> netstat by itself doesnt show it...
<nullbnx_> my computer is a access points other pcs connect through, im trying to figure out which pcs (by ip) are connecting
<lamont> ScottK: 214933: sounds like 'fix released' to me... :)
<jords> can anyone recommend me a CLI download accelerator that allows you to use http basic authentication? Axel is great apart from that last point... can't find anything on how to to the authentication with it
<sls> Hi, how can I grant sudo access to LDAP users?
<sls> I have Ubuntu with Likewise, and can log in fine, bu must log in as local account to do admin activities. This is inconvenient.
<sls> There must  be a way to add some group to sudoers.
<sls> .
<sls> ?
<rhineheart_m> hello.. how to make ubuntu to fuse two separate networks?
<kraut> moin
<n6rej> anyone had any experience with IRC proxys?
 * Kamping_Kaiser waves
<Kamping_Kaiser> no i havent, but hello
<n6rej> lol hiya kamping
<n6rej> yeah, i'm using U!
<n6rej> I can't imagine that its that hard to setup... I hope
<kraut> n6rej: in which case?
<n6rej> I don't get though how connecting to the server via SSH would hep?
<kraut> like a bouncer or a web-proxy?
<n6rej> kraut: hiya... yeah bouncer
<kraut> n6rej: google: irssi-proxy
<n6rej> I want the folks on my lan to access IRC via the lan-server
<kraut> then it's more a kind of a web-proxy
<kraut> then you need squid
<kraut> or any other http-proxy. squid isn't the best soloution
<Kamping_Kaiser> irc over squid?
<n6rej> kraut: whats the diff between irssi and squid?
<kraut> Kamping_Kaiser: sure
<n6rej> they will be using either chatzilla or some other irc client
<kraut> Kamping_Kaiser: nearly every protocol is able to tunnel over a web-proxy
<n6rej> kraut: its a mixed OS envirorment, NIX, OSX and PC
<kraut> n6rej: squid is a http-proxy and irssi-proxy is a proxy module for your irssi client
<kraut> n6rej: that's no problem, just have a look on squid
<n6rej> kk, what is irssi client? IRC?
<kraut> just google for it!
<n6rej> k I will
<Kamping_Kaiser> kraut, i'm not sure why you'd tunnel something like irc over squid though, its not like you can filter it (past the 'can cant' ACL levels)
<kraut> Kamping_Kaiser: irc over http-proxy is like icq over http-proxy. it works!
<n6rej> kraut: would they use a regular irc client if I use squid?
<Kamping_Kaiser> kraut, *hm*
<kraut> n6rej: yes, you just need to configure your irc-client to use the http-proxy
<n6rej> kk
<n6rej> !squid
<ubotu> Sorry, I don't know anything about squid - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<kraut> and the http-proxy, in this case squid, need to allow irc from your internal lan.
<kraut> it's called ACLs
<n6rej> ah, ok
<kraut> it must be described in their docu
<kraut> EOD, need to work
<n6rej> !irssi
<ubotu> Irssi is a terminal based IRC client. See https://help.ubuntu.com/community/Irssi for help.
<kraut> !squid
<ubotu> Sorry, I don't know anything about squid - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<kraut> stupid bot
<n6rej> kraut: lol yeah.
<n6rej> kraut: i'm carefully looking everything over... I don't want to proxy EVERYTHING just IRC
<kraut> that's also possible with squid
<n6rej> and I don't want the IRC channel kept open all the time, only when called from the clients
<kraut> just have a look on the ACLs
<kraut> you could permit only IRC from your internal network with them and disallow anything else
<kraut> anyhow, you'll run into the problem, that irc-servers will reject you, when you connect to often from the same ip
<n6rej> kraut: no thats just it... I don't want it messing with anything but IRC
<Kamping_Kaiser> ubotu, Squid is an industrial strength web proxy. Its flexability is matched only by the scaryness of its configuration file.
<n6rej> kraut: I'm on a dynamic ip
<kraut> n6rej: you could allow or dissallow everything with the ACLs of squid
<n6rej> lol yeah I bet
<kraut> n6rej: sure, but you've got only one IP for all of your users
<n6rej> kraut: so squid will act like a firewall right?
<kraut> no
<kraut> or yes
<n6rej> kraut: yeah, normally only 1 or 2 of us use the lan at a time
<kraut> is a point of voiew
<kraut> then it's ok
<kraut> just read the squid-docu
<n6rej> well I have a FW already, I don't want it mucking with any of that lol
<n6rej> I am
<kraut> it's not a firewall, it's a proxy
<kraut> a firewall is more a concept and a proxy will fit into such a concept
<n6rej> well, everything is nat'd and stealthed, even the server.
<kraut> stealth is a mystery
<n6rej> kraut: i love it... tech's try to access my system without permission and they get freaked cause they fall into a black hole.
<n6rej> then they go uh... ah.. mmm... your computer is off
<n6rej> LOL
<kraut> ...
<kraut> as i say, stealth is a mystery
<kraut> your tech's are to stupid to understand the mechanism
<n6rej> kraut: yep.  But it keeps me safe. :D
<kraut> depends
<n6rej> first they gotta get through the stealth, then the nat, then onto my systems
<n6rej> by that time they've left a trail a mile long
<kraut> there are still easier ways to get into your system
<n6rej> ?
<n6rej> I used to run Engarde on my server... nothing gets through that without permission.
<kraut> there is allways a way, believe me
<n6rej> oh i'm sure.. well.. with Engarde their used to be a 100k reward if you could crack it... nobody ever has that I know of.
<n6rej> most of the time access is through front-ends not the server stuff
<n6rej> as far as I know they still use the NSA kernel
<\sh> guys, did anyone tested latest ubuntu-server iso on vmware, with guided partitioning? grub is failing on vmware (i386) somehow for this...
<_ruben> \sh: hardy beta jeos with guided worked fine on vmware for me
<nijaba> \sh: which version of vmware are you talking about?
<nijaba> \sh: server, ESX, workstation?
<popey> a friend installed hardy ubuntu-server over a remote connection, and at the end it asked if he wanted to install additional software. He chose to install ssh, so it went off and got the ssh packages and installed them, however it also wanted to remove a load of other stuff, which apparently barfed grub up so he had to reinstall again and choose not to install ssh that time
<popey> he says the cd he used was a beta one from march - would this be a known issue _or_ what package should he search for bugs in, or what package should he file bugs against?
<soren> How did he install over a remote connection?
<popey> HP ILO
<soren> Ah.
<soren> *shrug*
<popey> Good answer
<soren> Do you think you could get him to try with a recent CD?
<popey> a daily?
<popey> he used the most recent beta
<soren> It's not inconceivable that after the installer did an apt-get update, it wanted to remove a stack of things due to new dependencies, conflicts, whatever.
<soren> popey: Really? Has it been that long? Hm..
<popey> he laughs and says that's pretty much exactly what happened, but would have been nice if grub had been left alone so that he at least had a bootable system :)
<popey> 17th march or thereabouts he said
<popey> (the cd release)
<popey> 20080318.1 was the cd he used
<soren> Hm... Well, if it's not too much trouble, if he could try with a daily that would be lovely.
<popey> I'll ask him. Thanks for the quick response.
<soren> Any time :)
<\sh> nijaba, vmware-server v1.0.3
<\sh> _ruben, I used the normal ubuntu-server iso, not the jeos ones
<nijaba> \me needs to fix his server console to test this...
<_ruben> \sh: ah, havent played with those .. only hardy jeos guided partitioning and gutsy server custom partitioning
<\sh> _ruben, well, I'm redoing the installation now, and providing some  logs for colin to investigate...
<_ruben> ah
<_ruben> hmm .. 48MB/s on linear reads from software raid10 (7200rpm sata)
<n6rej> ok, i'm really stupid tonight :(
<n6rej> I can't figure out how to add ctrlproxy to inetd
<n6rej> the dev said ctrlproxy --inetd but that doesn't seem to do anything that I can see
<PecisDarbs> n6rej: don't you have just add entry to inetd or xinetd.conf file?
<n6rej> PecisDarbs: i thought so but its not starting :(
<n6rej> PecisDarbs: http://pastebin.com/d2141524d
<PecisDarbs> n6rej: you use inetd or xinetd?
<n6rej> PecisDarbs: openbsd-inetd
<PecisDarbs> try to debug it, see what is response when you poke that port
<n6rej> PecisDarbs: how do you poke a port?
<PecisDarbs> n6rej: just telnet localhost port_ctrlproxy_uses
<n6rej> PecisDarbs: got it!... the silly port was declared by ircd
<PecisDarbs> for example, usually admins test smtp server with telnet mail.example.com 25
<PecisDarbs> see? :)
<PecisDarbs> easy
<n6rej> PecisDarbs: yeah,... so now I just have to figure out what its talkign to me about :D
<\sh> _ruben, the bugger was an old iso file, which wasn't overwritten by wget ... grmpf...so nothing's wrong with -server iso *phew*
<_ruben> \sh: ouch :p
<PecisDarbs> anyone here how played with BIND DNSSec?
<PecisDarbs> it's getting me mad, slowly :)
<PecisDarbs> how/have/s
 * n6rej would love to tie bind to a tree and shoot it!
<PecisDarbs> why
<PecisDarbs> he is such a nice fella :)
<n6rej> hahah :P
<n6rej> he gives me nightmares lol
<PecisDarbs> seriously
<PecisDarbs> what kind of? :)
<n6rej> yeah
<n6rej> OMG
<n6rej> lol
<n6rej> i'd rather program in VB then touch bind
<PecisDarbs> usually nighmares with BIND == wrong syntax again, ups
<PecisDarbs> smells like really spoiled relationship
<n6rej> PecisDarbs: i think bind is the only process that has given me fits all my *nix life
<n6rej> yep
<n6rej> but I started with *nix 5.0 so bind was really nasty then
<n6rej> no I take that back, there is one worse.... sendmail!
<PecisDarbs> but it is a past, shouldn't we let it slip away? :)
<n6rej> lol
<n6rej> probably... but i'm an old dog
<n6rej> right now my cage is really rattled lol
<n6rej> stupid ctrlproxy stopped
<n6rej> hmmmmmmmmm.... says no configuration found maybe i'd like to run one with --init lol
<PecisDarbs> anybody nows why Bind on Hardy pratically misbehaves when using DNSSec?
<ScottK> So marked -->[23:49] <lamont> ScottK: 214933: sounds like 'fix released' to me... :)
<ScottK> PecisDarbs: You'll need to give some actual specifics about the problems you're seeing if you want help.
<lamont> g'morning ScottK
<PecisDarbs> dnssec-enable is enabled, ksk un zsk is created, deployed, zone signed and included in configuration, i also configured so dnssec stuff would log in seperate file
<PecisDarbs> so far so good
<PecisDarbs> but
<PecisDarbs> whatever I do, log keeps silent, while normal.log which I created for rest of stuff in same dir grows and grows, so no permission involved, already checked it hundred times
<ScottK> Heya lamont.
<ScottK> PecisDarbs: What if you don't configure it to log to a separate file.  Is it in the normal log?
<PecisDarbs> ScottK: no difference, I tried to push dnssec stuff also in normal.log, but nohing appears there, other categories have lot of log material there
<PecisDarbs> I set permissions to 777 while testing, checked out apparmor settings many times - nothing to cling on
<sommer> PecisDarbs: it's probably because of apparmor, take a look at the logging section here: http://doc.ubuntu.com/ubuntu/serverguide/C/dns-troubleshooting.html
<PecisDarbs> apparmor don't impact network, right?
<sommer> PecisDarbs: at least inregards to log information to another file
<sommer> if the bind apparmor profile is in enforce mode it will need to be configured for the new log file
<PecisDarbs> I already did that
<PecisDarbs> what one or two * means in apparmor conf?
<PecisDarbs> non-recursive and recursive?
<sommer> PecisDarbs: not sure what you mean by two '*'s ?
<PecisDarbs> /etc/bind/* un /var/cache/bind/** for example
<PecisDarbs> in /etc/apparmor.d/usr.sbin.named
<sommer> PecisDarbs: mmm... mine doesn't have that, one sec while I update
<PecisDarbs> ok
<nijaba> \sh: I just installed the latest hardy server x86 iso on vmware server with no issue.  Did you use some particular settings?
<nijaba> \sh: and which iso did you use?
<sommer> PecisDarbs: you might also check out this page: https://wiki.ubuntu.com/DebuggingApparmor
<\sh> nijaba, as I said, it was a problem with an old iso image...because wget doesn't overwrite a file which exists already with the same nam
<\sh> e
<PecisDarbs> btw, it is possible that AppArmor blocks BIND DNSSec check? It would be kinda stupid, but....
<nijaba> \sh: hmm...  I did not see that.  anyway, that force me to put my vmware server in a working state, so that time was not lost :)
<sommer> PecisDarbs: I wouldn't think so, if it did there would be messages in /var/log/syslog, that should alert you
<PecisDarbs> yep, I think so too
<PecisDarbs> damn :(
<PecisDarbs> ok, let's try aa-complain mode
<mvo> what is your opnion about how the upgrader should deal with file overwrite problems? on the desktop we run with --force-overwrite. we don't do this on the server currently assuming the admin might want to know about these sorts of things. is that a sensible/valid decision?
<ScottK> I'd say so.
<ScottK> Is there a way to run the upgrader without force-overwrite?
<mvo> that is the current default for the server upgrade (no --force-overwrite). there is currently no way to disable it on the desktop
<mvo> but the logs will give you hints what packages are wrong
<ScottK> For future consideration, you might want to have no --force-overwrite as the desktop default for upgrades to the development release.  That's when we'd want such problems exposed.
<mvo> hm, maybe some middle ground, like a way to collect the overwrite and offer to report bugs about them, but carry on with the upgade
<ScottK> I think that's reasonable.
<ScottK> My theory is that we should strive to make the upgrader un-needed.  To the extent we can, apt-get dist-upgrade should just work.
<ScottK> I don't think we'll get there, but it's a direction to head.
 * delcoyote hi
<mvo> ScottK: I agree, the less quirks code there is in there, the better.
<ScottK> So making such problems more obvious to people who upgrade prior to release (or maybe prior to RC) is a good thing.
<spiekey> hey
<spiekey> i just plugged in my USB to Serial Adapter: http://pastebin.ca/987395
<spiekey> i used to came up as /dev/ttyUSB1 on my other linux boxes
<spiekey> any idea where i can find that device?
<seisen> how are you hard drivers show as, ie  hda, sda, etc...
<spiekey> huh?
<faulkes-> serial, not usb memory
<faulkes-> spiekey: check the output of dmesg
<faulkes-> tail /var/log/dmesg - it should usually show you if it registered the device and where
<spiekey> faulkes-: have a look at my pastebin ;)
<spiekey> ah! Stupid USB Hub! :P
<ccvp> is the 8.04 thats essentially available now
<ccvp> same thing that will be on the 8.04 iso's in 9 days? its essentially official, but just not by the "countdown logo" rofl
<ccvp> ?
<ScottK> ccvp: Changes are still being uploaded, but the difference between today and the final are likely to be small, but significant at least for the packages that are changed.
<ccvp> im wondering if its something to not
<ccvp> really worry about
<ccvp> so i dont waste putting 7.10 on a vmware now
<ccvp> and then just rm'ing it later, to do 8.04
<ScottK> I'm running 8.04 on several serves now and it's fine for me.  No guarantees.  No reason your couldn't upgrade the vmware image rather than redoing it, is there?
<ccvp> hello, after installing vmware on XP, what type of settings do I need to do to vmwar workstatio n6, so when ubuntu is booted in it, it will yank a host address, off of our 192.168.1.0/24
<ccvp> oops
<jjesse> ccvp: if you need ubuntu to grab a network ip address it would have to be setup as NAT
<ccvp> ok
<mathiaz> jcastro: Hi - I'm thinking about running an Server Team introduction session during the UbuntuOpenWeek - what about Tuesday at 19:00 UTC ?
<jcastro> mathiaz: that sounds excellent
<jcastro> mathiaz: anything else in mind?
<jcastro> mathiaz: plenty of slots left, so we could do as many as you want.
<mathiaz> jcastro: well - I though about doing something on virtualization
<mathiaz> jcastro: and how to use virtualization to do development work
<jcastro> that sounds great too
<jcastro> I would love to see a ufw one as well, since it's new
<mathiaz> jcastro: what's the target audience of the Ubuntu Open Week ?
<mathiaz> jcastro: I'll update the wiki page with a session of the Server Team then
<jcastro> mathiaz: same as always
<jcastro> mathiaz: if you want to have multiple sessions of the same topic, you can do that as well
<jcastro> there is plenty of room and the people who are only available during certain days are already scheduled
<mathiaz> jcastro: right - and the always is ???
<mathiaz> jcastro: in february, it was named Ubuntu Developer Week
<mathiaz> jcastro: and it's Ubuntu Open Week
<mathiaz> jcastro: so I guess it's targeted at potential contributor
<jcastro> this is a normal open week, not a developer week
<jcastro> right
<jcastro> and users.
<jcastro> developer week was specifically for potential developers, open week is for everyone on any topic
<jcastro> so user-oriented sessions are welcome
<zul> maybe how to setup kvm
<jcastro> mathiaz: mind if I move you an hour later for the intro, celso would like to do PPAs right after 'merging packages'
<mathiaz> jcastro: wfm
<jcastro> ta
<rlanham> I was in the middle of an apt-get upgrade and SSH timed out, is there way to view the status?
<kraut> !raid
<ubotu> Tips and tricks for RAID and LVM can be found on https://help.ubuntu.com/community/RaidConfigurationHowto and http://www.tldp.org/HOWTO/LVM-HOWTO - For software RAID, see https://help.ubuntu.com/community/FakeRaidHowto
<kraut> !recover
<ubotu> Some tools to recover lost data are listed and explained at https://help.ubuntu.com/community/DataRecovery - Recovering deleted files on !ext3 filesystems can be virtually impossible, although a method that might work in some cases is described at http://www.xs4all.nl/~carlo17/howto/undelete_ext3.html
<kraut> !raidrecover
<ubotu> Sorry, I don't know anything about raidrecover - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<kraut> grr
<kraut> is there any quick howto, to recover a disk in a raid1 array?
<kraut> !rebuild
<ubotu> Sorry, I don't know anything about rebuild - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<kraut> nobody here or what!?
<JaxxMaxx__> Gah, so bad, in here thrice now...
<JaxxMaxx__> How would I go about using CVS to grab the latest source files for a particular package?   trying to upgrade freeradius to 2.0.3  but the download .gz  has something wrong in the changelog file, can't make a package with dpkg-buildpackage
<JaxxMaxx__> the mailing list says the problem is in one line of the changelog file, and fixed in CVS
<kraut> JaxxMaxx_: nobody will help you here, just feel safe and leave the channel...
<sommer> mathiaz: is winbindd no longer part of the samba server tasksel?
<nijaba> sommer: it was yesterday
<nijaba> sommer: it is part of the iso check, and I found it when I check samba install
<sommer> hrmm... I did pgrep winbindd, and didn't find it
<nijaba> sommer: I belive I did the same.  let me check, I still have the vm
<sommer> woops, false alarm... I actaully typed pgrep windbindd
<sommer> there's no such thing as windbind :)
<nijaba> sommer: to tell you the truth, I did do the same mistake yesterday :)
<sommer> the worste part is I mistyped it twice... doh
<sommer> kraut: not sure if this helps, but it may point you in the right direction: http://currents.soest.hawaii.edu/docs/doc/ubuntu_docs/thirdparty_html/ubuntu_raid.html
 * sommer has been meaning to learn software raid1 and friends
<mathiaz> sommer: nijaba: FYI there are new isos to tests
<nijaba> mathiaz: why?  did we change anything?
<sommer> mathiaz: does the iso.qu.u.c take a little longer to update?
<JaxxMaxx__> that's a pretty negative attitude, kraut.   having a tough problem that's stumping these folks?
<mathiaz> apparently iso.q.u.c has been updated yet
<mathiaz> nijaba: sommer see #u-d
<mathiaz> nijaba: sommer I've just asked about this
<sommer> mathiaz: ah, party
<nijaba> mathiaz: can you summarize I was not on that channel and I think I missed the best part of it
<nijaba> mathiaz: or /msg paste
<sommer> I synced at about 8:45am, do you know when it was released?
<sommer> or, actually I can check the md5
<mathiaz> nijaba: slangasek is going to update iso.qa.u.c
<mathiaz> nijaba: the isos were rebuilt earlier today and iso.qa.u.c wasn't updated
<nijaba> mathiaz: ok, thanks.  Updating my isos
<sommer> mathiaz: cool, I've been testing 20080416, but logged my tests under 20080415
<JaxxMaxx__> blargh.  hurray for dpkg-buildpackage.   this thing has dozens of dependancies...
<Lucutious> I am trying to set up a new Ubuntu server to act as a webserver, and I'll be using it in conjunction with dyndns.  Is there anyone who is able to help me set up the mailserver, or perhaps point me to a link that will help?
<sommer> Lucutious: postfix is pretty easy to setup, here's a link to the server guide: http://doc.ubuntu.com/ubuntu/serverguide/C/email-services.html
<JaxxMaxx__> how do I get screen to show me the scrollback?
<pr0le> pg-up?
<marcreichelt> hi there!
<marcreichelt> I want to use Apache2 under Ubuntu with IPv6
<marcreichelt> e.g. I just want to access localhost via http://[::1]/
<marcreichelt> how may I do that under Ubuntu?
<marcreichelt> it seems to be deactivated :-(
<blue-frog_> have you installed apache?
<marcreichelt> yes
<marcreichelt> ;)
<marcreichelt> http://localhost/ is working normally
<marcreichelt> but http://[::1]/ not
<blue-frog_> how's your /etc/hosts ?
<marcreichelt> just fine
<marcreichelt> one line for 127.0.0.1 localhost
<blue-frog_> look at your logs then. it is working
<marcreichelt> ping6 ip6-localhost does work normally
<marcreichelt> hmm, no unnormal log entries
<marcreichelt> wget can't connect, too
<blue-frog_> you have somethin with http://localhost?
<marcreichelt> yes
<blue-frog_> what have you doneafter installing apache then?
<marcreichelt> oh, moment - Apache2 not running ;)
<marcreichelt> but the behaviour was as before
<marcreichelt> hmm - it runs now
<marcreichelt> seems my server was down all the time I tested
<marcreichelt> amazing
<marcreichelt> at least, thanks for your attention ;)
<marcreichelt> ok, I have detected the problem now
<marcreichelt> http://ip6-localhost/ does work, but http://[::1]/ does not
<blue-frog_> not logical
<blue-frog_> is it still running?
<marcreichelt> yes
<blue-frog_> what's the entry in E/tc/hosts for ::1 ?
<marcreichelt> ::1 ip6-localhost ip6-loopback
<marcreichelt> funnily, a "ping ip6-loopback" does work
<blue-frog_> exactly? no * in fron or else?
<marcreichelt> no
<marcreichelt> and "ping6 ip6-localhost" too
<blue-frog_> what's the error message for http://[::1)
<Lucutious> Ok, I'm feeling kind of stupid.  This is my first time using any type of OS other than windows, but I catch on fairly quickly.  I installed ubuntu server, and now I come up with a prompt.  What I was told, is that I could remotely administer the system, like from my other computer, to install things such as SMF or other stuff
<Lucutious> Is there anyone that can assist a newbie?  I've been reading the documentation, but I fear either I'm making it too hard, or it's out of my grasp.
<blue-frog_> Lucutious: SMF?   you can ssh into your server
<Lucutious> and that's from a telnet connection, or do I need a seperate ssh application?
<marcreichelt> blue-frog_: using "wget http://[::1]" the output is "Connection refused."
<blue-frog_> Lucutious: the other waty is to install the desktop and control it vian vnc.
<blue-frog_>  http://[::1] does what in firefox?
<marcreichelt> connection refused ;)
<Lucutious> a desktop sure would be nice, I wasn't quite prepared for a command prompt type system, thought it would at least have some sort of gui
<blue-frog_> have you fiddled with the apache conf?
<marcreichelt> maybe a bit, yes
<marcreichelt> I have some VirtualHosts
<marcreichelt> the funny thing is:
<blue-frog_> Lucutious: command prompt is command prompt, if your computer has an internet connection, then   sudo apt-get install ubuntu-desktop  will get you GUI
<marcreichelt> if I insert "Listen [::1]:80" into /etc/apache2/ports.conf and restart Apache2, I get the following error:
<marcreichelt> Syntax error on line 1 of /etc/apache2/ports.conf:
<marcreichelt> Listen setup failed
<marcreichelt> is this normal?
<marcreichelt> I am downloading Ubuntu 7.10 server to test it in an emulator
 * faulkes- grumbles at the igb driver
<faulkes-> anyone play with the quad-ethernet intel cards before?
<faulkes-> igb module
<Lucutious> blue-frog_:  Sorry for the delay, had to step away.  I issued that command you gave me, but it tells me that I'm not in the sudoers file, and that the incident is being reported.
<maxownz> hey all
<maxownz> is there a way to disable getting updates or scanning the mirror during installation?
<blue-frog_> Lucutious: what user have you created during installation?
<Lucutious> the username is mike
<blue-frog_> maxownz: if you presse escape you may have the entire installation menu and you may ve able to skip update/scanning that way
<blue-frog_> Lucutious: is the one you are logged wiht now?
<Lucutious> Yes.
<blue-frog_> well if you are not in the sudoers, ther's nothing you can do
<Lucutious> at least, I think so
<blue-frog_> do you remember if you were asked for a root password then ?
<Lucutious> I booted the machine and it came up with a login prompt.  I used mike and the password I created, and this is where I'm at
<Lucutious> Ohh yes, I have a root password as well - can you tell me how to log off mike so I can try as root?
<blue-frog_> su
<blue-frog_> lucutious you sure you have installed ubuntu?
<maxownz> blue-frog_: isn't there a way to disable my network card so it'll skip it altogether?
<Lucutious> my first answer is yes I'm sure but now I'm not so sure.  Liek I said it's my first time doing anything other than windows.  I got the 7.10 somethign server version, burned the iso, checkeed the md3 checksum, and booted and ran the setup
<blue-frog_> marcreichelt: it must be something you changed when doing your virtual hosts. I have a default apache installation and it connects to [::1]
<Lucutious> it rebooted, and this is where I'm at.  I'm going to reboot so I'm at a clear screen, it's entirely possible i fubar'd something
<marcreichelt> hmm, okay
<blue-frog_> maxownz: not sure but I think that when I tried without a card it tried as well.
<blue-frog_> Lucutious: no need to reboot, you 're not in windows
<Lucutious> Ok
<blue-frog_> type     su   and press enter
<Lucutious> and by the way, i sincerely appreciate your help blue-frog_
<blue-frog_> enter your root password
<Lucutious> Hmm says my password is incorrect.  I bet I somehow mis-typed it when i installed
<blue-frog_> type  groups
<Lucutious> says:
<Lucutious> mike adm dialout cdrom floppy audio dip video plugdev scanner lpadmin
<blue-frog_> Lucutious: somehow your install is borched
<Lucutious> I'd bet a dollar it was user error :-)
<Lucutious> ok, so let me ask this...  Do i need to use the server version, or do you thing the regular version would work?
<blue-frog_> use the regular version and then install whatever server program you want
<Lucutious> does the regular version come with the LAMP set?
<blue-frog_> no
<blue-frog_> but it is nothing to install
<Lucutious> buggar, so I'll have to install them individually
<Lucutious> nothing for you, learning process for me :-) - but
<Lucutious> that's a good thing
<blue-frog_> Lucutious: it's as easy as your abc
<blue-frog_> with ubuntu gui (gnome desktop) comes a GUI apps installer programm (synaptic)
<Lucutious> Awesome, I'm going to burn that regular version now so I can get the install going.  You mind if I stay here and ask you if I run into snags that I can't fix?  (I really do use google and other search tools before asking)
<blue-frog_> one thing before you move an ear
<Lucutious> Shoot
<blue-frog_> do you have internet connection on this p right now?
<blue-frog_> pc
<Lucutious> yes
<blue-frog_> reboot this pc in recovery mode ( I assume your are talking from another pc?
<Lucutious> it's behind a router right now though, dunno if you'll be able to get in
<Lucutious> ya
<blue-frog_> I will not get in
<blue-frog_> you will work
<maxownz> if i did ALT + CTL + F2 during the installation and got this shell how do i get out of it and back to the GUI installer?
<blue-frog_> F1?
<maxownz> i type EXIT and then it just shoots me back to "Please press Enter to activate this console"
<blue-frog_> or F4  try them all up to 7
<maxownz> i want to deactivate this console
<Lucutious> hmm now it has me logged in as root
<mvo> mathiaz: will you chair the server meeting tonight? I was wondering if I can add a agenda item. the IS team brought it up, I wonder if we should run the upgrader with --force-overwrite in server mode or not. currently we don't and the upgrade will fail on file-overwrite problems. on the desktop we do run with --force-overwrite
<blue-frog_> dunno if you have network up Lucutious. try  ping grc.com
<Lucutious> got a good ping
<blue-frog_> good
<sommer> maxownz: hit alt+f1 to go back to the installer
<maxownz> sommer: THANK YOU
<Lucutious> lol how do you stop it - again, used to the windows 4-pings thing
<sommer> maxownz: np
<blue-frog_> Lucutious: cat /etc/sudoers
<maxownz> i'm trying to no scan the mirrors
<maxownz> takes forever since i don't have an internet connection
<maxownz> i was trying to open the shell and turn off my etho1
<blue-frog_> ctrl c Lucutious
<Lucutious> blue-frog_: Thanks.  Ok I did that, I believe it spit out the contents of the sudoers file
<blue-frog_> juste the end
<Lucutious> down in the user privledge specification, mike is not listed - only root
<blue-frog_> do you have %admin ALL...
<Lucutious> no
<Lucutious> says
<Lucutious> root  ALL=(ALL) ALL
<blue-frog_> yes somehow your install is weird. nevermind we'll fix it
<Lucutious> and that's it
<blue-frog_> Lucutious: onward to install a desktop
<blue-frog_> apt-get install ubuntu-desktop
<Lucutious> ok, following those prompts now
<marcreichelt> blue-frog_: can you copy me the default apache.conf and the default VirtualHost configuration please?
<blue-frog_> marcreichelt: /usr/share/doc/apache2.2-common/examples/apache2/apache2.conf.gz
<marcreichelt> oh, thanks :)
<marcreichelt> hmm, this is not the default configuration
<mathiaz> mvo: I will chair the meeting - please add your item to https://wiki.ubuntu.com/ServerTeam/Meeting and I'll make sure we discuss it :)
<blue-frog_> marcreichelt: are yuo using this server in prod right nowÂ§?
<marcreichelt> no ;)
<marcreichelt> but my real server (on Debian) works with IPv6
<marcreichelt> I mean locally
<blue-frog_> marcreichelt: remove the conf files and sudo apt-get install --reinstall apache2
<mvo> mathiaz: great, thanks
<mvo> mathiaz: added
<marcreichelt> okay
<blue-frog_> Lucutious: where you at?
<Lucutious> blue-frog_it's downloading still
<Lucutious> Says 15m left
<blue-frog_> ctrl z
<blue-frog_> bg %1
<blue-frog_> like this it is continuing in the background
<marcreichelt> blue-frog_: this does not work
<blue-frog_> marcreichelt: what does not work?
<marcreichelt> the config files are not reinstalled
<blue-frog_> marcreichelt: sudo apt-get remove --purge apache2
<blue-frog_> marcreichelt: then sudo apt-get install apache2
<blue-frog_> Lucutious: you have the prompt now?
<marcreichelt> nothing ;)
<marcreichelt> apache2 is a meta package
<marcreichelt> maybe apache2-common
<blue-frog_> marcreichelt: oh yes ok common and/or prefork/mpmworker
<Lucutious> blue-frog_ no, it went back to downloading, but now it only says 2 minutes kleft
<Lucutious> left*
<blue-frog_> marcreichelt: dpkg -l apa*  will tell you what is installed
<Lucutious> bandwith really fluctuating from 200k to 2 meg or so
<blue-frog_> Lucutious: ctrl Z  then bg %1  went back to downloading ?
<Lucutious> yes.  I'll try again
<Lucutious> wait - it's donw downloading lol
<Lucutious> preconfiguring packages
<Lucutious> i think it's just sitting, no prompt
<blue-frog_> Lucutious: yes just tried myself, it does not what it should do with apt-get
<blue-frog_> ctrl alt F2  gives you another prompt then?
<Lucutious> no ctrl alt f2 cleared the screen
<blue-frog_> it's another console
<Lucutious> ohh
<blue-frog_> getent group | grep admin
<Lucutious> just a blinking cursor ><
<Lucutious> typed it, pressed enter, still just blinking
<blue-frog_> addgroup -system admin
<marcreichelt> blue-frog_: no, connection refused
<marcreichelt> it's not the Apache :-/
<blue-frog_> marcreichelt: sorry really don't knw what to do for you
<marcreichelt> :-(
<Lucutious> blue-frog_ I've typed what you said, but ever since the ctrl alt f2 it's just a blinking curser, blank screen
<blue-frog_> Lucutious: addgroup -system admin     done? (adding a system group -id lower than 1000- named admin)
<blue-frog_> ok good
<Lucutious> Yes I typed that, but like I said it's just a blinbking curser on a blank screen
<blue-frog_> usermod -aG admin mike          (adding mike to newly created admin group)
<Lucutious> ok typed that
<blue-frog_> visudo
<Lucutious> can't see what I'm typing either
<blue-frog_> now at the end of that file, you will add
<Lucutious> blue-frog_ I can't see anything buddy
<blue-frog_> what do you mean can't see?
<Lucutious> It's just a blank screen, with blinking curser in upper left hand side.  I type, and it changes nothing.
<Lucutious> it's been that way ever since you had me ctrl alt f2
<blue-frog_> ah
<blue-frog_> thought you had a prompt, not only ther cursor
<Lucutious> nope, just blinking cursor
<blue-frog_> ctrl alt F   then, we will wait
<blue-frog_> F1
<Lucutious> ok
 * faulkes- slams head against desk
<marcreichelt> blue-frog_: thanks for your help
<blue-frog_> ty but I did nothing in the end.
<marcreichelt> I think the problem will be gone when I install Kubuntu 8.04 ;)
<blue-frog_> marcreichelt: ah possibly as I am talking to you from hardy. didn't think about that before you mention it
<Lucutious> Ok blue-frog_ it says [1] STOPPED
<Lucutious> and I'm back to a command prompt
<blue-frog_> Lucutious: ok try   bg %1
<Lucutious> [1] STOPPED  apt-get install ubuntu-desktop
<Lucutious> i assume that means it's done installing
<blue-frog_> no
<blue-frog_> we interrupted the process with ctrl z
<blue-frog_> bg %1   is supposed to make it run in background
<blue-frog_> but apparently apt-get is a bit weird with all that
<blue-frog_> type  jobs
<Lucutious> ahh
<Lucutious> [1] STOPPED  apt-get install ubuntu-desktop
<blue-frog_> type     bg        (alone)
<Lucutious> [1]+ apt-get install ubuntu-desktop &
<Lucutious> [1]+ STOPPED  apt-get install ubuntu-desktop
<blue-frog_> fg
<blue-frog_> to try to make it run in foreground
<Lucutious> now it's spamming my screen
<blue-frog_> good
<Lucutious> I suppose it's finishing installing
<blue-frog_> we're going to let it go like that then, try  ctrl alt F2, you might have a decent prompt now
<Lucutious> kk
<Lucutious> nope, blank screen blinking cursor again
<blue-frog_> well might be ony one tty in recovery mode.. going to try with a virtual machine to see
<blue-frog_> ctrl alt F1  then
<Lucutious> kk
<blue-frog_> Lucutious: sorry about that, yes indeed only one tty in recovery mode
<faulkes-> hrmm, wednesday
<faulkes-> meeting in an hour?
<mathiaz> faulkes-: yes
<Lucutious> blue-frog_: My friend, I need to thank you for all your help thus far.  It seems it's still installing, and my son just got home and informed me he lost his glasses.  Gotta love 6-year olds, I have to go look for them
<Lucutious> I'll probably return, but again, Thank you for everything
<blue-frog> Lucutious: http://pastebin.com/d1d24408d
<faulkes-> mathiaz: guess I better send my alcohol engineer out for "office supplies" then
<blue-frog> Lucutious: the installation of ubuntu-desktop might as well have created the admin group by the way
<Lucutious> Awesome, I'll keep that up for when I return.  I'll re-post so you can see, think your client was ghosted.
<Lucutious> blue-frog_: My friend, I need to thank you for all your help thus far.  It seems it's still installing, and my son just got home and informed me he lost his glasses.  Gotta love 6-year olds, I have to go look for them
<Lucutious> I'll probably return, but again, Thank you for everything
<blue-frog> will be in bed by then :)
<blue-frog> Lucutious: if in trouble, download 8.04 alternate and install from there
<Lucutious> blue-frog - setup finished, back at command prompt - how do I start the gui then?
<Lucutious> (wife still getting dressed)
<blue-frog> reboot to be on the safe side (eventhough   init 2   should do the trick)
<nxvl> does anyone is specting problems with gmail's imap?
<blue-frog> Lucutious: btw  re boot is   reboot   on command line :)
<balzac> hello
<nullbnx> ok so im trying to setup my wap (which works perfectly) to have a wep encryption... im trying to use wpa, but i cant seem to get my /etc/network/interfaces configed correctly
<nullbnx> anyone on with any experience?
<balzac> hello
<Steven> hi, i've access to a server via ssh, i needed php 5.2.3 and since it was running edgy i upgraded it to gutsy, tre upgrade process complained about update-grub missing, so i installed grub package
<sergevn> Steven: how did you upgrade to gutsy? wich commands?
<Steven> (the machine was using lilo as bootloader), then i installed grub, and now it isn't booting anymore
<sergevn> Steven: also you need to go edgy>feisty>gutsy, noet edgy>gutsy
<Steven> something similar to do-upgrade-...
<sergevn> apt-get upgrade
<sergevn> or
<Steven> sergevn: yes i've done two updates
<sergevn> apt-get dist-upgrade
<sergevn> major difference
<Steven> neither
<balzac> Steven: you need to get back to where you can boot your machine
<balzac> that's more of a general #ubuntu problem than one specific to #ubuntu-server
<balzac> there are lots more people in #ubuntu than here
<Steven> balzac: wait a sec :P
<dlee> hi, what's the best irc server app?
<dlee> i see ircd, ircd-hybrid, ircru, and bahamut
<Steven> upgraded with sudo do-release-upgrade, the server does not boot anymore, but i can boot with a rescue cd the housing company provide, now i need to install lilo again.. can you help me?
<balzac> I'm a newbie
<sergevn> dlee: irssi or xchat
<balzac> but you'll find more action in #ubuntu
<dlee> sergevn: server, not client
<sergevn> dlee: sorry, it's late :)
<balzac>  I'd use whatever freenode is using
<dlee> balzac: how do you find out?
<balzac> well, I suppose each server is different, correct?
<balzac> lemme google
<blueyed> Is somebody using OpenVZ and agrees on bug 218411?
<ubotu> Launchpad bug 218411 in vzctl "DEF_OSTEMPLATE should be Ubuntu" [Wishlist,New] https://launchpad.net/bugs/218411
<balzac> http://www.ircd-hybrid.org/  <--- most popular irc server on efnet...
<balzac> http://freenode.net/hyperion.shtml
<balzac> dlee, that should be it right there
<dlee> balzac: thanks
<balzac> you can find dancer-ircd in the ubuntu repositories
<balzac> hyperion is forked from that, so it's probably close enough
<balzac> i'm using hardy heron, btw
<balzac> not sure about your version and repositories
<Steven> sergevn: can you help me, please?
<dlee> balzac: i'll be using hardy or gutsy
<balzac> well, you can see dancer is forked from hybrid, hyperion is forked from dancer
<balzac> not sure which one is really most widely used but freenode is hyperion
<balzac> I'm trying to figure out ebox
<balzac> It's a struggle so far
<dlee> balzac: what's ebox?
<balzac> ebox is the new interface for networking services
<balzac> it should be an integral part of ubuntu server soon
<balzac> you can configure squid and firewall rules
<balzac> http://ebox-platform.com/installation-guide/
<balzac> looks good for securing an ubuntu server
<sergevn> Steven: yeah sure
<sergevn> Steven: lets switch to #ubuntu
<balzac> but networking can't be simplified very much. it's a struggle because I'm not a networking guy.
<balzac> there's no action at all in #ebox or #squid
<balzac> ubuntu-server is pretty quiet
<owh> balzac: That would be because we were all just in a meeting :)
<balzac> what was on the agenda?
<owh> balzac: https://wiki.ubuntu.com/ServerTeam/Meeting
<balzac> hopefully, making things easier for a newb
<owh> balzac: Actually we were making sure you have a distribution to boot in a fortnight or so :)
<balzac> cool
<Cahan> is there a seperate bug tracker for server variant or should I just post it in the main bug tracker?
<owh> Cahan: Post it in the normal bug tracker.
<Cahan> kk
<Lucutious> Is there any voice -chat help available for me to get this box running?
<Lucutious> Even if I have to pay
<Lucutious> Like phone, ventrilo, something
<nealmcb> Lucutious: both free and paid help are described at http://www.ubuntu.com/support
<user1>  using linux,i have some friends sharing my internet. i have 30k vacant and 3 friends. is there a way that i define the combine band limit for 3 users combined as 30 k . not 10k for each. that way if 2 are  online they can share 15k each. and if all 3 are online. they will be spreaded 10k each in managed behaviour. any way.i have a dlink switch. and in futer i may take a fourth one and give him a dedicated 20k limit alone. so i need control?c@
<nealmcb> Lucutious: see also ebox
<nealmcb> !ebox
<ubotu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See the plans for Hardy at https://wiki.ubuntu.com/EboxSpec
<nealmcb> Lucutious: though you would want to use that on hardy (now in beta) not gutsy...
<Lucutious> !ebox
<ubotu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See the plans for Hardy at https://wiki.ubuntu.com/EboxSpec
<user1>  using linux,i have some friends sharing my internet. i have 30k vacant and 3 friends. is there a way that i define the combine band limit for 3 users combined as 30 k . not 10k for each. that way if 2 are  online they can share 15k each. and if all 3 are online. they will be spreaded 10k each in managed behaviour. any way.i have a dlink switch. and in futer i may take a fourth one and give him a dedicated 20k limit alone. so i need control?
<nealmcb> user1: sounds more like a question for the maker of your dlink switch, since any bandwidth shaping would be done there, unless you want to make a linux box into a switch
<Tuv0k> I told him the same thing in ubntu+1
<user1> nealmcb ya. but is it possible in  linux?
<nealmcb> everything is possible in linux :-)  but you'd want to find the right channel - this is for servers, not networks
<Deeps> nealmcb: ubuntu servers can be used as primitive network routers too, y'know ;-)
<user1> nealmcb Tuv0k by wondershaper or ebox. or any other, what i have in mind is 30k for 3 users. if all are online 10k is given to each. if 2 are online 15k to each. 1 then 30k to him. and other 4th user gets 20k seperat dedi bandwidth.. how can i do it?
<Tuv0k> !spam
<ubotu> Unsure how you should behave on this channel? See (in a private message with the bot, /msg ubotu <keyword>): !AskTheBot, !CoC, !Guidelines, !Offtopic, !Language, !Attitude, !Repeat, !Enter, !Paste, !NickSpam, !PM, !English - And most importantly, use common sense...
<Deeps> user1: You'll want to read through the information in http://lartc.org/
<Deeps> user1: You wont find anyone in here willing to write your configuration for you, but if you read through the information available at that site, and understand how it works, you'll be able to write your own rules in no time. :-)
<Tuv0k> great link
#ubuntu-server 2008-04-17
<nealmcb> Deeps: absolutely.  nice link.  But I'm suggesting he'll get better help in a linux router-oriented channel.
<user1> you mean its possible?
<user1> Deeps by what application?
<Deeps> user1: read lartc.org, all the different tools you'll need are explained there.
<user1> oh i got it.
<user1> ok
<user1> Deeps btw, what are you favorit?
<Steven> someone can help me restoring lilo from a rescuecd, i can chroot to the old system
<nealmcb> user1: i.e.  #lartc on irc.oftc.net
<Tuv0k> keep fishing
<user1> k
<user1> tough, i had a gui in mind
<user1> ..
<blueyed> klogd from Hardy hangs in a OpenVZ container.. e.g. during upgrade from Gutsy to Hardy, but also when only installing it in a Gutsy container.
<The-Kernel> how do i start sysklogd?
<The-Kernel> my logging isn't running.
<owh> Now if this actually works I will be well pleased.
<owh> Whoot!
 * owh is now using an N95 to connect :-)
<owh> Hmm, I suppose that means I don't have any excuses not to attend meetings either :-)
<mathiaz> kirkland: re your ubuntu search page
<mathiaz> kirkland: I wouldn't use your default index page on p.u.c
<mathiaz> kirkland: if you start publishing this url and it proves to be a good idea, it'll move somewhere else - and then you won't be able to redirect to the new page
<mathiaz> kirkland: so I'd suggest to use something like p.u.c/~kirkland/ubuntu-search.html or something similar
<blueyed> openvz is really nice for (linux) virtualisation.. just in case you did not know already.. :)
<blueyed> !openvz
<ubotu> Sorry, I don't know anything about openvz - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<Animortis> Can anyone help me understand why my password isn't working on an ftp file server I set up?
<Animortis> I assume my server's user I set up should be the one I log in with, but it fails to let me log in.
<Animortis> If that's not enough detail... I can explain more if someone asks.
<Animortis> How about this question: Why would an FTP server refuse to initiate the LIST command for a client?
<ScottK> mathiaz: FWIW, I'm about to do the mail server test for the current candidate.
<mathiaz> ScottK: excellent !
<mathiaz> ScottK: do you test more than what is written in the testcase ?
<ScottK> I'll set the default mail server task, run the tests and then convert it to the configuration I use and continue to use it.
<ScottK> mathiaz: I've had sever servers running Hardy for ~2 weeks now with no significant issues.  I'm confident postfix is solid.
<ScottK> mathiaz: If you have something specific you want tested, let me know.
<mathiaz> ScottK: seems good to me.
<mathiaz> ScottK: I don't really have other configuration to tests.
<mathiaz> ScottK: the testcase described in the wiki page is simple
<mathiaz> ScottK: so I was wondering if you had other ideas about things to be tested.
<mathiaz> ScottK: OTOH it may be more complicated as there can be lots of different setup
<ScottK> Yeah.
<ScottK> For the default install it'd be good to look in /var/log/mail.* and report any unusual events logged.
<ScottK> I'm still using cyrus-sasl2.  I know that works.
<bam287> I am setting up a server.  having problems accessing ftp from xp box.  Gon over vsftpd.conf. changed what i thought i needed to but
<bam287> i still can only acsess server anonymousely
<bam287> i created a new user to see what i could get
<bam287> will not let me connect
<bam287> any ideas?
<owh> Turn on logging and check the logs
<kirkland> mathiaz: http://people.ubuntu.com/~kirkland/search.html
<kirkland> mathiaz: and http://people.ubuntu.com/~kirkland/
<mathiaz> kirkland: awesome - I'd also add an explicity sentence on how to report bug/feature request and so on
<mathiaz> kirkland: I'd just point it to your email address for now
 * owh requests a coffee making facility.
<kirkland> mathiaz: sure, will probably do that tomorrow
<kirkland> I'll add a few lines about the motivation, etc.
<mathiaz> kirkland: I'd use @ubuntu.com as it's hosted on p.u.c (but that's a minor point - I'm picky)
<kirkland> mathiaz: :-)
<kirkland> mathiaz: i'm happy you're pleased with it as is
<kirkland> mathiaz: i half expected criticism :-)
<kirkland> mathiaz: I found a way to dump xml source code from the Google gadget
<kirkland> mathiaz: so I was thinking I'd start a Launchpad project for it
<kirkland> mathiaz: what do you think?
<mathiaz> kirkland: why not - it seems that there isn't a lot of code yet
<owh> If it helps others expand on it, that is always a good thing.
<kirkland> mathiaz: not really...  just an index.html and the xml that describes the particulars of the Google Search mechanism
<mathiaz> kirkland: I'd start by just leaving your email adress to leave suggestion
<kirkland> mathiaz: well my email address is on http://people.ubuntu.com/~kirkland/search.html
<kirkland> "
<kirkland> This Google Custom Search is maintained by Dustin Kirkland"
<mathiaz> kirkland: right
<kirkland> mathiaz: i can switch from gmail -> ubuntu.com
<mathiaz> kirkland: that's enough I think
<kirkland> mathiaz: done.
<mathiaz> kirkland: it's true that sharing the code is usefull and recommended - but in this case it's really not a lot of code
<kirkland> mathiaz: its not a lot, but i'm thinking there could be a license that we should choose for it
<owh> Go to bed!
<mathiaz> kirkland: I think that's awesome
<kirkland> mathiaz: b/c, goobuntu.com could redo their search using it
<kirkland> and add the ads
<kirkland> whereas i think we'd like to be ad free
<owh> Your eyelids are getting heavy...
<kirkland> g'night ;-)
<owh> :-)
<jibwn> I'd like to set up my first RAID with a pile of 300G IDE drives I have laying around. Are there any IDE specific issues I need to be aware of that I haven't seen?
<Lucutious> Greetings!  I just installed Ubuntu Server version 7.10, however it did not prompt me for a root password.  How do I set / retrieve / change the root password?
<Lucutious> I can log in as the user I made, mike, but I can't even add myself to the sudo list as I don't have and wasn't prompted for the root password
<ScottK> Lucutious: You should be in the sudo list already
<ScottK> Just sudo $whatever and use your password.
<Lucutious> How can I view the sudo list to verify?
<ScottK> Just use it and see.
 * ScottK goes to bed.
<Lucutious> ScottK, if you're still there, it's not working
<Lucutious> #set passwd root ---> passwd: You may not view or modify password information for root.
<Lucutious> err
<Lucutious> $set passwd root ---> passwd: You may not view or modify password information for root.
<Lucutious> and if I try...
<sommer> Lucutious: if you do sudo passwd you'll be able to login as root
<Lucutious> set passwd root --->  It prompts for the password for mike, and then says "mike is not in the sudoers file.  This incident will be reported."
<sommer> is that the user you setup during install?
<Lucutious> Absolutely
<Lucutious> hence why I'm so confused and flustered
<sommer> you'll need to boot into recovery mode in taht case and set the password, or add the "mike" user to /etc/sudoers
<sommer> /taht/that
<Lucutious> Sommer thanks
<tengulre> why I got Hash Sum mismatch when I using apt-get update
<sommer> Lucutious: np
<J-_> I'm having a really rough time with mod+rewrite in dapper, and .htaccess. I do sudo "apache2 -l" and it doesn't list the mod_rewrite module. But when I "a2enmod rewrite" it says it's enabled. I'm not sure what to put in my .htaccess file, I've tried many things, and it hasn't worked. Someone please help me.
<_ruben> J-_: you did restart your apache?
<J-_> Yes
<_ruben> hmm .. dont have any dapper boxes, so cant check
<J-_> s/+/_
<J-_> I'll ask in #ubuntu, see if I get a response
<_ruben> interesting .. it *seems* that with hardy jeos, the login prompt actually appears *after* all startup scripts ran .. then again, its a rather basic install: not many services to start
<nijaba> good morning
<_ruben> morning
<nijaba> _ruben: I belive that all hardy version now have the login prompt displayed once all services have started on tty1.  One can still login immediately on tty2, 3 etc... though
<_ruben> nijaba: ic, i wasnt complaining though, i was kinda 'surprised' that this "cosmetic bug" got fixed :-)
<nijaba> _ruben: a hard fight ;)
<_ruben> hehe
<_ruben> hmm .. wonder if there's an 'easy' way to roll ia32 compat libs yourself .. missing some 32bits libs to run the vmware's mui on 64bits host
<_ruben> damn .. tried to work around it by using some symlink-foo .. but it craps out on libdb
<_ruben> /usr/lib/vmware-mui/apache/bin/httpd.vmware: /usr/lib32/libdb.so.3: version `GLIBC_2.0' not found (required by /usr/lib/vmware-mui/apache/bin/httpd.vmware)
<juliux> LD_PRELOAD=/lib/libgcc_s.so.1 /usr/lib/vmware-mui/apache/bin/httpd.vmware shoudl help
<_ruben> lets try that
<juliux> or try LD_PRELOAD=/usr/lib32/libdb.so.3
<juliux> if that also not works search for ypir libdb.so.3 and give the path from that to the LD_PRELOAD
<_ruben> doesnt work .. libdb.so.3 is a symlink i just made, pointing to libdb-4.3.so
<_ruben> whcih is the only libdb i could find in ia32-libs
 * _ruben sometimes hates 64bits
<_ruben> seems i need a ia32 variant of the libdb1-compat package
<kraut> moin
<_ruben> mornin
<daeron> hi there!
<daeron> I have a problem with vsftpd
<daeron> I can't see anything online
<daeron> some ideas?
<bip> anybody currently working with vmware server here ?
<creAtion> bip: yeah I have vmware server running
<_ruben> nijaba: i doubt the "cleaner" boot process will be backported to say gutsy gibbon? (talking about the services starting after the login prompt is shown)
<_ruben> man .. my connection to nl.archive.ubuntu.com is really crappy lately .. probably applies to the internet pipe here in general, but only noticing it with mass downloads from archive
 * delcoyote hi
<_ruben> Jeeves_ / henkjan : any known problems on your side? im guessing its my side crapping out, but just curious ;-)
<Jeeves_> _ruben: Define 'problems'
<_ruben> debmirror is giving me "Transfer truncated: only 2487018 out of 2891236 bytes received" every now and then
<Jeeves_> _ruben: What's the ip you're coming from?
<_ruben> 84.244.141.35
<_ruben> happened twice now .. could very well be my side .. pipe's been acting up lately
<_ruben> tho http wasnt really affected untill now
<Jeeves_> You're using ftp
<_ruben> am not
<Jeeves_> Right?
<_ruben> http
<Jeeves_> Why not rsync?
<_ruben> rsync and ftp gave problems earlier .. connection stalls .. http did work fine untill today i decided to mirror uni and multiverse as well (had only main before)
<_ruben> can give rsync a try again, to see if that seems more stable now
<_ruben> Jeeves_: running in rsync mode now, lets see if it'll hold :)
<Jeeves_> _ruben: Ack
<_ruben> hmm .. so far so good
<sommer> jdstrand: in the rules files used by ufw is there a way to add an "include" statement referencing another file?
<jdstrand> sommer: no
<sommer> ah, thanks
<jdstrand> jdstrand: these are simple iptables-restore/iptables-save type files
<jdstrand> sommer: ^
<sommer> jdstrand: I see, I was just wondering, and couldn't find anything specific regarding that on the interwebs
 * faulkes- yawns
<sommer> mathiaz: hello, I just was wondering if a "install everything" test should be added to the iso qa list?
<mathiaz> sommer: you mean install all the tasks or install all the packages shipped on the -server iso ?
<sommer> mathiaz: all the tasks... I was thinking of that bug in gutsy that didn't add the user to sudo on install
<sommer> mathiaz: didn't that only show up when installing all the tasks?  I may be mis-remembering
<mathiaz> sommer: the specific bug was triggered when you'd install mail-server, and leave postfix unconfigured
<mathiaz> sommer: we've never hit this bug because we'd always configure postfix when we install it...
<sommer> mathiaz: oh right, I remember now... so that doesn't have anything to do with all tasks :)
<mathiaz> sommer: yes
<mathiaz> sommer: but I agree that install every package on the cd would be interesting to do
<mathiaz> sommer: there may be some conflict though
<mathiaz> sommer: exim and postfix may be both shipped on the cd
<Lucutious> Greetings!  I know it's not direct Ubuntu-server support, but if anyone has a moment or 2 I'm having issues with my proftpd
<sommer> mathiaz: gotcha, I think the current tests are good, just wanted to double check about that bug
<sommer> thanks mathiaz
<mathiaz> sommer: well - you can try to install a mail-server task and then leave postfix unconfigured (I think it's the default choice)
<sommer> mathiaz: cool, I'll give it a quick test
<sommer> Lucutious: what's your issue?
<Lucutious> sommer:  I can't get it to start.  It says to check my configuration, but honestly I don't know quite what to look for
<Lucutious> Looking at the website for it, but it's not giving me clues as I understand
<sommer> Lucutious: are thare eny errors in /var/log/syslog or /var/log/daemon.log pertaining to proftpd?
<Lucutious> let me look
<Lucutious> sommer:  no, not that I can see, and doing a search of "proftpd" yielded nothing as well.
<Lucutious> When I boot the machine it does give one line:
<Lucutious> ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode.  Check your configuration.
<Lucutious> and after typing that, I think I see it.  I need to set it to be standalone i think
<sommer> Lucutious: probably worth trying :)
<sommer> Lucutious: try sudo dpkg-reconfigure proftpd... should give you a dialog to change it
<Lucutious> awesome, thanks I'll try that
<Lucutious> sommer:  Well, it started!  the machine is actively refusing sonnections on port 21 still, though, so Hmm
<sommer> Lucutious: are there any errors?  do you have a firewall configued to block the port?
<Lucutious> sommer to be honest, i don't know where to look for errors.  this is day 2 of using ubunto, or any non-windows os.  I don't believe I have any firewall on the machine right this moment.  that was gonig to be configured next
<Lucutious> the error I gave was the one my ftp client gave me, that the machine was actively refusing connections
<sommer> Lucutious: ah, most services will log errors to /var/log/syslog, so that's the best place to check first
<Lucutious> ok let me look there
<sommer> Lucutious: also, did you modify /etc/proftpd/proftpd.conf?
<Lucutious> sommer: no errors found, and again i did a search for "proftpd"
<Lucutious> sommer:  well no, i didn't.  Something tells me, however, that as you mentioned it I probably should have :-)
<Lucutious> let me look at that file
<sommer> Lucutious: I installed proftpd and didn't need to change the config any, you might search for "ftp" in /var/log/syslog and make sure there isn't anything
<Lucutious> I make no misrepresentation, I'm completely out of my element, but I surely appreciate you helping me.
<sommer> Lucutious: np
<sommer> Lucutious: you can also make sure proftpd is running by: ps -ef | grep ftp
<sommer> it should return information about the proftpd process
<Lucutious> ok, searched for ftp in syslog and it returned nothing, and when I used that command, it returned:
<Lucutious> root     4344  4311  0  11:28  tty1   00:00:00 grep ftp
<sommer> Lucutious: that means that proftpd isn't actually running... try sudo /etc/init.d/proftpd start
<Lucutious> Hmm this seems odd to me
<Lucutious> I staretd it via your command, and it returned:  ProFTPd is started from inetd/xinetd.
<Lucutious> Then i re-typed the ps -ef | grep ftp, but gave me same thing as before
<Lucutious> sommer may I /msg you for a private question?
 * nealmcb chuckles at the server team minutes
<sommer> Lucutious: sure
<Lucutious> sommer: did you see the /msg?
<sommer> Lucutious: nope, have you registered your nick with freenode?
<Lucutious> no, that's probably why, huh
<Lucutious> lemme do that
<sommer> Lucutious: I was just thinking... do you have to use proftpd?
<sommer> Lucutious: another ftp server I've used is vsftpd
<Lucutious> No I don't ahve to use any specific one
<Lucutious> the simpler the better, in my case, until I learn this thing yet
<sommer> Lucutious: you can find a quick guide for vsftpd here: http://doc.ubuntu.com/ubuntu/serverguide/C/ftp-server.html
<sommer> I think vsftpd is simpler, runs as it's own service, instead of the xinetd option
<\sh> sommer, proftpd runs as standalone service, too, means without inetd
<\sh> sommer, you have to configure it, though
<sommer> \sh: ya, but I think for a newcomer it may be less confusing to use vsftpd, but then again maybe not :)
<Lucutious> Is there anything I need to do to un-install proftpd?
<\sh> apt-get remove --purge proftpd?
<Lucutious> sommer Yay it seems to be working!  Minor issue, however lol - I need to setup users, and if I read this right I need to setup a user for the system, it can't just be a user for ftp?  or am I terrible confused
<sommer> Lucutious: the ftp user should be setup, but the default vsftpd config only allows system users access
<sommer> Lucutious: are you wanting to share files with the Internet or just to your local LAN?
<sommer> basically you need to decide what kind of access permissions you need :)
<Lucutious> Just the local lan.  I think using FTP is more secure than just giving my smf forums 777 access to all, so I need to create a user for my smf forums so it can change the files it needs to change
<Lucutious> Maybe some day I'll get into opening it up for everyone, but not today
<sommer> Lucutious: ah, yep that should work, you can user the useradd utility to create the user, then just configure your forum to use it
<Lucutious> sudo /etc/useradd <-- guessing?
<sommer> Lucutious: woops, I meant adduser :(... sudo adduser should get you there
<sommer> though I think there is a useradd... heh
<sommer> yep, so either one
<Lucutious> sommer Awesome!  this os working out awesome
<sommer> Lucutious: cool, glad to hear it :-)
<Lucutious> lol it's always something.  I need to tweak permissions for the user I created.  Right now it cannot write to any file.  I think I enabled it in vsftpd.conf but i'll recheck.  Is there user settings I might need to tweak somewhere?
<Lucutious> Alternatively, I could just grant php permissions to create a directory and write to it, but I'm unsure how to do that as well
<sommer> Lucutious: does the use have a home directory?  /home/user_name? if not sudo mkdir /home/user_name
<Lucutious> well i made it's home directory the /var/www directory, as it's only going to be used by smf
<sommer> Lucutious: ah, then you'll want to edit the user's entry in /etc/passwd to reflect that
<sommer> Lucutious: or you can use the usermod command
<Lucutious> at least, I made it that in webmin, but when I log in it dumps me in the /var directory so i bed i did something wrong or it saved wrong
<Lucutious> i'll try that usermod command
<Lucutious> Ya still dumps me in the /var one
<sommer> Lucutious: maybe restart vsftpd?
<Lucutious> good idea
<Lucutious> ok, restarted and it's still doingthe same dumb thing
<Lucutious> but even that's ok, easy to work around
<Lucutious> now I'm being told that PHP doens't have permission to create a directory and/or write files /sigh
<sommer> does the ftp user have rights to the directory?  ls -l /var will tell you
<sommer> the php thing is probably because the www-data user needs rights to the directory as well
<Lucutious> ok ls -l /var spit out a binch of stuff, going down to the www dir it says:
<Lucutious> drwxr-xr-x  8  root  root  4096  2008-14-17  10:25 www
<sommer> try chown www-data.yourftpuser /var/www, you might need to add the -R switch which will adjust subdirectories as well
<faulkes-> if he's trying to write there, wouldn't he need to chmod g+w them as well?
<Lucutious> g and w, those are write and change permissions, right?
<sommer> yes, that too... thanks faulkes :)
<faulkes-> g+w sets the directory/file to allow group members to write
<Lucutious> ahh cool
<Lucutious> Yayayayay
<Lucutious> suchhappy times, and I learned a lot, too
<Lucutious> I think I just have one more thing to do, but that might be a pain so I wanna get the rest setup first
<Lucutious> sendmail ><
<Tuv0k> I forget the proper way to clean out old scripts from /etc/init.d/?
<Tuv0k> the program is not installed
<sommer> nijaba: hello, I was just thinking that a good whitepaper topic may be likewise-open integration with AD
<mvo> hi! it would be great if someone could check http://paste.ubuntu.com/7316/ I got those in a big dapper->hardy upgrade test
<infinity> mvo: I think that's a case of non-conffile -> conffile promotion.
<ScottK> mathiaz: mail server test on yesterday's daily went well.  No issues with the CD.  I edited the test procedure to better match what the CD presents.
<mathiaz> ScottK: awesome ! thanks
<duiu> Can ubuntu-server be used to run a RAID server without having a monitor connected to it?
<Deeps> sure
<duiu> any extra config required for no-monitor?
<Deeps> nope, once you're installed, make sure openssh-server is installed, and just ssh to the machine and configure like that
<ScottK> You'll want SSH so you can connect remotely.
<duiu> and it'll start all the samba services without having to ssh everytime after I install them?
<Deeps> if correctly configured (which it is by default apon installing samba), yes
<duiu> awesome
<duiu> I've been tinkering with FreeNAS but haven't really been a major fan, so this should be better.
<Deeps> this is much bigger and requires you to configure everything manually,
<duiu> I know
<duiu> but FreeNAS is really annoying
<Deeps> in what way?
<duiu> anything un-default is a major PITA to set up
<Deeps> in what way?
<duiu> it just doesn't work well
<Deeps> fair enough
<duiu> I had to leave all my SAMBA shares to be password free b/c it kept locking me out
<duiu> thanks
<Animortis> Anyone familiar with FTP servers? Having trouble when my server gets to the LIST command...
<ScottK> leonel: Are you up for some clamav updates?
<ScottK> leonel: Debian's updates due to 0.93 are out.  I've just asked to have the latest sync'ed for Hardy.
<leonel> ScottK:  don't know what happened  to  213500
<leonel> and  bug #217361
<ubotu> Bug 217361 on http://launchpad.net/bugs/217361 is private
<ScottK> Dunno.
<leonel> for  bug #217361   I'm already working  on the patch
<ubotu> Bug 217361 on http://launchpad.net/bugs/217361 is private
<ScottK> Great.
<leonel> but since  there are 2  bug reports for clamav     don't know how to proceed with the  lattest
<ScottK> I'm going to backport Hardy -> Dapper and then see about getting that pushed into updates.
<leonel> or merge both in 1 diff
<ScottK> Ask jdstrand how he wants you to proceed.
<leonel> ScottK:  OK I'll do
<leonel> ScottK:  I've made  a deb for 0.93  based on  your  0.92.1 deb   enabling the rar libs  that for my servers
<ScottK> leonel: 0.93 will be rather more complicated due to the soname change in libclamav, a bunch of config option changes, and an incompatible on disk database format.  I'm working on it.
<leonel> ScottK: yes I saw that  but as I only use clamav  with clamsmtp   the soname change didn't affected my setup
<leonel> but will be for  the  backport
<ScottK> Right.  Should work for you, but for the distro it's a major pain.
<leonel> and as allways   if you need  help    .. just press F1    ..
<leonel> ScottK:  haha if I can help to test  just let me know  and I'll make tine
<ajmitch> ScottK: sounds like some minor changes, a week before release
<ajmitch> But you have to accept the pain of the update at some point, I guess
<ScottK> ajmitch: We're passing on 0.93 for Hardy.  To hard.  I do want to make sure our package has all the security fixes though.
<ScottK> I'm going to try and get it into hardy-backports at the release.
<ajmitch> Which means updating about 20 other packages in backports again?
<ScottK> Yep
<ScottK> leonel: I just marked your bub a dupe of bug 217256 since it was filed first.
<ubotu> Launchpad bug 217256 in clamav "ClamAV Upack Processing Buffer Overflow Vulnerability" [Undecided,Fix committed] https://launchpad.net/bugs/217256
<ScottK> Gotta run.
#ubuntu-server 2008-04-18
<Tonisius> How do I get framebuffer support for ubuntu-server
<Tonisius> just noticed I installed ubuntu but I don't need gnome or other services, or should I use the desktop version, but disable gnome?
<Tonisius> how do I go about this, I want framebuffer support, and a resolution of about 800x600 properly
<sommer> Tonisius: add vga=791 (for 1024x768) to the kernel line in /boot/grub/menu.1st
<sommer> not sure which number is 800x600 :)
<Tonisius> hmm, well that's a start
<sommer> Tonisius: are you wanting to install a gui?
<Tonisius> not really
<Tonisius> I just want more lines to fit on my vmware screen than the standard
<Tonisius> and I don't want to have the gui, I don't really need it
<Tonisius> I just need to administrate some server stuff for my windows system to test LAMP stuff
<sommer> ah, yep the vga parameter will give you that
<Tonisius> awesome
<Tonisius> just not sure where in the config I should put the vga param
<sommer> if you edit /boot/grub/menu.1st you should see a line that starts with kernel... just add vga=791 to the end
<sommer> there's a kernel line for each one installed... so there's at least 2 one normal and one recovery
<Tonisius> ok, cool
<Tonisius> now I just noticed I didn't download the ubuntu-server, damn... and it's a 500mb download
<Tonisius> *sigh* thank you for your help, I'll do that once I get ubuntu-server downloaded
<sommer> Tonisius: you're welcome
<Tonisius> hmm, any ideas on how to switch back to the GUI on the ubuntu 7.10 when CTRL+ALT is used to go back to the main OS?
<Tonisius> I tried CTRL+ALT+F7 and it didn'[t get me back in
<sommer> not sure, but I think if you click on the icon in the top left of the title bar it will give you the option
<marcreichelt> hi there
<marcreichelt> I have a question: I installed Ubuntu 7.10 in an emulator (VirtualBox), installed all updates, rebooted, installed Apache2 and then tried to access Apache2 via IPv6
<marcreichelt> but it doesn't work - Apache2 does not listen on tcp6
<marcreichelt> oh: I installed Ubuntu 7.10 Desktop, not Server (but that should be the same here, or?)
<marcreichelt> this problem is reproducible for my productional desktop system
<marcreichelt> does anybody have a clue what is wrong here?
<marcreichelt> I'm downloading 8.04 Desktop right now and will test it there, too - and will create a new bug report if the bug is there, too
<marcreichelt> good night
<nxvl> is alternate CD in expert mode spected to be so slow?
<nxvl> the instalation is taken an hour, and i'm configuring languages
<lqs> owh: hi
<owh> lqs: Hi, sorry, got called to the phone. I'm on hold at the moment, so I may get called away/
<ScottK> FYI backport of the clamav just in Hardy is in ubuntu-clamav PPA for all other releases.
<Tuv0k> http://www.iaps.com/2008-server-reliability-survey.html
<owh> Tuv0k: Yeah, it was sent to the U-S list.
<Tuv0k> the ubuntu stat makes me mad
<owh> Tuv0k: There is no need to get mad.
<Tuv0k> I was a lil over the top :)
<owh> Tuv0k: I'll say :)
<_ruben> hmm .. nasty .. irssi clears your scroll back on server dis/reconnect :-/
<KenSentMe> Is there any tool on Ubuntu that can connect to a MS SQL and read out the SQL?
<_ruben> KenSentMe: freetds
<_ruben> for example: tdsodbc, which is in main
<KenSentMe> _ruben, let me tell what i want. I got a MS SQL database on my host and i need to have a ascii sql database dump. Is that possible with any tool in the repos and without programming?
<henkjan> KenSentMe: Aquadatastudio is a nice GUI for databasemanagement
<henkjan> KenSentMe: last time i used it it was free for personal use
<_ruben> sqsh - commandline SQL client for MS SQL and Sybase servers
<\sh> KenSentMe, actually it's even difficult to get an ascii sql dump from mssql via their tool already
<KenSentMe> We are going to let a new website built and the new builder wants some insight in the current (ms sql) database
<_ruben> henkjan: do you see any (stalled) connections from my ip (84.244.141.35) on the nl.archive rsync daemon?
<_ruben> henkjan: its giving me max connections reached
<henkjan> _ruben: ask Jeeves_. As of 1 april i've a new job, and so no longer root access on nl.archive
<_ruben> henkjan: ah, didnt know that .. still at bit or smth completely diff ?
<KenSentMe> henkjan, going to try aquadatastudio
<henkjan> _ruben: something complete different. Closer to my house
<henkjan> no more trafficjams :)
<henkjan> 10 minutes cycling instead of 1+ hour by car
<_ruben> henkjan: hehe, nice
<henkjan> more time for the kids :)
<_ruben> henkjan: also quite important, when you have 'em that is ;-)
<KenSentMe> henkjan, could you help me out a bit with aquadatastudion?
<Jeeves_> _ruben: just a sec
<Jeeves_> _ruben: No connections on the rsync-daemon
<_ruben> Jeeves_: debmirror crapped out for some reason, wanted to resume this morning, gave me those errors
<_ruben> Jeeves_: hmm, let me try again
<_ruben> @ERROR: max connections (4) reached -- try again later
<_ruben> rsync error: error starting client-server protocol (code 5) at main.c(1383) [receiver=2.6.9]
<_ruben> hmm .. perhaps its debmirror trying to connect more than 4 time simultaneously
<henkjan> KenSentMe: long time ago i used it. but feel free to ask
<Jeeves_> _ruben: That would be useless
<_ruben> Jeeves_: the odd thing is, it does seem to download *something*
<KenSentMe> henkjan, i entered my database user, pass,  host and db name at startup and now im in some tree view. I got 3 branches: databases, management and security, when i open databases i then see the name of the db i entered. So everything seems to be working correctly. Do you know if it's possible to export the contents of the database to ascii sql?
<_ruben> Jeeves_: it seems it does download the various 'Release' files, but fails on downloading the 'Release.gpg' files .. with http it works just fine though
<henkjan> KenSentMe: select your database. right mouse click -> tools -> export data
<KenSentMe> henkjan, ok, i didnt see that option earlier. It gives the option to export 1 table or 'Export from SELECT'. Is there a SELECT query to enter so i get all tables at once?
<henkjan> KenSentMe: dbatools - storagamanager has backup functionality
<KenSentMe> Ok, let me check that, thanks
<kraut> moin
<_ruben> hmm .. kinda surprised that postfix/dovecot/procmail default installation (tasksel) uses mbox files for storage and not maildirs or anything
<henkjan> hmm, openpanel looks like a good replacement for webmin
<_ruben> henkjan: a beta release after ~2 years .. speedy development :p
<henkjan> read the blog, that states something about the 'release early' mantra
<_ruben> expected a philosophy (htf is that spelled?!) like that :-)
<hubuntu> Guys, what is the easiest way to build a Local Installation server for an Installfest
<hubuntu> either using PXE or any other boot method or as an internal mirror
<_ruben> hubuntu: im currently using debmirror to create me a local mirror .. i dont care for pxe or anything (yet)
<_ruben> am gonna look into creating a preseeded usb stick tho
<hubuntu> _ruben, what is really the advantage of a mirror over PXE?
<hubuntu> I mean using PXE as boot (with the CD for instance)
<hubuntu> COuld not it be possible to have both?
<juliux> to install a huge number of pcs booting over pxe and getting the installer via the network is a good system
<juliux> but you don' t need a local mirror
<hubuntu> We are having a continetal wide Install Fest in LatinAmerica and I'm going to make a how-to on making this server and put it in their wiki so everyone cabn implement it in their local event
<_ruben> hubuntu: they're 2 different things really: PXE is way of initiating an install, local mirror is to save on bandwidth and increased speed
<juliux> if the server is connected to the internet apt-proxy is enough
<hubuntu> that is if you have goods bandwidth
<juliux> if you use apt-proxy the first download is slow the second comes from the cache;)
<juliux> the advantage is that you don' t need 60gb harddiskspace
<hubuntu> In Ecuador the problem is that people do not have access to good bandwidth and I doubt that anyone (besides the ISPs) have good speed between the 24th and the 26th enough to donwload the 40GB mirror for Ubuntu
<hubuntu> I have used apt-proxy or apt-cache I think
<hubuntu> but can PXE installation and local mirro installation be an option given from the same server?
<_ruben> pxe can use any mirror (public or local), and the use of a local mirror instead of public doesnt require pxe, like i said: two different things
<hubuntu> Ok. But given that the resources are very limitated is it an idea to have, say an apt-proxy mirror AND a PXE server using the CD (inserted in the server) as an installation option? Is that at all possible?
<hubuntu> _ruben? juliux?
<hubuntu> now in another  note... Anyone know where to find an updated list of mirrors? The RC release notes need to be done
<juliux> https://launchpad.net/ubuntu/+archivemirrors
<hubuntu> thanx
<hubuntu> is that updated on real time? Like the ones that seems to be up to date is actually up to date (thinking of the RC coming today...)
<juliux> i have no idea if it is realtime
<_ruben> hubuntu: why bother with pxe if you'll be putting in an cd anyways ?
<hubuntu> some machines do not have a working CD drive, then we can use a PXE install server and boot those machines from PXE
<hubuntu> or use a floppy.. you never know what you will find...
<hubuntu> in poor countries the type of resources and hardware can be outdated and partially working
<hubuntu> we have to take this into consideration when making the server
<hubuntu> And of course I will use Ubuntu server ;)
<_ruben> be sure to have plenty of netboot floppy disks .. since booting from pxe isnt available on all hardware
<hubuntu> and now that I think about it anyone here speaking Spanish? I made a presentation on "Ubuntu for (servers and) human beings" looking at the server capabilities that 8.04 gives
<hubuntu> thanks _ruben for the tips and suggestions. I will definitely come around later this weekend for some advice
<_ruben> dos cervesa is as far as my spanish skills go
<\sh> guys, what about nic bonding for hardy, actually is it changed from /etc/network/interfaces with ifenslave , or are there now any magic udev rules to setup bonding
<hubuntu> dos cervezas ;)
<_ruben> hubuntu: i know how to say it, not spell it :p
<hubuntu> if we just think about the highlights is there anything I'm forgeting If I take in account: Debian roots, 7 automated install profiles, Likewise giving us kerberized AD, Ebox giving us control ;) , iSCSI, ufw, virtualization stuff (kvm, vmware, jeos), AppArmor & SELinux, no GUI recommendations, explanations of the LTS cycles and related stuff and (update, install, support). Is there anything I'm forgetting here?
<hubuntu> forgot to mention xen, vzopen, vbox, qemu, paralells but they are in the presentation
<hubuntu> Anyone ideas on anything else I can add, mention?
<_ruben> i guess you got most bases covered with that list, then again, im just an ordinary (and rather fresh, in ubuntu terms) user
<Kamilion> Howdy, I just finished building a new system to be used as a server on a AMD 780G board, with 2 SATA drives. Looking through the motherboard manual, it says it supports RAID, but after doing some reading of google results, it's "fakeraid" and various sites say I shouldn't bother with it and instead recommend something called "md0". Does anybody have a couple minutes to spare to bring me up...
<Kamilion> ...to speed on how I should set the partitions up?
<Deeps_> Kamilion: http://ubuntuforums.org/showthread.php?t=408461
<hubuntu> well.. although I have used the server edition since 6.06 I am rather new and have very basic experience myself in terms of use and configurations. Isn't that the idea of Ubuntu Server: Give you the oportunity to just get the job donbe easily, but also the flexibility if you REALLY want or need some advanced features?
<Deeps> the keywords you're needing if searching is "mdadm" (thats the tool you use to create and configure md devices)
<Kamilion> Okay, and there was also another option for "LVM" -- what's that and why should I / shouldn't I use that?
<Deeps> LVM allows you to create easily resizable partitions
<Deeps> or rather, easily resizable volumes
<Deeps> that can span multiple partitions
<Deeps> so if you're doing RAID0 on 2 disks, and think you might add 2 more disks later, you can LVM initially, and then when you get your 2 new disks, you can expand the volume to encompass the 2 new disks
<Kamilion> Ahh, so it's like windows's dynamic volumes?
<Deeps> i have no idea what windows dynamic volumes do, heh.
<Kamilion> So in that case, I set up LVM at the bottom layer and mdadm over that?
<Deeps> last i saw, you had to make a volume dynamic to put it in a windows raid array
<Deeps> no, other way around
<Kamilion> or is there an easier way to do mirroring?
<Deeps> if you're wanting to do raid1, i'd avoid lvm entirely
<Kamilion> And set up another array later if more drives are added?
<Deeps> yep
<Kamilion> Cool, sounds good. That's just the information I was looking for. Thank you very much, Deeps.
<Deeps> happy to help :)
<Kamilion> Can the ubuntu-server disc set up the md stuff for me? I messed around with the LVM stuff a bit but I didn't quite understand it.
<Kamilion> (I'm using the april 14th daily 64bit ubuntu-server disc, by the way.)
<Deeps> if you've installed your system already without mdadm, you can do it on the installed system
<Deeps> without any need to reinstall
<Kamilion> I've just been reinstalling over and over, trying to figure it out on my own, actually.
<Kamilion> ended up with a 12GB system partition without all the goodies so far, with nothing but openssh-server installed
<Deeps> if you're happy to reinstall, it should give you an option to build with software raid
<Kamilion> yeah, I remember that option being there, I'm firing up the installer now.
<Deeps> if not, you need to make multiple md device, as i believe it mirrors partitions, rather than entire disks
<Deeps> peronally, i'd recommend shelling out for a more expensive "enterprise grade" hardware raid card if your data's important
<Deeps> or more accurately, dont treat raid as a backup solution
<_ruben> thats where raid+lvm comes into play .. make 2 md's .. one small one for /boot .. and one big one (the rest) which will be used for lvm and put all your actual data on lv's in the lvm
<Kamilion> "Physical volume for RAID" is what I'm wanting, correct?
<_ruben> yes
<Deeps> _ruben: surely that then defeats the point of separate partitions for separate mountpoints?
<_ruben> after that you'll have an extra option to configure your raid
<_ruben> Deeps: why?
<Kamilion> Yeah, that's what I was missing, _ruben. Thanks.
<Deeps> if you have 1 big lvm spanning your 5 partitions, you're mounting that one big lvm as /
<_ruben> Deeps: different partitions versus different logical volumes .. dont see that much of a difference
<Deeps> oh, i misread what you said
<_ruben> Deeps: i didnt say one big lv, but one big vg (tho i didnt mention vg explicitly i admit)
<Deeps> "put all your actual data on lv's in the lvm" i see :)
<_ruben> (vg = volume group = windows' dynamic disk, lv = logical volume = volume within a windows dynamic disk)
<Kamilion> Okay, so I want a seperate boot and swap, a small root / and then the rest of the drives partitioned out for software RAID, is what I'm thinking.
<Kamilion> Backup's not going to be a problem, we've got a bluray burner on order.
<_ruben> Kamilion: when bothering with software raid, i'd put everything on software raid, not just parts
<Kamilion> so just set a single partition on both drives, full 250GB and everything should 'just work' ?
<_ruben> no, 2 partitions per drive .. one for each raid mirror (one for /boot and one for the lvm vg)
<_ruben> you cant boot from lvm on swraid directly
<_ruben> you need /boot to be on non-lvm in that case
<Deeps> I'm in agreement with ruben, and apologies for any earlier confusion, I'm not a big fan of using mdadm, and haven't touched it much for a few years now.
<Kamilion> don't think I'm going to be using LVM since all it appears to do for me is allows me to resize the volume pool, and I'm pretty sure that's not going to be nessicary
<Kamilion> yeah, okay, now I'm getting all confused... *laughs*
<Kamilion> Let me start over.
<Deeps> If you use LVM, it saves you the hassle of haivng to make multiple md raid devices
<Kamilion> I've got a brand new 780G system with a Be-2400 and 8GB of ram, with two maxtor 250GB harddrives that I'd like to enable mirroring on in case one of the drives dies. What's the current best course for doing so?
<Deeps> on a 250gb disk, put 500mb aside for /boot, and then make a big partition, raid1'd
<Kamilion> Swapfile, swap partition, swap on raid, swap not on raid?
<Deeps> then within that big partition, make it LVM, and make multiple volumes within that lvm to act as your different partitions
<_ruben> raid+lvm is a *big* improvement over raid when it comes to setting it up
<_ruben> *especially* when using more than 2-3 partitions
<Deeps> I'm converted, in the case of linux software raid at least, anyway.
<Kamilion> well, this is literally a $350 system
<Kamilion> it's probably going to be running samba, asterisk, and maybe doing some network routing.
<Deeps> thats an impressive setup for $350
 * Deeps rubs hands with glee at the prospect of being stateside in august
<Kamilion> I already had the two maxtor 250GBs
<Deeps> hope the euro carries on getting stronger
<Kamilion> the motherboard was $89, the be-2400 was $108, and the ram was $79 each for two 2x2GB muskin kits.
<Kamilion> *mushkin
<Kamilion> plus some cheap generic microatx case.
<_ruben> why 8G of ram btw? .. sure, ram is dirt cheap, but still ;)
<Kamilion> I was hoping on using a ramdisk for some stuff.
<Deeps> cunning
<_ruben> ah
<_ruben> fair enough then :)
<Kamilion> And as you said, it was cheap and it maxed out the board.
<Kamilion> plus the BE-2400's the 45 watt model... The whole thing is freaking *silent*.
<Deeps> niice.
<Kamilion> couldn't belive how quiet the maxtor 250GBs ended up to be.
<Deeps> I need to build me something small silent and cheap to replace my current tv laptop
<Kamilion> it's literally quieter than my Flash-only terminal client
<_ruben> lunchtime .. bbiab
<Deeps> nice
<Kamilion> (for some reason, the flash chip makes little noises when it's accessed, heh)
<Kamilion> Plus it's got the radeon 3200HD IGP (based on the 2400HD)
<Kamilion> with HDMI out, which is nice, but it's DVI or HDMI, not both, sadly.
<Deeps> mm
<Kamilion> Anyway, back to the disk setup...
<Kamilion> I'm still a bit confused on what I should do for an 'optimum' setup... I read a bunch of howtos and stuff already, but most of them were years old for ubuntu 5 and 6
<hubuntu> for creating a local mirror would you recommend apt-mirror or apt-proxy? Thinks that we are going to use both Gutsy AND Hardy.. what uis the best option?
<Kamilion> so far, the forum link you gave me earlier is the newest I've run across from april 07, and I figure not much has changed between gutsy and hardy
<Deeps> Kamilion: for an optimum setup, buy a proper hardware raid card :p
<Deeps> alternatively, what ruben described
<Kamilion> Uhh, considering a hardware raid card would be more expensive than the computer itself, I don't think I wanna go that route. The data's not terribly important, but it's best if it doesn't just go kaput when the drive eventually fails in the office it ends up in
<Kamilion> It will have regular backups to an external bluray burner as well, but as far as I know the drive's on backorder
<Kamilion> Okay, so lemme get this straight then.... Leave some room for /boot (one drive or both?), set up the rest as a raid1, and then run LVM over that?
<Kamilion> With a setup like that, what do I do about swap?
<Deeps> /boot on both drives in a raid mirror
<Deeps> lvm on both drives in a raid mirror
<hubuntu> an apt-mirror and apt-proxy server: what is the difference really? What do the one do that the other doesn't?
<hubuntu> or do they give apt in different ways?
<Deeps> swap... dunno, could have 2 swaps outside of your lvm/raid groups
<Kamilion> so swap should be outside of the raid in a seperate partition?
<Deeps> yeah i guess
 * Kamilion grins
<Kamilion> Good enough for me.
<Kamilion> so grub will be able to find /boot within the raid, but not the LVM, correct?
<Kamilion> so I end up with RAID( [/boot], [ lvm( [ext3] ) ]), swap?
<Deeps> lvm( [ext3 /home], [ext3 /var], etc.)
<Kamilion> Allrighty, I think I got it now. Thanks.
<Deeps> infact no, heh
<Deeps> you'll end up with
<Deeps> RAID(boot), RAID(LVM([ext3 /home], [ext3 /var], etc.)), swap
<Kamilion> Ahhhh, okay.
<Kamilion> That really makes it crystal clear to me now. :D
<Deeps> theoretically, RAID(boot) will be md0 containing hda1 and hdb1, RAID(LVM) will be md1 containing hda2 and hdb2
<Deeps> swap you can make 2 i guess, one on each disk
<Kamilion> Makes sense.
<Kamilion> in that case I should be able to get away with 2 6GB swap partitions
<Kamilion> (and yeah, I know, if one of the drives fails and I have pages on swap the whole system will die horribly)
<Kamilion> .... Actually, screw it. The system's got so much ram that swap is unlikely to be used, so i'll just set up a 12GB /swapfile
<Kamilion> the performance difference between a swapfile and a swap partition shouldn't make much of a difference for a light duty server like this.
<Kamilion> Deeps, Thanks so much for your help in getting me up to speed on this in less than an hour.
<Kamilion> _ruben, Thanks to you as well for your valuable input.
<Kamilion> AFK while I bang on the server to go set that up.
<n6rej> how do I tell swat or samba who the admin user is?
<n6rej> nm figured it out
<_ruben> Kamilion: i wouldnt put seperate swap partitions on each drive, i'd put em either within the lvm or on a raid1 .. when one drive fails and you have stuff swapped out, you dont want to lose ur swapped memory
<_ruben> i usually put within the lvm, for the sake of easyness, speed isnt too much of an issue, since my boxes hardly ever touch the swap
<Kamilion> yeah, I'm gonna set up a swapfile on the LVM for /xen
<_ruben> i'd go for swap partition, not file
<Kamilion> is it really going to make a difference?
<Kamilion> I seriously doubt it's even going to be hitting swap on dom0
<_ruben> probably not, i just prefer having my swap in a partition over having a file for it somewhere
<Kamilion> I've been running linux since slack 1.5 back in '95, progressed through debian -> LFS -> Gentoo -> ubuntu, and I've honestly not noticed a difference between a swapfile and swap partitions as long as the swapfile is created right after mkfs.
<_ruben> could very well be
<_ruben> for me its slack4 / debian woody with short side step to gentoo / suse / ubuntu
<Kamilion> So far, ubuntu's been the easiest box I've had the pleasure of using.
<Kamilion> Got sick of manual compiling with LFS after the learning experiance of how everything worked, so I switched to gentoo between 2004-late 2007 when all the project BS started and the ebuilds slowed to a trickle, so I grabbed 7.10 just before 8.04 was started, and I've been on hardy ever since.
<_ruben> the one thing i liked about suse is YaST, but thats about it ;-)
<Kamilion> And I wasn't a ricer with gentoo, I just used CFLAGS = -Os -pipe. I just enjoyed the useflags.
<Kamilion> not everything needs to be compiled with mysql support XD
<Kamilion> but I eventually got sick of messing around with all that, and just switched to ubuntu because it really does 'just work'.
<Kamilion> I havn't had to delve into any config files other than a simple xorg problem on my old laptop getting stuck at 800x600 but that was as easy as a fbset -x and copying the output into the monitor section of xorg.conf.
<Shrugz> anyone know of a good flash editor? for debian?
<Kamilion> That's pretty impressive for an old keyboard cowboy.
<Shrugz>   /ubuntu
<Kamilion> Shrugz: Compiling flash into SWF, or an actual visual editor?
<Kamilion> I don't know about a GUI editor myself, but I know there's a bunch of commandline tools to build SWF files.
<Kamilion> Actually, now that I think about it, doesn't blender have flash support now?
<Shrugz> Kamilion a actual visual editor. i found a kde one but it was only the source not a .deb file
<Kamilion> give synfig a shot then
<Kamilion> should be in universe.
<Kamilion> and avidemux does well for authoring FLVs
<Shrugz> synfig
<Shrugz> ok
<Shrugz> is it in the sudo apt-get
<Shrugz> ?
<Kamilion> yeah
<Kamilion> keep in mind that macromedia flash works pretty well in wine as well, if all else fails.
<Shrugz> my windows emulators are pissing me off
<Shrugz> wine and crossover
<Kamilion> I said pretty well.... not perfect... ;)
<Kamilion> Ktoon might work as well.
<Kamilion> f4l's another option
<Kamilion> I think they have a GUI now
<Shrugz> why does synfig
<Shrugz> sound like a dosser
<Shrugz> LoL
<Shrugz> The following extra packages will be installed:
<Shrugz>    ffmpeg (0.cvs20070307-5ubuntu4)
<Shrugz>    imagemagick (6.2.4.5.dfsg1-2ubuntu1)
<Shrugz>    libdv-bin (1.0.0-1ubuntu1)
<Shrugz>    libgtk1.2 (1.2.10-18)
<Shrugz>    libgtk1.2-common (1.2.10-18)
<Shrugz>    libimlib2 (1.3.0.0debian1-4build1)
<Shrugz>    libswscale1d (0.cvs20070307-5ubuntu4)
<Shrugz>    libsynfig0 (0.61.06-2)
<Shrugz>    libxml++2.6c2a (2.20.0-0ubuntu1)
<Shrugz> damn
<Shrugz> sorry for the flood
<Shrugz> but damn
<Shrugz> thats not all really needed is it
<Kamilion> GTK's the gui toolkit, imagemagick converts between various graphic formats, ffmpeg creates flv
<Shrugz> i do all that stuff on vistachitty
<Kamilion> Dunno much about it myself, I just googled for it and got back http://ubuntuforums.org/showthread.php?t=435080
<Kamilion> Well, the server just came up with RAID+LVM.
<Kamilion> Thanks Deeps and _ruben. I'll dig further into mdadm and lvm myself now that I've got it basically working.
<Shrugz> you know ZeroDay Kamilion?
<Shrugz> i dunno if he runs that on the ubuntu server
<Kamilion> Person/place/thing?
<Shrugz> aka chris randolph
<Kamilion> Nope
<Shrugz> he helped with implimenting the java platforms
<Shrugz> into ubuntu
<Kamilion> I don't hang around IRC much anymore... 15 years of it has burnt me out.
<Shrugz> me too
<Shrugz> lol
<Shrugz> i used to run on here under many names u might remember
<Shrugz> have u always ran the same nick man?
<Kamilion> yep.
<Shrugz> i thought that was u
<Shrugz> lol
<Shrugz> <Mad
<Shrugz> the one and only
<Kamilion> Freenode, EFnet, Oper on Axenet, previous oper on nintendorks
<Shrugz> my first nick bro
<Shrugz> i am the 1 of the original mad's
<Kamilion> Ah, right on... I vaguely remember that nick
<Shrugz> i always went by that
<Shrugz> well if u had the key term at the end that sums up deranged programmer and begins with the letter H
<Shrugz> you would know
<Shrugz> bro
<Shrugz> lol
<Kamilion> I know too many deranged programmers these days. Got a job at NASA.
<Shrugz> you know what i meant by the word H
<Shrugz> right
<Shrugz> at the end of my mad name
<Kamilion> not offhand right now, I've been up for 2 days reading and my eyes are tired and watery
<Kamilion> MadHatter?!
<lamont> sommer: "do not config" is the default only if there is already a /etc/postfix/main.cf
<lamont> iric
<lamont> iirc, even
<sommer> lamont: cool, I assume you're talking about the conversation between me and mathiaz?
<lamont> yeah
<sommer> ah, ya I just had one of those "wasn't there a bug like this before" moments, but mathiaz straightened me out
<hubuntu> anyone tested ebox? Does it make heavy changes in conf files by default or what?
<Kamilion> I was looking at it earlier myself but I havn't tested it yet.
<Kamilion> but I think it does indeed do heavy config changes -- it even warns not to have the services configured beforehand cause it'll eat 'em
<edneymatias> hi!
<edneymatias> morning all!
<edneymatias> can someone help me with lvm?
<_ruben> edneymatias: someone might if you'd state a more detailed question :)
<edneymatias> ok..just to see if someone is listening
<edneymatias> :D
<edneymatias> thank you
<edneymatias> first of all...it isn't a question about ubuntu server...but relates to lvm...
<edneymatias> so...i posted in ubuntu channel...but no way...so
<edneymatias> i did a manual install of the lvm using the default cd...without the alternate cd
<edneymatias> so...i loaded the md-mod
<edneymatias> installed lvm2
<edneymatias> did the partitioning
<edneymatias> ubiquity recongnized the partitions and allowed me to specify the mounting points
<edneymatias> and installed everything
<edneymatias> affter installation completed i chrooted to the new system and install lvm packages
<edneymatias> and reboot just to see the machine hanging
<edneymatias> just after detecting devices...just before mouting root filesystem
<edneymatias> finally the question is....what am i missing?
<edneymatias> :D
<_ruben> the default cd doesnt support lvm out of the box??
<edneymatias> nop
<_ruben> guess lvm is less of an 'issue' for desktops indeed
<_ruben> only using server myself
<_ruben> so wouldnt know
<_ruben> could be that the initrd lacks some lvm stuff or smth
<edneymatias> i see...and agree....it just sounded possible to do like that...i can 't figure out why it doesn't work
<edneymatias> so...
<edneymatias> in some version ubuntu droped the lvm-commont package
<edneymatias> now it's just lvm2
<sommer> edneymatias: is the lvm partition listed in /etc/fstab?
<edneymatias> and there isn't /etc/init.d/lvm script
<edneymatias> yes they are
<edneymatias> it seems udev handles the dm-mod loading and vgscan stuff
<sommer> is dm_mod loaded?  lsmod | grep dm_mod
<edneymatias> our debian server do that throught the init.d script
<edneymatias> that's something i can't check...if dm_mod is loaded
<edneymatias> couse i can't get a prompt when i boot the machine
<edneymatias> but...looking in udev...there's a script supposed to do that...i guess
<sommer> edneymatias: is there an error when it doesn't mount the lvm partition?
<edneymatias> 65-dmsetup.rules
<edneymatias> booting in single mode it hangs just after detecting the discs...
<edneymatias> no error message...none i can see from the messages
<sommer> edneymatias: you might try editing /etc/fstab and using the path to the device instead of the uuid number... /dev/mapper/lvm-volume-name
<edneymatias> yes fstab is using the uuid
<edneymatias> sommer...while i was writing here ....it droped to busybox
<sommer> you'll probably need to boot from a cd and enter the recovery mode
<edneymatias> and it's what you said...no dm-mod loaded...
<edneymatias> i needed just wait a bit more
<edneymatias> :)
<edneymatias> but...how i fix it?
<sommer> edneymatias: you'll need to boot from a cd, then edit the file... at least that's my idea, it could be wrong :)
<edneymatias> which onde?
<edneymatias> which one?
<sommer> edneymatias: /etc/fstab see my comment above
<edneymatias> no no...ok...i saw
<edneymatias> but...the problem is the dm-mod not loading
<sommer> edneymatias: then edit /etc/modules and add dm_mod to the bottom, but if the machine went to busybox it probably wouldn't load dm_mod
<sommer> my thought was that it somehow got the uuid number wrong, so if you change fstab to the device name it might work
<edneymatias> ok i try change the fstab first
<sommer> other than that, I'm really not sure what else you can do... without a more detailed error message
<edneymatias> when it went to busyboxy it showed /dev/mapper/vg0-root doesn't exist...
<sommer> that's to be expected since busybox isn't a full environment
<edneymatias> hummm..not a clue indeed
<sommer> at least that's what I'd expect
<_ruben> probably lacks the lvm kmods in the initrd
<edneymatias> humm...when i install lvm2 it updates the initrd
<edneymatias> i think
<_ruben> hmm .. in that case the module load / be loadable in the busybox env
<_ruben> and/or changing fstab might do the trick
<edneymatias> i'll try both...
<\sh> edneymatias, did you just install it from an alternate cd without manual configuring the LVM devices (but with an already lvm partitioned HD?)
<edneymatias> nop...installed from the default cd (no alternate) and manually install lvm and did the partitioning
 * \sh had yesterday the bugger that the d-i installer recognized the lvm in general but never installed lvm2 because you have to actually enter the lvm device somehow...
<\sh> in the d-i partitioner that is...
<edneymatias> sh...the ubiquity alread recognized the partitions...and installed everything except the lvm package
<edneymatias> but before reboot the system i chrooted and did it myself
 * \sh don't know anything about ubiquity ;)
<\sh> s/don't/doesn't/
<edneymatias> i think it work the same way
<\sh> edneymatias, na...
<edneymatias> basically
<edneymatias> ;)
<\sh> edneymatias, but recognizing as in "Yes, this partition can contain LVM mappings" and "Yes, I want to mount special lvm mappings" is different though...recognizing doesn't give lvm2 package at all, at least in d-i...mounting or adding lvm mappings but pulls lvm2 package in
<\sh> edneymatias, that's why I asked...
<edneymatias> ok...but it just recongnized and allowed me to map only after i also installed the lvm2 package in the live cd enviroment
<edneymatias> i installed, loaded the modules...run vgscan and vgchange...the way it's supposed to do in booting time
<edneymatias> i guess
<\sh> edneymatias, ah ok...so it's something different then...without having lvm2 package installed, imho ubiquity running on live-cd won't recognize the mapping in general but knows about the LVM partition id (via parted)
<edneymatias> sorry if i confused you...english isn't my default language
<edneymatias> :)
<\sh> edneymatias, /me 's german so I understand you very nicely...I didn't catch it, that you are not using the alternate installer cd :)
<edneymatias> yeah...now i'm downloading it...but...it would be if i don't have to...
<edneymatias> anyway editing fstab and change from uuid to device name doesn't work
<edneymatias> i will try to edit /etc/modules
<edneymatias> ok...any other idea? :P
<edneymatias> editing modules didn't solve
<_ruben> edneymatias: made sure the lvm mods are avail in ur initrd ?
<edneymatias> well...it's like i said...installing lvm2 triggered initrd update..but i'm not really sure...how can i check that and how can i update it?
<mdz> jdstrand: ping re: bug 217815
<ubotu> Launchpad bug 217815 in linux "Installation stalls randomly until a key is pressed" [Critical,Confirmed] https://launchpad.net/bugs/217815
<jdstrand> mdz: pong
<mdz> jdstrand: trying to get a handle on how serious this bug is
<_ruben> edneymatias: either by trying to load the module (modprobe) while in the busybox prompt .. or check the files within the initrd file
<mdz> jdstrand: can you answer any of the questions I put into the report?
<jdstrand> mdz: sure
<edneymatias> ok ...modprobe fails on busybox
<jdstrand> here or there?
<mdz> jdstrand: there
<jdstrand> mdz: np
<jdstrand> mdz: updated
 * lamont wonders if the nagios-plugins overwrites nagios-plugins-extra on upgrade bug is already uploaded/fixed, or if that's still pending
<mathiaz> soren: how do you specify to use a virtio disk in libvirt ?
<soren> mathiaz: Replace:
<soren> <target dev='hda'/>
<soren> with
<soren> <target dev='vda' bus='virtio'/>
<mathiaz> soren: ok - IIUC this is something that the guest will see
<mathiaz> soren: it doesn't matter if on the host it's a qcow2 or a lvm snapshot ?
<soren> Right.
<soren> That's orthogonal.
<mathiaz> soren: on the host, it will use /dev/vda ?
<mathiaz> soren: s/host/guest/
<soren> mathiaz: Yeah.
<mathiaz> soren: or /dev/sda ?
<soren> mathiaz: You shouldn't need to worry about that, though.
<soren> vda.
<mathiaz> soren: well - I specify in my preseed which disk should be used to install the system
<soren> mathiaz: Ah... right, gotcha.
<mathiaz> soren: I've just noticed that I've always used /dev/sda, even if target dev was set to hda
<mathiaz> soren: also for the shutdown fix, acpid should install in the guest so that it works correctly ?
<nxvl> soren: i was looking for you, which vm did you recomend, just for testing purposes
<nxvl> soren: so i don't need to virtualize a production server, just to run old stable releases for bug confirmations
<soren> mathiaz: Yeah.
<soren> nxvl: If you have the hardware to use kvm, that's what I'd recommend.
<nxvl> soren: and what's the hardware tu use kvm?
<edneymatias> ok..got it...just runned update-initramfs ...it's seems that just installing lvm2 isn't enough...even if dpkg shows that it's updating initrd image
<nxvl> s/tu/to
<edneymatias> anyway thank you all, _soren_, sommer and sh
<edneymatias> thank you!
<mathiaz> nxvl: you need a recent processor that supports virtual extension
<mathiaz> nxvl: https://wiki.ubuntu.com/KvmVirtManagerEtc#head-d7a80833891a883a0a469750c9fa04ab8a16e48a
<nxvl> mathiaz: so my 1.8 Mhz Core 2 Duo is what i need?
<mathiaz> nxvl: https://wiki.ubuntu.com/KvmVirtManagerEtc#head-d7a80833891a883a0a469750c9fa04ab8a16e48a
<nxvl> oh! i already see the link
 * nxvl HUGS mathiaz and soren 
<mathiaz> soren: I've got a kvm/libvirt problem: http://paste.ubuntu.com/7409/
<seisen> does anybody know how to fix this problem with exim4: http://paste.ubuntu-nl.org/63634/
<soren> mathiaz: Yeah, don't do that.
<mathiaz> soren: hum... I used to work
<mathiaz> soren: *it* used to work
<soren> mathiaz: YEs. I fixed it :)
<soren> mathiaz: It's due to the different bios that comes into play when you use virtio.
<soren> mathiaz: It doesn't support more than one boot device.
<mathiaz> soren: hum... That breaks my iso testing in a vm
<mathiaz> soren: If I boot from an iso, on a reboot it reinstall ?
<soren> brb
<nxvl> oh men! the raid array on the backup fs is f*ck'd
<nxvl> bbl
<sommer> okay, I'll stay here
<sommer> :)
<nxvl> :D
<edneymatias> see ya...thank you all
<darthanubis> http://releases.ubuntu.com/releases/8.04/
<darthanubis> https://wiki.ubuntu.com/HardyHeron/RC
<nxvl> soren: on "OS Variant" they should be some old stable releases os an "old Ubuntu" variant
<soren> That's just "generic26" :)
<Jeeves_> darthanubis: Hmm. The mirror's aren't up to date yet
<darthanubis> guess its rolling out slowly
<Jeeves_> I guess it's a bit of a mess :)
<darthanubis> I just got an iso
<soren> mathiaz: You'll have to "manually" tell it which device to boot from.
<darthanubis> not its not there
<soren> mathiaz: Sorry.
<darthanubis> its off an on
<mathiaz> soren: ok - what are the other value for the on_reboot option ?
<mathiaz> soren: If the vm could power off on reboot after the install that would help me
<darthanubis> Its still being synced to all the mirros though.
<soren> mathiaz: destroy, I think.
<soren> mathiaz: Yes, that seems to be accurate.
<soren> (looking at the code, not by testing it)
<mathiaz> soren: ok - I'll give it a try then
<nxvl> soren: i think i'm having problems with network manager
<soren> nxvl: How so?
<nxvl> every time i run kvm i lost networks conection
<nxvl> i'm using a wireless conection
<nxvl> and have already add iface vnet0 inet manual
<nxvl> to interfaces
<nxvl> also i've got an error because i don't have qemu installes
<nxvl> soren: nevermind, it's working now
<LeChacal> I remote access into my server/cluster and i want to run something that will take several days to finish but when i start the job remotely when i log out the process is stopped. Is there a way that I can run in it so that it will keep running after I have logged out remotely. The only thing I could think of was to set the process to start with an 'at' command but is there another way?
<ivoks> screen
<ivoks> apt-cache show screen
<LeChacal> screen looks like reading the description that it freeze the process until you resume it, or am i wrong?
<ivoks> you are wrong
<ivoks> you start screen with a command 'screen'
<ivoks> then start your program and detach it with ctrl+a+d
<ivoks> logout and enjoy in life
<ivoks> 2 days later, run screen -r
<ivoks> and you'll be in the session your left with ctrl+a+d
<ivoks> http://kb.iu.edu/data/acuy.html
<LeChacal> ok thank you i will be trying this soon
<ivoks> np
<Theo__> How I give  the user "www-data" root priviledges?(I have php files in a password-protected directory that i want to execute with root pirvs)
<ivoks> you really don't want to add admin privileges to www-data user
<Theo__> i do
<ivoks> forget that idea, try with different aproach
<Theo__> lol
<ivoks> really
<Theo__> i have the files in password-protected directory
<ivoks> cause, php allows you to write files on disk
<Theo__> excuse me?
<ivoks> if www-data is root, then anyone accesing your web site will be able to delete all your data
<Theo__> how?
<ivoks> how what?
<Theo__> Could they do that even if i do not have any php file in that directory?
<ivoks> just forget that idea
<ivoks> you could work something out with sudo, maybe
<Theo__> hmm
<Theo__> i want to exec this with php: shell_exec('eject cdrom1')
<ivoks> then add www-data to cdrom group
<ivoks> and that's it
<Theo__> i tryed
<Theo__> and it doesnt work
<ivoks> restart apache
<Theo__> just a second
<Theo__> wow!
<Theo__> worked
<ivoks> of course it worked
<Theo__> i added it to cdrom 2 days ago and forgot to restart
<Theo__> thanks man/lady
<Theo__> my stupid mistake
<ivoks> man :)
<mathiaz> soren: I think I've already mentionned that, but I do a reboot in hardy guest it shuts down instead of rebooting
<soren> mathiaz: Yes, you mentioned that. Did you file a bug? I forget.
<mathiaz> soren: nope - I will file a bug now
<elventear> Hello. I have some VPN connections that I want to bring up when the server starts. Should I put them in the interfaces configuration file or run them as init scripts?
<elventear> One of the VPNs uses pptp, which can go in the interfaces easily, IIRC. The other uses vpnc, so is it possible to put the latter in the interfaces config as well?
<elventear> Or better yet, just write a script and link it to my interface using post-up
<ivoks> elventear: i would suggest putting it in rc.local
<ivoks> just be sure to change #!/bin/sh to #!/bin/bash in /etc/rc.local - it wold save couple of years of your life :D
<mathiaz> soren: done - https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/219326
<ubotu> Launchpad bug 219326 in kvm "a reboot issued from the guest shutdowns the guest instead of rebooting it" [Undecided,New]
<elventear> ivoks: Thanks. I'll look into using rc.local
<soren> mathiaz: Lovely. Thanks.
<ivoks> mathiaz: that happend to me in feisty too, but i discovered that kernel crashed
<mathiaz> ivoks: when did it crash ?
<mathiaz> ivoks: I see Halting system on the console
<ivoks> oh... that's not it then, sorry
<Theo__> hello
<Theo__> I added the user  "www-data" to group cdrom so a php script can eject the drive "cdrom". I have a second drive called cdrom1 and the php script and the user do not work for this reason: "eject: unable to open `/dev/scd1'". The root user can eject without problems. What should i do to get it to eject?
<sommer> Theo__: probably change permissions on /dev/scd1 to allow the cdrom group to access it
<Theo__> how do i do that?
<sommer> sudo chgrp cdrom /dev/scd1 should do it
<Theo__> wow
<Theo__> thanks. That did the trick
<sommer> Theo__: party! you're welcome
<The_kernel> Hi, I'm having issues with sysklogd not starting.
<The_kernel> and the sudo /etc/init.d/sysklogd start doesn't start it.
<Zorg95> hi, I am just deciding which distribution to choose as dom0 for xen deployment - I have a very good experience with ubuntu, but i am a bit afraid about kvm as No1 virt technology in hardy... anyone knows about planned xen status at hardy?
<zul> Kvm is the prefered over xen
<Zorg95> I see https://bugs.launchpad.net/ubuntu/+source/xen-3.2/+bug/204010
<ubotu> Launchpad bug 204010 in xen-3.2 "networking not working" [Undecided,Confirmed]
<Zorg95> looks like it will not be a good idea
<nxvl> mathiaz: thank you for the scripts on Bug #189616
<ubotu> Launchpad bug 189616 in dovecot "connection problems under load with hardy dovecot" [Undecided,Incomplete] https://launchpad.net/bugs/189616
 * nxvl HUGS mathiaz 
<elventear> Hello. I am trying to setup a VPN connection using PPTP. Does anybody have any idea on how to make it reconnect when it is disconnected?
<Zorg95> yeah, according to launchpad and mailing lists, debian etch would be a much better for xen
<mathiaz> soren: I'm trying to install an lvm partition on /dev/vda - it fails
<mathiaz> soren: apparently partman-lvm doesn't recognise /dev/vda5 as a valid partition to install lvm on it
<soren> mathiaz: I know. I'm supposed to upload a fix later today.
<soren> mathiaz: Or you could do it?
<soren> :)
<mathiaz> soren: great - do I need to file a bug ?
<soren> mathiaz: It's already there, and there's already a debdiff. It just needs to be uplaoded.
<soren> https://bugs.edge.launchpad.net/ubuntu/+source/lvm2/+bug/205011
<ubotu> Launchpad bug 205011 in lvm2 "LVM2 doesn't recognise 'virtio' virtual disks (/dev/vd*)" [High,In progress]
<soren> mathiaz: It's tested and works as expected.
<mathiaz> soren: hum... I was looking under debian-installer
<soren> mathiaz: Ah. Nope, it's an lvm2 bug. It only accepts a predefined set of block devices, and virtio wasn't one of them.
<mathiaz> soren: I can sponsor the upload
<mathiaz> soren: uploaded
<brewmaster> hey all, i have exim mail server, how can i delete all messages older than, say, 100 days from the command line?
<brewmaster> nobody here?
<darthanubis> !patience
<ubotu> The people here are volunteers, your attitude should reflect that. Answers are not always available. See http://wiki.ubuntu.com/IrcGuidelines
<ScottK> leonel: I talked to jdstrand and he suggested assuming your previous debdiff's have already been applied.
<jdstrand> leonel: I am not sure what your question was, but just so I know it was communicated right-- I think a single debdiff with all the patches is the way to go, as we have not prepared the upload yet.  ie one upload fixes them all
<ScottK> jdstrand: Thanks for clarifying.  I thought you said the opposite.
<jdstrand> ScottK: np :)
<jdstrand> really, I'd be happy with either as I know people work hard on these, but it would be easier to process
<LMJ> hi
<darthanubis> !ask
<darthanubis> hi
#ubuntu-server 2008-04-19
<leonel> ScottK: jdstrand Ok  I'll work on the big patch   today  been a  busy  day
<leonel> ScottK: jdstrand  I'll ping  you when  it's done  but I'm busy  right now, I'll start ASAP
<jdstrand> leonel: I wont be able to get to it until monday or tuesday, so no huge rush
<jdstrand> leonel: thanks for your work on this! :)
<jdstrand> dendrobates: no hangs in gutsy installer on hardy kvm
<jdstrand> dendrobates: 7 installs completed.  I updated the bug accordingly
<nxvl> jdstrand: i'm just installing a hardy box with alternate image
<nxvl> jdstrand: did you need me to test something?
<nxvl> jdstrand: on tty1 it seems to be still configuring cpio, but on tty4 it's installing several packages
<jdstrand> nxvl: if you happen to see bug #217815, please add notes to the bug
<nxvl> jdstrand: already did :D
<nxvl> jdstrand: while there where happening
<nxvl> alternate install on kvm is really slow
<nxvl> i started almos 1 hour ago
<rlanham> what is the command in terminal to tell what users are logged in?
<bipolar> who
<rlanham> I had a Root login warning email with an IP I did no recongize, is there anyone to see what was last done on the server?
<ere4si> I've just setup my first cli server - but I want to run it headless and can't log in via ssh - can I set it up to auto login?
<sommer> ere4si: did you install openssh-server?
<ere4si> sommer: nope - will that let me login via ssh?
<sommer> ere4si: heh, sure will... by default ubuntu only has ssh client installed
<ere4si> sommer: thnx!
<sommer> the theory being that not every admin may want ssh access
<sommer> ere4si: np
<ere4si> works like a charm - thnx again sommer
<sommer> ere4si: heh, you're welcome
<ere4si> how can i change tty's via ssh?
<sommer> ere4si: I don't think there's is a literal way, but I usually just open anotehr ssh session
<sommer> ere4si: you can also look into the screen command... does sorta the same thing, only better in some instances
<ere4si> sommer: I think the extra ssh session should be all I need :) thnx
<sommer> ere4si: np, if you're using gnome-terminal, konsole, or xfce-terminal you can just open another tab :)
<buzzsaw> good evening
<Jeeves_> Morning
<buzzsaw> i was looking for information on how to configure my apache installed by LAMP do you by chance know of a tutorial on it?
<LMJ> hello buzzsaw
<LMJ> should like I can help you to configure your apache
<LMJ> what you wanna do ?
<LMJ> but there is also #apache who could be helpful, just in case
<WaVeR> Morning ã
<LMJ> morning
<buzzsaw> LMJ, i got it thanks :-)
<buzzsaw> just got it figured out
<Theo_> <?php
<Theo_> $drive = $_POST['drive'];
<Theo_> shell_exec('eject $drive');
<Theo_> echo("$drive has been ejected.");
<Theo_> ?>
<Theo_> even if $drive is cdrom1 it always ejects cdrom. Why does it do this?
<matrix> help me
<Jeeves_> Hmm? :)
<hubuntu_> is python support activated under installation?
<hubuntu_> or is python at all available in the standard install?
<hubuntu_> hardy server RC
<Deeps> i believe so, as apt(itude) depends on it
<hubuntu_> after the base system is installed it is available :)
<hubuntu_> indeed
<hubuntu_> thanks.. :)
<hubuntu_> what package shall I use for netkit-inetd ? The BSD one or inetutils?
<hubuntu_> I'm making a http://www.howtoforge.com/ubuntu_pxe_install_server
<zul> bsd one
<hubuntu_> thanx
<hubuntu_> bsd is giving trouble.. what the difference within the 2 zul?
<fromport> i've got the pxe setup working and am using the bsd version: openbsd-inetd
<hubuntu_> I'll try again then..
<hubuntu_> netstat -uap is not giving me: udp        0      0 *:tftp
<hubuntu_> but: udp        0      0 *:bootp
<hubuntu_> is that ok?
<hubuntu_> with the bsd one I get both, with the internet one I get bootp and ip6 support for tftp...
<fromport> # netstat -uap|grep tftp -> udp        0      0 *:tftp                  *:*                                 2835/inetd
 * delcoyote hi
<rlanham> morning everyone
 * fromport goes for dinner ;-)
<burzum> hi
<burzum> Ive tried to compile php 5.2.5 on dapper because theres no new php version in the repo, at least it installed php5-cli but without the extensions... Ive tried to revert it by aptitude purge php5-cli and reinstall it but its still php 5.2.5 any ideas how to get the old version back?
<theuser1> using g4l ghost for linux to make image file backup for my ext3 partition having the ubuntu os, error message i get is  unable to read from image block 0  ,       g4l uses   partiimage   and that uses  the dd comand i   think.....              any help?
<theuser1> using g4l ghost for linux to make image file backup for my ext3 partition having the ubuntu os, error message i get is  unable to read from image block 0  ,       g4l uses   partiimage   and that uses  the dd comand i   think.....              any help?
<theuser1>  can any one recomend an easy to use utilitiy that can make image of a partition for backup and can support compression?
<nikku> hello.
<nikku> join #ubuntu
<nikku> crap.
#ubuntu-server 2008-04-20
<Animortis> Can anyone tell me how to get ProFTPD to start automatically on booting my system?
<emgent> heya
<Animortis> Hi
<soren> I. HATE. CISCO. SWITCHES.
<soren> That is all.
<soren> Bye.
<sommer> thanke, that's insightful
<soren> I mean... *really*, *really* hate.
<sommer> hehe... you should form your rants into a form of monolouge like lamont does from time to time :)
<soren> I just spent 4 hours staring at iptables rules, scratching my head, wondering why the bloody thing wouldn't do what I told it to. It didn't make *any* sense.
<soren> We ran out of ideas and rebooted the switch, and everything worked. Even the script we had 4 hours ago.
<sommer> heh, ya it sucks when that kind of thing happens
<soren> I've *never* seen anything like it.
<soren> The guy I'm working with here finally found it prudent to point out "Hm... That Cisco switch has done odd things before. Try rebooting it."
<sommer> ehehe, that's even worse, when someone might have known the solution sooner
<lamont> sommer: always glad to entertain.
<xinel> ah hah here we go
<xinel> the server room :)
<xinel> one question: if im setting up a postfix mail server do I also need to set up a dns caching server?
<xinel> cheers
<sommer> lamont: heh, it is... it is :)
<sommer> xinel: nope not necessarily
<lamont> xinel: totally separate questions.   no need to set one up
<xinel> ah i c
<xinel> then my postfix problems lie elsewhere
<xinel> thanx everyone
 * xinel goes to do a whole lot more reading :P
<lamont> hrm... if he was still here, I'd point out that resolv.conf does get copied into the chroot..
<lamont> oh well.
<fairyeneried> hello
<fairyeneried> hola forces XD
<fairyeneried> i need help configuring a graphic interface to a small server
<fairyeneried> somebody can help me?
<forces> fairyeneried, hi!
<forces> only english here
<fairyeneried> yes i can see
<fairyeneried> only english and a channel
<fairyeneried> nobody here?
<n6rej> anyone awake to help with a minor samba problem?
<n6rej> I need to change my working smb.conf file so that users don't have to authenticate
<osmosis> what is with the absolutely horrible JeOS documenation
<n6rej> JeOS?
<osmosis> http://doc.ubuntu.com/ubuntu/serverguide/C/jeos.html
<n6rej> osmosis: did you read the tutorial?
<osmosis> n6rej: its not difficult..it just seems like bad examples.
<osmosis> n6rej: but no biggy, i decided to stick with the standard server install anyways.
<n6rej> osmosis: oh well its brand new so thats not surprising.... the docs for breezy and woody were pretty bad too
<osmosis> n6rej: I was just being told before that JeOS is built for use with KVM, but I dont get this whole appliance thing the docs are talking about.
<n6rej> osmosis: well an appliance is typically a function dedicated variant.
<n6rej> osmosis: like my wrt54g is a "linux appliance".  Yes it runs linux, yes it CAN be updated, but it is dedicated to a specific function.
<n6rej> osmosis: a car is an Appliance... it wouldn't make toast very well, but it will sure eat a hole in your wallet
<n6rej> i can't figure out why flyspray won't show me the upload attachments settings
<n6rej> god I hate when I'm stupid
<n6rej> can anyone tell me why "ntpdate pool.ntp.org" in cron.daily/ntpdate doesn't work?
<incorrect> hello, what is the choice ftp server these days?
<kraut> incorrect: vsftp is nice, but proftpd also
<kraut> depends on yourself
<incorrect> i've used vsftp for a long time
<incorrect> however these things go in and out of favour
 * delcoyote hi
<sommer> hey all, just wondering if anyone was working on bug 175689
<ubotu> Launchpad bug 175689 in samba ""Share Folder" in right-click menu does not share ntfs drive folders" [Low,Incomplete] https://launchpad.net/bugs/175689
<sommer> I'm setting up a test environment at the moment, dapper sharing some ntfs folders on a second drive > will then upgrade to hardy... just fyi ;)
<sommer> nxvl: have time to check it out also?
<sommer> woops, after reading the other bug, it's mostly fixed :)
<Syntux> Hello, I'd like to know if it's possible to use ubuntu-server as a home server to route the internet and have a users/groups for internet access, limit the bandwidth to certain groups?
<nxvl> sommer: you need me to test or not anymore?
<sommer> nxvl: I don't think so, if you look at Bug #214714 comment 4, slangasek mentions that part of the bug is solved
<ubotu> Launchpad bug 214714 in samba "Upgrading to Hardy destroyed my network shares and when I try to recreate them I get this long complicated error message (dup-of: 175689)" [Undecided,Confirmed] https://launchpad.net/bugs/214714
<ubotu> Launchpad bug 175689 in samba ""Share Folder" in right-click menu does not share ntfs drive folders" [Low,Incomplete] https://launchpad.net/bugs/175689
<nxvl> sommer: :D
<sommer> nxvl: I think I'm going to give it a test though, since I've just finished installing Dapper :)
<nxvl> i'm working now on Bug #202508
<ubotu> Launchpad bug 202508 in openssh "ssh -X no longer works" [Undecided,New] https://launchpad.net/bugs/202508
<nxvl> sommer: i have a dapper install already
<nxvl> :P
<sommer> and it kind of relates to the Samba doc work I've been doing in the wiki
<sommer> nxvl: ah, cool that bug is probably a good one to solve before release
<nxvl> i was working on Bug #189616 so i have a virtual dapper here
<ubotu> Launchpad bug 189616 in dovecot "connection problems under load with hardy dovecot" [Undecided,Incomplete] https://launchpad.net/bugs/189616
<nxvl> so if you need me to test it, just ping me
<nxvl> i have everything here to test, even a ntfs partition
<sommer> nxvl: cool, thanks I'll give it a try and let you know
<nxvl> :D
 * nxvl HUGS sommer 
<AnRkey> i am having problems connecting to my imap server with outlook express
<AnRkey> thunderbird is fine though
<AnRkey> is there something i should know about OE?
<sommer> AnRkey: are you using dovecot?
<AnRkey> yes
<sommer> AnRkey: I think there is an option you need
<AnRkey> i get this in OE
<AnRkey>    Account: 192.9.201.4
<AnRkey>    Server: 192.9.201.4
<AnRkey>    User name: jmitchell
<AnRkey>    Protocol: IMAP
<AnRkey>    Port: 143
<AnRkey>    Secure(SSL): 0
<AnRkey>    Code: 800ccc03
<AnRkey> you have any clue as to what the option is?
<AnRkey> or how to find it
<sommer> AnRkey: try uncommenting this if you haven't in /etc/dovecot/dovecot.conf: imap_client_workarounds = outlook-idle
<sommer> you'll need to restart dovecot after chaning the config
<sommer> er changing
<AnRkey> same problem
<AnRkey> and they refuse to use thunderbird
<AnRkey> i wish i had something to work with
<sommer> AnRkey: which release are you using?
<AnRkey> it's a windows 2k server
<AnRkey> i have oe 6 and tb2 on it
<AnRkey> the server is ubuntu 7.10
<sommer> AnRkey: are you using maildir or mbox?
<sommer> AnRkey: you might check out this post: http://my.brandeis.edu/bboard/q-and-a-fetch-msg?msg_id=0001es
<AnRkey> maildir
<sommer> AnRkey: if you search on the error code 800cc03, there are a lot of hits in google
<AnRkey> i have been working through them
<sommer> ah, ya it seems to me to be some OE weirdness
<AnRkey> it's driving me nuts
<AnRkey> i have to have this working soon too
<Kirok> Anyone good with IT law, I'm basically wondering if theres a definitive right or wrong answer to this http://angrygeek.org/cw3-08a.doc or if its about your individual argument.
<ScottK> Kirok: I think it's about doing your own homework.
<AnRkey> and I just got asked to leave the installation
#ubuntu-server 2009-04-13
<vraa> hello! what kind of server racks do you guys use for your ubuntu machines
<PhotoJim> I don't yet, but any rack that works well with other OSes works well with Ubuntu :)
<PhotoJim> my server is rack-mountable but it sits on my bar in the basement :)
<vraa> can you look over my cart and tell me if i have selected a feasible solution? http://secure.newegg.com/WishList/PublicWishDetail.aspx?WishListNumber=15265567
<PhotoJim> feasible for what?
<PhotoJim> oh, for the rack
<PhotoJim> I'm not at all the one to ask
<PhotoJim> I've never used one, never owned one, IT is my hobby not my job
<PhotoJim> I am going to put a rack in a server closet in my basement once I develop it, but I have to hit up friends for advice when I do it
<PhotoJim> a 4U case is pretty tall btw... my server is 2U (but then again it was built to be a server)
<vraa> it is my hobby too, i want to build a file server
<PhotoJim> what you chose looks fine if you don't mind a big machine, but you sould definitely hang around until someone who knows better can answer
<PhotoJim> I bought a used enterprise-level file server, 2U PIII-1 GHz dual CPUs with 1 GiB RAM
<vraa> yes i will wait, i dont want to end up not being able to mount the case into the rack
<PhotoJim> I stuck a SATA card and a couple of SATA 1 TB disks in it on RAID1 and I'm good to go
<PhotoJim> and added a gigabit Ethernet card for the LAN (built in 100BaseTX for WAN was fine)
<PhotoJim> smart plan :)
<twb> We have gigabit everywhere... except the switches and routers :-/
<vraa> i am going to buy a cheap amd quad core and load it up with cheap sata2 cards
<vraa> and throw in as many harddrives as i can accumulate
<twb> vraa: so they overheat and die
<twb> ?
<gouki> Hi. Is there a way of deleting entries on /sys/class/net of non-existent interfaces without restarting the machine?
<twb> gouki: is the problem that the (now gone) NICs are still holding on to eth0 and eth1, so that your new NICs get higher eth2 and eth3?
<vraa> i hope they dont overheat
<vraa> the case has a 120mm fan
<twb> vraa: if you're gonna have more than four disks, I would definitely have at least two fans, and preferably a not-shit case.
<gouki> twb, it would not be the first time happening, but no :) I played around with IPV6 tunnel brokers and have 3 non-existent interfaces there that show up on ifconfig -a :)
<twb> And of course SMART on.
<twb> gouki: sorry, I dunno
<vraa> twb - what qualifies a shit case vs a non-shit case, any key aspects i should look for specifically? or if you know of a good company?
<gouki> twb, no problem. even restarting network doesn't seem to do it.
<twb> vraa: usually it will be a name brand, and have decent reviews from respected tech publications
<twb> vraa: if it is beige, it is probably not a good case.
<vraa> what are some tech publications who review server parts? i am familar only with sites like hardocp and techreport
<vraa> haha this case is black
<twb> vraa: in general I have been pleased with antec and coolermaster, but though a couple are horrendous (particularly some targeted at "set-top box" roles).
<twb> To be honest I try really hard not to use hardware at all, so I can't really recommend any publications
<Shoopuf> Hello... I am trying to run "sudo iptables-save > /etc/iptables.up.rules" ... But it says "Access Denied," and I definitely input the right sudo password. Any ideas? I am trying to add some sort of rule to my iptables to block brute-force attempts :P
<Shoopuf> Any idea why the access would be denied?
<p_quarles> Shoopuf: sudo -s 'iptables-save > /etc/iptables.up.rules'
<p_quarles> you need to shell argument before sudo can redirect stdout to a file
<Shoopuf> p_quarles: I see :) thanks
<Shoopuf> Do you guys suggest keeping SSH login at port 23 or making it something else?
<Shoopuf> Seems most of the articles I read refer to 22/23
<twb> Shoopuf: sudo only affects the command, not the redirect
<twb> iptables-save | sudo tee >/dev/null /etc/iptables.up.rules
<Shoopuf> twb: thanks
<Shoopuf> I am just learning about Ubuntu and setting up a server... I've been using "sudo cat auth.log" to check for hack attempts... Is this the way that you guys go about checking your logs?
<ScottK> less auth.log is what I use
<jtaji> Shoopuf: less is probably more useful
<jtaji> :)
<ScottK> tail is good too
<Shoopuf> OK thanks, I'll try all of those. "less" seems a lot easier to read than "cat" ... Also I just found this interesting "Ubuntu Security" forum post :) http://ubuntuforums.org/showthread.php?t=510812
<twb> I use logcheck
<twb> It sends me an email each day about all the log events that I have not declared "boring"
<Gnea> got a strange issue in 8.10 - dbus isn't properly re-running getty on the tty's if a user logs out of console - why is that?  i've tried sudo /etc/init.d/dbus restart  to no avail
<cjwatson> Gnea: dbus isn't responsible for spawning gettys - upstart is
<Gnea> hrm
<cjwatson> (I don't know the answer to your question, but not starting from the wrong place will undoubtedly help ...)
<Gnea> cjwatson: awesome, thanks
<godowner> Hey all...
<godowner> Anyone here that can help me setup a mail server :( I've been trying quite a lot, with webmin, etc. can't do it :S
<godowner> !mx
<ubottu> Sorry, I don't know anything about mx
<godowner> !mailserver
<ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/7.10/server/C/email-services.html
<godowner> need email, mx settings fella...
<godowner> !aliases
<ubottu> Sorry, I don't know anything about aliases
<Pete_B> I have a server with a SCSI hard disk (sda in fstab) and a USB-attached hard disk (sdb in fstab) for backup. If the server restarts with the USB hard disk attached Linux tries to mount the USB-attached disk as / and fails. How do I make it so Linux doesn't assign /dev/sda to the external backup disk on startup? Some of my servers do this and some don't.
<friartuck> Pete_B boot order in bios?
<Pete_B> friartuck: Perhaps I was mistaken to say it boots '/'. It boots off the disk OK, into GRUB and beyond, but after a while (and I don't know the technical term here) it moves on to a section of loading the system where it moves on to the USB disk rather than continuing to use the internal disk
<friartuck> Pete_B fstab has usb-drive mounting on / instead of /media/usb or /backup?
<Pete_B> friartuck: fstab has sda1 /media/backup (back in 5 mins)
<friartuck> Pete_B is that a typo? should be sdb1 /media/backup? sda1 /?
<Pete_B> friartuck: yeah an unfortunately very misleading typo, sorry sdb1
<Pete_B> for the sake of full disclosure, the server's running Debian, not Ubuntu. I've moved from Debian to Ubuntu for my desktops and came in here forgetting I hadn't done the same for my servers :)
<Pete_B> just realised this
<friartuck> Pete_B are you sure bios has sda set to boot first? does sdb have /boot?
<Pete_B> friartuck: sdb doesn't have /boot. It boots OK but Linux doesn't fully load, it gets so far then fails after a couple of pages of Linux boot messages. This is well beyond the BIOS level.
* You're now known as ubuntulog
<Pete_B> thanks anyway
<Tsepa> Should in file /etc/hosts be every ip witch is assigned for computer like this way: <ip_address>     <canonical hostanme>     <server hostaname> ?
<Kamping_Kaiser> Tsepa, sorry, i dont understand your question entirely
<Kamping_Kaiser> *entirely understand your question
<Tsepa> That, my server got thee ip's, does it need to be everyone in /etc/hosts -file?
<Tsepa> s/thee/tree
<Kamping_Kaiser> not if your DNS server hands out the correct addresses
<Tsepa> And are format: <ip_addresses>    <reverse-dns>  <hostname>
<Kamping_Kaiser> and your network is stable enough for it guarantee address delivery
<Tsepa> Those all ip's are workig at the moment.
<Kamping_Kaiser> Tsepa, format is *usuallly* <ip> <fqdn> <hostname>
<Kamping_Kaiser> assuming the format of /etc/hostname is <hostname>
<Tsepa> What is fqdn?
<Tsepa> canonical hostname?
<Kamping_Kaiser> fully qualified domain name
<Nafallo> !fqdn
<ubottu> Sorry, I don't know anything about fqdn
<Nafallo> :-O
<Tsepa> are that same, witch I can get with command: host <ip>
<Tsepa> ?
<Kamping_Kaiser> Nafallo, :O
<Kamping_Kaiser> Tsepa, sorry?
<Nafallo> !fqdn is <reply> Fully Qualified Domain Name, i.e. archive.ubuntu.com
<Kamping_Kaiser> !hostname
<ubottu> Use hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hostname  and /etc/hosts . WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly. Alternatively, use the gui at System > Administration > Networking on the "General" tab
<Kamping_Kaiser> cool.
<Kamping_Kaiser> ubottu, hostname is also !fqdn
<Kamping_Kaiser> ubottu, messaged me, so perhaps it'll get added
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<Kamping_Kaiser> ubottu, we love you anyway :D
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<Kamping_Kaiser> !botsnack
<ubottu> Yum! Err, I mean, APT!
<Kamping_Kaiser> <3
<Tsepa> Kamping_Kaiser: thanks, now I understund that hosts-file
<godowner> Need help with Imap and postfix admin
<Kamping_Kaiser> Tsepa, hope i helped, sorry if i've not explained well, feel free to ask if you have issues later :)
<Kamping_Kaiser> godowner, really?
<godowner> ? yeah really...
<godowner> I've setup the postfix, tested with telnet 127.0.0.1 25, working, installed courier, how can I add user to it?
<godowner> To IMAP...
<Kamping_Kaiser> godowner, by default it uses the password file, but look in /etc/courier/authdaemonrc
<godowner> thenks...
<godowner> Haven't found anything there mate :(
<godowner> I'm quite noobish to this mail stuff... But do I even need IMAP login/pass?
<Kamping_Kaiser> godowner, describe your actual problem - i'm running courier-imap locally and not having issues
<godowner> Well I'm not sure anymore what seems to be the problem...
<Kamping_Kaiser> what _is_ the problem?
<Kamping_Kaiser> well
<Kamping_Kaiser> what made you ask thequestion?
<godowner> If I mail to myself from gmail.com email doesn't get there... I wish I could just give you ssh :(
<jpds> godowner: You can't see email from yourself in Gmail.
<jpds> Gmail thinks you made a mistake and hides it.
<godowner> oh?
<Kamping_Kaiser> jpds, (evening mate)
<jpds> Kamping_Kaiser: hello o/
<Kamping_Kaiser> jpds, :)
<godowner> Any other way to just test it out if SMTP actually works?
<Kamping_Kaiser> godowner, if i understand you correctly, you emailed f*from* gmail *to* your server you are setting up?
<Kamping_Kaiser> godowner, is this a static IP or dynamic?
<godowner> Well, its dynamic, but never changes xD I know it sounds silly but it actually hasn't changed in last 3 months of my  new net connection...
<godowner> And I sent from gmail to my server (got deliverance error), And I sent from my server to gmail (never got there)
<godowner> I'm probably asking silly questions since I have no exp. at all in mail servers :S
<Kamping_Kaiser> problem with dynamic ips is they introduce new problems into debuggfing smtp
<Kamping_Kaiser> godowner, whats the email address on your server? I'll email you.
<Kamping_Kaiser> and see what happens
<godowner> db@downbase.net
<Kamping_Kaiser> godowner, sent, give it a few minutes to bounce
<godowner> You have sent it successfully?
<Kamping_Kaiser> it sent via my ISPs smtp server, i'm waiting for the bounce.
<godowner> k
<Kamping_Kaiser> godowner,
<Kamping_Kaiser> <db@downbase.net>: host mail.downbase.net[89.212.214.247] said: 550 5.1.1
<Kamping_Kaiser>     <db@downbase.net>: Recipient address rejected: User unknown in local
<Kamping_Kaiser>     recipient table (in reply to RCPT TO command)
<Kamping_Kaiser> godowner, is that the sort of thing you see?
<Kamping_Kaiser> postfix is your issue, not courier
<godowner> okay...
<SWQ> ok
<Kamping_Kaiser> godowner, what level of logging do you have enabled? it might be worth you checking the logs to see the bounce (if its turned up that verbose)
<godowner> I'm not sure mate... How can I check?
<SWQ> strange strange error, ubuntu 8.10 server. Apache and ssh will not accept requests from sources not in my intranet, the ports are not blocked and being forwarded by my router the other apache servers on my network connect and show index.html. But when you attempt any sort of outside connection this one just times out
<Kamping_Kaiser> SWQ, can you describe the network(s) better? eg, the two netblocks in question, or (say) the output of ssh -vvv when connecting to the 'internal' host
<Kamping_Kaiser> godowner, i dont remember where postfix logs sorry, it may be /var/log/syslog, or it may be /var/log/mail.{err,log,info}
<Kamping_Kaiser> godowner, also, i dont know postfix well
<giovani> postfix, in ubuntu logs in /var/log/mail.{err,log,info
<giovani> }
<godowner> Thanks...
<Kamping_Kaiser> afiak ScottK and lamont are the people to ask about postfix, but tehy appear to be afk
<giovani> sorry, what's the question?
<Kamping_Kaiser> *they
<giovani> I have a decent amount of postfix experience ... and if I can't help ... #postfix is just a channel away :)
<SWQ> Kamping_Kaiser: i have an intranet running behind a lynksys wireless router but the server in question is connected via ethernet. i am attempting to connect using a dynamic dns to my network specifically this server from the internet. the other apache servers on my network work just fine this one doesn't accept requests.
<Kamping_Kaiser> giovani, could you help godowner ? i'm postifx ignorant
<SWQ> Kamping_Kaiser: here is the output you requested
<SWQ> Kamping_Kaiser: justin@devo:/etc/resolvconf$ ssh -vvv justin@192.168.1.109
<SWQ> OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
<SWQ> debug1: Reading configuration data /etc/ssh/ssh_config
<SWQ> debug1: Applying options for *
<SWQ> debug2: ssh_connect: needpriv 0
<SWQ> debug1: Connecting to 192.168.1.109 [192.168.1.109] port 22.
<SWQ> debug1: Connection established.
<Kamping_Kaiser> SWQ, pastebin please
<SWQ> debug1: identity file /home/justin/.ssh/identity type -1
<SWQ> debug1: identity file /home/justin/.ssh/id_rsa type -1
<SWQ> debug1: identity file /home/justin/.ssh/id_dsa type -1
<SWQ> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-3ubuntu1
<SWQ> debug1: match: OpenSSH_5.1p1 Debian-3ubuntu1 pat OpenSSH*
<SWQ> debug1: Enabling compatibility mode for protocol 2.0
<giovani> godowner: what's the actual problem ... in a reasonably concise description please
<SWQ> debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
<SWQ> debug2: fd 3 setting O_NONBLOCK
<SWQ> debug1: SSH2_MSG_KEXINIT sent
<SWQ> debug1: SSH2_MSG_KEXINIT received
<SWQ> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
<SWQ> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
<SWQ> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
<SWQ> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
<SWQ> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
<SWQ> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
<SWQ> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
<SWQ> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
<SWQ> debug2: kex_parse_kexinit:
<Nafallo> !ops SWQ flooding
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<SWQ> debug2: kex_parse_kexinit:
<SWQ> debug2: kex_parse_kexinit: first_kex_follows 0
<SWQ> debug2: kex_parse_kexinit: reserved 0
<Nafallo> !ops
<SWQ> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exc
<ubottu> Help! Channel emergency! infinity, soren, lamont, mathiaz or tom
<SWQ> nafallo: sorry
<Pici> !paste | SWQ
<ubottu> SWQ: pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<SWQ> sorry all
<SWQ> didn't mean to spam
<Kamping_Kaiser> SWQ, ignoring the accidental paste, i dont see anything obvious in your ssh output. SSH2_MSG_KEXINIT sent+recived seems to indicate (to me at least) that the host is reachable from whatever your external host is
<SWQ> Kamping_Kaiser: thats from my internal host, i thats connecting to the machines local ip ill copy and paste the external output if you would like
<Kamping_Kaiser> giovani, godowner 's postfix server does not seem to be accepting mail for local users
<giovani> Kamping_Kaiser: he's pming me -- I'll see if I can help him
<Kamping_Kaiser> giovani, i'm throwing that in since i cant see a reply above from godowner
<Kamping_Kaiser> giovani, no worries then. if you could, reply back to the channel with a solution if you find one (the channel is publically logged, so having solution_+question woudl be great)
<Kamping_Kaiser> SWQ, wb
<giovani> Kamping_Kaiser: sure
<giovani> ok, so he's installed postfixadmin, to do configuration
<Kamping_Kaiser> giovani, cheer
<Kamping_Kaiser> s
<giovani> godowner: can you put your /etc/postfix/main.cf into www.pastebin.ca for me?
<SWQ> Kamping_Kaiser: thanks im attempting to connect via the internet now... it's stalled trying to contact port 22 well it hasn't timed out yet but thats where it seems to be heading again
<godowner> sec
<Kamping_Kaiser> SWQ, ok. can you 'host' the server in question successfully? can you telnet to the apropriate port?
<godowner> giovani: http://www.pastebin.ca/1390598
<giovani> godowner: ok, and what IMAP/POP server are you using/planning to use?
<godowner> courier...
<giovani> ok
<godowner> Managed to install it not sure if it works OK though
<giovani> ok, well you haven
<giovani> haven't configured postfix at all yet
<SWQ> Kamping_Kaiser: its working locally like i've said, the dynamic dns connection isn't working for this server.  telnet can't connect either... however connecting locally is not an issue at all
<giovani> I recommend that you read the basic config document from the postfix team, it should get you set up
<godowner> :S okay
<godowner> Afterwards...
<godowner> How can I test it to make sure config is ok?
<Kamping_Kaiser> SWQ, you'll need to get your dyndns setup then
<godowner> may I post it again to you?
<giovani> you mean making sure the syntax is right, or making sure postfix is running?
<bromar> Hey, i have a small problem i need to see the logfile of logins on my server how do i do that ?
<SWQ> Kamping_Kaiser: i've done some testing and im sure the DDNS is getting to my router, i can connect and login as well as connect to apache on other machines... this particular one seems to dislike the idea of the internet though... are there settings i may have neglected that you can think of
<SWQ> Kamping_Kaiser:  login to my router that is
<Kamping_Kaiser> SWQ, are you willing to give me the dyndns address of the host (pm is fine) so i can host / telnet from here?
<foxbuntu> Hi all. Looking to bounce some devel ideas around, I am considering going to UDS this year and wanted to register a blueprint for discussion but wanted to get input/see if anyone would be interested in pursuing it as well
<godowner> Well I wanna make sure the syntax is ok first...
<Kamping_Kaiser> SWQ, the most obvious answe ris your gateway/proxy not having the correct forwarding in place
<Kamping_Kaiser> foxbuntu, spit it out, but i'd suggest the email lists may be a better plac
<Kamping_Kaiser> e
<foxbuntu> Kamping_Kaiser, I will sure do that...irc is just better for me at the moment
<SWQ> Kamping_Kaiser: if that were the case it wouldn't allow me to connect to other apache servers... port 80 343 and 22 are being passed to the local ip of the server... it's the only one acting up in this way and ill pm you the address one sec
<Kamping_Kaiser> foxbuntu, i'm happy to hear you out :)
<Kamping_Kaiser> SWQ, ok
<foxbuntu> Kamping_Kaiser, One thing from the management persepective when working at a Network Admin is a Unified Management Interface, I know this is a gaffe but, sort of Like WMI in Windows
<foxbuntu> something that all applications can report logs to, can be controlled from ect
<Kamping_Kaiser> whats WMI?
<foxbuntu> so a network app, or script can attach to via a stanard proto
<foxbuntu> Kamping_Kaiser, Windows Management Interface
<Kamping_Kaiser> foxbuntu, for those of us not familar with windows (sorry! :D), whats it /do/?
<Kamping_Kaiser> foxbuntu, i've not worked with windows in any real sense for over 12 months, and not with servers *at all*
<foxbuntu> Kamping_Kaiser, simply, everything, rather than writing code to interact with each application or to run shell command ect, you can just connect to WMI via a proto across the network and control all the actions of the machine or gather data about the machine through simple SQL-like queries
<foxbuntu> Kamping_Kaiser, it's unfortuantly my day job
<Kamping_Kaiser> foxbuntu, my sympathies.
<foxbuntu> Kamping_Kaiser, MS pays the bills, its always busted :D
<ScottK> Up until a couple of days ago we had a wmi client in Ubuntu.
<SWQ> truer words have never been uttered
<bromar> Dose someone know if there is a logg file of logins on a server and if how to get it ?
<Kamping_Kaiser> foxbuntu, i suspect Ubuntu is the correct place to launch your idea, and i suspect it would be well recieved. I personally add the following proviso: as long is it doesnt remove the UNIX methods in the system
<giovani> godowner: this is the document you'll want to read: http://www.postfix.org/VIRTUAL_README.html
<ScottK> It was pretty irretreivable broken, so I had it removed from Jaunty though.
<Kamping_Kaiser> SWQ,
<Kamping_Kaiser> SWQ,00:21:31 kgoetz@wesnoth:~$ host parkerwelding.office-on-the.net
<Kamping_Kaiser> parkerwelding.office-on-the.net has address 192.168.0.3
<Kamping_Kaiser>  
<Kamping_Kaiser> SWQ, your host has an unroutable IP set for its public IP. fix it, and all shoudl work :)
<foxbuntu> Kamping_Kaiser, no, I just want it to be part of the OS and to be an common API that could be used by any application
<ScottK> bromar: less /var/log/auth.log
<Kamping_Kaiser> SWQ, ops, sorry, this is the channel not PM, my apologies :(
<SWQ> kamping_kaiser: no worries this is going to seem a bit newbish but how do i correct this problem?
<Kamping_Kaiser> foxbuntu, well... good luck. it'll be quite an intrusive change (like the launchpad-integration), and yvmv.
<foxbuntu> Kamping_Kaiser, thanks. I hope I can help push it into change. It would make the sell a little easier to convert some Windows machines to Ubuntu :D
<Kamping_Kaiser> SWQ, this will be equally noobish - i dont know. double check your dynddns settings. if theres a 'public' vs 'private' ip, check you have them the crrect way around
<foxbuntu> I will go hit the mailing lists when I have some time
<Kamping_Kaiser> foxbuntu, personally i'm not a fan of software being recompiled with an arbiary 'standard' api, but i can see why some would like it. good luck with your quest - i'll keep an eye on ubuntu-servers list ;)
<foxbuntu> Kamping_Kaiser, thanks!
<Kamping_Kaiser> foxbuntu, :)
<Kamping_Kaiser> ScottK, 'evening, btw
<ScottK> o/
<Kamping_Kaiser> sorry for dropping your name before, hope you didnt get pinged
<SWQ> well funny story i figure out what was going on... but now theres a whole much larger can of worms..
<Kamping_Kaiser> SWQ, \o/
<SWQ> why oh why was it allowing my to see machines inside of my network with the "unroutable" ip
<SWQ> i appreciate the help
<Kamping_Kaiser> presumably becaues all your hostsa re on the unroutable address, so you could see them all
<godowner> How to completely remove a package? So there is nothing left?
<godowner> I manually edited something and now whenever I aptitude reinstall it, it gives an error
<Kamping_Kaiser> godowner, --purge remove
<godowner> thenks a lot
<SWQ> kamping_kaiser: i played around with the address and stuff in etc/network interfaces and now i can connect to the server you the ip that was now working before
<SWQ> kamping_kaiser: i am puzzled to say the least
<Kamping_Kaiser> SWQ, puzzled bout what?
<fevel> hello
<fevel> how can I make ufw allow anything from pop3.riotravel.com.br
<fevel> ufw allow from pop3.riotravel.com.br didnt work
<jdstrand> fevel: sudo ufw allow from `host pop3.riotravel.com.br | awk '{print $4}'`
<jdstrand> (assuming that the ip address is in column 4 for your locale)
<jdstrand> fevel: you must use an ip address
<fevel> jdstrand: really?
<fevel> jdstrand: I cant use a domain name?
<jdstrand> fevel: that is correct
<fevel> that sucks because the pop changes ip all the friggin time
<jdstrand> it is generally not considered a good idea to use a domain name in your firewall
<fevel> got it
<fevel> thanks for the tip
<foxbuntu> fevel, do an nslookup on the domain name and grab all the IPs
<fevel> Iok
<foxbuntu> then create a rule for each ip
<fevel> got it
<fevel> better than leaving it open for a dns spoofer
<foxbuntu> yup
<fevel> ok
<fevel> If I really wanted to do it I could add it manually to before rules right?
<fevel> just checking
<foxbuntu> fevel, Im sure they use DNS round-robin to swap the IP based on the request (which is normal for a datacentre)
<foxbuntu> fevel, sorry i didnt understand your question
<fevel> If I wanted to add the dns rule I could add it to the before.rues the old fashion way right?
<foxbuntu> im not sure, but adding a dns entry into a firewall policy is a very bad idea
<fevel> forget about it, I aint doing it the wrong way anyway... now that I know better
<godowner> One question, can I login only once as sudo so I don't have to write it everytime I want to execute a command line on admin level?
<foxbuntu> fevel, unless you prefer I take control of your system for you ;) j/k
<foxbuntu> godowner, yeah sudo -i
<fevel> lol
<godowner> thank you xD
<fevel> can I tag a rule on ufw or something so I later on know what that ip stands for?
<foxbuntu> i dont think so
<fevel> darn
<fevel> thats not good for documenting
<foxbuntu> fevel, but if you really need to know what an ip is, nslookup <ip> will tell you :P
<fevel> ok
<Kamping_Kaiser> fevel, you cant via ufw, but you could manually edit the ufw config(s)
<fevel> Kamping_Kaiser: should I (your opinion)
<Kamping_Kaiser> fevel, if your additions to the files are comments, i dont see why not
<fevel> Kamping_Kaiser: dont really see the need... with nslookup
<fevel> Kamping_Kaiser:  yes your right
<foxbuntu> fevel, really doesnt matter if you comment the lines out I personally do it with my larger IPtables confs
<foxbuntu> fevel, but with a few lines you will likely look at again...its a matter if its worth the time to do it
<foxbuntu> gl fevel i gtg
<fevel> yeah I guess Ill leave it for now
<slestak> anyone using likewise open with their ubuntu?  I am using a combination of the LWI enterprise and LWO
<kraut> moin
<OscarTG> how do i add a new user to the sudo group?
<slestak> OscarTG: I think they just need to be member of admin group
<OscarTG> i am a member of the admin group and need to added another user and need to give them sudo use
<jpds> OscarTG: sudo adduser $username admin
<giovani> OscarTG: if you add a user to the admin group, they can use sudo
<OscarTG> so i already made the user how to i add them to the admin group
<slestak> man usermod, don't forget to use the -a switch for append, or their only group will br admin
<giovani> OscarTG: usermod -aG admin USERNAME
<jpds> OscarTG: My command still applies.
<jpds> OscarTG: man adduser: "If called with two non-option arguments, adduser will add an existing user to an existing group."
<reid> hi, if I'm trying to install ubuntu on an old comp, should I use ubuntu-server, and just install what i need?
<reid> I'm not very familiar with the package
<ivoks> you want server or desktop?
<reid> well
<reid> its going to be a torrent box
<reid> so I really have no need for GUI
<reid> afk now though =P
<foxbuntu> reid, I would use desktop and remove/dont select X
<foxbuntu> reid, the server kernel has some differences that make things more difficult for you
<foxbuntu> that could*
<ivoks> server kernel has support for PAE
<ivoks> old cpus don't support PAE and fail to boot ubuntu server
<olcafo> I accidently deleted a virtual image on my development machine with it was running. What struck me as odd is that it kept running without any problems until I shut it down. The VM doesn't seem to be reliant on the image even when copying and create new files, does anyone know how the image files actually used? (online documentation link would be nice.)
<foxbuntu> olcafo, what VM host?
<olcafo> KVM on an intrepid box.
<olcafo> the client was an old 7.04 install.
<olcafo> the VM worked for several hours, it was quite erie.
<reid> foxbuntu: thank you
<foxbuntu> olcafo, allot of that stuff is in swap/memory when running
<reid> ivoks: the cpu is not that old, just not very high end and 4 years old or so
<olcafo> I'm asking because I am developing a KVM over iSCSI solution, knowing that there won't be much traffic to the image would be usfull info.
<foxbuntu> olcafo, cool...
<olcafo> foxbuntu: but the system didn't even detect that the drive was missing!
<olcafo> foxbuntu: yes, it will be if I get approval.
<foxbuntu> olcafo, Im not too sure about KVM but I know with vmware and virtualbox they try to minimize the disk i/o because its allot slower than physical disk
<ivoks> reid: cat /proc/cpuinfo | grep pae
<ivoks> reid: that will tell if pae is supported by your cpu
<ivoks> mathiaz: do you have a minute?
<mathiaz> ivoks: sure - plenty of them in a day :)
<ivoks> hehe
<giovani> not enough!
<ivoks> we aren't going to ship dovecot-postfix as part of mail stack?
<ivoks> since, it's not part of the mail task in installer's tasksel
<mathiaz> ivoks: http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.jaunty/annotate/head%3A/mail-server
<mathiaz> ivoks: ^^ says no
<mathiaz> ivoks: it's probably too late now in the cycle to get this added.
<mathiaz> ivoks: we should discuss this option for the next release cycle.
<ivoks> i thought it was added, so i never checked that
<ivoks> ;...(
<ivoks> mathiaz: how about one more iteration of dovecot-postfix?
<mathiaz> ivoks: well - we've come a long way.
<mathiaz> ivoks: what do you mean?
<ivoks> there are some non-critical bugs, but should be fixed
<ivoks> 1) no documentation for dovecot-postfix
<ivoks> 2) dovecot is restarted before symlinks for certificates are created
<ivoks> 3) (feature) ntp should be added as dependecy
<ivoks> i've created debdiff for all of this, so...
<mathiaz> ivoks: ... that's karmic stuff
<ivoks> ok
<ivoks> we will get bug reports about this
<ivoks> dovecot will not start on installation of dovecot-postfix
<ivoks> in certain situations
<petia> ivoks !
<Sam-I-Am> openldap + gnutls = frustration++
<cellofellow> What's a Wiki engine that works with either FastCGI or SCGI? I wanted to use MoinMoin but I think it only works on Apache with mod_python and I'm using Cherokee instead.
 * andol is pretty sure MoinMoin runs from FastCGI...
<andol> http://moinmo.in/HelpOnInstalling/FastCgi
<cellofellow> oh, hey, thanks
<cellofellow> for some reason I quit googling after finding nothing on SCGI. :P Silly me.
<cellofellow> Cherokee has these lovely Cookbooks in the docs with step-by-step setup for various apps, but MoinMoin is not one of them. Maybe I should write one once I figure this out.
<MTecknology> What happened to aptitude update showing a number of packages that need to be upgraded after being run and that pretty list of stats when I log into my server? I loved those new features
<reid> is there an easy way to torrent things in the console?  i.e. SSH to my server, and torrent within the console
<jpds> reid: Tried using rtorrent?
<reid> nope thats what I was asking though =)
<ikonia> torrentflux for a web interface
<reid> ahh here we go, google probably has it from here
<reid> ooo
<reid> thanks also ikonia, that might be exactly what i want instead
<reid> ikonia: this is the most amazing thing I have ever seen in my life.
<cellofellow> With the PPA version of Deluge you can install only the web UI, works great for a server (the PPA version has the different UIs parceled out into different packages).
<fr500> ikonia: I use transmission daemon
<cellofellow> I did transmission for a while.
<fr500> and?
<fr500> it's good for me
<fr500> I used to have azureus on my headless server
<fr500> but it was way to much
<cellofellow> well, when I used it with the Clutch webui it was before Clutch was bundled into it, so it was a little clumsy. Neither has a built-in scheduler but with cron and a few commands to the console UI Deluge can be scheduled. Clutch also lacked any authentication of any kind, or SSL.
<cellofellow> Either way, both Clutch and Deluge WebUI closely mirror the looks of the desktop UIs. Not so much with Deluge and more so only if you use the AJAX Template.
<OscarTG> so i am looking around and reading a few placed that by defualt linux is set up to only have 4 serial ports.  Is this still true?
<Tsepa> Please help: My ubuntu-server does not found own ip with command host <hostname>
<danny-> Is there any alternatives to samba, thats uses the smb protocol aswell
<OscarTG> ok so looks like it is still true.  can anyone help me set up a 16650 4 port serial card?
<OscarTG> from what i can see i need to add a kernal command to grub.
<OscarTG> what kernal is being used in 8.10
<cellofellow> what's a good LDAP server?
<mathiaz> OscarTG: Linux kernel 2.6.27
<mathiaz> cellofellow: try openldap
<cellofellow> ok
<cellofellow> can only find a virtual package openldap-utils. found another server, though: slapd. That any good?
<mathiaz> cellofellow: yes - slapd in the openldap daemon
<mathiaz> cellofellow: yes - slapd *is* the openldap daemon
<cellofellow> ok
#ubuntu-server 2009-04-14
<cellofellow> thanks
<OscarTG> thanks
<uvirtbot> New bug: #359094 in xubuntu-meta (main) "XFCE fails to shutdown/restart if there is a tty login (dup-of: 251337)" [Medium,Invalid] https://launchpad.net/bugs/359094
<kb244> I currently have PHP Version 5.2.6-2ubuntu4.1 is there any way i can get it to 5.2.9? seems last time I tried to manually compile it, it reverted back to 5.2.6 a day later
<kb244> using ubuntu 8.10 server
<twb> kb244: 5.2.9 is not available for Ubuntu yet.
<kb244> ... despite I could compile it from source?
<twb> kb244: this is probably for a good reason (i.e. installing it breaks something, or is insecure).
<kb244> but 5.2.9 fixes security issues in 5.2.6
<twb> You *could* compile it from source, but I strongly discourage that.
<twb> If Ubuntu are doing their job, the Ubuntu version of 5.2.6 will include any relevant security fixes that upstream added to 5.2.9.
<kb244> so 5.2.6-2unbuntu4.1 is a special build by the ubuntu team?
<kb244> and not just a compile of 5.2.6 like you'd get from php.net
<PhotoJim> kb244: yes
<kb244> wont really worry bout it then :p
<kb244> right now I got apache disabled, and just running nginx + php (fast-cgi) + mysql5
<twb> kb244: all Ubuntu packages are gently caressed so they fit better into the overall distribution
<kb244> nginx was installed with apt-get so I assume thats the case as well
<twb> For simple packages like mg, that doesn't involve much.  For packages like PHP you can be sure that a LOT of fixing is needed to get things "right".
<twb> It depends how silly upstream is, amongst other things.
<kb244> i been using landscape , which is kind of nice. it would be interesting if it were extended into some sort of off-server cpanel :P
<kb244> i been wanting however to make users only see their home folder and unable to see above it via SFTP/SSH, but I don't want to have to create a jailed enviroment and such, nor use vftpd etc
<|rt|> anyone here familiar with iscsi...I'm having problems discovering a iscsi target being served by opensolaris
<|rt|> windows xp's iscsi initiator works with it so I'm assuming that this is a configuration issue on the initiator side on linux
<|rt|> http://pastebin.com/d3ebfbfac
<twb> Wow, landscape is not just vapourware now?
<kb244> twb: been using it for a couple weeks
<kb244> just gota request a demo
<kb244> its like a 60 day trial I think
<kb244> then its 150$ a year per node after that
<kb244> I only knew about landscape cuz I keep seeing this when I SSH into my box : Graph this data and manage this system at https://landscape.canonical.com/
<twb> kb244: uh, what?
<twb> Isn't landscape free software?
<kb244> no
 * twb loses interest
<kb244> It'd be really nice if it was a free service, but no
<kb244> I'm confused though
<kb244> on their website if you dig a lil "Free 'Landscape' Web-based Systems Management"
<kb244> but on the register page you're getting a 60 day free trial
<twb> There has been a stub package for it in Ubuntu's package tree for ages
<kb244> ahh I think I must have misread it
<kb244> "
<kb244> Landscape is free of charge to all of Canonicalâs support customers. As part of your annual subscription you are allowed unlimited access to this powerful tool that will reduce the cost of ownership in your Linux environment significantly. Landscape is also available by subscription for those who do not require support contracts.  Subscription to the Landscape service is priced at $150 per node per year.
<kb244> "
<twb> "Description: Placeholder for the Landscape client"
<kb244> naw I signed up for the landscape thing, then it told me what apt-get to install and how to register my machine
<kb244> and once I did that, it was sending reports to my account and such
<twb> Ah, so I guess this is not something I can actually provide to *my* customers; Canonical has full control over the back end.
<kb244> however
<kb244> "
<kb244> To buy Landscape as a stand-alone service please go to www.canonical.com/contact/sales
<kb244> "
<kb244> you could , but they don't show prices
<kb244> just request form
<oh_noes> I have the following in a --exec script for vmbuilder, but as you can see it doesnt work.  Anyone have any suggestions?  http://pastebin.com/mf101449
<oh_noes> All I'm trying to do is a automated install of java without the license prompt, I fail to see why it cant find apt-get though
<a1fa> hello.. i have one of Appro servers. Funny thing is.. When you hookup USB keyboard or PS2 keyboard it does not recognize neither
<a1fa> anyone have experience with this brand?
<twb> a1fa: that's almost certainly a hardware issue that you need to take up with your hardware vendor.
<twb> PS/2 and USB HID drivers are fairly commoditized, so I can't imagine how they could fail as a result of using Ubuntu
<a1fa> twb: shouldnt the serer not care about ps2 2 usb adapter
<twb> Ah.
<twb> PS/2 to USB converters are just plug adapters.  The do not work with keyboards.  They rely on the mouse itself speaking BOTH protocols.
<a1fa> so technically if legacy USB is not enabled it will be enabled when system bots?
<a1fa> so thats only for mouse
<a1fa> wierd
<a1fa> it has keyboard pictured
<PhotoJim> some older systems need a PS/2 keyboard to boot without error
<PhotoJim> USB keyboards are relatively recent
<SockPants> hello
<SockPants> what's the easiest way to identify and temporarily mount a usb-ide drive (8.04)?
<PhotoJim> easiest?  figure out what device name and partitions it has (dmesg | tail after you plug it in will help)... then mount /whateverfolderyoucreatedforit /dev/whateverdeviceyoufound
<PhotoJim> so if it's partition 1 on drive sdg, mount /media/externalhd0 /dev/sdg1 for example
<SockPants> yeah i can't seem to find which device name it is. i only have sda and thats the harddrive, not the usb drive
<PhotoJim> browse through dmesg and see.  it will be there.
<SockPants> hmm, theres errors
<SockPants> i unplugged it and plugged it in without the hub but nothing has changed in dmesg
<SockPants> ah, works now.
<SockPants> thanks
<SockPants> i didn't know about dmesg :D
<oh_noes> how do i change timezone to UTC without user prompt?  dpkg-reconfigure tzdata Etc/UTC still prompts 'chose a tz'
<Alysum> hi should I be concerned that an ubuntu server with 1.7GB RAM only has 192MB free ?
<oh_noes> Is there a package for open-vm-tools for hardy?
<drspin> oh_noes: I had to compile it
<owh> I successfully migrated a server from Gutsy to Hardy, now my fstab smbfs mounts fail with "CIFS VFS: cifs_mount failed w/return code = -22" -- any suggestions?
<drspin> owh: what kernel are you running
<owh> drspin: 2.6.24-23-server
 * owh thinks that the smbfs format is different from the cifs format of the fstab line.
<drspin> owh: did you try reinstalling smbfs ?
<owh> drspin: No, I didn't know it had been uninstalled. All I did was upgrade the server. No documents I saw indicated that it would be removed.
<drspin> owh: hmmm - feels like a kernel issue, my original 8.10 kernel crashed when I mounted CIFS. Kernel update fixed it
<owh> drspin: Uhm according to apt-cache policy I'm running the most recent kernel.
<drspin> owh: I'm on 2.6.11-server
<drspin> own: imean, 2.6.27-11-server
<owh> Hmm, with Hardy?
<drspin> 8.10. intrepid
 * owh has no intention of running anything other than LTS on a production server.
<drspin> ok
<owh> Any Idea on what the error code -22 is?
<owh> Or where I can find out?
<drspin> did you see this? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518113
<uvirtbot> Debian bug 518113 in smbfs "smbfs: mount.cifs fails with mount error(22): Invalid argument if server has multiple ip addresses" [Normal,Open]
<owh> It seems to indicate that the problem is my ip=mumble stanza. The mumble is defined in /etc/hosts - I wonder if this is changed behaviour. My remote device does not have multiple addresses by the way - not that I know anyway.
<owh> Crap, I hate it when working stuff just breaks for fun.
<owh> This makes no sense to me. I'm reading reports where I should install smbfs, but isn't cifs the replacement for smbfs and ultimately the new name of the same thing?
<owh> Not to mention that it's also already installed.
<owh> In case anyone else comes across this. smbfs can use ip=mumble, when mumble is defined in /etc/hosts, but cifs cannot. In addition it appears that smbfs does a fallback on the guest account if the supplied credentials don't work, cifs doesn't.
<kraut> moin
<reid> I'm trying to set up an ssh server on a ubuntu-desktop install.  connecting from an external network I keep getting :No route to host
<reid> can anybody help me?
<cemc> reid: do you have ping to the ubuntu-desktop with the ssh on it /
<cemc> is ssh server running? 'ps ax |grep ssh', 'netstat -nlp | grep :22'
<cemc> do you have some firewall on which would block the ssh ? 'iptables -nxvL INPUT | grep "22\|DROP\|REJECT"'
<owh> reid: Can you actually ping the other end?
<ikonia> ssh localhost on the server - test it can actually accept connections
<twb> If you have the ssh server in front of you, run "tail -n 0 -f /var/log/auth.log", then try to ssh in again
<twb> It will either report WHY you can't log in, or print nothing.
<ikonia> he's gone
<twb> If it prints nothing, then ssh is not seeing your connection, so look at firewalls, routing, ssh -vvv, etc.
<twb> ikonia: oh, sorry.
<ikonia> no need to apologise
<Doble> how can I see what the ACL properties are of a folder/file? when I do "ls -lha" I only get the drwxrwxrwx+
<Kamping_Kaiser> Doble, file attributes? lsattr
<Kamping_Kaiser> ls -d will list a directory, not its contents btw
<Doble> Kamping_Kaiser: thanks, but lsattr isn't doing it for me ... i just get a bunch of dashes, and they are all blank despite the files/directories having ACLs applied
<Kamping_Kaiser> Doble, what filesystem is this? how did you change the acls?
<Kamping_Kaiser> AnRkey, your giving me quake3 flashbacks
<Doble> Kaiser: it is ext3, i followed the "Securing Samba Guide" at https://help.ubuntu.com/8.10/serverguide/C/samba-fileprint-security.html - I used setfacl to change the permissions
<Kamping_Kaiser> as i dont 'deal with samba or acls, i can only suggest man setfacl to check for a 'list' option, or look at 'related commands' at the bottom of the man page
<Doble> ahhh, I didn't spot that when reading the man page the first time - "getfacl"
<Doble> cheers
<Doble> tried everything else! showfacl, infofacl, etc :)
<Kamping_Kaiser> hehe
<Kamping_Kaiser> Doble, no worries
<Doble> I dont understand this ... I have a directory set to group 'admin', getfacl lists the owner as admin, and ls -lha lists the group permissions as "d---r-x---+" I am a member of admin, the owner of the file is 'nobody' - why can't I access the folder?
<Doble> can anyone help ?
<simplexio> Doble: does group have x right to directory
<Doble> simplexio: I'm not sure ... do ACLS take precendence over unix permissions? according to unix the group has R and X permissions, but according to ACL's it doesn't ...
<Doble> im guessing they must, because I just tried setting the ACL group to RWX and it works
<simplexio> far as i know unix and acl permission are totally separated.., so if you set acl file "owner" you need give permission using setfacl
<Doble> okay ... i think you're right, is there any way of viewing permissions under windows? I'm trying to make this samba file server as windows-environment-friendly as possible. With windows servers you can open properties and see the users that can access the file, is there any way of doing that with samba?
<simplexio> no idea.. i tried to define acls into my linux->linux samba server but it didnt work that good. for somereson it doesnt keep default permission when i copy stuff into dir, etc.
<Doble> did you set the default mask?
<simplexio> yeah.
<Doble> :(
<simplexio> its my home fileserver and it has about 1 user, so its not a big problem, tried to learn that stuff too
<Doble> Is there any way to see permissions in this fashion when accessing a samba file share from a windows PC? - http://tinyurl.com/c2nq7v
<Doble> arghh these permissions are driving me mad !!
<Doble> I'm a member of the group 'admin' - the group admin has RWX permissions on the directory acl ... and yet I can open and read, but not write ???
<kinnaz|w> when i try to install lokkit. somehow the apt wants to install xorg+gnome, can i force apt not to install deps somehow ?
<kinnaz|w> thou lokkit is ncurses based application, so its strange in the first place it requires gnome.
<ernstp> is there any way to only download packages for do-release-upgrade?
<uvirtbot> New bug: #356789 in mythbuntu "Upcoming recordings not displaying unless recording in progress (dup-of: 326768)" [Undecided,Incomplete] https://launchpad.net/bugs/356789
<uvirtbot> New bug: #358173 in mythbuntu "Database connection issues with Mythbuntu 9.04 x64 (dup-of: 326768)" [Critical,Fix released] https://launchpad.net/bugs/358173
<kinnaz|w> gnome-lokkit - basic interactive firewall configuration tool (GNOME interface)
<kinnaz|w> lokkit - basic interactive firewall configuration tool (console interface)
<kinnaz|w> why on earth does that "lokkit" depend on gnome
<kinnaz|w> apt-get install lokkit, wants to bring me gnome
<infinity> Recommends: gnome-lokkit
<infinity> apt-get --no-install-recommends install lokkit
<kinnaz|w> hmmmz tnx strange
<kinnaz|w> i have installed lokkit several times
<kinnaz|w> never had to tell him not to install recommends
<infinity> Installing recommends by default is a reasonably recent change to apt.
<kinnaz|w> okey, thou is it really the smartest thing to recommend that gnome version
<infinity> (Reasonably recent to the server crowd, anyway, who are used to not upgrading to new releases very often)
<infinity> The recommends should probably be a suggests.  Feel free to file a bug.  *shrug*
<infinity> We cleaned up most of the overzealous recommends in main, but universe stuff like lokkit still needs some work.
<Doble> I'm having problems with samba ... since I set up ACLs, when I create a user, I go to log in as that user (which usually 'primes' samba to allow that user to connect to file shares) and as I log in as bill, I recieve the message "Failed to add entry for user bill." - so bill can't access any file shares, any ideas ???
<SockPants> hi, can anyone tell me if this is a severe problem? its on a server thats hardly in use:
<SockPants> Tuesday, April 14, 2009 PM01:02:09 HKT  **WARNING** Address resolution queue is full [4096 slots]
<Doble> why do I have to log into the terminal as a new user I created BEFORE they are able to access shares on my samba file server ?
<foxbuntu> Doble, not totally sure on this, but I think that samba wont pick them up as a valid user until they have logged in once, unless you manually add them as samba users
<jcastro> soren: want to do a virtualization session for openweek?
<soren> jcastro: When is it? I'm still catching up on e-mail since... too long ago.
<jcastro> week after release: https://wiki.ubuntu.com/UbuntuOpenWeek/Prep
<soren> jcastro: I'd like to do several, actually. I need to consider whether I have time for anything at all, though.
<jwendell> hi, folks, is there any plan to make ubuntu server homologed to run oracle db?
<soren> "homologed"?
<jwendell> certified
<soren> Ah.
<jwendell> as RHEL, Suse...
<soren> SuSE is certified for Oracle? I didn't know that.
<jcastro> soren: that would be great, can you think hard today? We'd like to get the schedule out and published.
<jwendell> soren, yep
<jcastro> soren: this is openweek, not developer week so the sessions don't need to be hardcore, intro sessions are fine.
<jcastro> eg. you won't need to do much prep
<soren> jcastro: "today" being your today? So I have another 7-8 hours?
<jcastro> yeah something like that. :)
<soren> jcastro: Oh.. Right, ok. The sessions I was thinking about were probably more developer week material.
<jcastro> right, save those
<jcastro> how about like, an intro to kvm or something?
<soren> Let me think about it for a bit.
<SockPants> hi all, what's a nice way to make regular backups of an entire system?
<SockPants> onto a smb share
<giovani> smb? uh
<PhotoJim> if you were using an nfs share I'd suggest rsync
<giovani> backuppc does smb, I think
<PhotoJim> but smb doesn't retain the ownership and permissions of files that LInux filesystems record (not without some work at least)... so that implies using tar
<giovani> but it's not really oriented at backing up servers
<SockPants> i can live with using tar if its usable for this
<PhotoJim> the bad thing about tar is that you'll have to fully backup your files each time
<giovani> well tar just combines files ... so it's not really a backup facility
<PhotoJim> rsync is smart enough to just backup the differences
<friartuck> SockPants looked here? https://help.ubuntu.com/community/BackupYourSystem
<PhotoJim> giovani: it's not optimal, but it retains file ownership and modes, which I think is important here.  assuming that SockPants for some reason can't use ext2/ext3/ext4 filesystems for the backup, which would be far better.
<giovani> PhotoJim: I wasn't disagreeing with you
<PhotoJim> giovani: oh, I know. :)
<giovani> I was just informing SockPants that tar was not a "backup solution" the way he probably wants
<PhotoJim> That's a good article, friartuck
<giovani> indeed
<giovani> glad he linked it
<PhotoJim> I have my server on RAID1... I don't bother backing up the / and /usr drives (I just copy the hard-to-replicate config files onto an NFS share on another machine, or one could even use floppy).  and I have a third hard disk as my /public and /home partitions, and that drive is on RAID1.  plus, I backup all the data via rsync to an identically-sized drive in an external USB case once a week or so.
<SockPants> instead of tar i could even use dd
<SockPants> its only a 20gb drive of which a few gigs are used at best, the files are all on a different machine
<PhotoJim> dd backs up every byte of the drive, so it's slower
<PhotoJim> does work though
<PhotoJim> every byte of the partition, technically
<PhotoJim> dd would preserve all your filesystem information though
<SockPants> i could restore a dd backup using a livecd right?
<SockPants> mm, i suppose if i didn't compress the file, even empty space on the drive would take ages to copy over 100mbit/s
<giovani> SockPants: you can gzip a dd image
<giovani> which should eliminate all of the large blocks of zero data
<giovani> in fact, you can stream a gziped dd image (while it's being taken) if you don't have enough space locally
<giovani> I do it all the time
<PhotoJim> SockPants: why don't you just get another hard disk and a USB case, and dedicate that drive to backups?  much easier.  you can use native Linux filesystems, and no other systems can affect your data.
<giovani> with netcat
<friartuck> SockPants if you were going that far, maybe look at partimage on http://partedmagic.com .
<giovani> PhotoJim: dd does entire drives, or partitions ... user's choice
<giovani> it's the best way to have an identical copy of everything
<giovani> and it's faster than a filesystem-level backup, if you're going to backup everything
<SockPants> can't i just dd the disk onto a smbfs mount and be done with that, even if it copies all the 0-blocks
<giovani> SockPants: yes ... pipe dd through gzip
<giovani> and the zero blocks are a non-issue
<MTecknology> How do I setup my system so when a user changes their password the samba password for that account will update too?
<PhotoJim> giovani: oh, yeah, that's true.  I always think of it as a partition-level command.
<SockPants> that, or i could just leave it, because the filesystem is compressed anyway. it would just take time to copy all the 0-data to the other machine before it gets compressed
<giovani> SockPants: the filesystem is compressed?
<SockPants> yeah on the remote machine
<giovani> uh, ok
<giovani> well, you're still wasting time/bw moving the zero blocks over the network
<SockPants> hmm
<SockPants> but i'm saving the server processing time by not compressing it locally
<giovani> and I don't know how your filesystem is compressing itself
<SockPants> how much would that be?
<giovani> hard to say
<giovani> try it out
<giovani> you can dd and gzip it in one command, right to the smb mount point
<giovani> so it doesn't take up space locally
<SockPants> copying the entire disk would copy swap space as well, right? would that cause any problems with dd?
<giovani> no ...
<SockPants> ok
<giovani> dd only knows about hard drive blocks
<giovani> it doesn't care what the data is
<giovani> it doesn't know what the data is either
<SockPants> so i'd just dd if=/dev/sda > /mnt/backups/backup1.bin or something
<giovani> the advantage of dd is that if the server dies, you can literally restore the ENTIRE thing, in one step
<SockPants> yeah
<giovani> no reinstalling the OS and manually moving back configs, etc
<giovani> no
<giovani> dd if=/dev/sda of=/mnt/backups/backup1.img or whatever
<giovani> however, I'd pipe it through gzip
<SockPants> is there a fast setting for gzip that won't compress as much but still get rid of the 0-data
<giovani> probably
<giovani> read the manpage
<SockPants> yeah, gzip --fast
<giovani> or just try it out
<SockPants> :D
<giovani> you never know what the load will be
<SockPants> i'll start now
<SockPants> then lastly
<SockPants> is there a way i could add something to the command to make it add a time/date to the filename?
<giovani> use bash command substitution
<PhotoJim> SockPants: yeah, copying swap space is of no benefit, but nor is it harmful
<PhotoJim> SockPants: technically a gig of my terabyte data drive array is swap, but I don't care.  it's not significant enough space to treat it separately.
<PhotoJim> gzip is pretty efficient, even on slower machines I find.
<PhotoJim> 7zip has much better compression, but it will bring a slower machine to its knees.  works best on machines with multiple CPUs or multiple cores.
<SockPants> ive got this now
<SockPants> screen sudo dd if=/dev/sda | gzip --fast > /mnt/backup/ubuntu/dev-sda_on`date +%a%d%b%y-%s`.dd
<SockPants> it creates the file, but outputs a lot of garbage to the screen and the file doesnt grow
<giovani> why are you screening it?
<SockPants> past 20 bytes
<yann2> uh. interesting backup procedure :)
<SockPants> because i want to do other stuff at the same time :P
<giovani> uh ... it's called BACKGROUNDING
<giovani> do not use screen for this
<SockPants> how do i do this
<SockPants> i always use screen =)
<giovani> well that's a bad habit
<giovani> break it now
<giovani> and I said to pipe it to gzip
<SockPants> i did.., what did i do wrong
<giovani> uh, sorry, you are
<giovani> so what's being outputted to the screen?
<giovani> try running the command without prepending screen
<SockPants> a constant stream of stuff
<giovani> it should work fine
<giovani> I just verified the command, it works perfectly
<SockPants> ok, it works, but now it waits until it finishes
<SockPants> how do i background it
<giovani> learn bash :)
<giovani> (add " &" onto the end
<giovani> i.e sudo dd if=/dev/sda | gzip --fast > dev-sda_on`date +%a%d%b%y-%s`.dd &
<SockPants> hehe yeah i will :) and thanks
<giovani> it'll print the PID
<SockPants> 2.0 gb copied in that short time
<SockPants> it says
<giovani> yep ...
<SockPants> interesting
<SockPants> that's faster than my network connection
<giovani> heh
<SockPants> how can i see how much harddisk space is actually in use
<giovani> 2GB from DD
<giovani> is not 2GB over the wire
<giovani> because of gzip
<giovani> df -h
<giovani> to see disk space
<SockPants> but if dd processes 2gb but gzip doesn't yet then where does it go
<giovani> huh?
<giovani> gzip and dd are stream-processing
<giovani> meaning dd is outputting data to gzip all the time, not all at once
<giovani> and gzip is live-compressing it
<giovani> so DD read in, and read out 2GB off the HD, and gzip compressed it to ... whatever -- check the file size
<SockPants> ok
<SockPants> great!
<PhotoJim> I use screen for that sort of stuff, so I can monitor it.  worse performance than backgrounding?
<SockPants> now, "0 2 * * 1 <command>" in crontab will run this every monday at 2 a.m. right?
<giovani> PhotoJim: screen won't let you monitor it any better than backgrounding will
<SockPants> how do you access a backgrounded operation's output?
<PhotoJim> giovani: how can you monitor a backgrounding task?  I & tasks sometimes, but I am really a bit of a n00b at it.
<giovani> PhotoJim: depends on what you mean by "monitor"
<giovani> in dd's case, you can send a SIGUSR1 signal to the process to have it dump it's info so far to the console you started it on
<PhotoJim> giovani: ok, that's something I didn't know you could do.
<giovani> that's dd-specific
<PhotoJim> so what's the logic that using screen is inferior practice?
<giovani> it has zero function ... that's why
<giovani> it complicates something that doesn't need to be
<giovani> screen is useful for other things
<giovani> but not this
<RichardP> Hi, I have a little problem installing the 8.04 LTS server version - its stuck on 'Installed MySQL-Server' at 85%, been there for the past 30 minutes
<SockPants> giovani: 'it's info so far' being bytes transfered?
<giovani> SockPants: yes
<SockPants> how do i do this?
<RichardP> SockPants: hey
<SockPants> hi RichardP
<giovani> SockPants: "ps aux | grep dd" -- find the dd process' PID
<giovani> then "sudo kill -SIGUSR1 DDPU
<SockPants> i have the pid
<giovani> DDPIDHERE
<giovani> that wasn't the PID that it printed when you backgrounded it, I was incorrect
<SockPants> oh
<giovani> you can bring apps out of background (althrough with DD that has no function) with %X where X is the job ID -- which you can find by running jobs
<SockPants> after i do the kill command it keeps waiting, can i just control c without hurting dd?
<giovani> is the process in the background?
<genii> Doesn't sound like it
<SockPants> it should be
<SockPants> it was
<PhotoJim> giovani: yeah, I guess I agree, once you know what you're doing and that the task works as expected.
<giovani> SockPants: ps aux | grep dd
<SockPants> then i did sudo kill -SIGUSR1 pid
<giovani> PhotoJim: there's zero advantage to using screen with dd -- it has nothing to do with the app functioning as expected
<giovani> SockPants: pastebin the output of the ps command I just gave you
<ScottK-laptop> ivoks: Here so as not to futher disturb the meeting ...
<ScottK-laptop> ivoks: What RFC?  I generally consider backscatter bad and bounces to any non-authenticated address to be avoided.
<PhotoJim> giovani: yeah, no output I suppose except the benchmarks at the end.
<giovani> PhotoJim: you'll get that with a backgrounded app too, if you want it
<SockPants> http://pastebay.com/8266
<SockPants> to get out of the 'kill' command i had to control-c
<PhotoJim> giovani: I just have to learn more about backgrounding, evidently.
<ivoks> ScottK-laptop: http://www.faqs.org/rfcs/rfc3834.html iirc
<giovani> SockPants: did you try just pressing enter?
<SockPants> no :P
<giovani> it's not 'taking over the terminal' it just printed it, you can theoretically just type a command right there, without hitting enter
<SockPants> that works too =)
<SockPants> im impressed with the speed, and the file only takes up about 180 mB in the end even though it also copies swap
<ivoks> ScottK-laptop: anyway, if message is not delivered, sender should know that
<giovani> SockPants: how big is the drive?
<SockPants> then again, only 212 bytes of swap is used
<ivoks> ScottK-laptop: unless message is not delivered cause of non-existing user or bad communication from sender
<SockPants> 120 GB
<giovani> how much of it is used?
<ScottK-laptop> ivoks: There's no guarantee of any relation between mail from and the actual sender.
<SockPants> 1.0GB
<ivoks> ScottK-laptop: i agree, but that's SMTP - it's broken
<ScottK-laptop> In fact in virtually all cases where you bounce due to bad content it's forged.
<giovani> 1GB of 120GB is used?
<SockPants> yes
<ivoks> ScottK-laptop: i allways change that, but this is something one shouldn't do :/
<ScottK-laptop> ivoks: Which causes me to say don't backscatter no matter what.
<ivoks> ScottK-laptop: it's up to you; it would be one less configruation hassle for me, but it might not be correct thing to do :/
<giovani> SockPants: and it finished already?
<SockPants> it has finished once, i'm restarting it just to test
<RichardP> when you install 8.04 LTS and get the disk partitioning option, what exactly does 'Guided - entire disk with LVM' mean?  does it mean I get one partition for / taking the entire disk, under LVM?
<SockPants> i could time it i think i'll do that
<SockPants> do i just add 'time' to the command?
<giovani> uh ... sure, except then you don't want to background it
<giovani> to ensure you see the time when it's done
<giovani> (just for the test)
<ScottK-laptop> ivoks: From your RFC "A responder MAY refuse to send a response to a subject message which contains any header or content which makes it appear to the responder that a response would not be appropriate."  I think not resoponding to bad content is RFC legit.
<SockPants> ah right
<SockPants> so i'll screen it ;)
<SockPants> oh, but that did'nt work out well
<SockPants> nvm i wont screen it i'll just open anothe ssh to do other stuff
<ivoks> ScottK-laptop: ok, then change it :)
<ScottK-laptop> ivoks: Assuming I want to change it, do you agree that's the correct change?
<SockPants> giovani: its being pretty sluggish when its running, gzip is using 20% cpu so it must be the harddrive then?
<SockPants> meanwhile, how do i run a commmand at startup? i can background all these processes now but they'll all die if the power goes out some time
<ivoks> ScottK-laptop: yes
<ScottK-laptop> ivoks: Thanks.
<ivoks> ScottK-laptop: but we will probably get some flame mails about this :)
<ivoks> ScottK-laptop: but i'm willing to put up the fight
<giovani> SockPants: sure ... it's maxing out the HD ... run "vmstat 5 5" while it's running (in another terminal), or if it's backgrounded, in the same terminal
<giovani> or run iostat
<ScottK-laptop> ivoks: OK.  I think no backscatter is a clear best practice these days.  People who don't like it are welcome to change their config locally.
<ivoks> correct
<SockPants> procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu---- r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa 1  1    212   5628 193652  22296    0    0   155    15  102  366  2  4 88  5
<SockPants> blah, formatting
<SockPants> can i do nested command substitution?
<SockPants> giovani: nevermind, it can't have finished. dd is at 18 GB now, after about 15 minutes. so another 75 minutes or so before it finishes, but i'll leave it running
<SockPants> giovani: thanks for all the help, i'm out for tonight :) i just checked it out, the file is 499MB in size (522895360 bytes) but it only takes up 416MB on the server (zfs compresses it further). nice way to get the best of both worlds :)
<SockPants> its not done yet though
<mathiaz> soren: wrt to bug 360825 - I think this is a regression
<uvirtbot> Launchpad bug 360825 in kvm "kvm 0.84 doesn't create three drives in the guest" [Medium,Triaged] https://launchpad.net/bugs/360825
<mathiaz> soren: it used to work with a previous revision of kvm 84
<soren> I respectfully disagree.
<soren> :)
<giovani> SockPants: yeah, I wouldn't believe that gzip --fast would compress 1GB into 100-something MB
<mathiaz> soren: disagree? why - it was working before, now it's not anymore. Isn't that a regression?
<soren> i don't believe that it worked in a previous revision of kvm 84.
<mathiaz> soren: well - it worked. I was able to sucessfully install a guest on a raid5 array.
<mathiaz> soren: that involves defining 3 block devices in libvirt.
<soren> Then you've switched to virtio in the mean time.
<soren> This is a virtio problem only.
<soren> virtio devices get added to an array based on command line options.
<soren> When they get added to the virtual hardware, it's done by iterating through this array until an undefined index is found.
<mathiaz> soren: ah ok. Let me check if I was using virtio for my raid5 test install.
<mathiaz> soren: hm - I can't tell for sure. However it seems that I conducted the jaunty beta raid5 test case with virtio devices.
<soren> mathiaz: And all that changed in between is the kvm-84 revision?
<mathiaz> soren: well - jaunty beta raid5 was tested with kvm84 ppa3
<mathiaz> soren: while jaunty rc raid5 was tested with kvm84 ppa5
<soren> No libvirt changes in between?
<mathiaz> soren: libvirt was also upgraded - 0.4.0-2ubuntu8.1 to 0.4.0-2ubuntu9~ppa1
<mathiaz> soren: I think I should conduct more testing to make sure it was working before. I'm not 100% sure that I was already using virtio devices when running jaunty beta raid5 test installs.
<soren> Do you still have logs or something?
<soren> Either /var/log/libvirt/qemu/* logs or syslog from the guest or something?
<mathiaz> soren: well the libvirt/qemu/ logs are overwritten
<soren> Ah.
<mathiaz> soren: whenever you start a guest with the same name
<soren> Right.
<mathiaz> soren: however I may be able to find the relevant log in my backups
<beniwtv> hi al... I've installed bind9 and followed the server guide to make a caching name server, but I get query denied in the logs when I try to query the dns from a machine other than the DNS. Any ideas?
<PhotoJim> beniwtv: if you're still stuck in an hour I can try to help you out.
<beniwtv> PhotoJim: thanks, but I have just been called to a meeting :/ Will continue tomorrow
<kirkland> mathiaz: i keep getting the following, trying to install to a raid 1 http://people.ubuntu.com/~kirkland/Screenshot-QEMU.png
<mathiaz> kirkland: hm - never seen that before.
<mathiaz> kirkland: http://people.ubuntu.com/~mathiaz/raid1.preseed
<mathiaz> kirkland: this is my raid1.preseed file
<mathiaz> kirkland: d-i partman-auto/expert_recipe string       multiraid ::       400 500 1000000000 raid $primary{ } method{ raid } .       64 256 200% raid $primary{ } method{ raid } .
<kirkland> mathiaz: in your raid testing, what iso are you using?
<kirkland> mathiaz: amd64 or i386?
<kirkland> mathiaz: today's server iso?
<mathiaz> kirkland: both arch, yesterday's isos.
<kirkland> mathiaz: have you ever seen the segfault that soren is reporting?
<mathiaz> kirkland: nope
<mathiaz> kirkland: I haven't seen any segfault on my system.
<mathiaz> kirkland: all my test installs were successful.
<mario_> Hi, how can I copy a logical volume between two servers connected with ethernet?
<jmedina> mario_: what you mean?
<jmedina> move data?
<jmedina> or move whole LV to another VG?
<mario_> a whole LV to another VG
<mario_> but
<mario_> the VG is on another server
<jmedina> I not sure, but, unless you export the bock device where VG is runnning you can't migrate with LVM tools
<jmedina> but you can use lvm snapshots and dd/rsync
<mario_> ok thank you
<jmedina> probably someone else have another solution
<mario_> jmedina, excuse me for asking you another question but, can you suggest a manual about lvm that explains advanced features like snapshot and autobackup?
<jmedina> mario_: I live official howto
<jmedina> mario_: this redhat document also have very good documentation
<jmedina> http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Cluster_Logical_Volume_Manager/index.html
<jmedina> no
<jmedina> sorry
<jmedina> the topic says cluster, but most of info is for normal lvm
<mario_> jmedia, thank you again
<jmedina> you are celcom
<jmedina> welcome
<cellofellow> Dunno if I'm in over my head or not, cause I've never configured these apps before, but I'm trying to set up a community/networking server with Wordpress, phpBB3, and MoinMoin (most likely), and would like to have single-signon of some kind using LDAP. Also would like the LDAP to operate as a PGP Keyserver. Can I do this?
<cellofellow> I was originally gonna use SKS for PGP but when I found out that LDAP is a way to run keyservers I figured I'd scrap that.
<cellofellow> (why is all the info I can find on LDAP meant for old (pre RHEL/Fedora split) versions of Red Hat?
<jmedina> cellofellow: because you haven't read official documentation
<cellofellow> ok, looking there
<jmedina> for example openlda administration guide
<jmedina> *openldap
<jmedina> it is current documentation
<jmedina> Fedora Directory also has official documentation from redhat
<cellofellow> well, thanks
<jmedina> cellofellow: what you want to know about LDAP?
<jmedina> cellofellow: I bought a good book from Packet Publishing
<jmedina> http://www.packtpub.com/OpenLDAP-Developers-Server-Open-Source-Linux/book
<jmedina> all you want to about ldap and openldap
<jmedina> Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services
<mathiaz> soren: ok - I've managed to boot a guest with 3 virtio devices with kvm 62 and libvirt 0.4.0-2ubuntu8.1
<jmedina> that is the topic
<mathiaz> soren: the guest sees three virtio devics (vda, vdb and vdc)
<soren> mathiaz: That's kind of funny, really.
<soren> mathiaz: The change in the ~ppa1 version is changing from the patch I wrote that upstream ended up rejecting and reimplementing to what they put in.. So the patch I wrote apparantly works, while the one they decided to put in doesn't :)
<mathiaz> soren: I've updated bug 360825
<uvirtbot> Launchpad bug 360825 in kvm "kvm 0.84 doesn't create three drives in the guest" [Medium,Triaged] https://launchpad.net/bugs/360825
 * soren looks
<mathiaz> soren: it seems that the old version of libvirt doesn't use the index option on the kvm command line
<soren> mathiaz: Ah, right.
<soren> That's right.
<mathiaz> soren: that would explain why it was working.
<soren> What I did instead was to sort the list of the disks so that they were simply passed in the correct order isntead.
<soren> That explains.
<cellofellow> jmedinaâ thanks, I'll check that out. First I just want to know the basics, then I'll mess with getting those apps to work with it.
<mathiaz> soren: kirkland: so what should we do with bug 360825?
<uvirtbot> Launchpad bug 360825 in kvm "kvm 0.84 doesn't create three drives in the guest" [Medium,Triaged] https://launchpad.net/bugs/360825
<mathiaz> is is a regression?
<mathiaz> is it a regression?
<soren> mathiaz: Since hardy, yes.
<soren> Since Intrepid, no.
<mathiaz> soren: OTOH virtio block devices weren't officially support in hardy
<mathiaz> soren: intrepid was already broken?
<soren> mathiaz: I would expect so, yes.
<soren> The patch landed in 0.4.1.
<mathiaz> soren: ok - so this is not high/critical for jaunty.
<kirkland> mathiaz: i would say not critical, since there is a workaround
<kirkland> mathiaz: should be fixed, though, since soren triaged the file and line where the bug is
<mathiaz> kirkland: agreed.
<mathiaz> kirkland: I don't see the workaround though.
<mathiaz> kirkland: IMO it should be fixed if we plan to release a backport of kvm to hardy.
<soren> mathiaz: It doesn't have anything to do with kvm.
<soren> Well...
<soren> It doesn't have anything to do with the version of kvm. It's libvirt that's causing it.
<mathiaz> soren: well - it's an interaction between kvm and libvirt.
<soren> mathiaz: ...which didn't change between kvm 62 and 84.
<mathiaz> soren: agreed. anyway it's not important for jaunty.
<soren> It's a simple patch to work around it, though.
<soren> mathiaz, kirkland: I can toss you a simple patch that should fix it, but if I were to fix it properly, I'd use a linked list instead of a static array or something.
<mathiaz> soren: right - we should revisit that once jaunty is released;
<kirkland> mathiaz: soren: if it's a simple patch with minimal chances of regression, i think it could make jaunty
<soren> kirkland: Hang on, I'll pastebin.
<kirkland> soren: i'll check it out when i'm back
<soren> http://pastebin.ubuntu.com/151006/
<soren> It's completely and utterly untested. I haven't even checked if it compiles.
<soren> And the indentation is clearly screwed.
<soren> But the general idea is there: Don't stop at the first hole in the virtio indexing, but keep going. It might increase vm startup time a few milliseconds.
<soren> So meh.
<soren> kirkland: Do with it as you please.
<kochan> hi guys I have a strange problem
<kochan> i've just installed ubuntu server 9.04 x86
<Actium_> go ahead
<kochan> and rails stack (apache, passenger, ruby, gems etc)
<kochan> and sudo gem .. doesn't work
<Actium_> sorry, but i've never used ruby on rails b4, so my help might be very limited.
<kochan> but gem ... works
<Actium_> any error messages?
<kochan> command not found
<kochan> i think there is a problem with path for sudo
<Actium_> try "sudo -- echo $PATH" and "echo $PATH"
<Actium_> and compare it with the result of "whereis gem"
<kochan> strange
<kochan> both outputs are exactly the same
<kochan> and "ruby -v" works and "sudo ruby -v" doesn't :|
<Actium_> what's the result of whereis? any unusual install dir?
<Actium_> got any details? works and works not make debugging very difficult, you know.
<kochan> sorry, for that
<Actium_> no need to apologize
<kochan> "ruby -v" gives me version of ruby, and "sudo ruby -v" gives me command not found
<kochan> both "whereis ruby" and "sudo whereis ruby" gives me "ruby: /usr/lib/ruby /opt/ruby/bin/ruby /opt/ruby-enterprise-1.8.6-20090201/bin/ruby"
<Actium_> try specifying a full path, when invoking ruby.
<Vog-work> word of advice to anyone out there using dspam or rabl.nuclearelephant.com in you spam filters.... you might want to remove is since it just blacklisted a large portion of the internet.
<Actium_> just like google did the other day? ;)
<kochan> " sudo /opt/ruby/bin/ruby -v"  works, i mean it gives me a ruby version
<kees> ivoks: heh, I like how you didn't link to the article.  :)
<ivoks> :)
<ivoks> it was a mistake
<ivoks> but then i figured that it's better to show author's references, twice :)
<kochan> is there a way to set path to work without  full path?
<Actium_> i'd still like to know what makes the difference between with sudo and without sudo invocation when in both cases the $PATH is the same
<Actium_> you could just add "/opt/ruby/bin" to your $PATH, that should do the job. however i do not like workarounds that much.
<kochan> check this out: "ruby -v" - works, "sudo ruby -v" - command not found, "sudo su" and then "ruby -v" works also :|
<Actium_> im outta clues right now
<oruwork> ivoks, !
<ivoks> sudo -i - takes root's environment
<ivoks> sudo - takes user's environment
<ivoks> echo $PATH
<ivoks> sudo echo $PATH
<andol> ivoks: Regarding su and /bin/false accounts. Actually, that's no problem if you feed su with the -s option. (in reply to ubuntu-server@)
<ivoks> andol: but, in the end, what do we gain if we set /bin/false as shell?
<kochan> http://pastie.textmate.org/private/yl7diifcavgkab9cxb1yw
<andol> ivoks: Not much. That's why I didn't write the reply on the mailing list. Just thought I'd provide the info as a tip for some future situation.
<ivoks> kochan: why do you have three /opt/ruby/bin?
<ivoks> andol: right...
<kochan> good question...
<kochan> i've got rid of dupicates http://pastie.textmate.org/private/6xcj5og74vers07hkzcsow
<kochan> any ideas guys?
<uvirtbot> New bug: #360689 in amavisd-new (universe) "Default Ubuntu configuration is backscatter source in Jaunty" [Undecided,Incomplete] https://launchpad.net/bugs/360689
<mathiaz> soren: If I install libvirt-bin on jaunty, is there anything else I should do to get the default network up and running?
<soren> mathiaz: It ought to just be there.
<mathiaz> soren: hm - it's not.
<mathiaz> soren: I only see eth0 and lo.
<mathiaz> soren: where can I see the log for libvirtd?
<soren> It doesn't have one, I think.
<soren> virsh net-list?
<mathiaz> soren: http://paste.ubuntu.com/151083/
<mathiaz> soren: http://paste.ubuntu.com/151084/
<soren> o_O
<soren> Err.. Oddness.
<soren> I need to get some sleep. I'll look at it tomorrow.
<mathiaz> soren: bug 350780
<uvirtbot> Launchpad bug 350780 in virt-manager "Internal error starting virtual network 'default'" [Undecided,New] https://launchpad.net/bugs/350780
<Sergii> Is it possible to set up transparent Active Directory authentication on Apache server on Ubuntu? The idea is that I want internal users to open a web page, and have them authenticated with user name they logged in with without having them enter their login and password again.
<foxbuntu> Sergii, I think this is what you are looking for: http://www.onlamp.com/pub/a/onlamp/2003/09/11/kerberos.html?page=2
<Sergii> Foxbuntu, I'll take a look. Thanks
<jmedina> Sergii: look at port25 microsoft site
<jmedina> they have a good document about SSO using active directory and kerberos auth
<Sergii> Will do! Thanks.
<uvirtbot> New bug: #361070 in dovecot (main) "Dovecot - zlib got a panic" [Undecided,New] https://launchpad.net/bugs/361070
#ubuntu-server 2009-04-15
<oh_noes> how do I change the timezone of ubuntu in CLI without a prompt?  "dpkg-configure tzdata UTC" still prompts me for 'chose a timezone'
<Actium_> /etc/timezone contains your currently selected timezone
<Actium_> however, i don now know if changing that file will suffice
<Actium_> *do not know
<giovani> oh_noes: who says you can without a prompt?
<giovani> there may not be a ready-made way
<oh_noes> Thats my question, is there? :)
<giovani> the official method is dpkg-reconfigure tzdata as you already know
<giovani> whether you can duplicate its function with your own non-prompt script, I don't know
<giovani> I don't know if all it does is change the symlink at /etc/timezone
<giovani> if it does -- clearly you can do that yourself
<Actium_> check the source package of tzdata. it should contain all the information you need to determine what the reconfigure does to the system.
<Sergii> I'm trying to compile mod_auth_gss_krb5 using apxs, but I always get "[1]+ Stopped ......" when I try to run it. Even if I run simple "apxs --help" - I also get "[2]+ Stopped" (number is always incrementing). Does anyone know why this might be happening?
<giovani> oh_noes: I looked at the tzdata package
<giovani> there are two files it edits
<giovani> /etc/localtime
<giovani> and /etc/timezone (a symlink to /usr/share/zoneinfo/AREA/ZONE)
<giovani> so change those two, and you're fine
<SockPants> morning
<SockPants> giovani: here's the result of the backup if you're interested: file size: 1608621716 bytes   size on disk: 465M   123522416640 bytes (124 GB) copied, 5757.09 s, 21.5 MB/s
<SockPants> 	User time (seconds): 66.29
<SockPants> 	System time (seconds): 437.47
<SockPants> 	Percent of CPU this job got: 8%
<SockPants> 	Elapsed (wall clock) time (h:mm:ss or m:ss): 1:35:57
<giovani> hmm, that's a pretty long time
<giovani> I guess the disk is just so big
<giovani> you can always just do a file-based backup
<SockPants> yeah i was thinking this: if the disk breaks or i need to change it for another reason, this won't work will it
<giovani> yes it will
<giovani> this image will work for any 120GB disk
<giovani> it will replicate your disk exactly, down to the partitiion info, the MBR, everything
<SockPants> not all 120gb disks are the same size and in fact i don't think i can find another 120gb disk anywhere nowadays
<oh_noes> giovani: thanks!!!
<giovani> SockPants: you can resize the paritions if you want, to fit other size disks
<SockPants> hm, i could probably at least change it to only backup the partition, not the disk
<giovani> but yeah, this isn't as portable as a file backup -- however, a file backup requires that the system be fully reinstalled, and then you manually have to place back files
<giovani> which gets messy if the backup is from an older version of the OS, etc
<SockPants> what are the odds of messing up an mbr
<giovani> messing up the MBR by doing what?
<SockPants> hm, don't know yet :P
<giovani> ah, you mean, in the real world
<giovani> it's been done before :)
<SockPants> hm
<SockPants> i was having trouble with my nfs server so i gave up and switched to smb
<owh> Anyone here know when jpds might be around?
<oh_noes> Why does NTP restart after my /etc/rc.local is run?
<owh> oh_noes: It has to do with network interfaces becoming available. It's a minefield :)
<oh_noes> The problem is it's echoing 'Starting NTP server ntpd' right in the middle of my rc.local echoing stuff
<owh> Likely it's asynchronous.
 * owh hasn't looked at it for some time, but recalls with a shudder the interdependencies.
<oh_noes> is there a workaround?  Im guessing the problem is because the service startup is asynchronize and each service only waits for it's dependancies
<owh> Why is it a problem?
<owh> It's not like you're going to look at the startup logs every 10 minutes is it?
<oh_noes> good point, but it's a mini problem because we're using ubuntu server for our appliance and on new startup new customers typiucally want a pretty display
<oh_noes> far from a real problem
<owh> oh_noes: Give them a splash :)
<owh> What they don't know won't hurt them :) -- kidding
<oh_noes> yep thats what I was thinking
<owh> Really, for the amount of effort, I suppose you could add a linefeed somewhere, and a splash will slow down the boot.
<oh_noes> whats the term for the splash screen?
<SockPants> whats a command i can use to split a big file into chunks
<owh> SockPants: That would be "split"
<oh_noes> not the grub splash, but the actual rcS.d splash and login
<SockPants> ahah ok thanks :)
<owh> oh_noes: Dunno
 * owh pokes Nafallo
<Nafallo> ?
<Nafallo> meh
<SockPants> how do i put each line of something's output in an array
<oh_noes> Is motd.tail sourced, or echo'd?  ie. can I put some bash style variables in it?
<infinity> oh_noes: It's just concatenated, there's no shell involved.
<infinity>         [ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd
<twb> I hated that change
<SockPants> how do i put output into a variable in bash?
<infinity> twb: Why?  It means you don't have a file in /etc changing on every single kernel update anymore.
<infinity> twb: For those of us that like to version-control /etc, that's a bonus.
<twb> infinity: I hated it because they added it after etch froze
<twb> The actual functionality itself, I'm apathetic about.
<infinity> SockPants: FOO=$(command)
<SockPants> aah, thanks
<twb> Having said that, you could just .ignore the file, as you do with resolv.conf on a dhclient-using server.
<infinity> I don't have dhclient-using servers. :P
<infinity> Even ones that use dhcp too auto-install get a static IP (the same one) configured in the final build.
<twb> I'd rather configure the network on one end, than both ends.
<twb> That way I don't need to keep the config "in sync".
<infinity> Well, I don't configure the auto-install machines, they do it themselves.
<twb> Of course the DHCP server is configured to assign the same IP to the server always, by MAC.
<SockPants> how do i add 2 variable ie a=$(echo 2) b=$(echo 3) c = a+b
<twb> infinity: you mean with cfengine or puppet or similar?
<twb> SockPants: try #bash.
<twb> SockPants: a=1 b=2; echo $(($a + $b)), to answer that specific question.
<infinity> twb: Our custom preseed with a whacky late-command, but yeah.
<twb> infinity: ah, so only initial config
<infinity> twb: Yeah, but they're designed to be torn down and brought back pretty quickly.
<twb> I have a deep-seated fear of having to maintain machines I deploy
<twb> infinity: VMs?
<infinity> twb: No, regular hosts (though some also configure VMs on the fly when they're built)
<SockPants> if i'm going to rsync backup into a file what filesystem should i make it
<twb> SockPants: I don't understand the question.
 * ScottK gives kirkland a high five .
<kirkland> ScottK: thanks ;-)  i could use one today :-/
<kirkland> ScottK: blog post, i assume?
<ScottK> Yesh
<ScottK> Yes even
<kirkland> ScottK: ;-)  thanks
<SockPants> i plan to make a sparse file, and make an fs on it and mount it, rsync files to it.... what filesystem should i use?
<twb> SockPants: any filesystem that supports sparse files.  Almost all of them do; vfat would be the only one I'd expect not to.
<twb> SockPants: as a general rule, I recommend ext3 for Linux systems unless you can actually demonstrates that <other filesystem> is more performant for your specific use case.
<isaacsm> kirkland: yes, nice job on the blog post
<jcastro> kirkland: you used "toe the line" right!
<jcastro> You're like the first person I've met that got it right
<kirkland> jcastro: ?  how do you get it wrong?
<kirkland> isaacsm: thanks
<jcastro> I always see people say "tow the line"
<kirkland> jcastro: :-)  that's something totally different :-)
<kirkland> jcastro: i guess
<kirkland> :-D
<jcastro> so basically for about 5 minutes you gave me hope in the collective intelligence of the internet
<kirkland> jcastro: heh
<kirkland> jcastro: "toe the line" is the only phrase i know of that makes sense
<jcastro> kirkland: well, for all intensive purposes ...
<kirkland> jcastro: haha
<SockPants> would sudo rsync -azvv / /mnt/backup
<SockPants> backup everything to /mnt/backup?
<kirkland> jcastro: revved up like a duece, another rumour in the night!
<isaacsm> SockPants:  yes, including /mnt/backup...
<SockPants> isaacsm: how do i prevent that
<SockPants> isaacsm: how do i make it backup only local files, there will be a few smb shares mounted etc
<isaacsm> --exclude /mnt/backup/ should work
<isaacsm> SockPants: depending on your setup -x (don't corss filesystem boundaries) may be useful
<SockPants> ah ok so i can --exclude /mnt/ to make sure no shares get backuped anyway and then -x will make it read only stuff on /dev/sda1 just in case
<isaacsm> SockPants: yes, that would work as long everything your backing up is on the same filesystem; where is the file your rsyncing to stored?
<oh_noes> Can anything in ubuntu tell me my RAM DIMM configuration?
<Kamping_Kaiser> lswh might.
<twb> Or dmidecode
<isaacsm> Kamping_Kaiser: that would be lshw, wouldn't it?
<Kamping_Kaiser> er, yeah
<Kamping_Kaiser> isaacsm, thanks for noticing that
<isaacsm> np
<isaacsm> oh_noes: you'll want to run that with sudo
<SockPants> --exclude=PATTERN       exclude files matching PATTERN
<SockPants> can i have multiple patterns separated with a comma or how does that work?
<SockPants> like --exclude=/mnt/*,/home/big_file
<oh_noes> awesome thx
<isaacsm> SockPants: No, specify a --exclude for each
<isaacsm> SockPants: you may want to check out the FILTER RULES section of the rsync man page; there are a lot of options there
<twb> You should not backup a filesystem that's in use.  Create an LVM snapshot, mount it read-only, then backup *that*.
<twb> This should at least guard you against the .pst problem if you have a Samba server.
<twb> Obviously anything like a database will need a separate dump.
<isaacsm> twb: LVM snapshots can really kill performance; I can't actually use them on any of my servers.
<twb> isaacsm: even ones that only exist for a few hours overnight, while you make the backup?
<twb> (You're obviously not meant to keep snapshots around for days, because they are copy-on-write.)
<isaacsm> twb: the copy-on-write mechanism kills it
<isaacsm> twb: doesn't matter the length of time, its enough that I get nasty phone calls
<twb> Bummer
<isaacsm> indeed
<twb> I guess they're flooding their I/O bus already.
<SockPants> i don't have lvm2 installed
<reid> hi guys.  I just got a new 1.5TB SATA drive for my server, and I'm wondering how I would get mount it via ssh?  never had to do this before with CLI
<Kamping_Kaiser> you mean sshfs?
<Kamping_Kaiser> !tell reid about sshfs
<ubottu> reid, please see my private message
<reid> oh
<reid> I see
<reid> one sec
<reid> nah, that is for a drive that isn't physically in the server I believe
<reid> this drive will be physically installed in the server, I have just never had to mount a drive without some type of GUI
<reid> so I am not sure how to mount it properly
<jkfresh> anybody here have experience with NUT?
<reid> I vaguely remember things like /etc/fstab, and mount command =P
<twb> Kamping_Kaiser: I think he means "I am connecting to the server via ssh and I want to mount a drive that I've just added to an internal bay"
<Kamping_Kaiser> twb, aaah. i see.
<twb> reid: do you want to mount the drive temporarily, or forever?
<genii> A more complete description of jkfresh's issue, copied from #kubuntu   :
<SockPants> you need to find out what the device name is (/dev/sda something), you need to partition it, make a filesystem on it so you can put files there, add a line to fstab to make it mount at boot, and the mount it anyway (so you don't have to reboot)
<genii> <jkfresh> can anybody tell me how to power my server down the moment power goes out? I already have nut installed, and it is communicating successfuly with my UPS. The system has not powered down gracefully when I remove the mains power
<twb> genii: all I can suggest is to check the nut logfiles.
<jkfresh> I don't see any logs in /var/log
<twb> There should be SOME logs in there
<twb> If it's empty, you have bigger problems.
<SockPants> gtg, bbl
<jkfresh> well, I mean that there are no nut related logs. I keep seeing connections and disconnections from localhost with upsd. I don't know if this is normal behavior or not
<twb> jkfresh: sorry, I don't know.
<jkfresh> it's all good :) I think that setting nut up to do what you want is a black art
<twb> I'll drink to that
<jkfresh> makes me want to buy an APC
<twb> What do troop transports have to do with computing?
<jkfresh> ?? troop transports?
<Kamping_Kaiser> hehehe
<Kamping_Kaiser> twb, to transport your server-room najas around
<twb> "never underestimate the bandwidth potential of a six wheeler hurtling across open terrain with a cargo area full of DAT tapes"?
<jkfresh> I wish I had ninjas to rip my vinyl records for me
<Kamping_Kaiser> 6 wheeler?
<genii> Kamping_Kaiser: Must a third of an 18 wheeler
<Kamping_Kaiser> genii, aah, i see
<twb> I was going to say "half track", but I don't know if they're still actively used.
 * isaacsm wonders if there are half-tracks in the hole at work...probably
<twb> http://en.wikipedia.org/wiki/V%C3%A9hicule_de_l%27Avant_Blind%C3%A9, for example, appears to be a six-wheeler.
<isaacsm> twb: that takes backup and recovery to a new level--armored tape transport
<twb> Then we only need a second "A" to get an AT-AT
<isaacsm> install a magazine so it becomes an Automatic Tape Armoured Transport?
<SockPants> hmm
<SockPants> how can i make the server run a command as another user at startup
<SockPants> i tried sudo -u <user> ...
<SockPants> which works when i'm ssh'ing as root
<SockPants> but not as a startup script
<SockPants> and also, it doesn't actually run the program as the user, because it seems ~ is still /root/
<twb> SockPants: make an /etc/cron.d/ entry
<twb> Use @reboot instead of * * * * *.
<genii> rc.local may also be appropriate
<SockPants> twb: i put a reference to /etc/startupscript in /etc/init.d/rc.local
<twb> genii: good idea, though note that it doesn't run in single-user mode
<isaacsm> wouldn't rc.local still has the issue with privs?
<genii> isaacsm: No, it runs as root
<twb> SockPants: ~ will be root if you use sudo -u fred.
<twb> SockPants: you need to use -H, or better, su.
<SockPants> yeah, how do i make it run as if i were logged in
<twb> If root is executing it, there's really no point to sudo.
<SockPants> i tried to do su <user>; command but it doesnt seem to work
<isaacsm> genii: right, i though SockPants wanted to run NOT as root
<twb> SockPants: that's because the syntax for su is different.
<genii> isaacsm: Thats what su is for....
<SockPants> hmm, oh let me check
<twb> Here's something I have in my /etc/rc.local
<twb> isaacsm:
<twb> env -i su twb -c xinit >/var/log/xinit.log 2>&1 &
<twb> (sorry, wrong cut buffer.)
<genii> Alternately to make a proper script and add it with update-rc.d
<twb> genii: hear, hear
<twb> metainit ftw
<SockPants> how come you have -c option after the login name
<isaacsm> yes, i prefer the startup script option myself
<SockPants> su [options] [LOGIN]
<genii> SockPants:  -c is "do command"
<twb> genii: he means that the manpage doesn't make it clear that the options can come AFTER the username
<genii> Ah, yes.
<twb> Note that the env -i unsets things like $HOME entirely
<twb> So it won't be HOME=/root
<isaacsm> twb: if $HOME isn't set, won't it default to / ?
<SockPants> can i put multiple commands after -c and put them in {} ?
<twb> isaacsm: if HOME isn't set, then any application that asks where $HOME is, will crash
<twb> isaacsm: unless it explicitly handles the case where getenv() fails
<SockPants> wait, command > file.txt captures stdout right, how do i get stderr as well?
<genii> Well, or return a null
<twb> SockPants: -c takes a string.  That string is passed to sh -c
<twb> SockPants: so IOW it's a shell script in a string
<SockPants> twb: so for a bunch of commands i put it in ""?
<twb> You could, for example, say su twb -c "ls; pwd; firefox"
<SockPants> ok
<twb> SockPants: what are you actually trying to run at boot?
<twb> SockPants: because there's usually a better way than what you're going about
<SockPants> a few different thinks
<SockPants> *things
<SockPants> um
<SockPants> rssdler
<SockPants> ntop (as root though)
<SockPants> rtorrent in screen
<SockPants> what's wrong with this (just trying stuff):
<SockPants> sudo su jeroen -l -s bash -c "ls -al > /tmp/ls.txt"
<SockPants> it doesn't work
<SockPants> ok, it works when i leave off -s bash
<isaacsm> SockPants:  Sounds like your trying to automatically recreate your console sessions at startup; my thought would be to add them to your screenrc and just start screen
<SockPants> well for now maybe but there might be other things later that don't have to run in screen, but that's an idea
 * SockPants goes to read screen manpage more
<twb> isaacsm: I agree
<isaacsm> in the past i've also run things like ntop in place of a getty, but that can be problematic sometimes
<SockPants> how do you set the (bios) time?
<twb> hwclock?
<SockPants> thanks
 * genii sips his coffee and thinks about tick servers
<SockPants> hello
<SockPants> is there a commandline WLM client that has a web interface, like ebuddy.com has?
<twb> SockPants: WLM?
<SockPants> windows live messenger
<SockPants> also, how can i make grep return more lines than just the line it finds
<p_quarles> you mean like the lines immediately before and after the hits?
<simplexio> Received disconnect: 2: server_input_channel_req: unknown channel -1
<SockPants> yeah, i thought i did it before and now i forgot how
<simplexio> and dmesg shows eCryptfs parseoption error,
<simplexio> .. and first error comes when trying to ssh into box first time in morning
<p_quarles> SockPants: -C $number
<p_quarles> SockPants: that gives you $number lines of context; you can also use -A (after) or -B (before)
<SockPants> ah great, thanks
<twb> SockPants: that would depend on what protocol Windows Live Messenger uses.
<twb> Suppose that it's, say, XMPP (Jabber).  You would then google for "linux web client XMPP" or something
<twb> libpurple seems to be the primary IM library, so you could also see if any web apps are using that.
<p_quarles> well, libpurple does have a CLI client (finch), and that should support Windows Messenger (which is its own protocol, btw)
<p_quarles> no idea about a web interface, though
<SockPants> hmm
<SockPants> not too long ago MS added the capability to log into the same account at multiple machines, that's pretty much a must if i'd use it
<SockPants> don't think theres anything as of yet
<twb> SockPants: don't expect us to know much about Windows, generally
<SockPants> hardly windows... but k
<SockPants> how do i get rid of this:
<SockPants> rtorrent: Could not lock session directory: "/home/jeroen/rtorrent_session/", held by "ubuntu:+4697".
<SockPants> there is no such process
<SockPants> if there was, i killed it
<oh_noes> Is /etc/rc.local called after all initt scripts are executed and after they return?
<oh_noes> Im doing some echos to console just before login, and im finding it's "Reloading openBSD secure shell" and " * Starting NTP server" write in the middle of my echo's
<twb> SockPants: that's a question for the rtorrent people, but probably that dir contains a lockfile
<twb> oh_noes: yes, unless you are in runlevel 0, 1 or 6.
<twb> oh_noes: ah, that's because those things happen when ifup -a (dhcp) finishes doing its job, which happens in the background.
<twb> oh_noes: IME the Ubuntu if-up.d scripts are... a little overenthusiastic about restarting systems
<oh_noes> twb: arr, cool thanks for confirming that.  I think in my example, ifup is returning even without an IP address, and because it's its DHCP it takes a few extra seconds to timeout
<oh_noes> meaning it happens to dump ssh and ntp restarting coincidentally right inthe middle of my echo's
<oh_noes> twb: can you tell me what script is fired on an ifup? Maybe if I can silence the output that would be enough for me
<twb> oh_noes: run-parts /etc/if-up.d
<oh_noes> I'm assuming ssh and ntpd start in rc3.d *anyway*, and are just being refired due to an ifup
<oh_noes> twb: thats interesting, /etc/network/if-up.d/ntpdate has invoke-rc.d --quiet inside it.
<oh_noes> I wonder why it's outtutting stuff to console on if-up
<jpds> owh: Morning.
<owh> Hi jpds
<owh> Hope my email didn't cause you any heartache :-|
<Kamping_Kaiser> hi both
<owh> Good day Kamping_Kaiser.
<Kamping_Kaiser> owh, :) hows things in the hellish sandpit of the west? ;)
<owh> Haven't looked outside all day, lemmie look.
<Kamping_Kaiser> hehe
<owh> Kamping_Kaiser: It's sunny, dry, no squawking kiddies around and no hammer drills or earthmoving equipment. Some birds are in evidence and some hoons are carooming off the street, other than that, situation normal.
<MenZa> mmm, spring.
<Kamping_Kaiser> owh, sounds quite plesant.
<owh> Autumn you mean :)
<owh> Kamping_Kaiser: The sirens have just started up - peaceful for some :)
<Kamping_Kaiser> owh, hehe
<Kamping_Kaiser> speaking of sunny - its going down here, so i might unload the car. back in 5
<jpds> Hey Kamping_Kaiser.
<Kamping_Kaiser> jpds, :) evening. hows your packing? ;)
<owh> These south australians, very unreliable :)
<jpds> Kamping_Kaiser: heh ;-)
<Kamping_Kaiser> owh, oi. i'm not taking that from you!
<owh> Come and get me across the Nullabor :)
<jpds> Trying to figure out how to fix bug #360980 right now.
<uvirtbot> Launchpad bug 360980 in system-tools-backends "[jaunty] users-admin allows creation of "admin" account" [Critical,Confirmed] https://launchpad.net/bugs/360980
<owh> jpds: Well that's kind of a special bug.
<Kamping_Kaiser> owh, careful what you wish for - i've got no tafe for 2 weeks, and i've got a working car
<owh> jpds: What process is actually creating the actual account/group?
<Kamping_Kaiser> jpds, problem being it allows creation of a system group? (i havent looked at the actual report obviously)
<jpds> owh: Some C code in the program.
<owh> Kamping_Kaiser: Now all you need is fuel, food, a map and a drivers license :)
<owh> jpds: Isn't that in turn calling some system call?
<jpds> No.
<Kamping_Kaiser> owh, got (some) fuel, can pick up pizza as i drive through adelaide, bugger the map - i'll follow the road ;D, and got  licence
<owh> jpds: It's directly changing the /etc/group file?
<Kamping_Kaiser> s/got li/got a li
<owh> Kamping_Kaiser: Make sure that you turn right when you get to Port Augusta.
<jpds> Kamping_Kaiser: Yes, and creating a 'admin' user, causes the pervious group to disappear.
 * owh hatches a plan to send Kamping_Kaiser to Darwin.
<owh> jpds: So it's directly changing the file?
<Kamping_Kaiser> jpds, automatically? thats very broken
<Kamping_Kaiser> owh, darwin? well, i've not been there yet, so wouldnt be a total disaster
<jpds> owh: Probably yeah.
<owh> Kamping_Kaiser: Nice part of the world.
<owh> jpds: I'm downloading the source to have a gander.
<Kamping_Kaiser> owh, bit tropical for me (at least, thats my excuse)
<owh> Kamping_Kaiser: Nah, just take your time, drink lots of water and enjoy the scenery.
<Kamping_Kaiser> owh, well, i'm up for it
<owh> Kamping_Kaiser: Not much internet along the way though, how will you cope without IRC?
<Kamping_Kaiser> owh, have to make do with ham radio
<owh> jpds: Still trying to get my head around this. It makes no sense to me that a piece of code would overwrite an existing group. Does it do it with other existing groups as well?
<jpds> owh: Probably, I haven't checked.
 * owh isn't running jaunty anywhere so testing is not so simple.
<Kamping_Kaiser> owh, testing if it happens on other releases is valid testing ;)
 * owh offers Kamping_Kaiser's machine off as a sacrificial lamb.
 * Kamping_Kaiser slaps owh 's priest
<Doble> Can anyone help me with my samba ACL woes? I have an explanation of the problem on experts exchange: http://www.experts-exchange.com/OS/Linux/Administration/Q_24320174.html
<Doble> I'm only trying to do a VERY simple file server set up and it can't be this difficult to get some simple permissions working, so I must be doing something wrong ..
<Kamping_Kaiser> your using acls, your no longer dealing with 'simple permissions' :)
<Doble> well I guess, but i couldn't work out how to get unix permissions to do what I want
<Doble> I want to have one file share which windows XP users can map as a network drive, then I want to divide that share into two or three subdirectories and have some staff be able to access some directories but not others
<Doble> so like "Staff" and "Finance" and "Private" ... and jenny and bob need to have access to staff and finance, but not private, but jim who is the manager needs to access everything
<Doble> dont think i can do that with unix permissions ?
<Kamping_Kaiser> put them in groups.
<Kamping_Kaiser> put bob and jenny in 'finance' group, and 'jim' in 'managers'
<Kamping_Kaiser> set private's owner to 'managers'
<Kamping_Kaiser> and staff/finance directories to 'finance' group
<Doble> okay, give me a few minutes to try that
<Doble> should I disable ACL's on my filesystem again before I do this ?
<Kamping_Kaiser> you have a layer of samba on top, so i dont know how that affects what your doing. I'm just telling you how unix groups would do it :
<Kamping_Kaiser> :)
<Doble> hmm okay, thanks, i will try
<beniwtv> hi all... I have followed the server guide for setting up bind9 on Hardy server, so that it acts as a caching name server. So it works fine when queriying from the local machine itself, but not from other machines in the network. Any ideas?
<Doble> Kamping_Kaiser: I am trying to delete a file ... I am a member of the group "everyone" and the group "everyone" is the owner of the directory, and the file itself, and the group has RWX access, but when I try to delete the file I get permission denied.
<Doble> beniwtv: have you set the other computers to use your server as DNS?
<Kamping_Kaiser> Doble, how was the file created, and how was the delition done?
<Kamping_Kaiser> Doble, also, #samba exists, probably more helpful then me ;)
<beniwtv> Doble: Nope, I'm just testing it right now with dig. The thing is I need to authorize other networks to query it.
<Doble> Kaiser: i cant remember how I made the file, but I'm trying to delete it using rm ... I also can't create any new files in the directory, despite having rwx
<simplexio> in console ? try sudo rm
<simplexio> if even that dosent work, its probably in use
<simplexio> fuser file shows who uses it, i f i recall right
<Doble> simplexio: sudo will work, but I should be able to delete the file, as I am the member of the group 'everyone' and 'everyone' is the owner of the folder, and the file, and the group has rwx
<Doble> fuser returns nothing :)
<Doble> beniwtv: sorry I dont quite understand, you've configured bind, and you want to use it as a cache, but you haven't pointed the other computers on your network at the bind server? you need to do that or the other PCS won't know where to look for DNS
<simplexio> Doble: groups confirms that you are in that group
<Doble> simplexio: interesting ... groups doesn't show me as a member of 'everyone' ... however if I do "sudo adduser jdoble everyone" .. I get "The user `jdoble' is already a member of `everyone'"
<simplexio> Doble: logout/login,, and it fixes it in that terminal.
<beniwtv> Doble: I know that :) But I'm querying it with the dig command, and returns responses when on the local machine. But from other machines I get client <ip>#49386: query (cache) '<domain>/A/IN' denied in the server logs
<simplexio> Doble: or su - , updates those too, im not sure if there is another way to upgrade groups
<Kamping_Kaiser> simplexio, Doble running 'login' from your prompt wil too
<Doble> beniwtv: I see ... have you checked that you have enabled the network in your bind conf? and that apparmor isn't blocking the server?
<Doble> simplexio: kaiser: ahh it is working now ... I wasn't aware that groups did not update immediately
<beniwtv> Doble: Apparmor isn't blocking - I checked that. How can I check I have networking in bind?
<Kamping_Kaiser> telnet <yourexternal ip> dns
<Kamping_Kaiser> might be s/dns/named actually
<Doble> beniwtv: sorry, I was confused with another conf file :) if you have bind configured it should be listening and 'just work' when you perform a dig, do you have reverse lookup set up for your subnet ?
<beniwtv> Kamping_Kaiser: Yep that works, and netstat tells me it's bound on all NIC's of the server. It just wont' answer, and I think I need to authorize the networks to query it
<beniwtv> Kamping_Kaiser: I think that is what the log message acutally means
<Doble> beniwtv: sounds like you are right but i can't remember any config setting to enable/authorize a network
<Kamping_Kaiser> I dont use bind, so cant help there. seems like a pile of overkill for my network :)
<owh> Kamping_Kaiser: So, you driving yet, or just bragging?
<beniwtv> Doble: It 'just works' from localhost, yes. But not from other machines, and I don't know why it would need to have reverse lookup if I query just google :)
<owh> <grin>
<Doble> beniwtv: I agree, I'm just stabbing in the dark ... sorry mate
<beniwtv> Kamping_Kaiser: Yeah, for a home network it's probably overkill. But we need it so that our users which are connecting to the Interner get a DNS :)
<beniwtv> s/Interner/Internet
<Kamping_Kaiser> owh, not visiting you tonight i'm afraid, got a gNewSense release to do ;0
<owh> Fine, fine, I'll deal with the disappointment :)
<Kamping_Kaiser> owh, have a drink to console yourself, or download our new release when its up;)
<owh> A new release, you mean break my production machine again :)
<Kamping_Kaiser> hehe
<Doble> can anyone tell me why i get the error "Failed to add entry for user bill." when I log in as bill ?
<Kamping_Kaiser> where is the error?
<Doble> sorry, i closed chat
<chris_d_adams> hi guys, I'm running ubuntu hardy server, and I'm struggling to understand why my vm isn't updating to intrepid
<chris_d_adams> are there any commands I'm missing here?>
<chris_d_adams> https://gist.github.com/a40f7676cc63c80e10ae
<Kamping_Kaiser> Doble, where is the error?
<owh> later all...
<Kamping_Kaiser> owh, later mate
<Doble> Kaiser: First line of the login ... so "login as: bill" "bill@192.168.2.10's password:" "Failed to add entry for user bill."
<chris_d_adams> I've just run the basic "aptitude update,  aptitude install update-manager-core, do-release-upgrade' steps
<Doble> Kaiser: I think its related to samba
<beniwtv> Doble: Have you added samba for PAM auth?
<Kamping_Kaiser> afk. dinner
<Doble> beniwtv: I'm not sure ... is that where samba syncs its users with ubuntu's users? If so - yes, because it is included by default when you install ubuntu 8.10 and choose "file server" which is what I did.
<beniwtv> Doble: yep, it syncs users there. Maybe the logs give you some more info. Like auth.log and daemon.log
<Doble> beniwtv: there doesnt seem to be any info in those two files ... just saying that 'bill' logged in
<beniwtv> Doble: Anything in syslog (maybe Apparmor?)
<milestone> hi folks
<milestone> this mornin unattended-upgrades upgraded my packages
<milestone> as always this works great
<milestone> but it also updated mysql-server
<milestone> the server was only stopped during the upgrade process
<milestone> (3 times)
<milestone> and never started
<milestone> is that desired behaviour or do i need to change some configuration to get it automatically started
<Actium> were you able to start it manually? anything suspicous in the log?
<milestone> Actium, yes i was
<milestone> and nothing suspicious in the log
<milestone> i am using hardy heron
<Actium> does the upgrade log state a reason, why the server hasnt been restarted?
<cbeebie> Hi guys, I'm writing the "ubuntu server" course for canonical. I want to include a brief comparison of RHN/Satellite/SpaceWalk with Landscape. What are the key feature differences I should mention?
<Doble> cbeebie: I can't help with your question, but maybe you can help with one of mine! I want to pursue some linux training, but I don't know where to start, are there any 'industry standard' certifications like an equivilant of a Microsoft Certified System Engineer?
<cbeebie> Doble - currently Canonical offer the Ubuntu Certified Professional (UCP) based on LPI level 1 plus an Ubuntu specific exam (LPI199)
<Doble> cbeebie: thanks, what is LPI level 1 ?
<cbeebie> Linux Professional Institute
<milestone> Actium, do you want me to post the log to some pastebin?
<Actium> worth a shot
<Doble> cbeebie: thanks, I'll check it out
<cbeebie> Doble, a good place to start might be http://www.ubuntu.com/training/
<Doble> cheers
<Doble> :( no training in australia
<cbeebie> I can come and deliver some if you want ... ;-)
<Kamping_Kaiser> Doble, no one lives in australia, what are you talking about :p
<Doble> lol
<Kamping_Kaiser> Doble, have to say i wasnt hugely impressed by my look at lpi , but perhaps i'll go do it one day.
<Kamping_Kaiser> ;)
<cbeebie> LPI has brought updated exam objectives online quite recently, you might want to take another look
<cbeebie> www.lpi.org
<Kamping_Kaiser> cbeebie, ah really? *visits*
<Doble> lpi don't offer anything in my reigon either lol
<eagles0513875> hey guys
<eagles0513875> im trying to upgrade from intrepid to jaunty for some reaason when i issue the do-release-upgrade to upgrade to the beta nothing happens its saying no new release found
<eagles0513875> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading
<eagles0513875> i followed the instructions that were on that how to but for some reason its not working
<milestone> Actium, here you go http://pastebin.com/m4a1553fc
<Actium> that is indeed weird
<eagles0513875> Actium: you have any idea why i cant upgrade from intrepid version of server to jaunty
<Actium> which error are you getting, eagles0513875. i did just that 3 days ago.
<eagles0513875> when i run the do-release upgrade command it keeps telling me no new release found
<eagles0513875> i made sure that the upgrade manager core is installed
<Actium> eagles0513875, you gotta use "do-release-upgrade -d".
<eagles0513875> as well as made sure the file that you have to edit has priority =normal which it does
<eagles0513875> Actium: ahh then site is wrong
<Actium> the -d is mandatory since jaunty is still flagged as in development (which it is).
<Actium> but it's working flawlessly on my machine.
<eagles0513875> ahhh i learned something new
<eagles0513875> Actium: im kinda weary of doing this upgrade like tihs
<eagles0513875> kubuntu has issues when doing it
<eagles0513875> your left with old stuff on kde like the old network manager and package manager
<Actium> i made a complete backup of my box, before i launched the upgrade.
<eagles0513875> this is on an old laptop
<eagles0513875> im on me new laptop
<eagles0513875> ended up using my usb boot pen drive to install it
<eagles0513875> which is a nice feature :)
<Actium> indeed, installing the netbook remix of ubuntu with my pendrive took like 5 minutes on an aspire one.
<eagles0513875> that only works with netbooks with screens up to 10 inches
<eagles0513875> this is an hp tablet which has a 12.1 inch screen
<eagles0513875> one thing i love about kubuntu and all this distro is how much stuff works outa the box
<eagles0513875> for me on this tablet just about everything minux wacom tablet stuff
<beniwtv> hey all... any ideas what I have to put in /etc/hosts so that postfix can resolve a domain to an internal IP? I've tried <hostname> <ip> but postfix ignores that.
<ikonia> beniwtv: look at your nsswitch.conf to check the order
<ikonia> beniwtv: you'll need an FQDN
<Actium> milestone: no errors, nothing suspicious, but it won't restart the server. it's probably a bug in the upgrade script, or whatever. if the mysqld starts after a reboot of your computer - check that - i'd just let it be.
<Actium> eagles0513875, we're in the wrong channel to talk about laptops/netbooks/tablet pcs ... ;)
<beniwtv> ikonia: It is hosts:          files dns, and yes, of course I put a complete domain... it was just an example acutally
<ikonia> beniwtv: can you ping it
<eagles0513875> sry Actium
<beniwtv> ikonia: yep
<ikonia> beniwtv: thats odd, but postfix ignores it
<beniwtv> ikonia: I also can telnet just fine
<ikonia> beniwtv: what is the hosting in the postfix main file ?
<beniwtv> ikonia: Hosting?
<ikonia> sorry - host
<ikonia> what host is in the postfix main file
<beniwtv> ikonia: "myhostname = radius02" Do you mean this?
<milestone> Actium
<ikonia> beniwtv: is that inthe postfix onfig
<milestone> ups sorry
<milestone> Actium, a bug in an upgrade skript on a production server aint that funny you know
<beniwtv> ikonia: Yep.... I just need to send monitoring e.mails to a server, but that server resolves in DNS as an external address on the same network, and my pix wont' let that happen. So I need to put the internal IP somewhere... maybe specifying a relay?
<Doble> I'm reading one of the samba docs and it lists a command - "chmod -R ug+rwxs,o-r+x /data" can anyone tell me what the "s" from "rwxs" does?
<Actium> sorry, milestone, just came back from lunch. of course it aint funny, but there's nothing i can do to determine what really caused that failure to restart. if you feel obliged to investigate, do so and if you find out, it's a bug in the update script, report it to the devs. that's how a major branch of oss improvent works, after all.
<soren> Doble: It sets the setuid/setgid bit.
<milestone> Actium, :)
<milestone> Actium, I know. I am doing work on the apache turbine project
<milestone> Actium, so is there a way to further investigate an upgrade problem without a package that needs upgrading? If yes, tell me more, and i will be more than happy to further investigate
<Actium> downgrade and then upgrade again.
<Actium> the previously installed package should still reside in you cache directory.
<Actium> and the postinstall script of the new package should provide you with very valuable information.
<milestone> on a productionsite. it will take me some time. probably sometime this or next week
<Actium> in that case i'd rather let it be. messing around with a production box is not exactly what i fancy doing. ;)
<Actium> i'm just glad my semi-production server "survived" the upgrade to jaunty without any major casualties, the other day.
<milestone> ;)
<milestone> but i think i know the answer already
<milestone> thinking about it
<Actium> "never change a running system"?
<milestone> IIRC the postinstall script calls invoke-rc.d
<milestone> since this a drbd cluster system with mysqld being controlled by heartbeat
<milestone> the server is not started just stopped
<milestone> invoke-rc.d will check if there are symlinks from the current RC directories to the init skript and call it only if they are there
<milestone> so
<milestone> what have i won?
<Actium> honestly: dunno
<milestone> Actium, i am 100% that that is the problem
<Actium> then maybe it's worth a bug-report.
<milestone> that won't do because it is not a bug when not in a cluster
<Actium> well, then its a bug that only takes effect when it's a cluster, but its a bug anyway. (imho)
<SockPants> hi
<SockPants> what is the meaning of cpu load in the form n.nn, m.mm, p.pp .. ?
<Actium> http://en.wikipedia.org/wiki/Load_(computing)
<SockPants> http://digg.com/d1ok8m
<soren> kirkland: I don't know if you noticed, but I came up with a backtrace for that kvm segfault we discussed yesterday.
<kirkland> soren: no, i missed it....
<kirkland> soren: what do you have?
<soren> https://bugs.edge.launchpad.net/ubuntu/+source/kvm/+bug/359447
<uvirtbot> Launchpad bug 359447 in kvm "kvm segfaults" [High,Triaged]
<kirkland> soren: oh, yeah, i haven't even made it through my bug list yet today
<kirkland> soren: still sorting through irc pings, then mail
<soren> kirkland: Alright, no worries.
<kirkland> soren: so the ide block device, huh
<soren> kirkland: Perhaps.
<soren> kirkland: That's where it's triggered, at least.
<soren> kirkland: I suppose I could switch to virtio and see if it helps any.
<soren> kirkland: Heck, I'll give it a shot. It can't get much worse than it is right n ow.
<kirkland> soren: still a block device, just using virtio, though?
 * soren is not sure he understands the question.
<kirkland> soren: you're not dd'ing the block device to a file first
<yann2> wrong channel guys :)
<kirkland> soren: which is what I was going to suggest
<kirkland> yann2: we're all over the place
<soren> kirkland: It... /is/ a file.
<soren> ?
<kirkland> soren: then i misunderstood your point
<kirkland> soren: i thought you said previously that the target disk was a block device
<soren> It's a file-backed, raw-formatted, virtio-connected virtual block device.
<kirkland> soren: okay, thanks
 * Faust-C wonders about creating a mail server and configuring TLS
<Actium> you might wanna try out dovecot-postfix (http://packages.ubuntu.com/jaunty/dovecot-postfix). unfortunately has only become available in jaunty.
<LyonJT> Hey!
<LyonJT> does ubuntu-server have directory capabilites?
<oruwork> LyonJT, can you be a little more specific with your question /
<genii> ldap?
<LyonJT> yes, sorry im from a windows enviroment thats why, for example on windows server you have active directory for groups users group policys etc do you have this in ubuntu server?
<eagles0513875> LyonJT: you can actually setup samba to be a domain controller
<LyonJT> is theree a ubuntu equilvent?
<andol> well, at least as a NT-domain controller.
<eagles0513875> LyonJT: any distro you can youse samba as a domain controller
<Faust-C> Actium, ty
<Faust-C> eagles0513875, samba3 as a DC isnt the solution by any means
<Faust-C> LyonJT, you can use items like samba to auth TO AD or use items like fedora-directory server to sync between AD and FDS (LDAP)
<Actium> you're welcome
<Fenix|work> Greetings and salutations!
<Fenix|work> I've compiled my own kernel module, and would like advise on loading it on boot.
<ikonia> Fenix|work: just depmod and modprobe it
<Fenix|work> ikonia, and stick it in /etc/modules?
<Faust-C> felipe_, yes
<Faust-C> err Fenix|work *
<ikonia> well in the correct sub dir of /lib/mdules/$kernel etc
<Fenix|work> ikonia, I compiled the module... then created an appropriate directory structure under /lib/modules/$kernel-ver/kernel/fs/
<Fenix|work> the dir name is the same as the module name
<ikonia> Fenix|work: perfect
<ikonia> Fenix|work: what is the module out of interest ?
<Fenix|work> qnx4fs module
<ikonia> ooh you've not wrote it, just built it
<Fenix|work> provides read/write support for qnx4 file systems.
<ikonia> yup
<Fenix|work> depmod -a
<Fenix|work> ?
<ikonia> bang on
<Fenix|work> modprobe <module name>
<ikonia> super
<Fenix|work> then <module name> on it's own line in /etc/modules and a reboot to make sure it works?
<ikonia> Fenix|work: but in theory if something needs qnx4 it should auto load it
<Fenix|work> I have a qnx4 partition that I want to mount on boot
<ikonia> should be fine
<Fenix|work> there it is.  It works.
<Fenix|work> thanks ikonia
<Fenix|work> oh... ikonia while I'm here... could you give me some advice on rsync?
<Fenix|work> I have an rsync daemon running on another box for /
<Fenix|work> but I want to exclude a directory and a couple of files.
<Fenix|work> and I have no clue how to do that
<Actium> under which user is ist running?
<Fenix|work> root
<Actium> that's gonna be difficult.
<Fenix|work> Actium, can you explain please?
<LyonJT> Faust-C: Is fedora directory server the equilavant to ad?
<Actium> in case rsyncd does not have any built-in directory-/file-exemption features, it's impossible.
<Faust-C> LyonJT, no, nothing is "equal" to AD
<LyonJT> Lool well in the same precepals
<LyonJT> princepals*
<Faust-C> well its LDAP but "simpler"
<Fenix|work> Actium, that's fine, but what about the rsync client pulling from the daemon?  Can I add excludes there?
<Faust-C> you can sync FDS to AD
<LyonJT> okay
<Faust-C> which is awsome but im still working out bugs w/ ubuntu
<Faust-C> i use it w/ centos
<lool> LyonJT: Hmm?
<Actium> you could set the unix permissions for those files in a way that root would not have read access, but usually root doesn't give a damn about permissions. so unix permissions won't do.
<LyonJT> and what apt do i need install to get fedora directory server on ubuntu server?
<Faust-C> LyonJT, sec lemme find link
<LyonJT> thanks!
<Actium> if possible, the excludes have to be set by the server. you can't just kindly ask your clients to specify a few parameters, can you?
<Faust-C> LyonJT, http://directory.fedoraproject.org/, look around the site, theres a howto for ubuntu
<Fenix|work> Actium, I am the server and the client :)
<LyonJT> Thank you Faust-C
<Faust-C> LyonJT, yw, btw bookmark my site: virtualdisaster.net, once i figure out how to make AD and linux play nice ill post it
 * Faust-C site is messed up atm but remember the link
<Fenix|work> I am using rsync as a near real-time backup of a system.  I want to back up everything (qnx4 system), but want to ignore the /dev directory and a couple of .files in the root
<Faust-C> Fenix|work, i say look into dar
<Actium> then you should use the "--exclude=PATTERN"-parameter
<Faust-C> then rsync the files over once its complete
<LyonJT> thank you very much Faust-C
<Faust-C> LyonJT, yw and good luck, you can do it,
<Fenix|work> Actium, exclude on the daemon when it starts, or on the client pulling from the daemon?
<Faust-C> Fenix|work, dar....
<LyonJT> Hopefully!
<Faust-C> if you want a accurate complete backup use the right tool for the right job
<Fenix|work> Faust-C, dar is not supported on QNX4
<Actium> client will suffice. any btw: you don't even need to use the daemon, in case you have a running ssh-server.
<Faust-C> Fenix|work, youre mounting the filesystem arent you
<Actium> rsync can easily stream itself over ssh
<Fenix|work> Actium, I haven't been able to successfully port over OpenSSH to QNX4 yet
<Actium> ok
<Fenix|work> Faust-C, I have two QNX boxes... the one I want to sync is running QNX.  The one I am syncing to is ubuntu-server with qnx4fs mounted partition.
<LyonJT> Faust-C: Quick question is there a command to sleep a ubuntu server?
<LyonJT> and does it support Wake on lan?
<Fenix|work> The hope is to sync the live box to the backup so if something were to happen to the live one, I can change boot order of the ubuntu server and boot a live copy of the backup with identical settings
<Faust-C> LyonJT, WOL depends on hardware, and yes theres a sleep command for desktop, idk about for server (i doubt it)
<Fenix|work> Actium, the exclude-from file, what format is it?
<LyonJT> idk?
<Fenix|work> i don't know
<Actium> probably just a text file with patterns to exclude seperated by newlines.
<LyonJT> Sorry that was to Faust-C
<Faust-C> LyonJT, no lol thats what idk means, i dont know
<Fenix|work> LyonJT, that was the answer to your question
<LyonJT> ohhh
<LyonJT> sorry lol
<LyonJT> i should know that!
<LyonJT> thank you though
<LyonJT> very simple question but whats the command to enable root
<Actium> sudo passwd
<LyonJT> thanks!
<Faust-C> man i need to create a mail server but have to make sure its simple to administer
<LyonJT> you done it before?
<Faust-C> nope, cause what i want is kinda complex
<LyonJT> Ohh fair enough
<Faust-C> i want it to auth to AD/LDAP and have a simple administration interface
<LyonJT> tricky!
<LyonJT> are you going to code it yourself?
<Faust-C> hopefully no
<LyonJT> How do you share files?
<LyonJT> is there a command
<Faust-C> samba
<Faust-C> smbclient
<LyonJT> what if the client is os x
<LyonJT> is there a afp equilvent
<LyonJT> dw
<LyonJT> i have found it
<ivoks> netatalk
<ivoks> but i would suggest using samba
<LyonJT> netatalk? is that like samba?
<ivoks> apple said they are abandoning AFP
<ivoks> + they broke it in latest OSX
<ivoks> well, they brake samba and cups all the time, so that's not news :D
<ivoks> LyonJT: yes, it's like samba; file sharing
<LyonJT> okay thank you
<ivoks> if you have latest osx
<ivoks> make sure to patch it :)
<LyonJT> i have found a good guide : http://www.kremalicious.com/2008/06/ubuntu-as-mac-file-server-and-time-machine-volume/
<ivoks> or disable restriction for cleartext passwords
<LyonJT> how can you disable clear text passwords? or is a built in already
<ivoks> look at the google
<ivoks> this howto recommends building your own package
<LyonJT> okay will do!
<ivoks> you can do that or enable clear text passwords in osx
<LyonJT> okay!
<ivoks> don't do 'sudo DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot'
<ivoks> leave out 'sudo
<ivoks> and don't do 'sudo gedit /etc/netatalk/afpd.conf'
<LyonJT> is that because ill be in root already?
<ivoks> edit /etc/default/netatalk
<ivoks> not, you should never build packages as root
<LyonJT> whys that
<ivoks> caus there might be rm -rf / in scripts
<LyonJT> so leave them two out ye?
<LyonJT> i was to use afp though
<LyonJT> want*
<ivoks> have you ever used debian or ubuntu before?
<LyonJT> Not really
<LyonJT> Here and there
<ivoks> then follow the guide
<ivoks> but just leave out sudo in package building
<LyonJT> Lol okay will do
<LyonJT> shall i be root when i do it?
<beniwtv> Hi all... I have a DNS now set-up, with forwarders commented out. However, it still resolves domains like google or so. Any ideas?
<ivoks> no
<ivoks> beniwtv: recursion no;?
<beniwtv> ivoks: that was it! thanks (still a bind newbie) :)
<ivoks> beniwtv: allow-query-cache ?
<beniwtv> ivoks: It works with recursion no; already, should I also use allow-query-cache?
<ivoks> beniwtv: you should allow query cache only to local net
<ivoks> beniwtv: have you set up acls?
<beniwtv> ivoks: No acls as I need it t be able to be queried from everywhere... (it will be the second authorative for our domains)
<Fenix|work> Greetings and salutations (again)
<Fenix|work> Actium, you have a moment?
<Actium> go ahead
<Fenix|work> Actium, is it possible to rsync '/' ?
<ivoks> :)
<Fenix|work> I'm getting the following when I try... receiving file list ... Offset underflow: file-length is negative
<Actium> i'll try ...
<Fenix|work> any subdirectory in rsyncd works though
<Actium> works for me. however i'm not using rsyncd, but rsync via ssh.
<Fenix|work> I think it isn't supported in my version
<Fenix|work> reading a little further... (sighs I know, should have sooner) it replies: rsync error: requested action not supported (code 4) at flist.c(846)
<Actium> rsync --version
<Actium> im running 3.0.5
<Fenix|work> QNX rsyncd is 2.6.8
<Fenix|work> can't seem to port a higher version
<Actium> sounds ancient to me
<Fenix|work> 2006 :)
 * Faust-C will use citadel and auth it against AD
<LyonJT> is there a way to search a file?
<Actium> grep it?
<Faust-C> LyonJT, find . -name *name*
<Faust-C> LyonJT, find . -name *name*  >> search.txt
 * Actium is stupid. he thought LyonJT wanted to search a file's contents.
<LyonJT> so i can use find . -myfile.txt ?
<Actium> no: find . -name myfile.txt
<Actium> g2g
<uvirtbot> New bug: #361802 in samba (main) "net sam list groups causes a segmentation fault" [Undecided,New] https://launchpad.net/bugs/361802
<LyonJT> is there a way to remotely install a ubuntu server?
<mdz> kirkland: I just had a panic following Apr 15 17:30:34 perseus kernel: [254450.083631] kvm: 26161: cpu0 unhandled wrmsr: 0xc0010117 data 0
<ivoks> LyonJT: yes
<ivoks> take care everybody
<mathiaz> ivoks: bye
<jmedina> hi ivoks
<kirkland> mdz: panic in the guest or host?
<mdz> kirkland: host
<kirkland> mdz: host crashed?  locked up?
<mdz> kirkland: I saw X mostly freeze, but the mouse was still responding.  after various attempts to revive it, I tried alt+sysrq+k and was rewarded with a flashing caps lock
<kirkland> mdz: doing anything special at the time, in the guest?
<mdz> kirkland: nope
<mdz> kirkland: had just booted a DVD for testing, was sitting in the desktop
<sbeattie> mdz: mouse still moving but display wedged is how X/intel GPU freezes seem to manifest in jaunty.
<kirkland> mdz: upstream had previously told me that those messages were benign, overzealous logging
<kirkland> mdz: i'll check with him again
<kirkland> mdz: can you try one thing ....
<kirkland> mdz: could you add clock=acpi_pm to your boot line?
<kirkland> mdz: https://launchpad.net/bugs/361754
<uvirtbot> Launchpad bug 361754 in kvm "guest needs to boot with clock=acpi_pm" [Undecided,New]
<kirkland> mdz: dholbach reported something similar this morning
<mdz> kirkland: it's possible that this was actually bug 359392
<uvirtbot> Launchpad bug 359392 in xserver-xorg-video-intel "[i965] X freezes starting on April 3rd" [Critical,Triaged] https://launchpad.net/bugs/359392
<mdz> kirkland: but I suspected kvm because of that message
<mdz> kirkland: I can, but I can't reproduce the bug
<kirkland> hmm
<kirkland> bug #243393
<uvirtbot> Launchpad bug 243393 in kvm "dmesg is flooded with warnings in kvm/mmu.c" [Low,Confirmed] https://launchpad.net/bugs/243393
<kirkland> mdz: who is Bryan Wu?
<kirkland> mdz: https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/325851
<uvirtbot> Launchpad bug 325851 in linux "[133672.221112] kvm: 28400: cpu0 unhandled wrmsr: 0xc0010117 data 0 " [Medium,Triaged]
<kirkland> mdz: i notice that he's assigned that bug, i don't recognize the name
 * kirkland steps out for a bite to eat, back shortly
<jcastro> nearly-last call for openweek sessions: https://wiki.ubuntu.com/UbuntuOpenWeek/Prep
<jcastro> soren: ^^^^
<jcastro> mathiaz: ^^^
<mdz> kirkland: Bryan Wu is one of the newest members of the canonical kernel team
<mdz> kirkland: he's based in Shanghai
<mdz> kirkland: it did happen just as I was switching desktops, so that hints that it might be 359392
<eagles0513875> Faust-C: what can be used as a domain controller
<jmedina> eagles0513875: you can use Samba as a NT style DC
<eagles0513875> jmedina: i know but Faust-C told me that i couldnt for some reason
<jmedina> eagles0513875: I use samba domain controllers since 5 years ago without problems
<mathiaz> jcastro: updated - thanks
<jmedina> they are ldap based
<eagles0513875> jmedina: thanks for enlightening me
<jmedina> you can also add strong security to the recipe using kerberos
<jmedina> eagles0513875: I have a howto
<eagles0513875> sweet link me
<jmedina> it is in spahish but I think it has good examples
<eagles0513875> might set up a domain controller on me old laptop which im converting to iptable firewall and bind server
<jmedina> http://tuxjm.net/docs/cursos/Samba+OpenLDAP+PAM+NSS-4Ubuntu/html/
<eagles0513875> jmedina: yo comprendo poquito espanol
<eagles0513875> lol
<jmedina> Im in the process of documenting ACLs
<jmedina> eagles0513875: good
<eagles0513875> kool
<eagles0513875> ill work on that later i need ot get bind setup i think lol
<LyonJT> how can you enable ufw?
<jmedina> you dont need DNS
<eagles0513875> jmedina: i am running a router yes but i would like it to use it as a dns cache for sites i visit
<jmedina> but is a good idea if you are masquerading your lan, you can save bw using caching dns
<eagles0513875> thats what i am wanting to do
<eagles0513875> !info masquerading
<ubottu> Package masquerading does not exist in intrepid
<eagles0513875> !masquerading
<ubottu> Sorry, I don't know anything about masquerading
<jmedina> eagles0513875: I mean NAT
<eagles0513875> right now im using a router which is doing the nat
<jdstrand> LyonJT: man ufw. basically: 'sudo ufw enable'
<LyonJT> thanks jdstrand
<LyonJT> does anyone have a guide to unix operating system.. example what etc, usr etc them folders are used for?
<giovani> LyonJT: filesystem heirarchy is not going to be consistent between operating systems based on unix
<jmedina> LyonJT: read FHS (Filesystem Hierarchy Standard) http://pathname.com/fhs/
<LyonJT> thank you
<LyonJT> No i understand that but i would like to understand the basic principles
<giovani> yep the FHS guide is a good one -- but very broad
<LyonJT> thanks
<Faust-C> jmedina, so you use samba as a domain controller
<Faust-C> a NT domain controller
<Faust-C> which is worthless
<jmedina> worthless?
<Faust-C> cause you cant mange systems as fine grained as you can w/ AD
<jmedina> why?
<Faust-C> maybe cause ppl need more than authentication
<jmedina> well my implementation works I use poledit for system policies
<jmedina> it is harder but works
 * Faust-C googles poledit
<Faust-C> imo work smarter not harder
<jmedina> poledit is the old program for creating system policies in nt4 dc
<Faust-C> oic
<jmedina> poledit.exe it is shipped with resource kit
<Faust-C> eh ... id rather use a single AD server and FDS
<jmedina> FDS?
<Faust-C> fedora directory server
<Faust-C> its a LDAP server
<jmedina> well I dont need AD, and my customers cant afford for a AD licence and CALs
<Faust-C> like Sun Directory
<jmedina> yes I know the old technology from FDS :D
<Faust-C> you dont need a AD license
<jmedina> well I mean the windows license
<Faust-C> you need one server license and then user cals which arent expensive
<jmedina> Faust-C: well probably for you arent expensive
<Faust-C> or you can use FDS and pGINA
<jmedina> pgina is not maintained
<Faust-C> jmedina, we're dirt poor atm but i wont waste money or time
<Faust-C> and using a NT DC is still supported?
<jmedina> well it works with win98-vista clients
<Faust-C> well good luck migrating to anything else
<Faust-C> i plan to use FDS or some kind of LDAP server as the base and then AD
<jmedina> Faust-C: can you explain more about that solution?
<Faust-C> jmedina, create a FDS server, then at least you can auth clients against that
<Faust-C> if you happen to get funds for AD you can sync FDS w/ AD
<Faust-C> or sync to any other standards compliant LDAP server
<jmedina> well I dont use FDS, I use OpenLDAP
<Faust-C> such as eDir
<jmedina> samba with ldap backend
<Faust-C> you can use FDS w/ samba, just as you can w/ any LDAP server
<jmedina> yeap I know, but I dont see any advantage at the moment
<Faust-C> well consider this, if you get hit by a bus, whom will take over
<jmedina> Faust-C: do you know if samba4 will support FDS?
<Faust-C> doesnt matter cause samba is standards compliant
<Faust-C> meaning it will work w/ any standards compliant LDAP server
<jmedina> I know they added support for openldap as backend
<jmedina> I mean integrated, samba team has been working with openldap team for a complete integration
<Faust-C> idk setting up FDS takes a few hours (like 2) compared to openldap
<Faust-C> not to mention native consoles for MS and Linux
<jmedina> openldap team has been helping samba developers to solve some ldap implementations with AD schemas
<jmedina> I know nothing about FDS and samba4 integration
<Faust-C> youre looking at this very backwards
<Faust-C> focus on future proofing your infrastructure, not creating a home brewed solution that in reality is more expensive than a 3rd party solution
<jmedina> Im not sure about that right now, I need to test FDS and try to achieve all the features I do with openlda+samba
<Faust-C> jmedina, it supports samba, most "standards" compliant LDAP servers do
<Faust-C> plus it leaves the option to use AD if you ever need to
 * Faust-C doesnt like using MS but it has its place
<jmedina> Faust-C: Im reading that samba4 has FDS support :D
<Faust-C> sweet
<Faust-C> im actually looking forward to samba4
<jmedina> I need to catch up with FDS compatibility
<jmedina> --ldap-backend-type=fedora-ds
<jmedina> :D
<Faust-C> jmedina, hell look at Sun Directory server (its based off FDS, well RHDS)
<jmedina> Faust-C: mm but Sun says Sun dir it uses old technolgy they are migrating to OpenDS
<Faust-C> jmedina, o rly, didnt know that,
<Faust-C> wow looks nice
<jmedina> https://www.opends.org/wiki/page/ProjectDefinition#section-ProjectDefinition-WhyNotOpenSourceTheCurrentSunJavaSystemDirectoryServer
<Faust-C> jmedina, btw i only "nag" at you cause i want to see you succeed!!
<Faust-C> jmedina, hmm its true about the FDS thing
<Faust-C> the channel is full but yet i hardly see any docs on FDS
<Faust-C> but i have ONE that is uber awsome
<jmedina> Faust-C: about what thing?
<Faust-C> jmedina, that no one has much interest in FDS
<Faust-C> sadly....
<jmedina> All people I know says something like: "bahhh, old technology...."
<jmedina> people that at some time used netscape or sun directory, then migrated to openldap for performance and support reasons
<jmedina> that is one of the reasons HP migrated all theri enterprise directory from propietary to openldap
<Faust-C> jmedina, the only thing i do not like about openldap
<Faust-C> is the manual configuration, i dont mind a terminal (considering all my personal systems but one are linux) but man come on
<Faust-C> and all the docs are overly technical
<jmedina> yeap, but that can be improved and we can help
<Faust-C> of course
<Faust-C> ive dedicated my site to creating "enterprise" documentation
<Faust-C> to show that opensource can work in the enterprise
<jmedina> good
<jmedina> and what is our site?
<jmedina> *your
<Faust-C> virtualdisaster.net, its not ready yet but in a few days it will be ready for use
<Faust-C> bookmark it for future reference
<jmedina> thanks
 * Faust-C makes note to finish it this week
<Faust-C> no thank you, i think ill drop FDS lol
<jmedina> Faust-C: :D
<Faust-C> and look at either pure openldap or this openDS
<jmedina> well I wont drop it until I do real comparisions and benchmarks
<jmedina> by the way yesterday was released openldap stable
<Faust-C> well considering FDS isnt getting much life, and i want something simple
<jmedina> Faust-C: are you using any ldap implementation at the moment?
<Faust-C> sadly no
<Faust-C> but i need some kinda LDAP (i dont really care about AD cause I can make that work)
<Faust-C> cause my new mail server, file server will auth to ldap
<jmedina> you can also sync AD with openldap
<Faust-C> yeah
<jmedina> or even use openldap as a AD proxy :D
<Faust-C> jmedina, would you have any good links for openldap?
<Faust-C> well thats what i want to do
<jmedina> Faust-C: the book
<Faust-C> really?
<Faust-C> i tried to read it once and was like damn ....
<Faust-C> wow, opends has a neat installer....
<jmedina> Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services
<jmedina> http://www.packtpub.com/OpenLDAP-Developers-Server-Open-Source-Linux/book
<Faust-C> sweet deal thanks
<jmedina> Faust-C: opends has a good integration with OpenSSO for single sign on for java apps
<jmedina> some goverment offices here are migrating to that because mosth of their enterprise apps are bult in java
<Gargoyle> Good evening my irc loving friends
<Faust-C> thats what i want so bad SSO
<Faust-C> hell i use joomla and it can auth to ldap which would be awsome for a intra website
<jmedina> yeap
<Faust-C> matter of fact use it for clients
<jmedina> I use ldap for everything, samba, squid, apache, radius, ezpublish, mediawiki, mantis, jabber, linux logins (NSS+pam)
<jmedina> and openvpn
<jmedina> and of course for global address book
<Faust-C> yeah
<jmedina> postfix, courier-imap (next dovecot)
<Faust-C> jmedina, once my site is ready im gonna kidnap you and have you document all that
<jmedina> Faust-C: I have some documents about every solutions but in plain text files
<jmedina> Im moving to docbook
<jmedina> my site is tuxjm.net
<Fenix|work> Greetings
<Fenix|work> I have a couple of files I can't seem to delete
<Fenix|work> ls -Flai shows the following
<kirkland> mdz: ack on bryan wu, thanks for the pointer
<Fenix|work> 1528939 ?????????? ? ?    ?       ?                ? vs100
<kirkland> mdz: intel video?
<kirkland> mdz: i saw something similar this morning, when doing alt-tab,   kernel panic, flashing caps-locked
<Fenix|work> when using rm -f I get  rm: cannot remove `vs100': Input/output error
<kirkland> mdz: i recently switch from my nvidia thinkpad to my intel thinkpad, and just saw this issue for the first time
<mdz> kirkland: it's happened to me twice today
<kirkland> mdz: compiz or no?
<mdz> kirkland: compiz.  the workaround is to turn it off
<gate_keeper_> hey guys
<gate_keeper_> any recommends for faster copy sync then cp -auv or  rsync -az
<gate_keeper_> ?
<gate_keeper_> i have 700GB
<gate_keeper_> drives
<gate_keeper_> that i need to sync them
<Gargoyle> gate_keeper_: dd ?
<gate_keeper_> rsync is slow, coz is making file list
<gate_keeper_> :/
<gate_keeper_> Gargoyle, probably it'll last forever to create 700GB image
<gate_keeper_> :)
<Faust-C> gate_keeper_, look into network raid maybe?
<Faust-C> DRBD
<gate_keeper_> maybe ..
<andol> gate_keeper_: How about a tar stream?
<gate_keeper_> well .. the hard drives are connected on the server
<gate_keeper_> :)
<gate_keeper_> network raid will not work ..
<gate_keeper_> all i need is update of the files
<gate_keeper_> probably cp -u
<gate_keeper_> is the best options
<gate_keeper_> *option
<gate_keeper_> however
<uvirtbot> New bug: #361961 in dovecot (main) "dovecot not configured to listen to any ports after intrepid->jaunty upgrade" [Undecided,New] https://launchpad.net/bugs/361961
<ScottK> Ah.   ^^^ new security feature.
<jdstrand> safety first
<Actium> pretty effective.
<foxbuntu> hey all I did something pretty stupid and disabled the admin account in the sudoers file, is there a way to reset this without a livecd?
<giovani> foxbuntu: boot into single user mode
<foxbuntu> giovani, ah right
<foxbuntu> giovani, thanks!
<Actium> i doubt that. no. maybe the rescue mode can help you. it should allow a passwordless root login - of course unless you have set a root password.
<giovani> otherwise known as "recovery mode" in the ubuntu grub boot
<giovani> Actium: you doubt what?
<Actium> "is there a way to reset this without a livecd?"
<giovani> yes, there is
<giovani> I just said how
<Actium> i doubted that until i came up with the recovery mode idea.
<Actium> thats why i said "no" right in the following sentence.
<giovani> uh ... ok
<giovani> I just didn't see the need to repeat my advice and make it more confusing
<Actium> just a little misunderstanding. happens. ;)
<ScottK> Actium: It is a passwordless root login to log into recovery mode.
<giovani> yeah, that's the entire purpose of single user mode
<Actium> afaik only when there's no root pw set.
<giovani> nope
<Actium> then im probably mistaken.
<giovani> you are
<Actium> now i know why. i faintly remembered having read sth about setting a password to protect the recovery mode from being abused. it was however not *nix-password, but a grub-passwd.
<giovani> yes, that's completely urnelated
<giovani> unrelated*
<giovani> (to a root password)
<Actium> i know. i just did not recall the correct thing. (damn alcohol, if you ask me). ;)
<ScottK> Honestly anyone with physical access owns the box.  There's really no point unless you're worried about someone just walking by
<giovani> ScottK: I'd contend that considerable effort can be made to prevent someone, even someone with physical access, from accessing data/records on the machine
<giovani> can they unplug the power? Sure! does that equate to being able to read/modify the live machine's OS? no
<ScottK> giovani: Yes, but any of those methods that are likely to work for any length of time involve encryption.
<giovani> indeed they do
<giovani> and WDE is widely used
<giovani> all of my remote, personal servers are fully encrypted
<giovani> and they all have BIOS and GRUB passwords
<MatBoy> mhh since when is amavisd under ubuntu so different in configfiles >?
<ScottK> MatBoy: What do you mean?
<ScottK> Different than what?
<MatBoy> ScottK: the 50-user files and so on
<ScottK> MatBoy: We get that from Debian.
<ScottK> It actually works pretty well.  You change anything you want in 50-user and then if the maintainer makes changes in the other files you don't have to deal with manual config merges in the maintainer managed files.
<ScottK> Anything you put in the later 50-user file will over-ride whatever is in the earlier ones.
<MatBoy> ScottK: ok... but my sql wblist does not seem to work when I set everything in the 50-user
<ScottK> I expect it's a function of your syntax, not what file it's in, but I don't use sql, so can't give specific advice.
<MatBoy> ScottK: ok :)
<MatBoy> still a bummer that there are no good docs about ubuntu and DB drived amavisd
<ScottK> I'm sure sommer would love to have some input from you for the next edition of the Ubuntu Server Guide once you have it figured out.
<MatBoy> woie
<MatBoy> works
<jmedina> MatBoy: what was the problem?
<MatBoy> jmedina: I used the postvis admin sql lines
<MatBoy> they work OK
<MatBoy> but now... I would like to insert some reference into the quarantine table so a quarantine mail also has a mailbox column
<jmedina> Im MatBoy good I didnt know about postvis admin
<jmedina> s/Im//
<MatBoy> jmedina: but now
<MatBoy> jmedina: you never did ?
<jmedina> MatBoy: what? amavis+mysql?
<MatBoy> jmedina: postvis
<jmedina> nop, it is the first time I hear about postvis, looks good
<MatBoy> jmedina: nice
<MatBoy> jmedina: I build my own stuff atm
<MatBoy> it looks good indeed
<MatBoy> but there are alternatives
<MatBoy> does someone know anything about a policy port for amavisd ? 9998 ?
<jmedina> Your Distro is Insecure: Ubuntu: http://www.linux-mag.com/id/7297/1/
<MatBoy> huh ? distro insecure ?
<ScottK> MatBoy: It's about 99% FUD.
<MatBoy> ScottK: LOL
<MatBoy> ScottK: do you use /usr/sbin/amavisd-release
<MatBoy>  ?
<ScottK> MatBoy: I'm actually not currently using amavisd-new.   The project that I was going to use it for ended.  cemc and ivoks use it.  I'd ask them.
<MatBoy> ScottK: ok :) I switch to it from mailscanner which is kinda slow
<ScottK> Mailscanner and postfix is a bad combination.
<MatBoy> ScottK: mailscanner was a frontend using...
<MatBoy> uhm
<MatBoy> postfix I thought indeed
<ScottK> Bad plan.
<lamont> MatBoy: mailscanner is a abortion that does unspeakable things to postfix internals, and is pretty much guaranteed to break or break postfix anytime either is touched.
<MatBoy> lamont: so I don'tuse it ;)
<MatBoy> mhh, now that release socket
<jmedina> MatBoy: what about release socket?
<MatBoy> jmedina: it should be running, amavis-release... but i't's not a service.. so I don't know how that socket or port could be in use
<MatBoy> it should be running on port 9998, but I don't know how to start that service
<jmedina> mat afaik amavis-release is not a daemon, it is a program you should run whenever you want to relase a quarantined mail, the port is because amavis-relase conects to a amavisd policy bank
<ScottK> I believe that's correct.
#ubuntu-server 2009-04-16
<MatBoy> jmedina: yes, I understand that
<MatBoy> the question is why you should be able to connect to that port
<jmedina> MatBoy: I dont understand your question
<MatBoy> jmedina: never mind... have to ask soe devs
<MatBoy> *some
<jmedina> ok.........
<jmedina> MatBoy: so what is the answer?
<MatBoy> jmedina: I will let you know when they answered it :)
<jmedina> :D
<jmedina> so what was the answer?
<jmedina> I mean the question
<jmedina> I use amavis-release from command line to release mails
<MatBoy> jmedina: no, postvis admin wants to connect to it
<Sergii> Hi! I'm trying to build package in Ubuntu 8.10 x64 (php5) with mssql included, and I'm getting this message: "dpkg-buildpackage: failure: debian/rules clean gave error exit status 2" How do I troubleshoot it? I tried going back in the output, and was not able to link the command that is shown to the contents of any of the files...
<Gargoyle> Upgrading server...
 * Gargoyle holds breath
 * |dthacker| crosses fingers and toes
<Sergii> =)
<Gargoyle> All done
<|dthacker|> that was quick.
<Gargoyle> not much to typing apt-get upgrade!
<Gargoyle> :D
<Gargoyle> Fetched 53.3MB in 1s (34.6MB/s)
<|dthacker|> Gargoyle: from what level to Jaunty?
<Gargoyle> he he, also helps server is on a fat pipe!
<Gargoyle> Nahh, just doing the udates for hardy. I realised I had not done it since I got the server!
<Gargoyle> Although, I wonder if there is anything special I should ask my host about - Its a virtual machine in a bigger cluster!
<Gargoyle> Bit late for that now! :/
<Gargoyle> All the sites are still up and running so I guess its time for bed.
<Doble> hey folks - I'm trying to set up ubuntu & samba as a member of a windows AD domain, I've followed the guide on the ubuntu docs site but I can't browse to the server from a windows pc ... even though the share is set to browsable = yes and guest ok = yes, I get permission denied when I browse to \\bucket (the name of the server) ... any ideas ?
<twb> Doble: that sounds like a better question for #samba
<Doble> twb: cheers will try there
<jmedina> Doble: what about samba logs?
<jmedina> ok
<jmedina> go to #samba
<Doble> jmedina: which log should I look in? the ones for my windows PC are blank
<jmedina> Doble: first increase log level in smb.conf to 3 for example
<jmedina> restart samba
<jmedina> and watch to every file in /var/log/samba/
<Doble> !paste
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<Doble> jmedina: I'm recieving this error in the log.winbindd-idmap - http://paste.ubuntu.com/151783/
<hads> I was just reading the Karmic IdeaPool page and was wondering if anyone had a link to anything about "at" being deprecated? It's hard to search for.
<jmedina> Doble: I think you should add a idmap uid range
<jmedina> and probably the same for idmap gid range
<Doble> jmedina: is there a way to search a file using pico ?
<jmedina> idmap uid = 10000-20000
<jmedina> idmap gid = 10000-20000
<jmedina> to your smb.conf
<jmedina> and before you restart samba try
<jmedina> testparm
<jmedina> if there is no error then restart samba
<Doble> jmedina: I have     idmap uid = 50-9999999999 and     idmap gid = 50-9999999999
<Doble> should I change that ?
<jmedina> Doble: I dont use pico but I know how to search :S
<jmedina> did you try testparm?
<Doble> its alright, i worked it out
<jmedina> I not sure if that is a valid range
<jmedina> I always use that range for Samba AD members
<jmedina> I cant imagine that amount of users :D
<Doble> testparm returns this: http://paste.ubuntu.com/151784/
<jmedina> try with another range
<Doble> okay, one second
<Doble> okay, same error in the winbindd-idmap log
<jmedina> are you sure are new logs?
<jmedina> did you restart samba after change?
<jmedina> well I have to go
<jmedina> continue in #samba
<drspin> hi everyone -- I'm trying to figure out why our Ubuntu8.10 64-bit server locked up today
<drspin> syslog: console-kit-daemon[10699]: CRITICAL: cannot initialize libpolkit
<drspin> looks like Ubuntu8.10 needs policykit installed, but it's anything else
<drspin> I mean, if there is anything else I missed, I would love to hear it
<maxb> window level all
<eagles0513875> hey guys anyone have a more updated tutorial on how to setup samba as a domain controller
<eagles0513875> the one i found on howtoforge is a lil outdated
<_ruben> man .. self signed certs and gnutls are a complete bitch
<eagles0513875> not sure if what im trying to do is worse
<eagles0513875> setting up samba as a domain controller using openldap
<kraut> moin
<eagles0513875> hey guys
<_ruben> seems im running into a gnutls regression :(
<eagles0513875> :(
<eagles0513875> i cant find the slapd.conf file
<eagles0513875> im wondering if me upgrading to jaunty from intrepid had somethign to do with it
<LyonJT_> Morning all
<LyonJT_> Can a VPN block ssh packets?
<_ruben> sure, as can firewalls
<LyonJT_> ohh
<LyonJT_> how can i check if the ports open?
<_ruben> ask the administrator of the vpn?
<LyonJT_> lol sorry i just realised it was a stupid question
<LyonJT_> is ssh tcp or udp?
<_ruben> tcp port 22
<LyonJT__> thanks _ruben
<uvirtbot> New bug: #349913 in openssh (main) "sftp: cannot enter umlauts like Ã¤, Ã¶, Ã¼" [Undecided,Confirmed] https://launchpad.net/bugs/349913
<mattt> anyone know if there are php-fpm packages for ubuntu anywhere?
<drbobb> ugh, i forgot the command for unsetting away status
<drbobb> konversation had that in a menu, and kde4's quassel doesn't :(
<_ruben> "/away" tends to do the trick on most non-braindead clients ;)
<drbobb> ok got that
<drbobb> anyway, has anyone found that LVM does not like sun disklabels? or is it something that I did wrong
<_ruben> dos and gpt are the only ones i use, so wouldnt know :)
<LyonJT__> what is lvm?
<_ruben> logical volume management
<_ruben> !lvm
<ubottu> raid is Tips and tricks for RAID and LVM can be found on https://help.ubuntu.com/community/Installation/SoftwareRAID wto and http://www.tldp.org/HOWTO/LVM-HOWTO - For software RAID, see https://help.ubuntu.com/community/FakeRaidHowto
<drbobb> ishould have said LVM2, but i suppose that's been the default version for a while anyway
<drbobb> I had a drive that was swapped from sun sparc machine, and i didn't feel like repartitioning it
<drbobb> but after pvcreate seemed to succeed, other LVM commands started emitting weird warnings
<drbobb> and when I later tried to fdisk -l the drive, the label to be corrupted
<drbobb> the disklabel seemed to be corrupted
<_ruben> i'd prefer repartitioning over using 'strange' disklabels personally :)
<drbobb> right, so i did that in the end
<drbobb> but how 'strange' is sun's solaris, it's been around for a few years now hasn't it
<drbobb> (actually the first time I accessed the internets it was using sunos boxes)
<drbobb> (that was, uh, over 15 ys ago iirc)
<_ruben> sun disklabels aren't strange for sun boxes, i do label them 'strange' for non-sun boxes :)
<drbobb> well i don't think the h/w itself cares much, and i heard linux runs pretty well on sun boxes too ;-)
<_ruben> true, but with sun boxes i meant boxes running a sun os :)
<drbobb> i must try dual-booting an ultrasparc one of these days
<drbobb> and compare the performance on a level field
<LyonJT> for mount-point what do i put
<LyonJT> it says enter a value for a mount point
<abcdasd> how do i get apt-get to re-generate a config file for a program? I removed vsftpd and now I want to re-install it, but when I do, the config file isn't generated and I need it to configure the FTP!
<hads> Remove the package with apt-get purge
<hads> (or aptitude)
<abcdasd> hads: when i do that I recieve 0 upgraded, 0 newly installed, 0 to remove and 57 not upgraded.
<drbobb> sometimes dpkg-reconfigure packagename does the trick
<hads> aptitude will let you purge a package when it's not installed
<abcdasd> drbobb: that doesn't seem to have worked ... the config file still doesn't exist
<hads> apt-get does not
<drbobb> abcdasd: you might have to set a priority, or whatever it's called
<abcdasd> ?
<drbobb> man dpkg-reconfigure
<drbobb> the `-p' option
<abcdasd> drbobb: still no luck
<drbobb> sorry about that
<drbobb> i'd try a purge + reinstall
<abcdasd> drbobb: I have tried that .. should I restart the server in between uninstall/purge/reinstall ?
<drbobb> no, why would you need to do that
<abcdasd> i don't know, just my old windows sysadmin instinct kicking in :) ... the purge /reinstall doesn't seem to have any effect
<henriquelm> Hello there
<incorrect> I am trying to run a script that uses pushd and popd, i've changed the script to use bash not sh
<incorrect> but that didn't fix it
<soren> "fix it"?
<soren> What's not working?
<incorrect> sorry, pushd and popd
<uvirtbot> New bug: #360891 in dovecot (main) "fatal errors during install" [Medium,Confirmed] https://launchpad.net/bugs/360891
 * ScottK waves to ivoks.
<ivoks> ScottK: we might just quit on installing postfix's part in there's no main.cf
<ivoks> s/in/if
<ScottK> That's about all you can do I think.
<ScottK> Not exploding is good.
<ivoks> let me just check something
<ivoks> yet, it explodes :/
<ivoks> yep
<MatBoy> how do you guys solve that annoying ClamAV issue about updates when the repo is out of date ?
<ivoks> i say some nasty words about clamav :)
<MatBoy> clamav is nice
<ScottK> MatBoy: I volunteer a lot of time to get the Ubuntu clamav packages updated and tested as soon as possible.
<MatBoy> ScottK: ok, can I help on this ?
<ScottK> MatBoy: What do you use clamav with and on what release (yes)?
<ivoks> of course
<MatBoy> I doubt is the virus definistions are updated when you get this message
<ScottK> Virus definitions are still updated
<MatBoy> ScottK: I'm on.... WARNING: Local version: 0.94.2 Recommended version: 0.95.1
<ScottK> What you don't have is the latest engine so not all the definitions can be used.
<MatBoy> keej
<MatBoy> nope indeed
<ScottK> MatBoy: Which Ubuntu release?
<MatBoy> I'm on 8.10
<MatBoy> Intrepid
<ScottK> And how do you use clamav?
<MatBoy> ScottK: with amavisd
<ScottK> MatBoy: OK.  We have a group that work on it.  https://wiki.ubuntu.com/MOTU/Clamav has some information.
<ScottK> 0.95.1 in in the ubuntu-clamav PPA for testing.
<MatBoy> this looks nice
<ScottK> cemc can give you advice on helping with testing as he's been doing most of it recently.
<ivoks> ppa for stuff like this would be great
<ivoks> clamav is a moving target
<ivoks> it would be easier to handle it with ppa, than -updates
<ScottK> We use the PPA for testing, push to backports when we have all the rdepends updated, and then to -security/-updates once they've had broad testing.
<cemc> but PPA isn't that restricted, anybody can upload anything and mess it up :) be accident of course
<cemc> by*
<ScottK> Since the clamav upgrades fix security issues we do need to get them into the official repos.
<ScottK> PPA is a good stopping place, but not enough
<ivoks> true
<MatBoy> I need to read more about PPA
<cemc> create your own, and play around with it a bit ;)
<MatBoy> I'm wondering if amavisd quarantines a mail because of a virus... to it sees it as "Banned"... if it should remove the virus on releasing
<ScottK> I don't think one can rely on that sort of thing even if it works sometimes.
<ScottK> Did you ever get a virus mail that you wanted to keep?
 * ScottK would recommend just ditch anything labled virus
<MatBoy> ScottK: true, but the virus is tagged as Banned...
<ivoks> in mail.log?
<ScottK> Change it to discard
<ScottK> ivoks knows amavisd-new better than me, so I'd listen to him
<MatBoy> ivoks: no in my postvis admin tool that I'm testing to see how to script such thing :)
<MatBoy> so I use SQL quarantine
<cemc> MatBoy: you put the banned/virus email in SQL ?
<ScottK> cemc: Did you ever figure anything about qpsmtpd?  If you get a fix, I can still get it in Jaunty.
<cemc> ScottK: never got around to that... but I'll take a look tonight and give you an answer
<MatBoy> cemc: yep
<ScottK> Thanks
<cemc> MatBoy: even if it has a banned 10mb attachment on it?
<MatBoy> cemc: possible... but I can select on it
<MatBoy> I can say... max X-MB
<cemc> is that wise? why not store it in a directory somewhere and have the information (path, size etc) in SQL ?
<cemc> I'm no expert, just asking ;)
<MatBoy> cemc: I'm not an expert too... just figuring out what is best and try to understand why :P
<MatBoy> cemc: directory can be done too indeed
<MatBoy> cemc: need to figure that out too :D
<MatBoy> is there no good online spamfilter testtool that spams your spamfilter with about 100 mails ?
<MatBoy> they were there before
<ivoks> lool:
<ivoks> ups...
<MatBoy> UPS = Transport company or Universal Power Supply :P
<ivoks> ScottK: i have a new patch for that dovecot-postfix thingy
<ScottK> ivoks: OK.  Is it in the bug?
<ivoks> ScottK: uploading
<Actium> what bug? the "let's make postfix incredibly safe by having it not listen on any ports"-one? or did i miss sth?
<ivoks> Actium: bug 360891
<uvirtbot> Launchpad bug 360891 in dovecot "fatal errors during install" [Medium,Confirmed] https://launchpad.net/bugs/360891
<MatBoy> cemc: do you store on MySQL/file base ?
<Actium> thanks
<ivoks> ScottK: if there are gramar mistakes, please fix them; i'm not native english speaker :)
<ScottK> ivoks: Will do
<MatBoy> brb.. dizzy from antibiotics
<ivoks> lamont: postfix still leaves /var/lib/postfix behind on purge
<ivoks> lamont: bug 348990
<uvirtbot> Launchpad bug 348990 in postfix "Deinstallation doesn't delete all files" [Undecided,Confirmed] https://launchpad.net/bugs/348990
<ScottK> Postfix 2.6 RC out today too.
<ivoks> ScottK: well, you could take care of this postfix bug
<ivoks> :)
<ivoks> since lamont isn't around
 * ScottK is about out of Ubuntu time for a while....
<ScottK> Need to get some actual $work done.
<ivoks> ok :)
<uvirtbot> New bug: #362344 in postfix (main) "Not able to fix while update - crashes - /usr/sbin/dpkg-reconfigure: postfix is broken or not fully installed" [Undecided,New] https://launchpad.net/bugs/362344
<ScottK> ivoks: Uploaded.
<ivoks> ScottK: great, thank you!
<jbernard> kirkland: i just pushed a branch of screen-profiles to lp:~jbernard/+junk/screen-profiles that fixes the typo in the screen-profiles-extras description
<kirkland> jbernard: cool, thanks
 * kirkland takes a quick look
<kirkland> jbernard: merged, thanks for you contribution ;-)
<jbernard> kirkland: no problem, that was easy ;)
<kirkland> jbernard: agreed ;-)
<MatBoy> cemc: around ?
<lamont> ScottK: thanks for taking care of the /var/lib/postfix thing
<ScottK> lamont: I didn't.  The fixed thing was about a dovecot bug.
<lamont> ah, ok
<lamont> frankly, I don't really consider any droppings-on-purge to be release critical
<lamont> though they are definitely "fix in karmic"
<lamont> although all the MTAs suffer from the same "we don't nuke /etc/aliases on purge" feature
<MatBoy> lol amavisd with sql is kinda tricky
<cemc> MatBoy: yes?
<MatBoy> cemc: do you quarantine using mysql and files ?
<cemc> MatBoy: I'm not really using amavis either... and when I did, I don't remember qurantining anything. just log and discard
<cemc> I realize that it may not be the best policy
<MatBoy> cemc: ok
<cemc> why are you going thru so much trouble anyway? just quarantine it in a file, and you have the logs if something's needed, right?
<MatBoy> and let the user re-sent his email ?
<cemc> let the user clean his system ;)
<cemc> and take better care of it next time
<cemc> what will you do with the quarantined stuff?
<uvirtbot> New bug: #362427 in openssh (main) "Public key ssh auth doesn't work in Jaunty" [Undecided,Invalid] https://launchpad.net/bugs/362427
<MatBoy> cemc: hold it for a while and remove it :)
<chris_d_adams> can anyone explain why apache gives this message when you have more than one vhost?
<chris_d_adams> VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported
<chris_d_adams> how do you resolve it?
<ivoks> you can resolve it with proper configuration
<ivoks> if NameVirtualHost is *:80, then all VirtualHosts need to be *:80
<ivoks> if NVH is *, then all VH should be *
<ivoks> but, it's just a warning, i doubt you'll have problems with that setup
<jmedina> hi ivoks
<chris_d_adams> ah
<chris_d_adams> thanks
<ivoks> hi jmedina
<ivoks> hi all :)
<jmedina> ivoks: which bacula version are you using in production?
<ivoks> those from repository
<ivoks> in 8.04
<jmedina> bacula team just releases bacula 3.0.0 and they annonced that they will drop bacul 2.4 support in a few months
<jmedina> the code base now will be 3.0x, I was asking about upstream 2.2 lifetime in #bacula
<jmedina> some devs told me that if they are going to drop 2.4 they doubt there is 2.2 support at the moment
<jmedina> ivoks: yeap Im using 2.2.x from hardy repo
<ivoks> they are moving too fast
<chris_d_adams> ivoks: that's cleared up that problem
<chris_d_adams> but I'm also getting this message:
<chris_d_adams>  [warn] NameVirtualHost *:80 has no VirtualHosts
<chris_d_adams> should I worry about that?
<ivoks> chris_d_adams: read my answer one more time :)
<chris_d_adams> ivoks: I've set the named vhost to  NameVirtualHost *:80,  and all the vhosts are <VirtualHost *:80>
<chris_d_adams> i thought i was following your answer
<jmedina> ivoks: I dont see any info about 2.2 support in bacula news
<LyonJT> is there a facebook developer irc?
<ivoks> chris_d_adams: maybe you've put multiple NVHs
<ivoks> jmedina: you are worried for security?
<cemc> chris_d_adams: I have my NVH *:80 in httpd.conf, and in sites-available I have a bunch of <VirtualHost *:80>s
<chris_d_adams> ah cemc  thanks, I'll check there
<chris_d_adams> cemc: weird, me adding that gave me the error twice
<ivoks> you should have only one NVH per IP/port
<jmedina> ivoks: well not at the moment, im worried about support
<ivoks> jmedina: ubuntu provides support for packages in ubuntu ;)
<ivoks> baculasystems support only their own packages
<cemc> chris_d_adams: NVH *:80 should be only in one place, check the other files too
<ivoks> http://httpd.apache.org/docs/2.2/mod/core.html#namevirtualhost
<ivoks> read this
<cemc> chris_d_adams: do a 'grep -Ri namevirtualhost *' in /etc/apache2
<jmedina> ivoks: I know, any plans to package 3.0.x?
<ivoks> jmedina: not for jaunty :)
<chris_d_adams> cemc: thanks
<cemc> chris_d_adams: but you should read the apache docs too
<chris_d_adams> ivoks: they've been in front of me for the last 15 mins, and I've been following the examples here
<chris_d_adams> thanks for your patience so far, I have rtfm'ing, i promise
<ivoks> chris_d_adams: ubuntu ships some default configuration
<ivoks> there's default web page in sites-enabled
<ivoks> in has NVH in it, and it's *
<ivoks> so, if you don't disable that web site, you shouldn't add NVH into your web sites
<ivoks> also, all your websites would be <VirtualHost *>
<chris_d_adams> the offending article was in ports.conf
<chris_d_adams> thanks guys!
<ivoks> ports.conf?!
<chris_d_adams> that's the only place I didn't look
<ivoks> it shouldn't be there anyway
<ivoks> that's for ports
<ivoks> not virtualhosts
<ivoks> i agree, apache configuration should be easier :)
<chris_d_adams> I'm running a ubuntu 8.10 vm with memset.com
<chris_d_adams> may be they put it in there for laughs
<chris_d_adams> thanks again for your help
<chris_d_adams> this had been driving me insane
<ivoks> vms suck
<ivoks> there's too many people who create them and don't have a clue about what they are doing :)
<ivoks> what's the name of vm provider that set's clock to Georgian time?
<ivoks> sets
<chris_d_adams> ivoks: this is true
<ivoks> they are from Georgia, USA, but set the clock to Georgia, Europe
<ivoks> not only the clock, but also do LC :)
<ivoks> orudie was the victime of that vm provider :D
<ivoks> too many typos, time to go to bed
<uvirtbot> New bug: #362510 in openssh (main) "force-command unable to pass arguments along to internal-sftp (dup-of: 362511)" [Undecided,New] https://launchpad.net/bugs/362510
<LyonJT> Does anyone have a guide to Squid Proxy server?
<uvirtbot> New bug: #362511 in openssh (main) "force-command unable to pass arguments along to internal-sftp" [Undecided,New] https://launchpad.net/bugs/362511
<LyonJT> What is the workgroup used for in samba configuration file?
<genii> LyonJT: When you browse the network, you see for instance: Workgroup: MSHome   or such. Then inside there will be all the computers with shares which also belong to the workgroup called MSHome
<LyonJT> Don't worry i just worked it out but thank you!
<genii> np
<LyonJT> :)
<LyonJT> what port do you use to access a squid proxy server?
<giovani> LyonJT: the default is 3128, iirc
<giovani> but just check your config file
<LyonJT> will do but its soo big!
<giovani> just do a text search for 3128
<giovani> or "port"
<giovani> should be straightforward
<coffeedude> giovani is right
<coffeedude> it's 3128
<LyonJT> yes i found it
<LyonJT> is it tcp or udp?
<coffeedude> tcp
<giovani> HTTP is TCP
<LyonJT> thanks!
<LyonJT> how can i enable user name and password  on it?
<giovani> either read the squid docs/config
<giovani> or #squid
<LyonJT> thanks buddy
<LyonJT> my proxy server seems to work
<LyonJT> but msn messenger doesn't seem to work why is that?
<foxbuntu> LyonJT, sounds like a config issue with MSN Messanger
<LyonJT> realy :S
<giovani> LyonJT: messenger apps tend to be complex -- they use many ports sometimes, who knows
<LyonJT> i got the ip address of the proxy and the port number though
<LyonJT> thank you
<LyonJT> never mind ill look into it
<LyonJT> i am trying to install webmin
<LyonJT> sudo dpkg -i webmin_1.441_all.deb
<LyonJT> i use that
<LyonJT> but it says it cant find it
<LyonJT> :S
<LyonJT> but when i put ls in it is there
<foxbuntu> LyonJT, permissions
<LyonJT> oh dw i found out
<LyonJT> lol
<LyonJT> no no  i was using the wrong switch
<LyonJT> lol
<foxbuntu> ok
<LyonJT> thank you though!
<vraa> you only have to restart when there is a kernel change right?
<jmedina> vraa: or when the system crashes
<friartuck> ha ha
<jmedina> but rarely happens, most because hardware failure
<vraa> no it's never crashed
<vraa> it's ibm hardware, it won't fail
<vraa> :D
<vraa> so when i run "sudo apt-get update && sudo apt-get upgrade" is there a way to tell when it'll require a restart or when it won't?
<jmedina> vraa: unless you upgrade kernel and you really need to boot with it
<jmedina> if not, probably the most you can do is restart/reload services/daemons
#ubuntu-server 2009-04-17
<Stargazer> For some reason *server isn't connecting automatically when i plug in the eth cable.
<Stargazer> How would i access a server that i have right next to me through PuTTy ?
<vraa> stargazer, you can use ssh perhaps
<Stargazer> Right, but how do i know what to go to ?
<Stargazer> The Host Name for example.
<vraa> assuming computer A is what you want to access, and computer B is what you are using now, i would isntall putty on computer B, and openssh server on computer A, then in putty you connect to the hostname of computer B and it'll ask for login info
<vraa> http://unixwiz.net/images/putty-openssh-3.gif  <-- see that for an example
<vraa> http://myweb.csuchico.edu/images/putty_config.gif
<mattt> ouch, just got bit by the inode ratio change on lenny
<twb> mattt: what is that, I haven't heard of it.
<twb> mattt: are you talking about ext3's number of blocks per inode?
<rags> I need to make a clone of my ubuntu installiation....Wht tools to use...Partimage?
<jtaji> rags: clonezilla is nice (it's based on partimage)
<twb> rags: it depends how much you want to "clone".
<twb> Do you want to clone at the disks' block layer?  At the filesystem layer?  Merely the list of installed applications and debconf preferences?
<rags> I want an exact clone...so block layer I guess...
<rags> I want a backup disk...so tht if anything goes wrong with this one I can just plug in the backup and get the server up.
<twb> If it's for business continuity (disaster recovery), you probably want a filesystem-level backup.
<rags> so basically an exact clone...
<twb> That is, all the files stay the same, but they might be arranged differently PHYSICALLY on different blocks on the backup disk's filesystem.
<rags> ya..tht'll do..
<twb> rags: well this is why I ask what you mean by "exact".
<rags> kk...as long as it boots up fine.
<twb> rags: are you backing up over network, or to an external HDD, or what?
<rags> no...both are internal
<rags> sata drives...
<twb> rags: ah, OK, in that case you might want RAID.
<twb> rags: are you aready using RAID?
<rags> no
<twb> RAID1 makes two (or more) disks block-level identical.
<twb> This means that either disk can die without the system breaking.
<rags> this is preparatin for raid actaully....I will be RAIDing it next..but I want a backup b4 tht...
<twb> Ah, OK :-)
<twb> If it's just a temporary backup, probably you want a quick-and-dirty hack.
<twb> If the temporary backup disk is the same size, you can just dd the entire disk from one to the other.
<rags> ya..somthing like tht..
<rags> it is of the same size...
<rags> partimage won't be faster then dd?
<twb> I'm not familiar with partimage.
<twb> It will only be faster if it doesn't make a block-level backup.
<rags> hmm...k
<twb> So let me just make sure I understand.
<rags> This is so tht if I mess up with RAID I can still get the server running.
<twb> You have THREE disks, and want to backup up the first one to the third.  Then you're going to remove the third disk and make the first and second disks into a RAID1.
<rags> yup...
<rags> exactly
<twb> OK, that's fine.
<twb> Just remember that once dd finishes, you should remove the third disk before you boot again.
<twb> Ubuntu will get confused if you have two disks with the "same" filesystem on them -- it might boot from the wrong disk.
<rags> this will be exact clones right...with the same UUID's...
<twb> Exactly
<rags> k...great..thx...I'll use dd.
<twb> _volatile
<twb> ubottu: volatile
<ubottu> Sorry, I don't know anything about volatile
<twb> Is there any equivalent to volatile.d.o for Ubuntu LTS?
<twb> e.g. clamav definitions
<JanC> twb: I'm not sure, but can't you use upstream for definitions?
<twb> JanC: I *could*, but then I would be using whatever filthy upstream has, not Ubuntu's nicely integrated whatever
<twb> Another example (which still amazes me) is that libpurple (pidgin) is in volatile.
<twb> Apparently because the AIM client needs to change regularly or something
<JanC> libpurple is in ubuntu main AFAIK  ;)
<twb> JanC: volatile is still main
<twb> volatile is like security; it's an extra repo on top of the stable repo
<JanC> Ubuntu doesn't have "volatile"
<JanC> only -updates
<twb> I wonder if hardy-updates is actually the same as lenny/volatile
<JanC> maybe
<JanC> more or less, to some extent, etc.  ;)
<JanC> policies are different I think
<JanC> -backports exists too
<JanC> but for virus definitions, I don't think either Debian or Ubuntu changes anything
<JanC> unless they have a dedicated AV-team of at least 5-6 people, which I doubt  ;)
<twb> backports would correspond to b.p.o
<twb> (Actually if it was up to me clamav wouldn't even be ON this box, since the only clients are also Ubuntu, and one of the two sites is not connected to the internet.)
<twb> Hmm, http://releases.ubuntu.com/8.04/ubuntu-8.04-desktop-i386.iso used to work.  Now it is a 404.
<twb> Where do old desktop .iso's move to?
<JanC> eh, 8.04 should still work
<JanC> twb: http://releases.ubuntu.com/8.04/ubuntu-8.04.2-desktop-i386.iso
<JanC> there is an updated iso
<twb> And if I don't want an updated ISO?
<twb> I have filesystem-level diffs against the original .iso
<JanC> twb:   ;)
<JanC> http://old-releases.ubuntu.com/releases/
<twb> I'm hoping for something like vault.cen- thanks
<twb> heh, it looks like one of the two sites I currently have, is working from 8.04.1.
 * mattt is in love w/ monit and nagios
<MTecknology> !info monit
<ubottu> monit (source: monit): A utility for monitoring and managing daemons or similar programs. In component universe, is extra. Version 1:4.10.1-3 (intrepid), package size 261 kB, installed size 696 kB
<MTecknology> !info nagios
<ubottu> Package nagios does not exist in intrepid
<rags> I am trying to setup RAID1 , am following a howto...it says "If your system has RAID support, you should have a file called /proc/mdstat"...but I don't have this file..does'nt ubuntu have support for RAID?
<VK7HSE> rags: What howto are you refering to?
<cemc> rags: if you don't have any RAID set up, there's no module loaded, so there's no /proc/mdstat
<tbl> Enter text here...hi
<a_c_m> morning all
<a_c_m> was wondering what ftp server people tend to recommended, need something simple and secure :)
<soren> vsftp
<a_c_m> soren: thanks, i got recommended that by someone else too... looks like the best choice :)
<cemc> me uses pureftpd
<cemc> I like how it has puredb, for setting up virtual users easily
<a_c_m> humm ok, let me explain further
<a_c_m> so we have a website, news site, and want people to be able to upload photos to their account via ftp. We have the harvesting system (Drupal's media mover) to import the data from an anon drop box, but i wanted to see if i could set up the ftp server so that users couldnt see each others uploads.
<a_c_m> The upload is only likely to be in the box for a few mins, but still.
<Gargoyle> mornin all
<a_c_m> would disabling get be enough?
<cemc> a_c_m: not sure, they still be able to do a 'ls' I think, no ?
<a_c_m> humm true
<a_c_m> seeing the filenames is /slightly/ less of an issue
<cemc> can't you set up multiple separate directories for every user?
<a_c_m> as users might get confused if they see their work uploaded then cant "see" it
<cemc> then collect from */ with drupal ?
<a_c_m> cemc: i can, but we have 5000+ users and more arriving every day
<a_c_m> not all will want to use ftp drop
<a_c_m> so
<cemc> a_c_m: pureftp has this thing called an upload script, which gets called after a file is uploaded, maybe you can do something with that
<a_c_m> humm
<cemc> or maybe you could try something with umask, so when a user uploads a file, he can't see it anymore, like chmod it to 0600 for drupal only, or something like that
<cemc> (that will confuse users tho)
<a_c_m> right
<a_c_m> humm
<a_c_m> i think thats probably the way to go
<cemc> you will have ftp user for every user, or one ftp user for all ?
<a_c_m> one for all probably anon
<a_c_m> drupal knows who owns the file by an unique token they put on the end of the file
<a_c_m> e.g. mypicture.jpg.uaf3f12
<cemc> so there are no users in drupal either?
<a_c_m> no, in drupal each user has an accoutn
<cemc> then maybe you could hack a select for pureftp to get the user and pass for a user from the drupal database
<cemc> and with some extra table you can set up ftp accounts with separat dirs or something
<cemc> just some wild ideas :)
<a_c_m> ceme: yeah may come to that... but atm im going for the fastest solution :)
<a_c_m> i think just disable downloads and chmod the file once its uploaded should do the trick
<cemc> a restrictive umask should do it
<cemc> a_c_m: another idea: not sure if you have antivirus support, or what kind of files will be uploaded there. with pureftp you can rig it to scan for viruses in the uploaded file
<a_c_m> jpg's only
<rags> Hello...I am trying to setup RAID 1 on my ubuntu server...I just got another hdd of same size. I am trying to use mdadm.
<a_c_m> cemc: if your interested, the site is called demotix.com :)
<rags> I planned to boot from a live cd and create the arrays...which will hoopefully sync the data...after tht will I be able to just boot into the system..
<twb> rags: it's a little tricky because you want to RAIDify existing disks
<rags> ther were some documents abt "degraded" raid
<rags> ya...
<rags> twb:existing disks...which include the boot partition...
<rags> I guess I have to mess around with grub..
<rags> and fstab..
<cemc> rags: not just with grub, you need to update the initrd image to get raid stuff in if I'm not mistaken
<cemc> a_c_m: looks pretty decent ;)
<a_c_m> cemc: thanks, one of our images was on the front page of the Guardian newspaper in the UK last weekend :)
<rags> is there no simpler way?...man I thought it will be as simple as just synching the disks...Solaris was way easier...
<cemc> rags: this is not Solaris ;) I never actually done what you want to do, so maybe there is another way...
<rags> well found a good how-to...keeping fingers crossed...here if any one interested..
<rags> http://wiki.clug.org.za/wiki/RAID-1_in_a_hurry_with_grub_and_mdadm
<rags> cemc:you're right abt the initrd image...
<twb> Sorry, my boss caught me
<twb> rags: what you need to do is create a degraded array, copy the data from the non-RAID disk to the array, then add the original disk into the array
<twb> rags: and you're right, the MBRs need to be handled specially -- most easily by just running grub-install.
<twb> I'm assuming you're doing software RAID, btw.
<rags> twb: yes...usinf mdadm..
<rags> so it's liking mimicking a failed disk in raid1...
<twb> Right, you start out with a degraded array
<kraut> moin
<rags> thx..
<encmonkey> howdy!  I just tried upgrading 8.10 64 bit server install to 9.04 rc.  It has a 4 port nic that had a working bond0 eith eth0 and eth2 in it in 8.10 that goes away in 9.04.  It seems like 9.04 doesn't like the nic bonding so much
<encmonkey> actually, from the looks of things the bonding module doesn't get loaded by default.
<_ruben> hrm .. ages ago i managed (up to a point) to rename my vlan interfaces to arbitrary names .. if only i could remember how .. sigh
<soren> _ruben: Back in the olden days, there was a "ifrename" tool.
<soren> _ruben: It's only 5 lines of C, but I don't see any userspace tools to do it anymore, actually.
<soren> udev can do it, but I've not used it to do it to vlan devices.
<_ruben> soren: udev does seem to be the most appropriate way .. but either my search-fu is lacking, or im the first the try .. im guessing its not the latter ;)
<_ruben> sweet .. got it to work with udev
<_ruben> and a pre-up/post-down in interfaces(5)
<soren> _ruben: Can I see?
<_ruben> soren: http://paste.ubuntu.com/152709/
<soren> _ruben: How do you guarantee that that particular interface is vlan0005?
<_ruben>         pre-up vconfig set_name_type VLAN_PLUS_VID
<_ruben>         pre-up vconfig add bond0 5
<_ruben> that oughta be enough (in my experience)
<beawesomeinstead> Does anyone know a way to modify sudo PATH without recompiling sudo?
<Kamping_Kaiser> can it be set in /etc/sudoers? (edit with visudo)
<beawesomeinstead> Kamping_Kaiser: for some reason ubuntu guys compile sudo with --with-secure-path option: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/192651
<uvirtbot> Launchpad bug 192651 in sudo "hardy sudo path is always reset" [Unknown,Fix released]
<Kamping_Kaiser> aaah.
<beawesomeinstead> hm, then i wonder if fix was released on 2008-06-12, why doesn't it work in 8.10?
<beawesomeinstead> and 9.04 beta btw
<ropetin> Because it isn't really a fix to the issue?  At least thats how I read it
<dayo2> i'm following this guide: https://help.ubuntu.com/community/LDAPClientAuthentication   and it says to edit /etc/libnss-ldap.conf  after installing libnss-ldap, among other things. but there is no /etc/libnss-ldap.conf  file anywhere on my server :-/
<Kamping_Kaiser> dayo2, iirc it was deprecated a few releases ago
<dayo2> hm
<dayo2> Kamping_Kaiser: now what? :-(
<Kamping_Kaiser> dayo2, you find its new location
<dayo2> Kamping_Kaiser: i used  `locate libnss-ldap.conf` and it came up empty
<sirderigo> good morning, i have a little doubt, a company contacted me to setup a linux server, it basically needs to setup a network security server, i can do it, but i dont know if i can handle M$ user policies whit some ubuntu aplication o if btw i will have to setup a windows server i will not like it so much
<ropetin> MS User Policies?  Can you confirm what you mean by that?
<sirderigo> ropetin: that nasty things that the companies uses to restrain their employes of doing anithing funny whit their computers...
<sirderigo> ;)
<sirderigo> like block some pages, and do they cant install software
<ropetin> So  you will be using Squid or something similar to restrict access?
<sirderigo> yes, but i need to know btw if i cant use some app to create some kind of ad domain without using that nasty OS
<sirderigo> do you understand me?
<sirderigo> the option i think is installing something like vmware and installing the servers on it
<uvirtbot> New bug: #362896 in dhcp3 (main) "dhcp3-client fails to run /sbin/dhclient-script with apparmor" [Undecided,New] https://launchpad.net/bugs/362896
<sirderigo> but i dont wanna use nothing of windows
<Kamping_Kaiser> is there a page that explains when various point updates to 8.04 will come out?
<MagicFab___> Kamping_Kaiser, sure - https://wiki.ubuntu.com/HardyReleaseSchedule
<MagicFab___> 8.04.3 is in July (TBC)
<Kamping_Kaiser> MagicFab___, cheers
<jurism> <www-data@ubuntu>: Sender address rejected: need fully-qualified address (in reply to RCPT TO command)) Can You tell me please what file should I change? /etc/hosts or /etc/hostname? Thank You!
<twb> jurism: your host name is not fully qualified
<jurism> yes, it is ubuntu, how to change to my real hostname? My real hostname is bwap.org
<twb> This may be /etc/mailname, or the combination of the host name in /etc/hostname (loaded on boot) and the FQDN for that hostname in libnss, which usually means /etc/hosts
<_ruben> the way you send mail is flawed .. sending from www-data@whatever usualy is not what you want
<twb> _ruben: right.
<twb> _ruben: although if it's just the message )from
<twb> _ruben: although if it's just the message (not envelope) from, it doesn't matter so much if it's just panic mail
<jurism> 127.0.0.1 localhost bwap.org 127.0.1.1 ubuntu this I have in hosts file
<twb> Cf. cron's mail output "Cron daemon <root@FQDN>"
<_ruben> twb: most ppl tend no to not care about mail for www-data@ .. hence it shouldnt be used for envelope from either
<twb> _ruben: my point was that it's not technically wrong, it's just silly if he's trying to send mail to real people, rather than just to himself
<twb> Never mind
<jurism> This is from PHP script sent only for me. It worked fine for me, now I changed mailname to bwap.org and e-mail is sent only it is stored in spam folder now :)
<_ruben> twb: ah ok
<uvirtbot> New bug: #362951 in mtx (main) "Bash completion does not work" [Undecided,New] https://launchpad.net/bugs/362951
<dr4g> Hey there i'm using ubuntu server 8.10 - I'm using a SATA drive and i've downloaded, just partitioned the system and it's asking me to insert another CD
<dr4g> Ubuntu server 8.10 _Intrepid Ibex_ - Release i386
<dr4g> can someone advise what's going on ?
<giovani> it's asking you to insert the install CD
<dr4g> but its already inserted ?
<giovani> then maybe it's damaged, or your CD/DVD drive wasn't properly recognized, or something along those lines
<ivoks> do you have multiple cdrom devices?
<dr4g> 1 cdrom drive.. i done a CRC check thing on the CD and it came back 100%
<dr4g> before installing.
<giovani> did you try removing the cd, and reinserting it?
<dr4g> I just got by the partitiotn manager and it asked me for another CD
<giovani> (when it asks you insert it)
<dr4g> i'm doing that now giovani
<giovani> I'd think that would be the first thing to try ...
<giovani> well?
<dr4g> it won't let me eject
<dr4g> prob because it's in use for the install.
<yann2> dr4g > type eject in a console
<giovani> unlikely that it's in use if it's asking you to insert it
<giovani> ctrl-alt-f2 to get a shell
<giovani> during the install
<dr4g> i will reboot it and try to install again
<dr4g> thanks
<giovani> nope, don't do that yet
<giovani> (reboot)
<dr4g> ok im in busybox
<giovani> ok, to type eject
<giovani> so*
<dr4g> tried to use './cdrom' as device name but it is no block device
<dr4g> unable to find or open device for `cdrom`
<ivoks> have you tried only 'eject'
<dr4g> yes
<dr4g> i typed the eject command
<ivoks> doesn't work?
<dr4g> it shows the above output
<giovani> sounds like either problem hardware, or a bad cd
<dr4g> cd is fine
<giovani> the cd may not be fine
<dr4g> will need to test new cd-rom drive then
<dr4g> the checksum thing came back fine ?
<dr4g> 100%
<giovani> that doesn't assure that the cd doesn't have any issues
<dr4g> okay
<ivoks> ls -dl /dev/cdrom
<giovani> optical media is extremely unstable
<dr4g> cd cdrom
<dr4g> oops
<dr4g> lol
<dr4g> wrong keyboard
<ScottK> ivoks: Nice.
<ivoks> ScottK: thanks
<dr4g> giovani back to the install screen again
<dr4g> i didn't notice what percentage it died at last time.
<dr4g> worked this time !
<giovani> likely a bad optical read
<dr4g> nice. just typed in my password and its configuing-apt
<dr4g> configuring apt
<dr4g> "scanning the cd-rom.." i just hope it doesn't die here.
<dr4g> ok giovani this is going to be a development server.. its asking me about updates
<giovani> ok?
<dr4g> do you recommend it to install security updates automatically ?
<dr4g> or manual.
<giovani> dr4g: that would be up to your administration style
<giovani> I would never let updates install automatically
<dr4g> giovani ok thanks.
<giovani> but that's me
<dr4g> i personally wouldnt this is security updates thought not package ones.
<giovani> uh huh
<dr4g> giovani ok i've screwed up grub, i left the box blank hoping it would take the first partition on the first SCSI drive, but it hasn't so i need to go in and hack the grub file. Are you able to advise me on this ?
<giovani> left what box blank?
<giovani> I don't know what you've done
<dr4g> the box when it was asking what parition i want grub on
<dr4g> hd0 kind of thing
<dr4g> i'm putting the live CD in, and going into the console, is that the way to go editing ?
<jmedina> ivoks: are you there?
<ivoks> jmedina: yes
<jmedina> have you used any bare metal restore in bacula?
<ivoks> nope
<jmedina> Im thinking in building a ubuntu livecd with some bacula tools
<ivoks> that would be nice
<jmedina> probably only bacula-client and bacula-console-qt, one requirement will be LVM support, raid
<jmedina> so the only thing I need to use is download config files with proper configs
<ivoks> i've never looked at bare metal restore
<dr4g> jmedina i need to install grub again, do you recommend going through the live CD onto the shell ?
<ivoks> i never backup stuff that i can restore without problems
<ivoks> like /usr
<jmedina> ivoks: how do you act in a system disaster? the fastest method to restore complete system, I always used clonezilla for system image backup
<jmedina> now I want to use bacula
<dr4g> whats the 'apt' function for doing a search
<ivoks> jmedina: i reinstall the server
<ivoks> jmedina: and ther recover from backup
<ivoks> jmedina: for really critical servers (that can't be 2 hours down), i just set up cluster
<jmedina> ok, probably I misunderstood, I think you say you dont backup /usr
<ivoks> dr4g: apt-cache
<ivoks> jmedina: correct, i don't
<ivoks> jmedina: i backup /etc /var /srv /home /root
<jmedina> so you reinstall software/updates bal bla bla that you dont include in data backup
<ivoks> jmedina: correct, i reinstall server - dpkg --get-selections is very helpfull
<jmedina> ivoks: another method I was thinking is using bacula with raw partition backups
<ivoks> there's lvm for that
<ivoks> lvm snapshot and that's it
<jmedina> backing up /dev/sda1 (system os) it has a "spare option" wich only backups used data, then I thought, damn Im using lvm :D
<dr4g> ivoks thanks
<jmedina> ivoks: when you use lvm snapshot, how do you archive backups
<jmedina> dd, rsync, tar?
<jmedina> for linux images I mont snapshot and use rsync + tar which save space
<jmedina> dd is not an option because space
<nxvl> ivoks: you just started a meme :P
<Smellican> anyone know how to add the graphical 'users and groups' tool to ubuntu server?
<Smellican> assuming I've already installed xorg and a WM
<giovani> there's a graphical users and groups tool?
<giovani> Smellican: guis aren't supported here
 * Smellican cries
<jmedina> I would install a Web Interface for that
<giovani> Smellican: GUIs massively waste resources, totally not recommended on servers
<Smellican> I am well aware of what GUIs do
<Smellican> I am comfortable at the command line
<Smellican> upper management, however, is not
<giovani> well that's why they're not supported
<giovani> upper management should use ebox
<giovani> and not local GUIs
<giovani> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Smellican> I'm familiar with ebox
<Smellican> the admin tool that is part of the desktop edition is what my boss specifically wants
<Smellican> I figured there must be a package name for it
<ivoks> gnome system tools
<giovani> there may not be -- it may be a part of some huge gnome metapackage
<Smellican> ah
<Smellican> that's probably it
<Smellican> grrr I really don't want to install gnome
<Smellican> got fluxbox atm
<giovani> gnome-system-tools doesn, at first glance, require gnome
<giovani> try installing it, and look at the dependencies
<Smellican> I will
<Smellican> thank you
<Smellican> yea it needs gtk of course tho
<Smellican> ]79 pkgs
<Smellican> :'(
<Smellican> o well
<Smellican> we just use this machine for ftp
<Smellican> no biggy
<ivoks> put ftp accounts into ldap
<ivoks> and manage ldap from whatever computer you want
<Smellican> not my decision to make
<Smellican> gnome tools already installing anyway
<ivoks> ok, now is the time when you should move to #ubuntu :)
<Smellican> well I have no more questions
<Smellican> :P
<ivoks> hehe
 * lamont looks around for someone with phat bandwidth
<lamont> ScottK: around?
<Gargoyle> lamont: how phat?
<ScottK> lamont: Yep
<uvirtbot> New bug: #363039 in samba (main) "running smbmount with no params segfaults" [Undecided,New] https://launchpad.net/bugs/363039
<henriquelm> hello there
<henriquelm> I'm getting an error msg when I try to start mrtg, can you guys help me?
<giovani> henriquelm: can only help if you paste the error message (if it's more than 2-3 lines, please use pastebin)
<henriquelm> giovani, thanks, will do
<henriquelm> giovani, http://pastebin.ca/1395160
<giovani> sounds like a question for #mrtg
<henriquelm> ok, Have tried that already but the channel is almost empty
<giovani> you're less likely to find a MRTG guru here :)
<henriquelm> I think I'm setting something wrong on the router
<openstandards> Hi, hopefully someone can help me I'm setting up courier with mysql support but upon logging in I'm getting a failed login and my logs are showing that the db isn't being asked...
<henriquelm> giovani, thanks anyway
<openstandards> i've got logs if anyone is willing to help
<jmedina> henriquelm: still problems with mrtg+snmp?
<henriquelm> jmedina, yes
<jmedina> henriquelm: from mrtg machine try:
<jmedina> snmpwalk -v1 -c public 192.168.2.1
<jmedina> Your router is not reponding, probably your snmp agent is not responding in the local network
<jmedina> if is a ubuntu server
<jmedina> snmpd by default only listen in 127.0.0.1
<jmedina> if you want to allow remote conections you need to chance /etc/default/snmpd
<henriquelm> jmedina, I gonna have to install the snmpwalk here
<jmedina> henriquelm: yeap snmp-utils
<henriquelm> jmedina, I don't have this folder here /etc/default/snmpd
<henriquelm> jmedina, I will install the snmpd now
<jmedina> henriquelm: no,well I told you that only if your snmp server you are queryng is linux
<jmedina> you dont need snmpd to query snmpd servers
<jmedina> with mrtg+perl modules
<jmedina> who is 192.168.2.1?
<henriquelm> my snmp server is a wireless adsl2 modem + router
<henriquelm> So i don't need smpd then?
<jmedina> nop
<henriquelm> ok
<jmedina> ok and you want to graph from mrtg machine
<jmedina> ok fist install snmp-utils
<jmedina> and try the query I post you
<jmedina> with snmpwalk
<henriquelm> I couldn't find snmp-utils on ubuntu's synaptics
<henriquelm> ok I will look for this package online
<henriquelm> What else should I do?
<uvirtbot> New bug: #363060 in dhcp3 (main) "package dhcp3-server 3.1.1-1ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 127" [Undecided,New] https://launchpad.net/bugs/363060
<henriquelm> jmedina, where can I find snmp-utils to download?
<jmedina> henri, sorry the packages is only "snmp"
<jmedina> ups
<uvirtbot> New bug: #363077 in bacula (universe) "intrepid -> jaunty upgrade fails" [Undecided,New] https://launchpad.net/bugs/363077
<mathiaz> kirkland: FYI the high load I see on a kvm host is definetly related to when one of the guest is swaping
<uvirtbot> New bug: #363083 in samba (main) "[samba] tree connect failed" [Undecided,New] https://launchpad.net/bugs/363083
<kirkland> mathiaz: cool
<kirkland> mathiaz: did you ever open a bug about that one?
<mathiaz> kirkland: nope.
<mathiaz> kirkland: I've run into it again as I was trying to do a do-release-upgrade from an intrepid guest with 128 M of ram (which is the default for my vm setup)
<kirkland> mathiaz: gotcha
<kirkland> mathiaz: looks like you need to bump your default ram up to 256
<mathiaz> kirkland: yop - just did that.
<mathiaz> kirkland: but I didn't need in intrepid and hardy.
<mathiaz> kirkland: so there is definetly something spooky in there.
<kirkland> mathiaz: yeah, memory usage has spiked in jaunty
<elliotjhug> hi all, I'm trying to do a moveable type install on my ubuntu server and I can't get the cgi pages to execute, I've added ExecCGI to my vhost for the domain but no joy, anything I'm missing?
<jmedina> elliotjhug: and what is the error?
<jmedina> have you seen in apache error_log?
<Faust-C> wow i managed to make a guy mad just by offering to move forward on a project
<jmedina> Faust-C: you are good, which project?
<Faust-C> jmedina, sec ill show you the link
<Faust-C> https://blueprints.launchpad.net/turnkeylinux/+spec/mailserver
<Faust-C> now this is mine
<Faust-C> https://blueprints.launchpad.net/turnkeylinux/+spec/create-groupware-appliance
<Faust-C> hope to get more interested in it....
<uvirtbot> New bug: #363072 in gvfs (main) "gvfsd-smb crashed with SIGSEGV (dup-of: 282113)" [Undecided,New] https://launchpad.net/bugs/363072
<olcafo> Faust-C: I'm working on deploying Horde with Postfix/Dovecot as a replacement for Exchange in my environment
<uvirtbot> New bug: #363073 in gvfs (main) "gvfsd-smb crashed with SIGSEGV (dup-of: 282113)" [Undecided,New] https://launchpad.net/bugs/363073
<olcafo> Faust-C: my initial test emplamentation has proven very promising.
<Faust-C> olcafo, o rly
<Faust-C> we should talk more about this
<olcafo> Faust-C: the key components for me is Active Directory Authentication and the user experience
<Faust-C> olcafo, i have articles on using LDAP to auth to AD
<Faust-C> so far ive gotten FDS to auth to AD and i have stuff on Penrose and OpenLDAP
<olcafo> Faust-C: although I have not tested with live subjects other than myself, Funambol with Outlook on windows has proven to work well and should be quite seamless to the clients
<Faust-C> olcafo, well you might like to hear about Citadel. it can use funambol and can be setup in like 20-30 mins
<olcafo> I plan on keeping Active Directory for the moment. There is really nothing out there that compares when dealing with Windows clients.
<Faust-C> there is nothing for windows clients
<Faust-C> BUT
<Faust-C> you can still leverage items like LDAP for use w/ windows
<Faust-C> mail server -> LDAP <-> AD
<Faust-C> so you can use any mail platform that can auth to LDAP
<olcafo> Faust-C: i didn't like Citadel so much because it's a whole package or nothing. I like to be able to split my services up.
<Faust-C> i can understand that
<Faust-C> but you can use items like postfix w/ it iirc
<olcafo> I'm not too sure on the detail just yet, but I'm looking at the Dovecot LDAP plugin to connect to my Active Directory.
<Faust-C> olcafo, o rly, wow youre really hitting it hard
<Faust-C> im impressed
<olcafo> Faust-C: I just need to get this company away from paying $15000 every two years for Exchange.
<Faust-C> olcafo, i need to get my company on a system that doesnt require PST files
<Faust-C> well a system period
<jmedina> why not zimbra?
<jmedina> it cant integrate with AD
<Faust-C> cause its $$
<jmedina> not community version
<jmedina> why use outlook/thunderbird with that greate WUI
<olcafo> Faust-C: I get bad vibes from Zimbra because of the Yahoo ownership.
<Faust-C> but thats *community* version which means no features
<Faust-C> olcafo, agreed
<jmedina> Faust-C: what features lacks community version?
<Faust-C> jmedina, i want to use a solution that is pure open source
<jmedina> Faust-C: does community version has closed source?
<Faust-C> sec
<Faust-C> jmedina, http://www.zimbra.com/products/product_editions.html
<jmedina> zimbra officialy suports ubuntu LTS
<olcafo> jmedina: like Citadel, I found Zimbra to be a complete package deal, which is not what I'm looking for really
<jmedina> olcafo: there is no need to install all services on 1 server
<olcafo> I of course may change my mind if I see that Horde isn't doing what I want it too.
<jmedina> you can from thetell which services to install
<jmedina> so you can have ldap in one server of course replicated)
<jmedina> web in another
<jmedina> smtp and imap in ahother box
<olcafo> what I do like about Zimbra is that there is commercial support if you need it.
<Faust-C> jmedina, but seems like they have given the opensource version more features
<jmedina> olcafo: you can dsitribute zimbra services and make them work togheter
<Faust-C> at one point they released it as a really stripped version
<jmedina> Faust-C: the only features it lacks in community version are movil version, backups, clusters and outlook connector
<Faust-C> yeah and we really need backups
<olcafo> jmedina: the Outlook connector is pretty key for my clients.
<jmedina> well yu can use community scripts
<jmedina> most o my clients that ask for zimbra is because they want to get rid from oulook and office licenses
<jmedina> they dont want to store mail in client machines
<olcafo> getting away from Outlook in this environment is not really an option.
<jmedina> one thing I like from zimbra is the community
<jmedina> a lot of contributions
<jmedina> wikis, forums
<Faust-C> olcafo, jmedina we need to hookup and work together on this
<Faust-C> i have ESX servers we can use for tests
<jmedina> I tried citadel, didnt like it
<olcafo> jmedina: using Dovecot IMAP get's away from storing emails on client machines.
<jmedina> olcafo: yeap I know
<Faust-C> olcafo, man i can SOOOO understand the need for that
<jmedina> I like zimbra imap implementation
<jmedina> it works really fast with that support for search tags
<jmedina> faster searchs
<olcafo> I must admit that I am a littel byast toward Dovecot and Postfix since I've been usning them for the past few years.
<olcafo> my timeline for this project is "sometime" next year. So my development process is somewhat scattered. I spend time on it when the helpdesk is slow type thing.
<olcafo> I think the point to all this is that there are some really good solutions out there.
<Faust-C> i want to create a helpdesk appliance lol
<olcafo> Faust-C: I use GLPI
<olcafo> it has inventory and knowledge base implementations.
<jmedina> Faust-C: a few months ago I was doing a comparision for mail collaboration suites
<jmedina> or the so called "unified communication systems.."
<Faust-C> olcafo, yeah i was looking at it once
<Faust-C> havent had the time to look at it in detail
<Faust-C> jmedina, heh yeah ive done it as well but i didnt look at semi open source products
<olcafo> I think the one thing I will miss about Exchange and Active Directory is the on-stop for users and emails setup. I looks like I'll have to split the two.
<Faust-C> not really
<olcafo> users here have way too many different email address.
<Faust-C> if you auth against LDAP which will auth to AD
<olcafo> Faust-C: once you take Exchange out of AD, it looks like you can only pull 1 email address.
<Faust-C> yeah ... i didnt think about that
<Faust-C> but i dont want multiple email address for one user
<olcafo> some issues I haven't look at yet are transfering Flags and server side rules.
<olcafo> there will be a few bumps for the user I'm afraid when this switches over.
<jmedina> I not sure if zimbra migration scripts cant migrate filtering rules
<Faust-C> olcafo, thats where you really need to think about a groupware suite
<Faust-C> cause alot of items are pure MS onl
<Faust-C> but brb
<olcafo> all Flaggin and most rules are server side with Outlook/Exchange combo, which is nice when switching computers, reseting profiles, and accessing via webmail.
<jmedina> Note: Only email messages, calendars, and address books (including distributions lists)are imported from the Outlook server. Other Outlook types, including notes, rules and alerts, and files are not imported. Unless the ZCS Migration Wizard is run on a machine with Outlook 2003 or Outlook 2007, tasks will not be imported.
<jmedina> sorry :S
<olcafo> using the Funambol app with Horde can do calendars, contacts, and tasks. I've found it can probably be used to export from Exchange and import into Horde if not bulk solution is found.
<olcafo> not too sure on the Notes.
<jmedina> lets see funambol app
<olcafo> http://www.funambol.com/
<jmedina> which app?
<olcafo> I'm looking at the Outlook Sync and the Win Mobile PocketPC Sync
<olcafo> https://www.forge.funambol.org/download/
<olcafo> I suppose the Win Mobile Smartphone app will probably also be used.
<olcafo> I've only so far tested the Outlook one.
<jmedina> olcafo: how are you testing outlook sync?
<jmedina> agains Exchange?
<olcafo> Works pretty good. Set it up to sync every 5 minutes on the client machines and your good to go.
<olcafo> jmedina: nope, against a horde install.
<jmedina> :O
<olcafo> it's really and Outlook to SyncML link.
<olcafo> Horde has SyncML functionality.
<olcafo> of course having syncing on the client machine means they can change the settings, I'm sure that will probably be a pain.
<olcafo> I'll have to look at locking it down somehow.
<brohism> I'm having problems with my server not being able to access the Internet.  It can establish connections on the local network no problem, but no access outside of that.  Pinging IP address or domain won't work.
<brohism> I've verified that listed DNS servers are accurate
<friartuck> brohism got default route? netstat -r
<brohism> friartuck: http://pastebin.com/m3aada7c1
<friartuck> brohism no default route. that's your problem.
<brohism> yeah, I noticed that as soon as I ran the command.  I'll try to fix that.
<brohism> friartuck: some more showed up when I went back to my console window http://pastebin.com/m5743a916
<friartuck> brohism can you ping .1?
<brohism> friartuck: yes
<friartuck> brohism hm, try ping 4.2.2.2
<brohism> friartuck: no results. It doesn't say it succeeded or failed, it just sat there.
<elliotjhug> hi, I'm currently doing an upgrade to my server from 8.04 to 8.10 and it seems to have stopped at console-setup, which I think is because that SSH session has closed (I can't pause it with Ctrl-Z) - I know the apt-get process is still running from PS -A, is it safe to kill the process and restart the upgrade from and apt-get install or should I leave it (bear in mind I have no output from the process right now)
<friartuck> brohism I dunno how it should work with two nics. I *think* you should only have one default route. not positive though.
<brohism> friartuck: ok, I'll try removing one
<brohism> friartuck: that did it, thanks
<friartuck> brohism cool. were you doing two nics for redundancy?
<brohism> friartuck: no, I was actually trying to set it up so that services accessible inside the network only (Samba, etc.) were on one, and public services were on another, for load-balancing
<friartuck> brohism ah. two nics on same network makes things tricky.
<brohism> friartuck: yeah, I've done it before on this machine, but it was with a different distro, and it was a few years ago that I configured it
<giovani> brohism: so they're not on the same network?
<giovani> one is on a DMZ and one is on the LAN?
<brohism> giovani: sort of. One is on the LAN, and one is port-forwarded but not on a DMZ
<giovani> brohism: why do you want/need separate interfaces then?
<kinley> hi there, is the a repasitory for mysql-server-5.1 5.1.33 an ubuntu hardy 8.0.4.2 as backports or sim. ?
<giovani> kinley: you mean an unofficial repository?
<kinley> better an official ;) but cant find it in hardy backports :(
<giovani> 5.1.33 isn't even in jaunty, much less 8.04
<giovani> kinley: bleeding-edge packages are almost never provided by distributions
<giovani> that's to protect you from new bugs
<kinley> 5.1.31-1ubuntu2 is in jaunty
<giovani> yes, but you asked for 5.1.33
<giovani> whcih was released only a few days ago
<kinley> hmhm
<giovani> if you want a bleeding-edge version, you need to download and install/compile it yourself from MySQL directly
<giovani> sigh
#ubuntu-server 2009-04-18
<Geoff918> I'm running a business and will be using webserver, http, ftp, and mailserver functions.  I'm trying to decide between 8.04 (LTS) and 8.10 or even 9.04 (in a few days).  I need to know that my server will be stable, but have preference for something reliable.  What is the advantage of using the LTS versus upgrading to the interim updates?  Is there a security difference, or are patches virtually synonymous with each other?
<adoleo> Geoff918: The security patches should be stable across distributions
<adoleo> Geoff918: The advantage of an LTS version is that you can install it and rest assured that it will be supported for 2 years through Canonical's paid support program.
<adoleo> Geoff918: So you don't have to upgrade every 6 months in order to be supported by the paid tech support.
<twb> adoleo: that's only useful if you're actually buying support from Canonical
<adoleo> Geoff918: If you don't plan to rely on the community for support, then LTS is not necessarily needed
<Geoff918> adoleo: Thank you. So, it's simply a tech support issue, and not a software specific issue
<adoleo> twb: Yep, I agree
<Geoff918> adoleo: Okay, it seems I'd rather go with the latest release versions then. I can't imagine with the amount of testing Ubuntu releases go through something simple like MySQL would break on upgrade
<adoleo> Geoff918: Sorry, let me correct that - if you /do/ plan to rely on the community for support, then LTS is not needed
<twb> Also, if you do that I guess you are obliged to stick heavily to main
<twb> i.e. stuff lib libnss-ldapd is frowned on
<twb> Geoff918: mysql is FAR from simple
<adoleo> Geoff918: I'm running 9.04 on my main server, and two virtualized sub-servers, and I haven't had any problems.  Great stuff.
<twb> For stuff *I* support, I prefer the two-year cycle of LTS to the six-month cycle of, uh, HEAD.
<Geoff918> twb: lol, eh okay I'm not sure what's complicated about it. I taught myself the whole thing. Unless you mean simple as in feature rich--in which case, no it's quite robust
<twb> Geoff918: you taught yourself to *use* it.
<twb> Geoff918: that's quite different from integrating the upstream mysql release into a larger distribution (Ubuntu).
<adoleo> twb: +1
<Geoff918> twb: yes, I don't write modules for it if that's what you mean, sure I don't often take time to program these days--too many other things going on
<Geoff918> twb: sure, sure, agreed
<twb> Geoff918: all I'm saying is that a lot can go wrong "under the hood", or beneath your level of visibility.
<Geoff918> adoleo: Great, I'll wait for the 9.04 release and use that then
<Geoff918> twb: No doubt. I do have a pretty solid RDMS that I've written. I don't want to be upgrading willy-nilly. I've had enough professional experience to see some companies that are *still* running Windows 98 (for example)
<Geoff918> twb: and I've also been with major corporations that upgrade their software (proprietary) so often that maybe once every week or two we'd have a fairly major outage
<twb> Yes, well, altiris and friends aren't all they're cracked up to be
<Geoff918> twb: Altiris?
<twb> Geoff918: infrastructure to do push deployments of software on top of Windows
<Geoff918> twb: perhaps I'll PM you, might be more appropriate for the forum reasons
<rags> Hello...I am trying to setup raid on an existing system..after searching a lot I found a good doc on how to go about it. Only problem wiht ubuntu uisng UUID's..
<rags> wht should the root=UUID line in grubs menu.list contain?
<rags> the uuids from blkid?
<rags> then I notice the previous line doesn't have the full id..but a part appended with an "$'.
<foxbuntu> rags, you have it open in nano or similar cli editor?
<rags> ya
<rags> nano
<rags> but I tried vi as well...
<foxbuntu> rags, that $ is just the edge of the screen
<rags> am sure of the $
<foxbuntu> if you scroll to the edge the rest of the text will appear
<twb> $ means that the line has been truncated, i.e. you're not seeing the rest
<twb> It's an Emacs convention
<rags> errr...Ya..I thought of tht..but then I did scroll...
<rags> ummm...k..maybe I missed it.
<twb> You can get the UUID to put in menu.lst and fstab by running "tune2fs -l /dev/sda1" or "/dev/md1" or whatever
<rags> ok..ya..I got them by "blkid"
<rags> also mkinitrd and mkinitramfs are same right?
<twb> Oh right, you have a newer udev
<twb> rags: they are not
<twb> rags: you should not need to touch the ramdisk.
<rags> oh...
<rags> but I need for this raid setup..
<twb> You should only need to add the UUID setting to menu.lst and fstab
<Alex_21> How do you do a SSH tunnel to a Ubuntu server?
<Alex_21> Please
<twb> Alex_21: the same as any other server.
<Alex_21> What are the cintax
<Alex_21> ? Please
<jmarsden> Alex_21: man ssh and look at the -L and -R options
<Alex_21> I read the usage, but it didn't make sense
<twb> ssh www -L 8080:127.0.0.1:80
<twb> ...connects to the host "www" and fowards its port 80 to your port 8080
<Alex_21> Thanks
<Alex_21> A lot for that help
<drspin> hi all, I'm running Ubuntu 8.10 2.6.27-7-server in a VM environment on an ESX server, and it looks like the FS timed-out and the server locked up
<drspin> it's been running without a problem for about a month in production (and before that, at least 2 months in staging)
<drspin> I see this in syslog  kernel: [75479.142247] mptscsih: ioc0: attempting task abort! (sc=ffff880068d75280)
<drspin> any suggestions ?
<Alex_21> Thanks for all your help
<Alex_21> Good night
<rags> I had to make a ramdisk to boot into the raid array..
<rags> initially I started out with a degraded array...
<rags> I changed the fstab and grub's menu.list
<rags> but it is not finding the root disk...
<rags> I am just getting the initramfs prompt
<Alex_21> How do you connect to a machine over ssh when this is the problem? I have a connection to an ssh server on 8080:127.0.0.1:22 . Now I want to use this machine to ssh into something. How do I do this
<rags> I made the ramdik using...mkinitramfs -r /dev/md0 -o initrd.img-raid
<rags> it seems like /dev/md0 has not loaded...
<rags> is there somethin I ma doing wrong?
<Alex_21> Can anyone help
<Alex_21> Please
<jmarsden> Alex_21: Your question seems strange?  Just do    ssh user1@machine1   and then at the shell prompt for machine1, you can do    ssh user2@machine2 .  No need for any tunnels at all.
<Alex_21> Thanks for all your help
<Alex_21> Good night
<arooni-mobile> how can i find out whether a db table is myisam or innodb
<jmarsden> arooni-mobile: Try asking in #mysql
<godowner> Hey all, need an advice, which cpanel would you recommend me? Have Webmin, but am looking for something else...
<friartuck> godowner probably ebox. good to switch from Webmin because it has a lot of security vulnerabilities.
<godowner> ^^ k thenks will check it out
<uvirtbot> godowner: Error: "^" is not a valid command.
 * friartuck cline
<LyonJT_> can you sleep a ubuntu server?
<friartuck> LyonJT_ eh...like, apic?
<LyonJT_> I need the server to go into standby mode and then able to turn on by Wake on lan
<friartuck> LyonJT_ you want acpi (advanced conf and power interface). I fat-fingered it earlier.
<giovani> LyonJT_: ok, well, WoL is an ethernet card feature, not an ubuntu feature
<giovani> presuming your server supports ACPI, you can easily hibernate/sleep/suspend it
<LyonJT_> I know i realise that but how can implement it
<LyonJT_> okay thank you!
<LyonJT_> yes
<LyonJT_> ACPI? do you have a guide or a link?
<giovani> a guide to what? it's a feature of your computer
<giovani> it's in the ubuntu kernel already
<LyonJT_> how to set it up
<giovani> there's nothing to set up
<LyonJT_> what the command to put it to sleep?
<XiXaQ> I'm trying to setup shared user accounts and following https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
<giovani> probably installing the acpitool package is your easiest option
<XiXaQ> however, I've tried several times, and I can't get it to work properly. Under LDAP Authentication, I'm asked to run the following command: sudo auth-client-config -a -p lac_ldap
<giovani> sudo apt-get install acpitool
<XiXaQ> this results in an error, saying "Error in updating the file: 'pam_account' not found"
<giovani> then read the manpage for acpitool
<XiXaQ> can someone help me fix this? I'm following the guide step by step, so I think it must be a bug in the documentation, but I don't know how to get around it.
<XiXaQ> what should 'pam_account' contain, and where should it be located?
<giovani> XiXaQ: you may have to wait around ... it's a Saturday morning in the US
<XiXaQ> yes. Unfortunately, my internet connection is a bit unstable. It's a HSDPA connection, so I'll drop out from time to time.
<twb> XiXaQ: run your IRC client on a server in screen, then?
<XiXaQ> thanks. May I have one please?
<twb> XiXaQ: I'm not stopping you.
<XiXaQ> it's not very important though. The channel is logged, isn't it?
<twb> Dunno.
<twb> Freenode policy is not to allow logging unless it's mentioned in the topic, IIRC.
<XiXaQ> I thought all ubuntu channels on this network were logged.
<twb> Maybe they are.
<twb> ubuntulog: help
<XiXaQ> I'm sure ubuntulog does that.
<XiXaQ> it's really frustrating when you can't rely on the manual.
<twb> ldap servers are certainly a rollercoaster of fun :-/
<Bambi_BOFH> rollarcoaster yes, fun, not sure ;)
<XiXaQ> I don't think  it's LDAPs fault that Ubuntus manuals are faulty.
<twb> XiXaQ: granted.
<XiXaQ> maybe the manuals are good, and the system is buggy? I don't know.
<twb> But LDAP is bloody confusing and tedious and complicated if you're using to the turn-key NIS packages.
<XiXaQ> maybe Fedora would be a better choice as a server?
<twb> Well, if you actually *like* FDS...
<ScottK> irclogs.ubuntu.com has the logs.
<toothy> Hi Guys, i am trying to get a chrooted user account working with vsftpd and i've found that when i try to upload via this user i get "Error: Critical error"   any ideas why?
<toothy> here's my config if anyone is interested http://pastie.org/450836
<uvirtbot> New bug: #342227 in mysql-dfsg-5.0 (main) "error when issuing mysqldumpslow" [Low,Triaged] https://launchpad.net/bugs/342227
<Activity> toothy, did you check the logfile? did you set a valid login-shell for the ftp-user? does the ftp-user have the required permission to view his chroot?
<reid> hey can anyone tell me the cleanest way to get JUST X/Gnome on my server?
<reid> I dont want all the desktop goodies
<ScottK> reid: Off topic for here.
<ScottK> See #ubuntu
<reid> really..?  because its a server, running ubuntu-server.
<ScottK> Once you put X on it, it's not anymore.
<theuser1> in what cases is a website domain name is closed forcefully by the registrar or the company one buy a .com ?
<reid_> how do I force -server to use a static IP?
<cemc> reid_: you can set the IP in /etc/network/interfaces, look at 'man interfaces' for some examples
<reid_> I did
<reid_> cemc: I told it iface eth0 inet static, and specified everything
<reid_> cemc: and it worked for like.. 2 days
<reid_> cemc: now it seems that DHCP is leasing it new IP addresses =P
<cemc> but the configuration you made in the file is still there?
<reid_> yes
<cemc> on the same interface which is set to static, you got other ip address?
<Chipzz> 22:43 < Chipzz> does anyone here know how to get the *actual* physical memory a server has under linux?
<Chipzz> 22:44 < Chipzz> free, /proc/meminfo, and dmesg all give wrong answers
<Chipzz> 22:45 < Chipzz> (there's things like the amount of memory the kernel takes up, memory space reserved for PCI, etc etc to take into account. I want to ignore all of that and just have it tell me how  much physical memory the server has)
<Chipzz> I want none of that. If I put in 2 sticks of 2GB, I want it to report me: 4GB, not 3.8GB or whatever
<Chipzz> reid_: ps aux | grep dhc
<reid_> cemc: nothing has changed in the interfaces file
<Chipzz> and kill all dhclient(3)'s
<Chipzz> pkill -9 dhclient; pkill -9 dhclient3
<Chipzz> or if you want to cruel about it:
<Chipzz> pkill -11 dhclient; pkill -11 dhclient3
<reid_> lol
<reid_> hmm
<reid_> I killed them
<reid_> ifconfig still reports the DHCP addy
<Chipzz> of course it does
<Chipzz> dhclient will SET the address
<Chipzz> (when it gets/renews a lease)
<Chipzz> why do you think the address should magically reset when dhclient dies?
<reid_> Chipzz: can u tell me how I force it to move to the one I specified in interfaces?
<Chipzz> (ESPECIALLY if you killed it with -9, which doesn't give dhclient a chance to release the address)
<reid_> because I'm an ignorant fool =/
<reid_> I killed with 11
<Chipzz> /etc/init.d/netwerking restart
<Chipzz> or
<Chipzz> ifdown eth0; ifup eth0
<reid_> ahh yeah ok I should have known that
<Chipzz> (replace eth0 with whatever your interface name is)
<Chipzz> /etc/network/interfaces is a debian specific thing and has nothing to do with the "configuration" of ifconfig or ip
<reid_> yeah, awesome problem solved.. my server is back to its happy place =P
<reid_> thanks a bunch
<Chipzz> read: ifconfig and ip do not HAVE a configuration file of theirselves
<Chipzz> ifup/ifdown etc are wrappers around ifconfig/ip
<Chipzz> wrappers being the operative word here
<Chipzz> ie: the wrappers have a config file, ifconfig does not
<lawlzfries> i have a server with a small HD (320GB). I also have a nas (2TB) sitting at home on a cable connection (5mbps). i was wondering if i could access the nas from the server at a decent speed. I want to dedicate the entire HD to a cache. is this possible?
<lawlzfries> i would prefer to use one of cifs, nfs, or afp. but anything really is fine
<lawlzfries> the main thing is to use as big a chache as possible
<lawlzfries> is there a better way of going about this?
<lawlzfries> is this the correct channel for asking such a question?
<lawlzfries> could i use fs-cache with nfS?
<lawlzfries> alright i've found some fscache patches for linux 2.6.17
<lawlzfries> is there something more modern and more "just works" out there?
<lawlzfries> anyone?
<ScottK> !weekend | lawlzfries
<ubottu> lawlzfries: It's a weekend.  Often on weekends, the paid developers, and a lot of the community, may not be around to answer your question.  Please be patient, wait longer than you normally would, or try again during the working week.
<lawlzfries> alright, thanks
<NineTeen67Comet> Hello. I'm building a web server for an upstart studio and would like to give their users ftp access. I want the users to login and be sent to /var/www so they can contribute to the site. I'm using vsftpd and don't see where I can jail them to that directory, can I send them there when they login? (Don't want them locked to /home/~)
<lawlzfries> NineTeen67Comet, well you could set their home directory to /var/www
#ubuntu-server 2009-04-19
<MiddleOfNowhere> Anyone in here familiar with Windows Server 2003?
<Justin___> Wouldn't that dump all their home files to /var/www and change the user/guid to their login then another person's login etc etc .. there are going to be 5 or 6 people ftp'ing this server ..
<reid> Hi.. If I wanted to set up my network in such a way as WAN---->ubuntu-server---->router---->      how would I accomplish this on the server, given that I have 2 NIC cards in it
<giovani> reid: you want your server to act as a router, or a bridge, or what?
<reid> well, my server is currently a torrentbox/fileserver,  but it has SERIOUS trouble working from behind the router
<reid> so that is my incentive,  im not sure how to execute it properly =P
<giovani> ok, well, I can't design your network for you
<giovani> do you have multiple IPs from your ISP, or just one?
<reid> just one
<giovani> then you can't really do what you want to do
<reid> =(
<giovani> without making everything more messy
<reid> lol, looks like I have to find out why my torrents are moving so ridiculously slow on my server then when its behind the router
<giovani> your ports probably aren't properly configured and forwarded
<reid> I literally get a difference of 900 k/s in front, but only 100 k/s behind
<giovani> and therefore, you're only getting local peers
<giovani> and not remote peers
<reid> well, afaik they are configured
<giovani> well I'm telling you that they probably aren't
<reid> on the router I'm forwarding 30000-30100 to the server, and those are the ports that bittornado is listening on
<giovani> it accounts for 95-99% of the time there's a speed issue
<giovani> well it's possible that bittornado is listening on other ports, I don't know
<giovani> it's not a very good torrent client
<reid> well, I'm using it for torrentflux
<giovani> yeah
<giovani> that doesn't make it a better torrent client :)
<reid> lol
<reid> do you know of a similar solution as torrentflux, that uses a different client?
<giovani> you could try rtorrent
<giovani> and a web-based frontend for it
<reid> *drool* rtorrent
<giovani> unlike bittornado, it's actively developed
<giovani> do you need a web frontend?
<giovani> or would a console interface work ok?
<reid> well, a web frontend would be nice.  but then again the only reason I want this server would be to output the movies and stuff remotely to my HDTV
<reid> most likely via rdesktop =P
<reid> and a web frontend doesn't really help me do that
<giovani> well there are web-based frontends for libtorrent (rtorrent's base code)
<giovani> or you can use rtorrent, which is a console interface
<giovani> there are even desktop apps that can connect to rtorrent/libtorrent remotely
<giovani> plenty of options
<giovani> http://libtorrent.rakshasa.no/wiki/UtilsList
<reid> awesome, thanks a lot man..  opened my eyes hah.  maybe Torrentflux just sucks
<reid> been pullin out my hair trying to get it to work properly lol
<giovani> torrentflux doesn't suck ... it just doesn't support decent torrent clients
<reid> yeah
<giovani> apt-get install rtorrent and you're done :)
<reid> lol
<reid> imma ssh to my server right now and do just that, and see if its something I could handle long-term
<giovani> the console interface takes some getting used to
<giovani> if you don't like it -- just use a web interface
<reid> yeah torrentflux is in the repos though lol
<reid> im so lazy
<giovani> rtpg-www is in the repos too
<giovani> (one of the web frontends for rtorrent)
<reid> oh, its only in jaunty repo though huh
<giovani> guess so
<giovani> it's really not hard to install a web frontend though
<giovani> you should learn
<LapLander> May I ask a question?
<giovani> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<LapLander> I have a new Ubuntu server - I installed SNMP client, was told it was installed, but no /etc/snmp. I tried removing and reinstaling, same result - I am new to Ubuntu and not sure where to start looking to see what went wrong
<giovani> LapLander: what package did you install?
<LapLander> used apt-get install snmp scli tkmib
<giovani> well why are you looking in /etc/?
<giovani> what are you looking for, exactly?
<LapLander> Where else should I find /etc/snmp/snmp.conf - according to the man I was reading, that is where it gets configured after install
<giovani> what manpage?
<LapLander> I am a few days away - will have to retrace my steps to find that
<giovani> ok ... well are you not using the apps you just installed?
<giovani> I'm not sure what function snmp.conf might serve -- but surely if you don't even know why you want it ... you don't need it
<giovani> the 'snmp' package provides a wealth of snmp client utilities
<giovani> I presume they're what you're looking for -- why not run them?
<LapLander> The ones I have tried act like SNMP is not installed - no response is what I get to the snmp queries I try
<giovani> ok wait
<giovani> what do mean they "act like SNMP is not installed"?
<giovani> the utilities are only there, and can be run because you installed the snmp package
<giovani> are you confusing the server with clients?
<LapLander> Isn't snmp.conf where the community string is set
<giovani> I think you're confusing roles here
<LapLander> I don't think so
<giovani> heh
<giovani> snmp is a set of query utilities, nothing more
<giovani> it's not the agent itself
<giovani> maybe you're looking for 'snmpd'
<giovani> which is the agent
<giovani> which you configure in /etc/snmp/snmpd.conf
<LapLander> Ok, I guess I misunderstood - thanks for clarifying it
<giovani> no problem
<SockPants> hello all
<SockPants> is there a way to use ubuntu server to broadcast internet radio?
<SockPants> hi
<SockPants> does ubuntu server 8.04 use alsa or oss or how do i find out on my system?
<SockPants> is there a way to see what process is using a sound device is ALSA?
<isaacsm> SockPants: lsof /dev/snd
<eagles0513875> i have shoutcast configured on my linuxbox but for some reason i cant start the server i keep getting bash: ./sc_serv: no such file or directory and i am in the directory where i have shoutcast
<beawesomeinstead> is it possible to mount (non-block) disk image via fstab? getting error that says it tries to mount disk image before parent partition...
<LyonJT> Hey,
<LyonJT> i have a squid proxy server running
<LyonJT> but when i try to use it from another network i get a access denied message shown
<LyonJT> why is thi
<uvirtbot> New bug: #363729 in openvpn (universe) "openvpn crashes under high load" [Undecided,New] https://launchpad.net/bugs/363729
<LyonJT> MiddleOfNowhere: Check out #windows
<matt1211> Hi, does anyone know how I can configure the netatalk package on my server to mount a directory other than the home directory by default to my finder?
<giovani> !weekend | matt1211
<ubottu> matt1211: It's a weekend.  Often on weekends, the paid developers, and a lot of the community, may not be around to answer your question.  Please be patient, wait longer than you normally would, or try again during the working week.
<giovani> matt1211: also, netatalk ... is not the most common package ... you'd be better off reading their documentation, or finding their support channel
<giovani> hmm, where did main.cf go from the postfix package in jaunty?
<giovani> am I missing something obvious?
<matt1211> Is there a package for ubuntu that fixes permissions for users?
<infinity> matt1211: In what sense?
<giovani> matt1211: what do you mean by "fixes"?
<matt1211> Well, when I try and create a user with my admin account on ubuntu, it says account expired, pam authorization failed.  I tried with root user and the same thing happens.
<giovani> how did you create the user? what command, exactly, was used?
<matt1211> sudo adduser username
<infinity> And when you log in to "username", it's expired?
<infinity> That usually indicated a clock issue.
<infinity> (ie: your computer thinks it's 1900?)
<giovani> could be dead CMOS
<giovani> matt1211: run "date" at the command line
<giovani> paste the output here
<infinity> *shrug* ... S'why I run ntpdate on boot, and ntpd during runtime.
<infinity> Half my machines don't know what time it is when they're off. :P
<giovani> that's not good
<infinity> Nah, it's just that I have a lot of machines that don't have battery-backed clocks.
<matt1211> date
<matt1211> Sun Apr 19 08:59:01 PDT 2009
<matt1211> that's the output
<infinity> Okay, so it's not clock skew.   Fun.
<infinity> matt1211: When do you get the error?  When you create the user, or when you try to log in with it?
<matt1211> when I create the user
<infinity> Oh, that's kinda special.
<giovani> it says "pam authorization failed" when you create the user?
<giovani> really?
<matt1211> yes, that's the error I get.  how can I fix it? is there a way to reinstall those functions or something?
<infinity> What does "passwd -S username" output?
<matt1211> do this on a user that I have tried to create?
<infinity> Yes.
<matt1211> Or just my admin one
<infinity> Unless it's not actually creating them at all...?
<matt1211> no it creates them
<matt1211> sort of
<infinity> Kay.  Then yes, "passwd -S <name of new user>"
<matt1211> it says test P and then a date.
<infinity> ....
<matt1211> test is the username
<infinity> Can't copy and paste the line?
<infinity> Looking for something like "adconrad P 05/13/2008 0 99999 7 -1"
<matt1211> il try
<matt1211> test P 04/19/2009 0 99999 7 -1
<infinity> Okay, none of that looks like an expired password.  "grep test /etc/passwd" to see if the account is set expired?
<infinity> (Should be something like "test:x:1002:1002:Test User,,,:/home/test:/bin/bash")
<infinity> The "x" for the second field is what I'm curious about.
<matt1211>  test /etc/passwd
<matt1211> test:x:1007:1007::/home/test:/bin/bash
<matt1211> that is what I got
<infinity> Okay, I'm at a loss.  It all looks fine.
<infinity> What's exact pam error when you create a user?
<infinity> (And it is when you run "adduser" right, not when you're running "sudo somecommand"?)
<matt1211> can I just reinstall the part of ubuntu that deals with creating users or something?
<infinity> Your user is being created fine.
<infinity> This is why I'm trying to figure out what your actual problem is.
<infinity> When do you get the PAM error, exactly?  After adduser has run and asked you all the questions, or before the questions?
<infinity> And do you have the exact error to copy and paste, rather than paraphrasing?
<matt1211> chfn: PAM authentication failed
<matt1211> adduser: `/usr/bin/chfn test' returned error code 1. Exiting.
<matt1211> does that mean anything?
<infinity> That doesn't look like the "account expired" you were previously describing...
<matt1211> that is above it, it just says your account has expired, please contact your system administrator.
<infinity> Ah-ha.
<infinity> Right, this is due to you having unlocked and subsequently half-broken your root account.
<matt1211> okay, is there a way to fix it?
<matt1211> or do I have to reinstall ubuntu.
<infinity> Try:
<infinity> sudo passwd --unlock root
<infinity> sudo usermod --lock root
<infinity> (It's a sketchy workaround for how we deal with locked/unlocked root accounts)
<infinity> Basically, I'm assuming that at one point you set a root password, then you re-locked root witn "passwd -l root", as various HOWTOs out there say you should?
<infinity> That completely breaks how PAM authenticates the root account.
<matt1211> that fixed it, thanks!
<infinity> "sudo passwd --unlock root; sudo usermod --lock root" should return yout root account to the more-or-less pristine locked state it was in when you installed the system.
<matt1211> ssh media@fried-rice.vipbc.org
<matt1211> woops, sorry
<matt1211> wrong window
<RoAkSoAx> hey guys, what's the user that runs squid on Intrepid?
<Kamping_Kaiser> proxy, iirc
<a1fa> hey
<a1fa> what files are needed for netboot?
<giovani> !netboot | a1fa
<ubottu> a1fa: Ubuntu can be installed in lots of ways. Please see https://help.ubuntu.com/community/Installation for documentation. Problems during install? See https://wiki.ubuntu.com/CommonProblemsInstall and https://wiki.ubuntu.com/DapperReleaseNotes/UbiquityKnownIssues - Don't want to use a CD? Try http://tinyurl.com/3exghs - See also !automate
<giovani> a1fa: you want to PXE boot and do a network install?
<giovani> https://help.ubuntu.com/community/Installation/Netboot
<a1fa> got that
<a1fa> https://help.ubuntu.com/community/Installation/WindowsServerNetboot
<a1fa> i used this guide
<a1fa> and stupid thing is trying to load pxelinux.cfg/00..000, MACADD, IP, HOSTNAME, DOMAIN
<a1fa> everything but linux
<giovani> ok, well that guide looks ancient
<giovani> hoary and breezy
<giovani> that's like a 4 year old guide
<giovani> probably heavily out of date
<a1fa> true but principal is the same
<a1fa> netboot, pxelinux.cfg, linux and initrd.gz
<giovani> yes, but the files may be quite different
<giovani> read the basic Netboot guide
<giovani> rather than the one specific to windows
<a1fa> hm
<genii> If your client is trying to load a file whic is it's mac or so, likely your dhcp server is not giving it an address
<theuser1> i have a 24/7 dsl and kubuntu as an os. i dont know how to do something. i mean i want o make some use of it... may be a webserver... or what else.can any one comment?
<matt1211> Hi, how can I find the password to my mysql root user? I forget what I set it as.
<cheleo> anyone has upgraded to jaunty-server ?
<infinity> matt1211: You can't find it if you didn't put it anywhere, but you can reset it.
<matt1211> okay, how do I do that?
<infinity> http://www.howtoforge.com/reset-forgotten-mysql-root-password has the reasonably simple instructions.
<matt1211> ah, just a question what is the command to stop and start mysql? I think its /etc/init but I'm not sure about the rest
<josspyker> /etc/init.d/mysql restart
<a1fa> ah this crap aint workin :(
<genii> Might want sudo with that init.d command
<theuser1> what is the difference in openssh and sshd?
<giovani> cheleo: I haven't done an upgrade, but I have a jaunty server or two, yes
<giovani> theuser1: the client and the server
<matt1211> how can I reinstall mysql package? the instructions for resetting the root passwd are not working for me.
<giovani> matt1211: you don't need to reinstall mysql
<giovani> that's serious overkill
<matt1211> ?
<giovani> http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html#resetting-permissions-unix
<giovani> there is the official documentation
<giovani> it's going to work
<giovani> if you follow it
<matt1211> how can I change password then, I forgot mine and instructions are not working.
<matt1211> ah
<giovani> what "didn't work"?
<giovani> be more specific
<giovani> there were only 3 steps in the first set of instructions you were given -- was an error returned? what happened?
<matt1211> instructions from this url. http://www.howtoforge.com/reset-forgotten-mysql-root-password
<giovani> yes ... be specific about what "didn't work"
<matt1211> had trouble with the part just after the odd restart.
<giovani> matt1211: I've asked you repeatedly to be specific
<giovani> "had trouble" is nowhere near specific enough
<matt1211> okay, I restarted the mysql database and bypassed the tables, and went into it with the root user, but when I typed the update user command to change the password, and the flush command, it didn't give any errors, but when I restarted the password still hadn't changed.
<giovani> it didn't tell you to restart mysql
<giovani> it told you to shut it down, and then start safe mode
<matt1211> I did start it in safe mode.
<giovani> you probably typoed somewhere
<giovani> here's yet another guide: http://www.nixexp.com/index.php/2006/12/16/how-can-i-reset-mysql-root-password-root-password-recovery/
<a1fa> hm.. its not even trying to pull down its tftp image
<a1fa> thats whats crazy about it
<giovani> a1fa: that implies a typo in the config, or a bad setup
<a1fa> all looks good
<a1fa> tripple checked it
<a1fa> it pulls pxelinux.0
<a1fa> and thats it
<giovani> well clearly something isn't good :)
<giovani> where'd you get your netboot files from?
<a1fa> ubuntu.com
<giovani> where specifically
<a1fa> hm
<a1fa> not working yet again
<giovani> can you tell me where you got your netboot files?
<a1fa>  http://mirror.anl.gov/
<a1fa> 8.10 and 9.04
<giovani> sigh
<a1fa> do you want full url?
<giovani> ok, well, jaunty isn't released yet
<a1fa> either image
<a1fa> http://mirror.anl.gov/pub/ubuntu/dists/jaunty/main/installer-i386/current/images/netboot/netboot.tar.gz
<a1fa> both do the same thing
<a1fa> i manually tested the tftp server and it works
<a1fa> in terms of default and images
<giovani> and what shows up on the pxe booted machine?
<giovani> does it present an error?
<a1fa> cant find pxelinux.cfg boot image
<a1fa> but when i do it manually its there
<giovani> well I'd stick a network tap around the pxe machine and watch every packet going in and out
<giovani> and see if it's not looking in the right place
<matt1211> Okay, that worked, thank you for your help!
<giovani> matt1211: in the future, with mysql-specific stuff, that isn't ubuntu related -- check out #mysql
<a1fa> i got a tap up
<giovani> a1fa: great, do a full packet dump
<giovani> and I'll take a look at it
<matt1211> okay, I'll do that.
<a1fa> Error Code, Code: Not defined, Message: TFTP Aborted\000
<giovani> a1fa: that doesn't look like a packet dump to me :)
<giovani> can you post the entire pcap file somewhere?
<matt1211> What is the command to delete a databse in mysql?
<giovani> matt1211: this channel is really not for mysql-focused info
<a1fa> lol
<giovani> you can find that answer on google, or in #mysql, or in the wonderful mysql documentation on the website
<a1fa> giovanio: i am actually looking into this
<a1fa> it looks like it never pulls pxelinux.0
<a1fa> but thats a whole another problem
<giovani> it sounds like you have fundamental config issues with DHCP
<genii> Make sure RUN_DAEMON="yes"           is set in /etc/default/tftpd-hpa
<a1fa> *nstinks
<a1fa> this really nlows
<a1fa> crazy.. the file is there manually
<a1fa> it successfully loads pxelinux.0
<a1fa> but thats about it
<genii> a1fa: You are using the network boot kernel image, or a mounted install iso, or what?
<a1fa> network boot kernel
<a1fa> i am giving up
<a1fa> i am building a ubuntu vmware
<a1fa> and about to to dd over network :)
<a1fa> its amazing how dust affects DVD rom drives
<a1fa> both xbox and my workstation dvd drives dont want to eject dvds
<theuser1>  i need a free vnc software for both windows xp and kubuntu. i what to make windows and kubuntu both as some times client and some times server. need ecryptiiiiionn say ssh if possible. please see http://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software if you want to ?
<a1fa> tinyvnc
<a1fa> ultravnc
<a1fa> either way
<a1fa> ssh it if you want
<a1fa> hm.. i dont have hardware raid controller.. i tought lvm will let you setup lvm raid in installer?
<giovani> thefish: this channel doesn't support GUIs on ubuntu server
<giovani> so, VNC won't be relevant here
<a1fa> ah if there was only way to make 1U server more quiet
<giovani> a1fa: there is ... there's nothing inherently loud about a 1U server
<giovani> obviously you can use lower-flow fans
<genii> a1fa: Better fans? ;)
<giovani> lower speed fans
<giovani> however, typically ... yeah, due to a tight fit of components, 1Us ship with very fast fans
<genii> Some of those Sun 1U boxes sound like an F-18 ready to take off, when you power them onn
<giovani> genii: it's, unfortunately, the best way to ensure the box doesn't die when it's stacked above and below overheated boxes
 * Nafallo loves when DL385s turn on :-)
<Nafallo> s/turn/power/
<genii> giovani: Yes, it's understandable. Just when you're in the data centre the white noise kills you after a while
<giovani> genii: ear-plugs
<giovani> I always wear them at datacenters
<theuser1>  i need a free vnc software for both windows xp and kubuntu. i what to make windows and kubuntu both as some times client and some times server. need ecryptiiiiionn say ssh if possible. please see http://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software if you want to ?
<giovani> thefish: I've already responded to you
<giovani> <giovani> thefish: this channel doesn't support GUIs on ubuntu server
<giovani> <giovani> so, VNC won't be relevant here
<giovani> so please stop asking that question
<Nafallo> Nokia BH-604
<genii> giovani: You hit tab-complete for the wrong nick of the vnc enquirer
<Nafallo> I always wear them ;-)
<giovani> genii: oh, indeed I did, thank you for pointing that out
<genii> Nafallo: Earplugs?
<Nafallo> http://www.nokia.co.uk/A4577624
<giovani> genii: nah, big headphones
<giovani> not really gonna work in datacenters, imo
<genii> Hehe
<giovani> I have some bose
<Nafallo> giovani: really? they work quite damn well for me :-)
<giovani> full ear canal blockage is the only want to ensure protection for your ears
<a1fa> wow
<a1fa> server install fail
<a1fa> it could not boot off scsi drive
<genii> a1fa: You have the scsi host adapter bios set for the drive you also specified in the install?
<genii> Also is there proper terminaltion, etc etc
<Nafallo> giovani: hmm. any of those ear canal stuff would have bluetooth you reckon? :-)
<Nafallo> I'm addicted to my music while working :-)
<giovani> Nafallo: yes, I've seen some of them
<Nafallo> giovani: any idea where? I'm very interested :-)
<giovani> I'll google around
<giovani> or you can
<giovani> why do you like bluetooth?
<giovani> the audio quality is horrible
<Nafallo> giovani: I've had enough wires getting caught in racks in my days...
<giovani> Nafallo: just run it under your shirt or something
<giovani> cheaper, no battery to discharge, and higher quality
<giovani> and smaller
<Nafallo> still comes out somewhere, and my shirts don't usually go over my head :-)
<Nafallo> giovani: mobile gets usb-charged anyway. so battery isn't a worry.
<a1fa> genii: yup
<giovani> Nafallo: ok
<Nafallo> quality will only be as good as the n95-2 can do anyway. ;-)
<genii> a1fa: What adapter?
<genii> (some Adaptec require PNP to be off or CAMI to be be off, etc)
<a1fa> dont know
<a1fa> need to check
<giovani> a1fa: don't presume any adapter is supported
<giovani> especially with something specialized (and generally being phased out) like scsi controllers
#ubuntu-server 2010-04-19
<cane> Hello
<cane> I need help converting the default LVM install to RAID0
<cane> no one here today?
<funkyHat> Hello people!
<cane> funkyHat, hey
<funkyHat> Has anyone set up 2 exim servers with one configured as a "satellite"?
<persia> I think most folks recommend postfix for new setup.
<funkyHat> I already have a complex exim setup on the "server" side (i.e. not the satellite)
<funkyHat> And gmail is managing to authenticate with that using the same transport and auth as I've set up for my satellite
<funkyHat> But for some reason the satellite fails to auth correctly
<persia> Ah, then the "most folks" situation doesn't apply to you :)
<cane> Anyone know how to migrate from LVM to RAID0
<Sp3c1alK_> If anyone has a static ip setup could you copy and paste your /etc/network/interfaces file onto pastebin for an  example?
<lil_cain> http://pastebin.org/157951
<lil_cain> you don't need the post-up bit
<cane> Anyone know how to migrate from LVM to RAID0
<Sp3c1alK_> ah, I see you have "network" listed but not "gateway"
<lil_cain> Sp3c1alK_: You probably want to add a gateway
<lil_cain> that network doesn't have a default gateway
<Sp3c1alK> what's the differnce between network and gateway?
<lil_cain> Gateway gives you a default route.
<Sp3c1alK> right, but what abou8t network
<lil_cain> Specifies the start address of the network, I'd imagine. I think it's more useful for people reading that anything else.
<lil_cain> ah, network is required, apparetly if you're using a 2.0 kernel
<lil_cain> It's probably legacy cruft in our case.
<cane> Anyone know how to migrate from LVM to RAID0
<swift> hi guys, I have a router with no snmp agent on it... ive installed mrtg on my ubuntu server...also installed snmpd.. how can i monitor this router internet traffic?
<swift> this line doesn'
<swift> thie line doesn't have a static IP.. that's the problem
<swift> i have a virtual ppp1 interface representing this line... can i use the interface name in 'cfgmaker' to monitor it?
<arrrghhh> hey all, does anyone use rtorrent with xmlrpc-c support?  i'm having trouble compiling it, on the surface it seemed like everything compiled correctly but when i try to run the "rtorrent" command I get an error that makes it look like libtorrent didn't compile correctly... but i can't see why.
<arrrghhh> nvm, sudo ldconfig fixed my issue.  i'd like to know why... but i'm glad it's fixed
<swift> guys, if a router doesn't have an snmp agent, can i use snmpd to create snmp traffic from that interface?.. that way mrtg can monitor it
<swift> also, this internet line doesnt have a static IP
<swift> please advise
<darkk^> swift, is it ubuntu-based router or some "hardware router" ?
<swift> the router is a separate hardware...
<swift> but it is represented by a virtual interface on ubuntu...
<swift> forgive my terms.. but it's just a modem... all routing is done via the ubuntu server
<swift> routing and authentication.... basically there are 2 internet lines coming from two modems... and ubuntu is the router... so, all traffice passes via ubuntu outside
<darkk^> I assume, it's possible to use interface name in snmpd. I don't know how (I've not deployed snmp myself yet), but I see nothing wrong with that.
<flyback> ok
<flyback> ubuntu server box
<flyback> 8.x lts whatever it is
<flyback> console only
<flyback> upsmon, perl, mabye some bare bones compiling tools
<flyback> what roughly should I be looking at disk space wise
<flyback> basically it monitors a ups and then ssh logs into 30 hosts and executes a vmware esx/esxi or server shutdown script
<flyback> I think I am around 700 meg or so so I could almost get away with 1gb flash
<flyback> but need some for swap
<flyback> so I dunno
<uvirtbot> New bug: #566475 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/566475
<uvirtbot> New bug: #566497 in clamav (main) "logging waaaaaaaay to much (7gb too much)" [Undecided,New] https://launchpad.net/bugs/566497
<KristianDK> I'm sorry if its a silly question, but if i have an UEC and one of the nodes crashes entirely, what will happen to the VM's on the server?
<binBASH> KristianDK: Btw. I managed to get it fully working at hetzner ;)
<KristianDK> binBASH, How!? :D
<binBASH> KristianDK: Just configure Eucalyptus Network setup to SYSTEM
<KristianDK> i even spoke to them today, and asked different stuff and they just said it wasnt possible
<binBASH> and then I installed a dhcpd on each node
<binBASH> which provides the 3 additional ips
<KristianDK> oh, then it can distribute everything?
<binBASH> yup
<binBASH> I also have vnc running for the vms
<KristianDK> but still, if that server crashes - all of the VMs with IP from it will die, right?
<KristianDK> nice :D
<binBASH> yup
<binBASH> all vms will get los
<binBASH> t
<KristianDK> really? Isn't there any backup?
<binBASH> no
<binBASH> it's not persistent image
<KristianDK> but why not store the data on walrus? that's distributed, right?
<binBASH> you can do that
<binBASH> that data will be persistent
<binBASH> Though it's slow with hetzner ;)
<binBASH> only 100 Mbit
<KristianDK> yeah, but you can actually get a 1gbit router :)
<binBASH> yup
<binBASH> you just need to pay a lot more ;)
<KristianDK> they didnt provide me with the price, however :P
<binBASH> I have it
<KristianDK> how much is it?
<binBASH> You need flexipack for each server which is additionally 15 Eur / Month
<binBASH> and a 2nd nic
<binBASH> then you have to let them move all nodes in hetzner datacenter so they are located at each other
<binBASH> costs 69 Eur / Machine
<KristianDK> lol
<KristianDK> and then how much for the router itself?
<binBASH> sec, I'm searching this
<KristianDK> ok :P
<binBASH> for 8 Port Gbit it's 59 Eur once
<binBASH> and for 24 Port it's 199 Eur once
<KristianDK> well, its not that bad
<binBASH> just the relocation is bad ;)
<KristianDK> btw, as you are mentioning the flexipack for the router - you don't use the raid controller?
<KristianDK> yeah, but if you order the new ones together, you can request them in the same datacenter, they said :)
<binBASH> yup
<KristianDK> and the rest of my servers are in RZ10 anyway
<KristianDK> you don't use raid?
<binBASH> I don't have flexipack at all
<binBASH> I have all systems software raid 0
<binBASH> each node has a secondary one for backup ;)
<binBASH> at least for the storage partitions ;)
<KristianDK> hehe, ok :D
<binBASH> glusterfs does this
<binBASH> KristianDK: http://78.46.23.157/
<KristianDK> well, i guess software raid can do the trick too
<binBASH> See cherokee webserver runs on a vm ;)
<KristianDK> nice :D
<binBASH> If you want details about network config per node just tell me
<KristianDK> I'd love to have that, because I'm certainly gonna try it out :D
<binBASH> ok sec, I'll pastie it
<KristianDK> awesome :)
<binBASH> KristianDK: http://www.pastie.org/926849
<binBASH> you have to set net.ipv4.ip_forward=1 in /etc/sysctl.conf as well
<KristianDK> ok :) btw, what is the different IPs in terms of hetzner? The .129 gateway, is this your own machine?
<KristianDK> i gues .151 is the normal ip of the server?
<binBASH> yup
<binBASH> 160-162 are the 3 additional ones
<binBASH> it's possible to use those in the vms without special nat setup
<KristianDK> ok, so you have only 4 ips in total, right?
<binBASH> 4 ips / Nodes
<binBASH> the main ip is not usable within the vm
<KristianDK> the .151, correct?
<binBASH> yup
<binBASH> I will use it though
<binBASH> it's better to run varnish not in the vm for speed :)
<KristianDK> i can understand that you are using the cloud for web projects too :D
<KristianDK> btw - this line - what does the .129 and .129 mean? up route add -net 78.46.22.128 netmask 255.255.255.192 gw 78.46.22.129 eth0
<binBASH> it's the default route which goes through the hetzner router
<KristianDK> how would i translate this into my own setup?
<binBASH> but you have this line already in the config
<KristianDK> it will be there from the beginning?
<binBASH> you just need to add routes for the additional ips
<binBASH> yup
<KristianDK> ahh, cool :D
<binBASH> the br0 routes you need to add
<KristianDK> yeah
<KristianDK> in the br0, why is the netmask .255 in the end?
<KristianDK> and not 192
<binBASH> Well I took that myself from another tutorial KristianDK :)
<KristianDK> hehe, ok :D just seemed weird to me :P
<binBASH> just can tell you it works for me like this ;)
<KristianDK> hehe :P
<KristianDK> what kind of web apps are you going to host btw?
<binBASH> gettyimages.com
<binBASH> and some subsites
<binBASH> things like gettyimageslatam.com
<binBASH> our company provides software for image agencies and press content providers.
<KristianDK> ahh, cool :)
<KristianDK> why does it say .aspx in the end of some of the files? :P
<binBASH> KristianDK: Well currently we host only gettyimageslatam.com from Getty Images
<binBASH> others will follow
<KristianDK> ahh, ok - but the varnish is for php then?
<binBASH> varnish is a caching proxy
<binBASH> it can cache all kind of files
<binBASH> the goal is to setup a geoip based system which distributes content from serverclusters which are spread world wide
<KristianDK> yeah, i know - but sometimes you can interact with it from the scripts - at some point i saw some tutorials with it
<KristianDK> thats cool :-D
<binBASH> yeah, you can purge the objects from scripts for example
<binBASH> so it will reload the cached objects from the source
<binBASH> Must have for image changes ;)
<KristianDK> hehe, yeah, i guess they would normally cache for quite some time
<binBASH> Don't want to serve old thumbnails when user uploaded new pic for example ;
<KristianDK> true :P
<KristianDK> anyway, my macbook pro is running out of battery - i'll see you around later ;)
<binBASH> see ya ;)
<binBASH> I have free day now.
<e-DIO-t> yo!
<uvirtbot> New bug: #566560 in samba (main) "samba server requires smbpasswd -a user constantly" [Undecided,New] https://launchpad.net/bugs/566560
<e-DIO-t> !landscape
<ubottu> Landscape makes the management and monitoring of Ubuntu systems simple and effective by combining world-class support with easy to use online management tools. https://landscape.canonical.com/
<Italian_Plumber> how much of a threat, really, are viruses contained in Powerpoint presentations, i.e. ones passed around in email forwards?
<RoyK> for the mail server?
<Italian_Plumber> for the pc
 * RoyK points to channel name
<Italian_Plumber> oh sorry wrong channel
<lau> hello, I am running 8.04 and have an issue with apparmor
<lau>  $ sudo /etc/init.d/apparmor restart
<lau> Reloading AppArmor profiles Error: Could not allocate temporary file. Profile /etc/apparmor.d/usr.sbin.mysqld failed to load
<lau> : Failed.
<lau> http://paste.ubuntu.com/418567/ any idea ?
<zul> jdstrand: ^^^
<ivoks> brb
<ScottK> zul: Would you have a chance to upload ivok's dovecot-postfix changes today?
<ScottK> If not, I'll do it tonight.
<zul> ScottK: not yet
<zul> ScottK: but I was going to look at it today
<ScottK> zul: That'd be great.  Thanks.
 * ScottK is busy with $WORK, car repair, and fixing clamav today.
<ijhhonuibjhn> has anyone had issues with Ubuntu Server running on hyper-v won't show more than ~139GB for hard drive size?
<ijhhonuibjhn> I have a 500GB VHD attached but Ubuntu sees is as around 139GB and can't find anyone else seeing a similar situation
<zul> smoser: ping can yo have a look at #564355?
<smoser> bug 564335
<uvirtbot> Launchpad bug 564335 in launchpad-foundations "changing ones password renders both old and new passwords invalid" [Undecided,New] https://launchpad.net/bugs/564335
<zul> smoser: crappers https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/564355
<uvirtbot> Launchpad bug 564355 in eucalyptus "Second euca-run-instance request in same security group causes eucalyptus to remove network assoicated with security group" [Undecided,New]
<ivoks> zul: could you push this one?
<ivoks> zul: https://bugs.edge.launchpad.net/ubuntu/+source/drbd8/+bug/562832
<uvirtbot> Launchpad bug 562832 in drbd8 "module drbd8 update kernel from 2.6.32-16 to 2.6.32-20" [Medium,In progress]
<zul> ivoks: i have it open in my web browser already,,,once I get through the daily traige Ill get to it
<ivoks> zul: awesome, thanks
<flyback> flyback> ubuntu server box
<flyback> <flyback> 8.x lts whatever it is
<flyback> <flyback> console only
<flyback> <flyback> upsmon, perl, mabye some bare bones compiling tools
<flyback> <flyback> what roughly should I be looking at disk space wise
<flyback> <flyback> basically it monitors a ups and then ssh logs into 30 hosts and executes a vmware esx/esxi or server shutdown script
<flyback> <flyback> I think I am around 700 meg or so so I could almost get away with 1gb flash
<smoser> kirkland,
<smoser> https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/564355
<uvirtbot> Launchpad bug 564355 in eucalyptus "Second euca-run-instance request in same security group causes eucalyptus to remove network assoicated with security group" [High,New]
<da65> anyone using liferay?
<lau> I found a work around in order to set up a mysql multi instance on my hardy server
<lau> But I had to disable apparmor mysql :(
<lil_cain> You should just have to modify the policy.
<lau> I tried https://wiki.ubuntu.com/DebuggingApparmor but was not able to set the policy properly
<lau> any idea, suggestion appreciated :) http://paste.ubuntu.com/418567/
<jdstrand> lau: we need the denied messages from dmesg/kern.log
<_ruben> flyback: 1gb flash is pushing it with a default -server install, 2gb should be fine .. when using 1gb you might wanna strip it down after install, or use alternate install cd to do minimal install (not sure how much smaller that'd become)
<flyback> no X btw
<lau> jdstrand: ok, something like ? kernel: [1146644.138980] type=1503 audit(1271684949.075:317): operation="mknod" pid=7594 parent=7568 profile="/usr/sbin/mysqld" requested_mask="w::" denied_mask="w::" fsuid=113 ouid=113 name="/var/lib/mysql2/mysql/db.frm"
<flyback> yeah I was thinking 2 gig might be the safe point
<_ruben> default install is around ~700 megs indeed, but you want enough spare space to be able to run upgrade and stuff like that
<_ruben> flyback: my fileserver at home runs from 2gb flash
<flyback> nice
<flyback> this is just a little mini-itx box to monitor a ups
<flyback> and send shutdown scripts to some vmware esx/esxi hosts
<flyback> and some others
<lau> the problem always occured when sudo mysql_install_db --user=mysql --datadir=/var/lib/mysql2/
<flyback> thx guys
<flyback> oh here's a tip
<flyback> they are cheap on ebay also
<flyback> http://webdevsys.com/lightsOut.htm
<flyback> I already found use for 2 at home and 2-3 at work
<lau> my assumption was to add a line like /var/lib/mysql2/ in /etc/apparmor.d/usr.sbin.mysqld
<flyback> and if you read carefully they work with non-hp's (minus a few features)
<jdstrand> lau: just add the following:
<jdstrand>   /var/lib/mysql/ r,
<jdstrand> err
<jdstrand>   /var/lib/mysql2/ r,
<jdstrand>   /var/lib/mysql2/** rwk,
<lil_cain> what does the 'k' mean?
<jdstrand> lau: then do: 'sudo apparmor-parser -r /etc/apparmor.d/usr.sbin.mysql
<jdstrand> lil_cain: allows locking
<lau> jdstrand: do you mean http://paste.ubuntu.com/418622/ ?
<lau> jdstrand: sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld returns nothing (echo $? is 0)
<jdstrand> lau: that is correct and that is what apparmor_parser should return
<lau> jdstrand: with you apparmor mysql config and after restarting apparmor service,
<lau> now sudo mysql_install_db --user=mysql --datadir=/var/lib/mysql2/ is ok :)
<lau> jdstrand: is it good to add lines like /var/run/mysqld/mysqld2.pid w, /etc/mysql/my.cnf r,
<lau> err, jdstrand: is it good to add lines like /var/run/mysqld/mysqld2.pid w, /etc/mysql2/my2.cnf r,
<jdstrand> lau: if mysqld needs to use those files-- absolutely
<jdstrand> lau: you can also check to make sure it is confined with 'sudo aa-status'
<lau> jdstrand: ok, I tried aa_status previously, reading https://wiki.ubuntu.com/DebuggingApparmor
<jdstrand> lau: cool, good luck! :)
<lau> jdstrand: what is the relevant info in the kernel log above ?
<lau> I was not ale to analyze it and extract any substance to solve the issue
<fallback> hello, trying to set up a bridge performing NAT for several KVM guests as well as allowing several KVM guests to have external IP's; can anybody help?
<lau> except not allowed to create db table
<jdstrand> lau: profile="/usr/sbin/mysqld" requested_mask="w::" denied_mask="w::"... name="/var/lib/mysql2/mysql/db.frm"
<lau> since it is comming from audit does this meqn it is an apparmor output ?
<lau> mean
<jdstrand> lau: that tells you what denied it (the profile), what access was needed (requested_mask), what was not provided by the profile (denied_mask) and the file in question (name)
<jdstrand> lau: apparmor uses 'audit', yes
<jdstrand> lau: in Ubuntu 10.04 LTS, there is a handy apparmor_notify command that can be used to summarize the logs in a more human readable form
<jdstrand> lau: in earlier releases, you have to just look at the dmesg/kern.log or if using auditd, /var/log/audit/audit.log
<lau> ok, jdstrand, can you point me to a kernel audit reading ? I have no clue how it works and why ? what ?
<lau> ok audit is a connex service to dmesg ?
<jdstrand> lau: the 'audit' message is generated by the kernel
<lau> ok, apparmor uses the 'audit' level message in order to log into /var/log/messages
<lau> other services may also use that kernel log level message
<lau> that is why if I suspect apparmor to create pbs, I should probably grep audit /var/log/messages
<lau> is this good a approach jdstrand ?
<jdstrand> lau: kern.log generally-- if you log them to /var/log/messages, that would work too
<jdstrand> lau: 'grep audit /var/log/kern.log' should help you a lot
<fallback> hello, can i ask about ubuntu-server, running KVM?
<lil_cain> Don't ask to ask, just ak.
<lil_cain> *ask
<fallback> Thanks; i'd like to double-check certain issues i'm having. I'm trying to set up a bridge that allows several guests to have external IP addresses, while also providing NAT for several guests on the internal network range
<fallback> the bridge comes up fine, but i can't get internet access to the private guests; should i send the firewall script or something?
<ivoks> no you can't, this is fedora channel
<ivoks> oh, sorry, wrong channel :)
<Pici> s/fedora/ubuntu/
<ivoks> fallback: ok, so KVM should be bridged, while others should be nated?
<fallback> several guests are in a private range in a load-balancing configuration; access should be granted from the outside using port forward to the virtual IP. Another guest running FreeBSD and DirectAdmin should be accessible directly
<fallback> (because DirectAdmin demands a public IP)
<zul> ivoks: can you update the changelog in your dovecot bzr branch
<ivoks> changelog?
<ivoks> zul: isn't that extracted from bzr? :)
<zul> ivoks: bug number etc
<ivoks> bug number... there isn't one
<ivoks> the bug that was reported was on similar issue
<ivoks> well, you might say this upload fixes it
<ivoks> ok, let me update it
<zul> thanks
<ivoks> zul: like this? (commit 70)
<Jeeves_> ARGH!
<jpds> Jeeves_: My sentiments exactly.
<uvirtbot> New bug: #566721 in squid (main) "package squid 2.7.STABLE7-1ubuntu12 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/566721
<e-DIO-t> well! TTL reached: it's time to leave!
<e-DIO-t> bye!
<gzmask> why am I keep getting "FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='c1.medium', cpu=1, disk=5, mem=256}, max=0, available=0} < 1: vm instances." after "euca-run-instances -k mykey -t c1.medium emi-DE8D1064" ??
<masu3701> i was able to create a samba share and access it from my other pc on the network...but how can the client pc drag and drop files to the share?
<mirko_> c' Ã¨ nessuno italiano ?
<gzmask> My node controller is not talking to the CLC, what would I do? I checked the /etc/eucalyptus/eucalyptus-ipaddr.conf and manually set the ip addresses but still doesn't work.
<gzmask> I even ran the "euca_conf --no-rsync --discover-nodes" and still nothing
<gzmask> And my registration.log shows:
<gzmask> 2010-04-19 10:39:08-06:00 | 3242 -> Calling walrus Walrus 142.3.31.158
<gzmask> 2010-04-19 10:39:08-06:00 | 3243 -> Calling storage cluster1 storage 142.3.31.158
<gzmask> 2010-04-19 10:39:08-06:00 | 3245 -> Calling node cluster1 node 142.3.31.158
<gzmask> 2010-04-19 10:39:08-06:00 | 3239 -> Calling storage cluster1 storage 142.3.31.158
<gzmask> 2010-04-19 10:39:08-06:00 | 3244 -> Calling cluster cluster1 142.3.31.158
<gzmask> 2010-04-19 10:39:08-06:00 | 3238 -> Calling walrus Walrus 142.3.31.158
<gzmask> 2010-04-19 10:39:08-06:00 | 3241 -> Node 192.168.122.1 is already registered.
<gzmask> 2010-04-19 10:39:08-06:00 | 3245 -> Node 142.3.31.158 is already registered.
<gzmask> 2010-04-19 10:39:09-06:00 | 3240 -> Cluster cluster1 is already registered.
<gzmask> 2010-04-19 10:39:09-06:00 | 3238 -> Walrus 142.3.31.158 is already registered.
<gzmask> 2010-04-19 10:39:09-06:00 | 3244 -> Cluster cluster1 is already registered.
<gzmask> 2010-04-19 10:39:09-06:00 | 3239 -> SC for cluster1 is already registered.
<gzmask> 2010-04-19 10:39:09-06:00 | 3243 -> SC for cluster1 is already registered.
<pmatulis> gzmask: use pastebin please
<zul> gzmask: please use pastebin
<uvirtbot> New bug: #566803 in augeas (main) "/usr/share/augeas/lenses/dist/iptables.aug should use a different path" [Undecided,New] https://launchpad.net/bugs/566803
<zul> nxvl: ^^^
<zul> jib: mysql 5.0 totally gone from lucid
<ScottK> \o/
<Daviey> zul: The concern I have is that people who explicitly installed mysql-server-5.0 won't have an upgrade path.
<ScottK> Thanks for seeing it totally out of the archive and not just out of Main.
<nxvl> zul: working on it
<nxvl> zul: wait augeas is in main
<zul> nxvl: yeah it is ;)
<nxvl> zul: ok, will work on it later today
<zul> ScottK: dovecot is uploaded as well
<ScottK> zul: Great.
<ScottK> Just waiting for a Debian upload of clamav to merge and I think server stuff I'm worried about for Luicid is done.
<gzmask> zul: sorry I was unaware of the long log file. anyways, I got the problem fixed with the help from nerko_ and he smells a potential bug. Here's how I got it fixed: http://ubuntuforums.org/showthread.php?p=9144875#post9144875
<smoser> hggdh, is it possible for me to modify an image and try to recreate https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/566792 ?
<uvirtbot> Launchpad bug 566792 in cloud-init "UEC guests sometimes fail on consuming user data" [Undecided,New]
<jiboumans> zul++
<libertiy> hi everyone i was reffered to here from ubuntu
<libertiy> i wondered if it would be possible to have qmail on ubuntu with qmail toaster
<RoAkSoAx> kirkland: what does '<number>!' with red backgroun in byobu means?
<hggdh> smoser: yes
<hggdh> go ahead, the environment is set up
<smoser> hggdh, cempedak?
<hggdh> cempedak is the CLC, yes
<smoser> k
<Daviey> RoAkSoAx: Pending updates
<RoAkSoAx> Daviey: thanks! :)
<Daviey> np
<hggdh> smoser: topo2, cempedak=CLC, mabolo=walrus, marula=CC, santol=SC, (sapodilla|soncoya)=NC
<smoser> hggdh, how often does this happen ?
<libertiy> anyone knows of an easy way to install + manage postfix mailboxes?
<RoyK> libertiy: well, it's linux after all, so you can run what you like, but see https://help.ubuntu.com/8.04/serverguide/C/dovecot-server.html for a good imap server
<smoser> hggdh, other question, where did you get "20100419.1/UEC"
<smoser> 20100419.1 is not available anywhere
<hggdh> smoser: last 200 runs, at least 5 times
<libertiy> i found out sudo apt-get install postfix it looks good  i found devocot indeed :P
<hggdh> smoser do you want me to save the current logs before you start?
<smoser> sure
<RoyK> libertiy: postfix works well
<smoser> hggdh, i'll need instruction on how to run also
<smoser> give me 10 minutes to get an image registered
<libertiy> i come from centos with qmail so this is something different
<libertiy> i hope a small challange :)
<RoyK> it shouldn't be very hard
<libertiy> when installing postfix with sudo apt-get install postfix i dont get imap with it i guess right? i need to seperatly install devocot
<RoyK> no, postfix is an mta, not a poa
<RoyK> so yes, install dovecot for mailbox access
<binBASH> Hi RoyK
<RoyK> hi, bashy :)
<libertiy> guys sudo apt-get install dovecot-postfix gives package not found
<libertiy> do i need to set  a remote repository for packes in the ubuntu "rpm" manager?
<binBASH> RoyK: Damn, I have to migrate from qmail, to postfix at some day this week :)
<libertiy> im sorry if in not into the correct terms here, just wonder , i guess basic principes are the same
<libertiy> hehe i never had problems with qmail though binBASH
<binBASH> libertiy: Here it crashes on mails comming from 1/4 of all mailservers
<binBASH> really drives me nuts, but maybe it's caused by a plugin / patch.......
<hggdh> smoser: I used the base install from 20100419.1, and the UEC from 20100419
<libertiy> hmm thats a shame to hear, but sometimes it can be nice to try other solutions and why not keeps you sharp ;p
<binBASH> libertiy: I'm using qmail since 2000
<binBASH> so it's a shame for me to move :p
<hggdh> smoser: running the single user test is set up. I would still have to create the accounts for the multi
<smoser> ah. iso 20100419
<hggdh> smoser: but the single test is where I got the last failure
<smoser> that makes since
<hggdh> why?
<libertiy> i havent really looked into the differences on qmail and postfix, but i guess thats a discussion for another channel
<smoser> hggdh, ok. i've registered emi-27101629
<smoser> i'm sniff testing it to see that the debug output that i wanted gets printed
<lamont> libertiy: qmail has a license that relegates it to multiverse
<smoser> and then if so, run it in a test like yo uhave
<binBASH> libertiy: Like I said, maybe it's caused by a qmail plugin. I'm using qmail-spp
<binBASH> It has a plugin which looks up sender ips against dns blacklist
<libertiy> hmm i havent used that i used it very basic to host mailboxes for projects and customers
<binBASH> so spammers will be rejected and not accepted by the server
<hggdh> smoser: OK. Tell me when you are ready
<smoser> ready
<hggdh> :-)
<hggdh> smoser: let's do it as 200 runs, when the error happens we can stop it
<binBASH> libertiy: Well I do not want to use it any longer. What I want is. Have Mails accepted by the server and put them into a SPAM folder
<smoser> k
<binBASH> just like gmail does for exmaple
<binBASH> however I dunno how to configure spamassassin yet
<hggdh> all you need to do: cd ~/uec-testing-scripts; ./uec_test.py -c config_single.yaml
<hggdh> you may want to put it in the background
<smoser> modify config_single for my ami
<smoser> right?
<hggdh> dammit
<hggdh> yes, of course
<hggdh> doing it
<smoser> done
<binBASH> smoser: What happens btw. if vms in uec are rebooted?
<binBASH> Will they be deleted?
<smoser> no.
<smoser> reboot should come back up
<binBASH> ok
<smoser> binBASH, terminate is "go away"
<hggdh> smoser: then just run it as I pointed above. Results are written to ./resutls/single*
<smoser> and good bye data
<smoser> hggdh, was there user data provided to the instance ?
<smoser> hggdh, how do i know when i see it fail ?
<smoser> (you can attached to screen session there: screen -x -r smoser)
<hggdh> smoser: no consumer data
<hggdh> attached. No real errors so far (apart from instances that seem to have failed to start)
<binBASH> smoser: What is the best way to use local storage of the node inside the vm?
<binBASH> ... if network speed is only 100 Mbit
<binBASH> maybe local iscsi provider on the node?
<smoser> binBASH, hm.. i dont know. its not really covered.
<binBASH> I think EBS is too slow on 100 Mbit ;)
<hggdh> smoser: all reschedules are instances to which we could not SSH. The script tries 4 times, I think, then considers the test a failure
<hggdh> smoser: a string of failures, right now
<smoser> yeah.
<hggdh> if you want you can grep the log for the instance id, and this will return all lines written for it
<smoser> hggdh, so. you see that screen, right?
<smoser> (and you have a terminal larger than mine)
<ARTSIOM> HI!
<ARTSIOM> tring to install sun-java6-jdk package on 10.04 and getting no installation candiadte found error (multiverse is enebled in sources list, had also tried apt-get update). Any ideas?
<smoser> hggdh, i can just ctrl-c ?
<hggdh> smoser: yes, this should be trapped by the script, and it will terminate gracefully
<smoser> k
<smoser> i'll modify image for more debug and try again
<smoser> i updated bug
<hggdh> smoser: cool, thank you.
<hggdh> smoser: I do see the screen and I have a very large terminal
<smoser> :)
<hggdh> :-)
<kirkland> RoAkSoAx: man byobu
<RoAkSoAx> kirkland: got it already :) thanks though
<RoAkSoAx> kirkland: btw... you are perl programmer to right? Do you know anything about network programming in perl?
<smoser> hggdh, this is easy to debug
<smoser> happens reproducibly enough
<kirkland> RoAkSoAx: a fair bit; did some socket programming in Perl long, long ago
<hggdh> yes, fortunately. What worries me is why neither Thierry, Mathias, or Dustin don't get it
<kirkland> hggdh: what don't i get?  the oops?
<smoser> hggdh, speed.
<smoser> the node comes up before the metadata service is all the way up
<zul> hggdh: you are a freaking lightning rod
<smoser> hggdh, i suspect that the node controllers in this system have much better IO
<smoser> than kirkland ttx or my crappy laptops
<smoser> so the create instance happens much faster, starts, and the metadata service isn't up yet
<hggdh> zul it seems I am :-(
<hggdh> smoser: so it is a timing issue...
<smoser> i think so yeah.
<hggdh> and yes, these machines are fast
<smoser> well, here i think its that IO is faster than cpu for this case
<smoser> i'm guessing still
<RoAkSoAx> kirkland: by any change.. do you know if it would be possible to capture a current SSH connection with a perl app and send data through that current connection, without having to create a connection through the scritp?
<smoser> RoAkSoAx,
<smoser>   ControlMaster auto
<smoser>   ControlPath /tmp/.ssh-%r@%h:%p
<smoser> ?
<kirkland> RoAkSoAx: ^
<RoAkSoAx> smoser: awesome, I'll look into it :)
<smoser> RoAkSoAx, man ssh_config will tell you more about those
<smoser> i have tha tin  my default .ssh/config
<RoAkSoAx> sommer: ok cool. I'll look into it :) thanks.
<RoAkSoAx> s/sommer/smoser
<erimar77> ls
<erimar77> whoops, lol.. sorry
<kirkland> jdstrand: ping
<jdstrand> kirkland: hi
<kirkland> jdstrand: can you check my last comment to https://bugs.edge.launchpad.net/ubuntu/+source/mdadm/+bug/557429
<uvirtbot> Launchpad bug 557429 in mdadm "array with conflicting changes is assembled with data corruption/silent loss" [High,Triaged]
 * jdstrand reads
<kirkland> jdstrand: i expect user "ceg" to come down hard on me. he always does.
<jdstrand> kirkland: I haven't been following what it would take to fix it, but your comment seems reasonable
<kirkland> jdstrand: there's one part that i left unwritten ....
<kirkland> jdstrand: while it's easy to force this situation in a VM, i question the practicality with real hardware
<kirkland> jdstrand: if a real disk "dies" and "disappears", they don't often just "come back", do they?
<jdstrand> kirkland: I tried to convey something along those lines in the release meeting last week. I don't think it is something that most people would do, but if someone removes the disk to say test the array, or remove/move around some hardware or something, if the bug hits it is devastating
<jdstrand> kirkland: so while an unlikely event, if it happens, ouchy
<kirkland> jdstrand: fair enough
<kirkland> jdstrand: i agree that it would be fixed in an ideal world
<kirkland> jdstrand: but i don't think we can hack that into the mdadm's failure hooks easily
<jdstrand> kirkland: not to mention, it is the test case in http://testcases.qa.ubuntu.com/Install/ServerRAID1. if someone does that on real hardware... again, ouchy
<kirkland> jdstrand: how/why would someone do this on real hardware?  (i'm trying to clearly understand the test case, not being pedantic)
<jdstrand> kirkland: I'm not suggesting that we try to rush something for lucid, but it seems it should be fixed in maverick
<kirkland> jdstrand: excellent; if you care to +1 that analysis in the bug, that would be pretty cool!
<sbeattie> well, no one should be doing iso testing on live machines that they have data that they care about; I do for some tests, but I recognize that I'm risking an installer bug by having it toast a wrong partition.
<jdstrand> kirkland: boot with both disks. shutdown, remove one. boot. shutdown, put in the other one, boot. put in the first first. boom
<kirkland> jdstrand: right, but why would someone realistically do that?
<jdstrand> kirkland: it isn't that far fetched that someone would do this to verify their array-- there is a reason it ended up in the test case
<kirkland> jdstrand: i could drop my laptop in the bathtub too, boom!
<jdstrand> kirkland: I agree that it wouldn't happen often. I'm just saying if it did happen, it is devastating total data loss
<sbeattie> welll, it can happen if you've got a squirrely controller.
<jdstrand> kirkland: I think a user would expect the system to be hosed if it was dropped in a bathtub. I don't think total data loss is expected by adding back a drive
<kirkland> jdstrand: sbeattie: alright, thanks
<kirkland> jdstrand: should be fixed, Maverick issue/timeframe
<kirkland> jdstrand: if the fix is "contained", an SRU is perhaps meritted
<jdstrand> that is fine be me. afaict, the issue was in karmic too
<jdstrand> it would be nice to not have it in an LTS, so hopefully it is SRU worthy
<kirkland> jdstrand: yup
<kirkland> jdstrand: okay, thanks a bunch
<jdstrand> kirkland: sure! :)
<kirkland> smoser: hggdh: okay ... ran 1000 instances on today's UEC, and uec-images:
<kirkland> failed: 44
<kirkland> success: 949
<kirkland> success_rate: 0.94999999999999996
<kirkland> i'll tar up the results
<smoser> please.
<jdstrand> sbeattie: I agree about the iso testing part on a live machine. I can imagine someone trying the non-install part of the test case, to be thorough and ensure raid is working properly. on real data without backups? pretty dumb, but it shouldn't be doing this...
<kirkland> hggdh: where's that uec testing branch you had with some fixes?
<kirkland> hggdh: did you give me that in irc or in email?
<kirkland> hggdh: i forgot to merge that when i ran these tests
<jdstrand> kirkland: added my +1 cent to the bug
<hggdh> kirkland: it was in the email, hold on a sec
<hggdh> kirkland: lp:~hggdh2/%2Bjunk/uec-testing-logged
<sbeattie> kirkland|jdstrand: I have in fact suffered from a raid failure (under windows, alas) that was quite similar, due to a controller/electrical issues: disk 1 goes clicky, clicky, no spinnee; I replace disk 1 and try to sync it to disk 2; very shortly after sync starts, machine reboots; next reboot, system attempts to resync disks and decides the new disk 1 with nearly all zeros is the one to sync from.
<jdstrand> ouchy
<smoser> hggdh, can i tell it collect all console logs ?
<smoser> even on success ?
<hggdh> smoser not as written, but this is a small change. Give me 5
<gzmask> Apple SUCK: kvm-ok
<gzmask> INFO: Your CPU supports KVM extensions
<gzmask> INFO: KVM is disabled by your BIOS
<gzmask> HINT: Enter your BIOS setup and enable Virtualization Technology (VT),
<gzmask>       and then hard poweroff/poweron your system
<gzmask> KVM acceleration can NOT be used
<gzmask> how the hell do I go into the bios on a MAC?
<hggdh> smoser: I will change it to collect *all* consoles for all instance runs. This will be a local hack right now
<hggdh> which is to say, do not rm uec_test.py from cempedak ;-)
<smoser> yeah
<smoser> hggdh, ok. i'm ready to run
<smoser> hggdh, i have to run.
<smoser> i would much appreciate seeing log output of this config_single run with emi-28171637
<smoser> maybe run 200 times and just collect it all.
<smoser> please ?
<smoser> i'll check in later
<libertiy> i need a simple pop imap mailserver with terminal administration to add accounts and domains and virtual hosts, its for webhosting
<libertiy> anyone can advise me on something?
<libertiy> seems to be harder then i thought and i have no php so i skipp the webinterface, a terminal session to add some accounts would be okay also
<clrg> libertiy: postfix? Very good mail server, but not specially adapted for webhosting.
<libertiy> how about exim?
<hggdh> smoser: will do
<libertiy> ive just red that seems a good choice
<libertiy> else i would choose qmail but that i a bit harder on ubuntu server
<libertiy> just need it for some clients like 15
<libertiy> all info@theres.com and need some way to easily manage adding clients and passwords without messing with 1000s of config files
<clrg> libertiy: I never used exim, can't advise you on that.
<libertiy> what would you use then on ubuntu clrg?
<clrg> libertiy: postfix
<libertiy> for webhosting?
<libertiy> else i hve to go back to centos to server but thats not handy i have to setup that all from scratch
<libertiy> this ubuntu imafge im on now is very clean and memory safe and secure
<clrg> libertiy: As e-mail-server. I work in the hosting business as well, but we only have very large customers, for which we make individual solutions. We use postfix for alarming per mail.
<libertiy> just have to add the mail server to it somehow and im done
<libertiy> okay then postfix will be it,do you know of a way to easily manage accounts from the terminal?
<libertiy> since im all ruby on rails now i cannot run the postfix admin which is php
<libertiy> and i dont feel like installing php to my server just for postfix admin
<lamont> libertiy: mostly, I use vim
<libertiy> just some config file editment thus ;p is that cost a lot of time?
<libertiy> or is it just 1 config file with the client details
<clrg> liberty: It doesn't matter. Do the procedure once, then write a script which does the work for you.
<clrg> liberty: Is this what you are looking for? http://postfix.wiki.xs4all.nl/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL
<libertiy> something like that indeed but than more tailered for ubuntu with imap support ireally need that also
<uvirtbot> New bug: #566869 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/566869
<libertiy> which makes it a unpleasent task for someone tired and its late here ;p perhaps better check into it tomorrow
<libertiy> thats what i need sortoff clrg thx altough i dont want to use postfix webadmin since i dont host php anymore
<libertiy> but it could be something to look into
<libertiy> or zimbra but thats heavey on the memory
<lamont> zimbra is also heavy on the violation of APIs in postfix.
<mok0> Anyone here familar with mailman w. postfix?
<mok0> I can't understand the howto here: https://help.ubuntu.com/community/Mailman
<uvirtbot> New bug: #566736 in mysql-dfsg-5.1 (main) "mysqld does not start reliably..." [Undecided,New] https://launchpad.net/bugs/566736
 * clrg wishes everyone a pleasant evening
#ubuntu-server 2010-04-20
<jeeves_Moss> can someone send me a pastebin of a name baised config file please?  for some reason my mind has taken a vacation, and I can't for the life of me figure out WTF is going on
<lil_cain> ;named based config for what?
<jeeves_Moss> lil_cain, I'm trying to get my v-hosted apache2 install going
<lil_cain> ah. I'm no help I'm afraid.
<lil_cain> I try and avoid apache where possible.
<jeeves_Moss> no worries
<jeeves_Moss> lol
<jeeves_Moss> well, I think webmin is just messin' up the configs.
<lil_cain> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<lil_cain> :-)
<jeeves_Moss> yea yea yea
<cn1109> I need ideas in terms of outsourcing or in house hosting. I'm running a web server (e-commerce site) which is using Joomla. Traffic is high and many of the in house software (customer service, finance, etc) connects to the internal mysql server which also is used for the public site. My concern is if I should outsource both the web and sql server but again how will this impact the CAP placed by the hosting company. The personnel in th
<cn1109> office does use the mysql connection often.
<cn1109> so. Should I go with ubuntu server or could computing through Amazon. Any ideas?
<erimar77> cn1109: are you setup for disaster recovery, if not, what's that worth to you
<erimar77> cn1109: what's that worth to your customers
<cn1109> Well..It seems that the company has bot had an IT guy in house for a while. They have many open source OS's that in reality are not needed. Monowall is an example. The customers depend on the site to be up at all times. I would say that by using ESXi and the Ubuntu server edition we would be okay. Again we could be saving some money by focusing on cloud computing and reduce the maintenance cost of in house servers.
<lil_cain> I'd be shocked if maintenance costs for servers were higher than costs for AWS.
<cn1109> lil_cain: so what would you recommend?
<erimar77> cn1109: depends on who you want to blame during outages
<cn1109> erimar77: that would be me :)
<erimar77> cn1109: not if you threw it all on a hosted server
<cn1109> erimar77: true. Just concerned about the bandwidth cap
<31NAAPG5D> has anybody use DEltacopy to make bakups from a windows client to an ubuntu server?
<erimar77> cn1109: how much bandwidth are you talking about, it sounds like you already have a host chosen
<erimar77> 31NAAPG5D: whats your issue
<cn1109> erimar77: we are hosting in house with a Sprint T1 line. We are also paying for multiple Ip's we really do not need.
<erimar77> cn1109: how much would you save by getting rid of all that, would it justify getting a higher bandwidth cap
<cn1109> it's about 1000 a month for internet. Electricity which comes for the AC unit and powering on the servers. That would eliminate a good amount.
<31NAAPG5D> erimar77: i whant to make automatics bakups of a windwos folder to a ubuntu server..i am a newbee and have look for a how to and no success
<cn1109> rsync?
<erimar77> 31NAAPG5D: what are you trying to accomplish?
<erimar77> 31NAAPG5D: ok
<erimar77> 31NAAPG5D: from the windows comptuer can you use an app like putty to ssh to the ubuntu server?
<31NAAPG5D> erimar77: i have at present moment the folder shared and have the folder mount in ubuntu and resync makes the trick very nicely, the problem is that the shared folder on windows is accesibel buy everybody in my network, that is how i heard about deltacopy./....yes i have access thru putty
<erimar77> 31NAAPG5D: it sounds like you have it a bit backwards, you shouldn't have to mount the shared windows folder in ubuntu for it to work
<31NAAPG5D> erimar77: well you might be rigth since i am a newbee...but so far works nice..probelm is that the share folder is public to everybody..let me show you how i have it
<31NAAPG5D> erimar77: //192.168.1.106/Charts /home/rgotten/charts.windows   cifs  credentials=/root/.credentials,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0
<erimar77> 31NAAPG5D: give me a sec to install deltacopy
<31NAAPG5D> erimar77:
<31NAAPG5D> erimar77: thanks
<31NAAPG5D> erimar77: i have to take care of somebody in my office , will be back in 30 minutes..it is ok?
<erimar77> 31NAAPG5D: i think i'll be around
<31NAAPG5D> erimar77: thanks
<uvirtbot> New bug: #566971 in samba (main) "package samba-common-bin 2:3.4.0-3ubuntu5.6 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 2" [Undecided,New] https://launchpad.net/bugs/566971
<SirStan> Where can I download ubuntu server directly?
<SirStan> vs using the form on ubuntu.com that doesnt work in ie6 : (
<erimar77> SirStan: 32 or 64 bit
<SirStan> 32, 8.04 lts
<SirStan> http://mirror.site.com/directory/ is fine
<erimar77> http://mirrors.us.kernel.org/ubuntu-releases/8.04.4/ubuntu-8.04.4-server-i386.iso
<SirStan> thx
<erimar77> SirStan: if that mirror is slow, http://www.ubuntu.com/getubuntu/downloadmirrors#mirrors
<njbair> does ubuntu server cache http output by default?
<SirStan> its a little slow.. but 1mb is ok
<SirStan> im not in a rush
<smoser> hggdh, bug 564924 confirmed here.
<uvirtbot> Launchpad bug 564924 in linux "UEC guest sometimes gets kernel OOPS" [Medium,Confirmed] https://launchpad.net/bugs/564924
<RoAkSoAx> smoser, the puppet integration with EC2/UEC is only to register the Instances running on the cloud automatically, correct?
<smoser> RoAkSoAx, best to ask mathiaz.
<smoser> http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/
<smoser> http://ubuntumathiaz.wordpress.com/2010/03/24/using-puppet-in-uecec2-puppet-support-in-ubuntu-images/
<smoser> i must admit to knowing little about it.
<RoAkSoAx> smoser, oh ok, thought the cloud-init package was part of this. So what is the cloud-init package for exactly?
<smoser> RoAkSoAx, well, cloud-init enables it
<smoser> cloud-init provides some hooks, the puppet takes advantage of that and does some puppet-y things for it.
<smoser> http://ubuntu-smoser.blogspot.com/ is an entry i wrote about cloud-config
<smoser> mathiaz's work provides cloud-config syntax to get puppet up and running
<smoser> cloud-init has other functions other than just cloud-config though, it can allow you to hook into the boot process very early.
<smoser> from your provided user-data
<RoAkSoAx> smoser, I see.
<RoAkSoAx> smoser, I'll take a look to your blog post and bug mathiaz about it then  :)
<smoser> i need to write another blog entry about what else it does
<smoser> hggdh, i'm going to run a single_config job
<RoAkSoAx> smoser, will be waiting for it :)
<smoser> alright :)
<smoser> in the meantime, there is doc (admittedly not well exposed)
<smoser> http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/files/185?file_id=doc-20100127032511-5qfkb7qsglz0tfnn-1
 * RoAkSoAx reads
<smoser> hggdh, one featur request for that. i'd like the output log to have what emi- was used
<smoser> (possibly with its manifest name, to give some human readable context)
<minitux> ??
<uvirtbot> New bug: #566995 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/566995
<airliasdesign> hello
<airliasdesign> is anyone here?
<lamont> that depends on your definitions
<lamont> the best approach is to just ask your question, instead of asking if you can ask your question.
<airliasdesign> I'm looking to run high capacity web servers, but wasn't sure if I should go with a private Amazon EC2 cloud or to just get the most powerful server I can
<hggdh> smoser: I will print out the emi code at the start, then
<hggdh> smoser: first print-out line states the emi in use. I am running a new battery now, and will check on results tomorrow morning
<MTecknology> True or false? Ubuntu's version of kickstart allows you to pass "pre-Â­seeding" parameters to the debian installer.
<MTecknology> Is that False? I thought it was True
<MTecknology> I know two of the answers I got wrong and I can't figure out what the third is :(
<smoser> hggdh, thanks
<smoser> hggdh, well, it seems "fixed" with my changes, now its getting "cant find metadata service", just like dustin and I see.
<twb> MTecknology: Ubuntu uses Debian's "preseeding" technique.  This is ortogonal to RHEL's "kickstarting", which was ported to Ubuntu (and Debian) more recently.
<twb> *orthogonal
<twb> Although that's not really the right word; preseeding and kickstarting achieve the same result through different implementations.
<smoser> thats a tricky question
<MTecknology> twb: oh - so the correct answer was false - because the same affect is acheived differently?
<twb> MTecknology: The question is ill-defined.
<smoser> i'd have to look at the implementation to be sure
<twb> MTecknology: so really the best answer is ç¡
<smoser> but i had always just assumed that kickstart config came in and was translated to preseed
<MTecknology> twb: ok - it was on the serverassessment for UCP
<smoser> which would mean 'true'
<smoser> but i've never looked at it
<bluethundr> I just unmounted a volume known as /dev/sd2a and created a partition on it with fdisk. but when I try to format it with mkfs.ext3 it reports that the partition I created isn't there even tho fdisk reports that it is. I made sure to reboot after using fdisk
<bluethundr> http://pastebin.com/a3XQ3EPM
<cn1109> is it worth install webmin?
<maginot> does ubuntu servr install prompt for a root password on install screen or I'm just confusing with something else?
<cn1109> maginot: It did not for me. Asked me for a new username and password
<cn1109> so...has anyone used webmin or something similar?
<twb> cn1109: we do not approve of web-based sysadmin wrappers here.
<cn1109> twb: okay. thx
<twb> cn1109: if you MUST use one, you should know that Ubuntu nominally supports ebox and definitely doesn't support webmin at all.
<twb> bluethundr: are you mis-typing /dev/sda2?
<twb> bluethundr: ah, I see what you're doing.
<twb> bluethundr: /dev/sda is a disk.  /dev/sda2 is a partition ON that disk.  By calling fdisk on /dev/sda2, you've created a partition on a partition, which linux/udev won't create a device file for by default.
<bluethundr> twb: no, actually I am copying / pating
<bluethundr> s/pasting/pating/
<bluethundr> ah ok
<twb> bluethundr: in the unlikely case that you actually want a partition table on a partition, you can create a device for it using losetup.
<bluethundr> twb: good point, thank you so much for the insight
<twb> twb knows all!  Tell your friends!
 * bluethundr will!!! :-)
<bluethundr> hmmm.. I can't seem to fdisk /dev/sda .. but fdisk /dev/sda2 works
<bluethundr> Unable to open /dev/sda
<twb> Who owns those devices?
<twb> Are you running these commands as root?
<twb> You should probably be using GNU cfdisk or parted rather than fdisk.
<bluethundr> ok, I just attached an S3 bucket to my Ubuntu 6.06 server on AWS.. I am able to run fdisk on this volume and create partitions, but mkfs claims this volume is in ue even tho I can't see it with df -h
<bluethundr> /dev/sdf1 is apparently in use by the system; will not make a filesystem here!
<Hitiek> can't ssh into machine. can't log in to physical terminal. sudo hangs. existing vnc, screen, irssi all still work. apache is fine. samba share doesn't seem to work.
<Hitiek> any ideas what would cause all that?  happens once every few months.  I end up rebooting and everything is fine again for a while.
<bluethundr> I get the same result with cfdisk as with fdisk and I am running the commands as root
<twb> bluethundr: 6.06 is too old for me to support
<bluethundr> k
<arrrghhh> hey does anyone use their server to play music out of the local soundcard?  like with MPD?
<uvirtbot> New bug: #567043 in php5 (main) "[lucid] php5-cgi crashes in memcpy using lighttpd" [Undecided,New] https://launchpad.net/bugs/567043
<nhawdge|work> Hey anyone got a moment to answer some questions about hard drive recovery?
<SandGorgon> does anybody know if /etc/syslog.conf is even used  (9.10 onwards) ?
<_ruben> SandGorgon: sysklogd has been replaced by rsylogd, and thus /etc/rsyslog.conf is used instead
<jiboumans> morning folks
<uvirtbot> New bug: #567104 in openldap (main) "debuild twice fails" [Undecided,New] https://launchpad.net/bugs/567104
<lau> ping jdstrand
<lau> hello on karmic, if I run /usr/sbin/mysqld --defaults-file=/etc/mysql2/my.cnf --print-defaults I got no parameters
<lau> but cat /etc/mysql2/my.cnf works ok, any idea ?
<uvirtbot> New bug: #567179 in mysql-dfsg-5.1 (main) "Update mysql-server-5.1 hangs up" [Undecided,New] https://launchpad.net/bugs/567179
<maxagaz> how to check the procs (number, speed, type) of my server ?
<alvin> maxagaz: sudo lshw
<lil_cain> if it's just the processer you're looking for, cat /proc/cpuinfo
<lil_cain> easier to read, and doesn't require root.
<maxagaz> alvin, cat /proc/cpuinfo works fine too
<maxagaz> alvin, thanks
<maxagaz> is it possible to know the brandt of the machine from the console ?
<alvin> you're welcome (/proc/cpuinfo is one of the places lshw looks)
<lil_cain> not in any portable way that I've ever heard of.
<alvin> Yes, lshw :-) (look for 'vendor')
<persia> Depends on the hardware: that works for some vendors, and not for others.
<persia> Tends to work more poorly for white-label stuff.
<alvin> Probably. I'm in luck. (vendor: transtec AG)
<lau> maxagaz: you can try dmidecode too
<persia> I get mixed results.  One of my two apples lists Apple, the other doesn't.  My Panasonic only lists Intel and Ricoh.
<Italian_Plumber> I am searching for an ubuntuforums thread regarding upgrading a server from hardy to lucid. If one exists, I cannot find it.  I'm looking specifically for any discussion regarding recommending not upgrading because hardy is ext3 and lucid is ext4 (by default, I assume).  I have found this post http://ubuntuforums.org/showpost.php?p=8813514&postcount=5 but nothing more.  Do my searching skills suck or should I start
<Pici> Italian_Plumber: What sort of issues are you expecting to see from a filesystem change?
<Pici> Or rather, and even then it won't be switching filesystems when you upgrade.
<alvin> Italian_Plumber: I'm pretty sure ext3 will not be automatically converted to ext4.
<Italian_Plumber> I don't know; I just saw this post and panicked. :)
<smoser> ttx, copied you on bug 566792
<uvirtbot> Launchpad bug 566792 in eucalyptus "UEC guests sometimes fail on consuming user data" [Undecided,New] https://launchpad.net/bugs/566792
<Thkx> hi
<alvin> Italian_Plumber: I wouldn't panic. Lucid isn't 'made for ext4'. I do hope ext4 has good support, but ext3 will most certainly be at least equally well supported. There are far more worse things that can happen during or after the upgrade than staying on ext3.
<Thkx> i have a question...i have necessity to make a server to manage 3 different email account (for example, @gmail.com, @hotmail.com, etc)...and sort email to each account...how can i do this?postfix + fetchmail?
<ttx> smoser: thanks
<zul> mathiaz: fyi mysql-5.0 is gone from universe
<ttx> smoser: I think you make a good case of pinpointing a bug in eucalyptus, let's see how they react
<ttx> smoser: any reason to keep the cloud-init task opened ?
<smoser> probably not, since i can't even successfully work around it
<smoser> :)
<smoser> i tried
<ttx> smoser: you reproduce it every single time, or need specific situation ?
<smoser> timing
<smoser> luck
<ttx> ok
<ttx> team: please do some ISO testing coverage
<zul> ack
<zul> ttx:i was going to say only if you say please but you did ;)
<smoser> ttx, i will start ec2 tests
<zul> ill start the i386 tests
<hggdh> ttx: do we need to go thru the UEC tests?
<ttx> hggdh: I'll cover the ISO / UEC tests
<hggdh> ttx: the point is we have been testing it. Continuously
<ttx> hggdh: right
<ttx> hggdh: I mean, I'll cover the strict "install from ISo" testcases, you should concentrate on feature/stress testing
<ttx> as it showed some problems recently
<hggdh> ttx: ack
<ttx> smoser: targeted the metadata service issue to lucid, added to watch list
<xperia> hello to all. i have installed dancer-ircd but it looks like i have some permissions problems. most of the files and dirs have dancer as a user for accessing the files and dirs
<xperia> but i dont know as what user dancer-ircd is executed
<xperia> and what for permissions i need exactly
<xperia> how can i prove hat such a user "dancer" with limited access exist on my system
<JanC> xperia: grep dancer /etc/passwd
<xperia> JanC: great thank you. it looks like i have them as users
<xperia> JanC: what could be the problem that dancer-ircd report afterthe installing that the MOTD file is missing
<xperia> "===	MOTD File is missing" i have this file in /etc/dancer-ircd
<xperia> somehow dancer-ircd report allways after the install that this file is missing even if the file exist
<JanC> maybe the permissions are wrong?  or you spelled the file name incorrect (case-sensitive!)?
<eric_f> Can someone point me to a link that describes why EC2 AMIs have an ubuntu user and how that differs from root?
<gzmask> Are there any network configuration information/wiki/tutorial for UEC?
<hggdh> ttx: bug 565101 sounds bad
<uvirtbot> Launchpad bug 565101 in eucalyptus "walrus reports java.lang.OutOfMemoryError: Java heap space" [Undecided,New] https://launchpad.net/bugs/565101
<ttx> I'm more concerned about the SSh connection failures, which seem to be getting worse as our images boot faster
<ttx> I suspect tat's what bug 566792 is about
<uvirtbot> Launchpad bug 566792 in eucalyptus "UEC guests sometimes fail on consuming user data" [High,Confirmed] https://launchpad.net/bugs/566792
<ivoks> shouldn't kvm-pxe put files into /usr/share/qemu, instead of /usr/share/kvm?
<ivoks> it should.
<zul> oh bloody hell
<ivoks> :)
<smoser> ttx, i think you are correct about fast boot causing it
<ttx> smoser: it's getting worse as we improve
<smoser> but what doesn't seem to collaborate is that attempts to just wait and re-try dont fix
<ivoks> soren: welcome back :)
<ttx> smoser: but you still get a status 200 ?
<smoser> ttx, right.
<ttx> an empty status 200 is plain wrong
<smoser> its as if an early attempt to get at the metadata service breaks it
<smoser> obviously, yes
<smoser> but it doesn't recover.
<smoser> ie, you get that once, wait 20 seconds, try again, its not fixed
<ttx> yes, so it's not just "we ask too early"
<smoser> its not like its populating
<smoser> and we were just too fast.
<ttx> it's we break it by asking too early
<smoser> right
<ttx> kirkland: could you coordinate a call with eucalyptus and smoser, whenever the west coast wakes up ?
<ttx> we need to have them look into that issue.
<kirkland> ttx: nurmi and I have a daily SCRUM call in 20 minutes
<kirkland> ttx: nurmi and I are doing daily SCRUM calls through Lucid release date
<ttx> kirkland: please introduce that issue
<kirkland> ttx: okay
<ttx> that's quite a show stopper.
<eolo999> hi, i'm trying to install ubuntu server LL on a Dell R410 but i cannot boot the root partition which sits on lsi logic 1068e raid controller. Anyone had some hints?
<eolo999> A*Anyone faced the same issue?
<lil_cain> I've had problems with hardy on Dells before.
<lil_cain> Try dropping to a shell halfway through the install, and installing the generic kernel
<lil_cain> (rather than the server kernel)
<slipper1024> hi Guys
<slipper1024> configuration: Ubuntu server 8.04 LTS, running ispconfig, courier pop, postfix mta, dovecot sasl user authentication, self signed certificate for mail.          issue: Some hosting clients get relay access denied when sending mail, while successfully authenticated. Over TLS, SSL and Login same problem. 1 Shared IP, multiple VHosts.
<slipper1024> [05:05:20 PM] Mike Hyland: Client host rejected: Access denied', Port: 465, Secure(SSL)
<slipper1024> The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'somebody@gmail.com'. Subject 'test', Account: 'mail.thisdomain.com', Server: 'mail.thisdomain.com', Protocol: SMTP, Server Response: '554 5.7.1 <unknown[196.35.255.4]>: Client host rejected: Access denied', Port: 465, Secure(SSL): Yes, Server Error: 554, Error Number: 0x800CCC79
<slipper1024>  'Somebody' on 2010/04/19 07:53 PM
<slipper1024>             554 5.7.1 <vc-41-3-207-163.umts.vodacom.co.za[41.3.207.163]>: Client host rejected: Access denied
<slipper1024> /var/log/mail.warn output:
<slipper1024> Apr 20 18:09:49 myhost postfix/smtpd[11155]: warning: 190.26.17.145: address not listed for hostname adsl190-2617145.dyn.etb.net.co
<slipper1024> Apr 20 18:11:26 myhost postfix/smtpd[11155]: warning: 201.86.222.79: address not listed for hostname 201.86.222.79.static.host.gvt.net.br
<slipper1024> Apr 20 18:12:08 myhost postfix/smtpd[11155]: warning: 62.41.253.74: hostname static.kpn.net verification failed: Name or service not known
<slipper1024> Apr 20 18:19:01 myhost postfix/smtpd[13459]: warning: 88.247.68.249: hostname dsl88-247-17657.ttnet.net.tr verification failed: Name or service not known
<slipper1024> Is there anybody that can assist me, have tried everything?
<ivoks> let's see
<slipper1024> sorry for all the info, hopefully the more the merrier
<ivoks> slipper1024: you have unrelated stuff here
<ivoks> first one is, i guess, client pasting outlook issue?
<ivoks> s/issue/message
<ivoks> not here? ok...
<ivoks> doh
<kirkland> hggdh: hiya
<kirkland> hggdh: i think i might have a solution for your heap/memory errors
<kirkland> hggdh: how easily can you reproduce that one and test a fix?
<ivoks> i love libvirt
<ivoks> :)
<ivoks> am i the only one? :D
<kirkland> ivoks: there's a few of you
<RoAkSoAx> i love it too
 * RoAkSoAx hates packing and moving out
<ivoks> virt-install --help outputs strange manual :)
<ivoks> oh, lol, it's broken
<hggdh> kirkland: usually after about 300 runs, so ~30min or so
<hggdh> smoser: can I use the rig?
<kirkland> hggdh: sweet ...  let me know when you get to the point you're ready for the fix
<hggdh> kirkland: roj
<kirkland> hggdh: should be a one-liner config change in the upstart init script
<hggdh> kirkland: increasing the heap for the java machine?
<smoser> hggdh, yeah have at it
<kirkland> hggdh: basically, we're going to give the jvm running eucalyptus-cloud 384M of mem
<smoser> hggdh, goog guess
<smoser> good even
<hggdh> kirkland: yeah, thought this might be it. I still do not know *why* it does not release the mem
<kirkland> hggdh: i talked to nurmi about it ...
<kirkland> hggdh: it will expire it over time
<hggdh> kirkland: delayed garbage colleciton?
<kirkland> hggdh: but there can be a limit of the number of instances that can run in a short amount of time
<hggdh> kirkland: yeah. But we are hitting it pretty hard
<kirkland> hggdh: right
<hggdh> kirkland: OK. give me 10 min to check some few changes I made to the script
<kirkland> hggdh: nurmi says that 384M should put that limit much further out of reach
<kirkland> hggdh: ack
<hggdh> kirkland: I just wonder when this is used on a bug cloud farm. We might have to distribute the walruses
<hggdh> s/bug/big/
<gzmask> guys, in UEC, how do I change the mac address of my VM instance?
<kirkland> hggdh: perhaps, yeah
<kirkland> gzmask: don't know that that's possible
<kirkland> gzmask: you'd need to hack the XML of the VM
<gzmask> kirkland: where is that XML file located?
<slipper1024> guys, sorry dropped off there
<slipper1024> power failure
<kirkland> gzmask: /var/lib/eucalyptus/instances ?
<slipper1024> is there a way to recall chat history
<gzmask> kirkland: found it at /var/lib/eucalyptus/instances/eucalyptus/cache/, don't think mac address is there or it's encrypted. I though xen can change mac address so does kvm  but apparently not.
<kirkland> gzmask: kvm (qemu, actually) can definitely change the mac address
<kirkland> gzmask: http://libvirt.org/formatdomain.html
<kirkland> gzmask: eucalyptus is just leaving it unspecified
<smoser> jjohansen, ping
<jdstrand> jjohansen: hey, I moved bug #567334 to linux, since it is the apparmor_parser hang. please adjust if that is not correct
<uvirtbot> Launchpad bug 567334 in linux "apparmor issue delays cloud-init for 240 seconds" [Undecided,New] https://launchpad.net/bugs/567334
<jdstrand> smoser: regarding that bug^ does the guest have the latest lucid kernels?
<smoser> ec2 ami tests done. all passed, one new bug (that above)
<smoser> latest ec2 kernel as of today
<jdstrand> jjohansen: ^
<kirkland> gzmask: see: /usr/share/eucalyptus/gen_kvm_libvirt_xml on your Node
<jjohansen> hrmm, smoser latest user space too?
<smoser> jdstrand, note, this happened once in 142 instances.
<smoser> the other 141 are identical
<jdstrand> smoser: I saw something yesterday about 94.9% instances out of 1000 came up. is this bug the cause for the ones that didn't come up?
<smoser> jdstrand, no. thats eucalyptus specific (eucalyptus failure)
<smoser> this is ec2
<jdstrand> oh yes
<jdstrand> k
<slipper1024> can anybody that watched the channel please paste reply's on postfix issue mentioned earlier and any replies
<jjohansen> smoser: once in 142?
<jdstrand> smoser: 11:56 < jjohansen> hrmm, smoser latest user space too?
<smoser> well, the latest everything that was in the archive at ~ 1:30 AM UTC today
<jdstrand> we've not done any apparmor uploads in ages, so it should be up to date
<smoser> i ran the automated tests that i have.
<jjohansen> smoser: okay, and this only happened once in 142 instances, ie not the ec2 kernel bug we talked about yesterday
<jdstrand> Tue, 30 Mar 2010
<gzmask> kirkland: ah ok, but can I modify that file? It looks like it's a shell script that shows me the xml template and where should this xml template located?
<jjohansen> just making sure, I'm not getting mixed up here
<smoser> the total of 142 is across 2 arches , 3 regions, 5 instance sizes, 2 root-store types...
<smoser> 6 amis total tested, all use same kernel same user space
<smoser> jjohansen, i dont remember talking about ec2 kernel bug yesterday.
<kirkland> gzmask: sorry, i don't know; i'm just giving you a few pointers
<smoser> but yeah, its only 1 in 142 instances that saw this.
<gzmask> kirkland: ok. thanks for the info
<smoser> and the number of boots is slightly higer than that (some of them are shut down and then started)... making total of (guess) 175 boots or so
<jjohansen> smoser: hrmm, I could have sworn it was yesterday but maybe friday.  only failing once in lots and lots of runs
<smoser> jjohansen, ah... that is bug 564924
<uvirtbot> Launchpad bug 564924 in linux "UEC guest sometimes gets kernel OOPS (dup-of: 546458)" [Medium,Confirmed] https://launchpad.net/bugs/564924
<uvirtbot> Launchpad bug 546458 in qemu-kvm "kernel NULL pointer in -virtual (-server) kernel" [Low,Confirmed] https://launchpad.net/bugs/546458
<smoser> that is linux-server kernel in kvm guest (eucalyptus)
<smoser> and we/I now believe that to be actually bad (virtual) hardware... see links to lkml discussion from that bug
<jjohansen> smoser: right, its just that the once in X many boots is a similar symptom
<kirkland> hggdh: http://paste.ubuntu.com/419361/
<kirkland> hggdh: that's the patch you'll want to apply (or manually add the option) to /etc/init/eucalyptus.conf
<kirkland> hggdh: that ups the jvm's heap to 384M
<smoser> jjohansen, yeah. sorry that my brain is failing
<jjohansen> np, same problem here
<smoser> that one seems racey.
<smoser> i can't understand why the apparmour stuff would be racy
<gzmask> anyone know what is the default acount/password for ubuntu 9.10 32-bit UEC image? I got it running on my cloud but can't ssh in
<jjohansen> smoser: well its possible something in the initscripts is broken
<smoser> gzmask, there is no password.
<smoser> you go in as ubuntu user, but you must specify a '--key' flag to run-instances
<gzmask> smoser: that means I can just ssh in with my key file?
<smoser> this may ont be the first time i've seen this issue, but it is the first time that i've collected log showing the apparmour message
<smoser> gzmask, thats the theory (ssh -i path/to/your/key.pem ubuntu@x.y.z.y)
<gzmask> smoser: thanks, that makes perfect sense
<slipper1024> Hi guys, having trouble with postfix configuration. Setup: Ubuntu server 8.04, Postfix, Courier mail, Dovecot sasl user authentication, self signed certificate for mail. Single shared IP.     Working: pop over ssl. tls  ,  User Authentication,    smtp over ssl and tls from some domains.   Not Working: SMTP login, tls and ssl from some domains.     Error Message: Pasting below:
<smoser> jjohansen, jdstrand when i look more at that, i dont think its apparmor specific
<smoser> look at the other "blocked" tasks
<slipper1024> Client error:       The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'somebody@gmail.com'. Subject 'test', Account: 'mail.thisdomain.com', Server: 'mail.thisdomain.com', Protocol: SMTP, Server Response: '554 5.7.1 <unknown[196.35.255.4]>: Client host rejected: Access denied', Port: 465, Secure(SSL): Yes, Server Error: 554, Error Number: 0x800CCC79
<ivoks> slipper1024: you again
<ivoks> slipper1024: look at mail.log, this is outlook message (we don't use and it doesn't provide any info)
<ivoks> slipper1024: i'd bet your client didn't authorize to postfix
<jdstrand> smoser, jjohansen: I think you might be right
<jdstrand> init: console-setup main process (62) terminated with status 1
<jdstrand> [  240.805451] INFO: task apparmor_parser:182 blocked for more than 120 seconds.
<hggdh> kirkland: ready
<slipper1024> Apr 20 18:48:50 mycomp postfix/smtpd[16781]: warning: 201.19.75.90: address not listed for hostname 20119075090.user.veloxzone.com.br
<kirkland> hggdh: can you ping me here, and update the bug at https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/565101 when you have results?
<slipper1024> Apr 20 18:53:26 mycomp postfix/smtpd[17357]: warning: 203.210.156.182: hostname adsl.hnpt.com.vn verification failed: Name or service not known
<uvirtbot> Launchpad bug 565101 in eucalyptus "walrus reports java.lang.OutOfMemoryError: Java heap space" [High,In progress]
<slipper1024> Apr 20 18:57:29 mycomp postfix/smtpd[17406]: warning: 85.105.244.76: hostname dsl.static.85-105-62540.ttnet.net.tr verification failed: Name or service not known
<slipper1024> Apr 20 19:07:11 mycomp postfix/smtpd[17607]: warning: 117.4.141.93: address not listed for hostname localhost
<kirkland> hggdh: rock on
<jdstrand> let me start over
<slipper1024> The above is output of /var/log/mail.warn
<hggdh> kirkland: what did you change?
<smoser> jdstrand, that one is red-herring
<smoser> its "normal"
<jdstrand> http://paste.ubuntu.com/419364/
<smoser> (console-setup)
<jdstrand> ok
<kirkland> hggdh: i haven't uploaded anything
<jdstrand> still, mount and the flush blocked too
<kirkland> hggdh: you need to change /etc/init/eucalyptus.conf:
<kirkland> -       opts="-h $EUCALYPTUS -u $EUCA_USER --pidfile /var/run/eucalyptus/eucalyptus.pid -l $LOGLEVEL -L console-log"
<ivoks> slipper1024: that isn't related to the error you pasted above
<kirkland> +       opts="-h $EUCALYPTUS -u $EUCA_USER --pidfile /var/run/eucalyptus/eucalyptus.pid -l $LOGLEVEL -L console-log -Xmx384m"
<kirkland> hggdh: specifically adding: -Xmx384m"
<smoser> jdstrand, right. regarding mount and flush blocking.
<hggdh> kirkland: on the wlarus, or everywhere?
<ivoks> slipper1024: look into mail.log and search for somebody@gmail.com
<kirkland> hggdh: on the java components
<kirkland> hggdh: so cloud, walrus, sc
<jdstrand> unless the other two blocked cause of the first
<jdstrand> jjohansen: what do you think? ^
<jjohansen> sorry I'm a bit behind have been trying to follow k-t meeting as well
<hggdh> kirkland: orj
<jdstrand> jjohansen: http://paste.ubuntu.com/419364/
<hggdh> roj
<jdstrand> jjohansen: mount and flush blocked too
<jdstrand> jjohansen: so maybe it isn't apparmor, or it is and that is why the mount and flush blocked
<jjohansen> hrmm, yeah that doesn't seem like apparmor
<jdstrand> jjohansen: consider yourself caught up :)
<jjohansen> thanks
<mcas1> hi has anyone tested the preseed test case with virtualbox?
<jdstrand> smoser: mount and flush blocking-- doesn't that seem like a disk issue?
<smoser> i guess it could
<jdstrand> I don't know, I'm asking :)
<smoser> jdstrand, i dont know
<smoser> jdstrand, but, i wonder, would it be possible that the 2nd and third (mount, flush) are a result of the first (apparmor)
<jjohansen> jdstrand: it could be, or it could be a kernel issue, or a hypervisor issue
<jdstrand> smoser: I wondered the same, but jjohansen indicated it didn't seem apparmor related
<jjohansen> smoser: yes that is possible
<jjohansen> but unlikely
<smoser> one way or another its a race condition somewhere.
<smoser> it could be hypervisor or even faulty disk, but we have no real way of knowing
<slipper1024> ivoks: Apr 20 18:37:33 mycomp postfix/smtpd[16281]: NOQUEUE: reject: RCPT from unknown[196.35.255.4]: 554 5.7.1 <unknown[196.35.255.4]>: Client host rejected: Access denied; from=<mike@hisdomain.com> to=<somebody@gmail.com> proto=ESMTP helo=<hylandmnb>
<slipper1024> Apr 20 18:44:36 itdirect postfix/smtpd[16996]: NOQUEUE: reject: RCPT from unknown[196.35.255.4]: 554 5.7.1 <unknown[196.35.255.4]>: Client host rejected: Access denied; from=<mike@hisdomain.com> to=<somebody@gmail.com> proto=ESMTP helo=<hylandmnb>
<slipper1024> Apr 20 19:06:51 mycomp postfix/smtpd[17810]: NOQUEUE: reject: RCPT from unknown[196.35.255.4]: 554 5.7.1 <unknown[196.35.255.4]>: Client host rejected: Access denied; from=<mike@hisdomain.com> to=<somebody@gmail.com> proto=ESMTP helo=<hylandmnb>
<jjohansen> not yet anyway, we need to probe into it more
<ivoks> slipper1024: don't paste so much output
<slipper1024> sorry
<ivoks> slipper1024: now look for 196.35.255.4 before first line
<jdstrand> smoser, jjohansen: for now, I removed the apparmor tag and adjusted the title slightly to more accurately reflect the current thinking
<jdstrand> smoser, jjohansen: feel free to adjust if apparmor is the culprit
<jjohansen> thanks jdstrand
<ivoks> slipper1024: paste it on pastebin.com
<uvirtbot> New bug: #565036 in clamav (main) "For a real-time protection in clamav" [Wishlist,Confirmed] https://launchpad.net/bugs/565036
<smoser> oh. i did the same jdstrand
<smoser> :)
<jdstrand> smoser: do you have any insight into the underlying machine? like an id number or something? I ask cause if you ran your tests again, it might be interesting if the same host had the same problem
<ivoks> slipper1024: grep 'Apr 20 18' /var/log/mail.log | grep 196.35.255.4
<smoser> jdstrand, you get no such information
<jdstrand> bummer
<slipper1024> ivoks: http://pastebin.org/162495
<slipper1024> pasted connect-disconnect info
<ivoks> slipper1024: so, as you can see
<ivoks> slipper1024: there's no sasl_username
<ivoks> slipper1024: your client didn't set up outlook to authenticate to smtp
<ivoks> slipper1024: and smtp won't relay host for anyone, only for authenticated users
<slipper1024> I see, Anonymous
<mcas1> i need some help with the preseed testcase... i can boot the machine but the ntptime command gives me an error
<ivoks> slipper1024: http://pastebin.com/aJ22CJz9
<ivoks> slipper1024: you should have something like this
<mcas1> what can i do what is going wrong here
<mcas1> ?
<ivoks> ntptime?
<ivoks> ah...
<slipper1024> he is using Outlook express and i watched him enter his login details
<slipper1024> weird, gonna re-do
<slipper1024> account setup
<ivoks> this is not account setup
<ivoks> this is smtp (outgoing) setup
<ivoks> it's not offered in wizzard, iirc
<uvirtbot> New bug: #567269 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/msql2mysql', which is also in package mysql-client 0:5.1.45-2" [Undecided,New] https://launchpad.net/bugs/567269
<uvirtbot> New bug: #567369 in samba (main) "package samba 2:3.4.0-3ubuntu5.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/567369
<uvirtbot> New bug: #567371 in eucalyptus "NC does not detach created pthreads in KVM driver" [High,Fix committed] https://launchpad.net/bugs/567371
<slipper1024> sry that is what i mean
<ivoks> check again
<slipper1024> ivoks: thanks man, those errors in mail.warn posted earlier
<ivoks> slipper1024: http://dnet.net/techSupport/smtpAuthOE.asp
<slipper1024> any idea?
<ivoks> slipper1024: ignore them
<ivoks> those aren't errors
<ivoks> those are warrning, hence the name mail.warn
<slipper1024> Ok thought it might be a dns misconfiguration on my part
<ivoks> slipper1024: those are spamers
<ivoks> slipper1024: if configured right, postfix won't accept mail from hostname that's not resolvable
<ivoks> slipper1024: so, if say 'helo i'm wickedname.google.cn' to you postfix
<ivoks> slipper1024: it will laugh at me and drop the connection
<ivoks> and then it will add notice to mail.warn, so you could laugh with it
<stephank> Hello! I'm on Lucid and trying to set up OpenLDAP with TLS and mutual authentication. Whether I use ldaps or StartTLS, the server closes the connection right after the client hello, and logs: âTLS: can't accept: The request is invalid..â. The client and server are the very same machine. I'm not sure where to go from here?
<ivoks> stephank: self signed cert?
<stephank> ivoks: Yes, but I specified TLS_CACERT, TLS_CERT and TLS_KEY, and it's reading the files (seen in strace).
<ivoks> stephank: try adding TLS_REQCERT allow to /etc/ldap/ldap.conf
<ivoks> stephank: just to be sure...
<ivoks> this is, of course, client related
<stephank> ivoks: I had it set to demand, but just tried allow and no dice either.
<ivoks> but this is very common mistake, so let's try
<ivoks> ok
<ivoks> maybe your client isn't trying ssl?
<ivoks> i like python for debuging ldap connection :)
<stephank> Well, I'm convinced it's my mistake, on the other hand, it stops at the client hello, so all that's been said so far is which cyphers to use. :)
<smoser> jdstrand, http://paste.ubuntu.com/419377/
<stephank> I'm trying with "ldapsearch -ZZ"
<stephank> and wireshark shows the starttls and client hello, then a connection close from the server
<ivoks> start openldap in debuging mode
<smoser> i see that on a node controller... i think that the too many open files might be a result of bug 567371, and the apparmor errors just fallout
<uvirtbot> Launchpad bug 567371 in eucalyptus "NC does not detach created pthreads in KVM driver" [High,Fix committed] https://launchpad.net/bugs/567371
<stephank> ivoks: that's how I got the TLS error âTLS: can't accept: The request is invalid..â. I can't find anything on google related to slapd and that error, but it seems to be an error reported by gnutls.
<stephank> strange thing is, it's the same machine, and thus the same gnutls library on server and client
<jdstrand> smoser: cool
<kirkland> jdstrand: have you ever seen: libvirt: cannot create pipe: Too many open files (code=38)
<kirkland> jdstrand: this is related to smoser's error
<jdstrand> smoser: so it was able to launch virt-aa-helper, but then when it went to fork/exec kvm, it couldn't
<ivoks> stephank: slapd -o openldap -g openldap -d 16383 ?
<jdstrand> kirkland: sounds like the system is over-taxed, or you need up the ulimit
<jdstrand> kirkland: but no, I have not seen it personally
<kirkland> jdstrand: yeah, we're taxing it, by running hundreds (or thousands) of euca instances over a few hours
<smoser> jdstrand, over time
<jdstrand> kirkland: maybe you have an fd leak somewhere... or you just hit the limit
<smoser> right.
<smoser> in libvirt
<smoser> i suspect
<smoser> the system is not terribly over taxed at the moment
<smoser> as 114 processes in 4G of memory
<stephank> ivoks: Here's what I get: http://www.privatepaste.com/d0397d2513
<kirkland> jdstrand: yup, <nurmi__> oh yeah, file leak
<kirkland> jdstrand: <nurmi__> it's holding on to the VM log files
<jdstrand> upstream fixes fd leaks all the time (it seems) -- maybe check git?
<kirkland> jdstrand: will do
<ivoks> stephank: tls negotiation
<ivoks> stephank: bah... have no clue :D
<stephank> ivoks: no problem, thanks for thinking along. :)
<ivoks> stephank: no-tls works?
<stephank> ivoks: I'm going to try with gnutls-serv and the same certificates
<stephank> ivoks: well, I've only tried ldapi
<stephank> ivoks: well, gnutls-serv and gnutls-cli report the exact same error :'(
<ivoks> stephank: try regenerating certificates
<ivoks> stephank: use openssl
<ivoks> :)
<stephank> ivoks: Will try that. Maybe I'm just doing something stupid, because I was trying to use the certificates my puppet installation generated
<jdstrand> kirkland: fyi, I just double checked the security driver, and the one place it doesn't use a libvirt wrapper for managing fds, it dtrt
<kirkland> jdstrand: smoser spotted http://osdir.com/ml/libvir-list/2010-02/msg00919.html
<kirkland> jdstrand: smoser: hmm, that looks openvz specific
<jdstrand> kirkland: that should be unrelated (openvz
<smoser> yes it does
<smoser> yeah, thats all in openvx_conf.c
<smoser> bug 567392 is open now
<uvirtbot> Launchpad bug 567392 in libvirt "__virExec:362 : cannot create pipe: Too many open files" [Undecided,New] https://launchpad.net/bugs/567392
<jdstrand> kirkland, smoser: this could be it: http://osdir.com/ml/libvir-list/2010-02/msg00210.html
<jdstrand> absolutePathFromBaseFile() is used by virStorageFileGetMetadataFromFD(), which is used in a few places in the storage driver
<Hypnoz> is anyone here familiar with dsh?
<pwnguin> dancershell?
<pwnguin> yes
<Hypnoz> do you know how to use a ' in the command string?
<jdstrand> that is actually used by the security driver, but in virt-aa-helper, not libvirtd, so that shouldn't be the cause of the problem
<jdstrand> but, virStorageFileGetMetadata() is used in other places as well
<jdstrand> smoser, kirkland: ^
<pwnguin> Hypnoz: are you using dsh -f hostlist -- command?
<Hypnoz> yeah. for example, dsh -f machines.list -- 'echo "a ' b"'
<pwnguin> well, im only familiar with it
<pwnguin> i ui admin our small renderfarm with it
<pwnguin> s/ui//
<Hypnoz> yeah i use it a lot for admin of a group of servers, but I pass any commands that have a ' in them
<Hypnoz> such as things with awk commands
<jdstrand> kirkland, smoser: commit 53b7dae139f2dd66866aabedca35aa74dad1579d
<smoser> jdstrand, http://libvirt.org/git/?p=libvirt.git;a=commit;h=53b7dae139f2dd66866aabedca35aa74dad1579d
<smoser> yeah
<smoser> i was just typing that
<jdstrand> kirkland, smoser: I've not looked at it, but that seems as good a place to start as any
<smoser> yea
<pwnguin> Hypnoz: well, i'm interested to find out the answer myself now
<Hypnoz> I'm trying things to escape the ' out like dsh -m web100 -- 'echo "a \' b"'  but still no luck
<Hypnoz> hooray! dsh -m web100 -- 'echo "a '"'"' b"'
<Hypnoz> web100: a ' b
<jdstrand> smoser, kirkland: you guys might want to do something like: watch 'sudo ls -1 /proc/`cat /var/run/libvirtd.pid`/fd | wc -l'
<smoser> jdstrand, awesome
<smoser> i was wondering how iw as going to tell if this fixed the problem
<smoser> without waiting till tomorrow
<jdstrand> well, shoot
<jdstrand> there is a leak
<jdstrand> if I do a virsh start the fd increments by 2,then a virsh destroy it only decrements by 1
<jdstrand> smoser, kirkland: ^
<jdstrand> smoser, kirkland: fyi, I tested with the apparmor driver disabled and it still leaks
<jdstrand> smoser, kirkland: it isn't closing the log:
<jdstrand> $ diff /tmp/before /tmp/after
<jdstrand> 38a39
<jdstrand> > lrwx------ 1 root root 64 2010-04-20 13:17 43 -> /var/log/libvirt/qemu/sec-dapper-i386.log
<jdstrand> I'll update the bug
<smoser> console log ?
<smoser> thank you
<jdstrand> smoser: not the console log, the debug output log.
<smoser> at the risk of sounding like a fool, debug output log ?
<smoser> of what
<jdstrand> smoser: libvirt
<jdstrand> smoser: libvirtd logs stuff like this to files in /var/log/libvirt/qemu/<vmname>.log:
<smoser> ah. ok
<smoser> yeah, i see it
<jdstrand> http://paste.ubuntu.com/419395/
<jdstrand> smoser: which bug is it?
<smoser> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/567392
<uvirtbot> Launchpad bug 567392 in libvirt "__virExec:362 : cannot create pipe: Too many open files" [Undecided,New]
<jdstrand> smoser: I'll update it with what I found
<jdstrand> cool, thanks
<binBASH> is there any way to get glusterfs packages from lucid into actual ubuntu server release?
<jdstrand> smoser: let me check to see if shutdown is also affected
<binBASH> I've seen actual release has glusterfs 2 while the lucid has glusterfs 3
<smoser> http://libvirt.org/git/?p=libvirt.git;a=commit;h=598a0c00dcc7fa07d226a3f508b517690a9be819
<smoser> jdstrand,
<smoser> wait
<smoser> ignore that
<jdstrand> k
<smoser> http://libvirt.org/git/?p=libvirt.git;a=commit;h=caad0a878337b52c4453444bb227b74cce6e6d5f
<smoser> that one
<jdstrand> smoser: that has to be it
<jdstrand> I can almost guarantee it
<jdstrand> and it is a two line patch!
<smoser> yeah. stars aligned
<jdstrand> heh
<smoser> jdstrand, please do update that bug
<smoser> at least confirm it
<jdstrand> smoser: is this for SRU?
<kirkland> jdstrand: ideally for RC
<kirkland> smoser: jdstrand: back from lunch
<jdstrand> my vm died and I couldn't shut it down nicely
<jdstrand> hold on
<smoser> jdstrand, sru for lucid ?
<smoser> as opposed to NOW
<jdstrand> well, I have an SRU bug I can squeeze in there so I can prepare the upload if you like
<JanC> binBASH: wait 2 weeks, then lucid will be an "actual release"  ;-)
<jdstrand> smoser: yes, SRU vs NOW
<jdstrand> smoser: I can do the NOW if required
<smoser> well, lets verify this fixes first
<smoser> which we think it would
<jdstrand> of course
<smoser> i'm so happy that you use quilt
<jdstrand> smoser: I'm so confident it will, I'll even do all the work, test it and get back to you :)
<smoser> jdstrand, fair enough
<jdstrand> heh-- thank debian :)
<smoser> ok then, build me a deb and i'll test it.
<smoser> so we think that simply bouncing libvirtd will fix my euca problem
<jdstrand> k, still checking shutdown. after will update the bug and build a deb
<jdstrand> smoser: amd64 or i386?
<jdstrand> (or both)
<smoser> this is amd64
<jdstrand> k
<smoser> after restart: ls /proc/$a/fd | wc -l
<smoser> went from 1021 files to 33
<kirkland> smoser: lsof should help too
<smoser> bouncing libvirt (sudo restart libvirt-bin) fixed the euca issue
<binBASH> JanC: Well, still a bit long
<JanC> binBASH: you can always test with the beta for now
<binBASH> JanC: I had very bad experience in the past at least with the desktop versions of ubuntu. :)
<_ruben> binBASH: depending on the dependencies (no pun intended), you could either just install deb lucid .deb file, or backport it (and perhaps some/all of its dependencies)
<binBASH> _ruben: Yeah I will try it.
<binBASH> However I didn't find 64 bit version
<binBASH> ahh I found it
<binBASH> _ruben: /usr/sbin/glusterfsd: symbol lookup error: /usr/sbin/glusterfsd: undefined symbol: gf_proc_dump_info
<binBASH> looks like it failed
<binBASH> :/
<jdstrand> smoser: building now
<JanC> binBASH: I assume that you want to test something like glusterfs before using it for real, so using a beta version for testing shouldn't be much of an issue?
<binBASH> JanC: I tested the glusterfs already
<JanC> I mean version 3  ;)
<slipper1024> ivoks: outlook express and outlook on winxp and earlier doesn't support DHE-RSA-AES256-SHA  encryption
<binBASH> JanC: I tested version 3 on CentOS ;)
<binBASH> I tested version 2 as well and I know it was not what I need ;)
<_ruben> binBASH: which package(s) did you install?
<JanC> binBASH: so, try it on ubuntu lucid beta so you can be sure it works well...
<JanC> it's not like much will change in the 2 weeks that are left...
<smoser> kirkland, so you never hit that issue in libvirt because you had multiple node controllers
 * RoyK sends some Icelandic ash in binBASH's directoion
<RoyK> direction, even
<kirkland> smoser: ah, true, i do have 3 NCs right now
<kirkland> smoser: <nurmi__> do you have log files from the CLC in the case where the meta-data service is failing in the way scott was descriving this morning?  We've looked at the code and nothing is jumping out
<kirkland> jdstrand: reading scroll back, looks like you've grabbed that libvirt fix, and you're building a libvirt for smoser to test?
<hggdh> kirkland: out of memory again. I will add the data in the bug
<kirkland> hggdh: hmm, even with the 384M fix?
<smoser> kirkland, its readily reproducible
<smoser> especially on datacenter
<kirkland> smoser: k, will grab logs
<smoser> hggdh, maybe we could mark the logs (or rotate them) then start a run
<smoser> so you've got clean stuff.
<kirkland> hggdh: did you have any of the metadata service style failures in that last run?
<smoser> kirkland, the most recent log there single_test.log.2010-04-20_135807
<smoser> has loads of them
<binBASH> _ruben: glusterfs-client and glusterfs-server
<binBASH> JanC: I don't wanna damage my working cloud structure ;)
<hggdh> kirkland: yes, a series of them -- the instance waits for the metadata, then barfs when it gets it empty
<kirkland> hggdh: great, could you tar up /var/log/eucalyptus on the CLC?
<kirkland> hggdh: and put it somewhere I can get to it and send on to Eucalyptus?
<kirkland> hggdh: also, could you pastebin /etc/init/eucalyptus.conf for me?
<kirkland> hggdh: and (silly question), you did restart all of the eucalyptus services after making that conf file change, right?
<jdstrand> kirkland: I am testing the build now
<hggdh> kirkland: in reverse order: yes, I restarted the CLC, CC, and SC; I can pastebin, but the 'ps aux' in the bug comments shows the memory allocation
<hggdh> for the CLC
<\sh> hmmm..does anyone has experience with an HP lefthand iscsi system + HP StorageWorks x5000 as nfs/cifs concentrator?
<kirkland> hggdh: got it
<kirkland> hggdh: now, just a tarball of the /var/log/eucalyptus from the CLC
<hggdh> kirkland: attaching to the bug right now
<jdstrand> smoser, kirkland: packages fix it for me. they are on chinstrap in /home/jamie/uploads/lucid/libvirt
<kirkland> hggdh: cheers
 * jdstrand updates bugs
<jdstrand> bug
<kirkland> jdstrand: i'll take a quick look
<kirkland> jdstrand: i suggest we try to get this into RC ... objections?
<kirkland> smoser: ^
<smoser> i dont know. it is obviously a but, but not one that would be hit in a week or two by someone doing something other than libvirt testing
<smoser> s/obviously a but/obviously a bug/
<smoser> but it seems like extremely low chance of regression
<jdstrand> I'll attach the debdiff and let you decide
<jevidl> In the past I have used mem="2048" on the kernel line in grub to limit the system memory. With the advent of grub2, I don't seem to be finding a way to do it anymore. Google is happy to tell me all about how grub uses memory, etc. but not much about the kernel line option. Is this still possible?
<smoser> kirkland, can you get to cempedak ?
<kirkland> smoser: yeah
<smoser> if so, its in /tmp/eucalyptus-logs.tar.bz2
<smoser> euca logs
<kirkland> smoser: strike that, ssh denied to cempedak
<hggdh> huh? you cannot ssh there?
<ttx> kirkland: was bug 567371 something we hit in our stress testing ?
<uvirtbot> Launchpad bug 567371 in eucalyptus "NC does not detach created pthreads in KVM driver" [High,Fix committed] https://launchpad.net/bugs/567371
<kirkland> ttx: yes, something that dan hit during stress testing
<kirkland> ttx: i have merged his fix
<kirkland> ttx: i was going to do a brief round of testing, and then propose for upload
<ttx> ok, not something we hit in stress testing, but something they hit in theirs ?
<kirkland> ttx: yes, but i think i've hit it too
<ttx> ok
<kirkland> ttx: though i don't have evidence of it on my cloud at the moment
<kirkland> ttx: basically, there are 3 bugs we're tracking/trying to fix right now ...
<kirkland> ttx: a) a java heap memory error, #565101
<kirkland> ttx: b) a libvirt file leak error, #567392
<kirkland> ttx: c) dan's NC pthreads error, #567371
<jdstrand> kirkland, smoser: debdiff attached, bug updated with my testing (#567392)
<ttx> kirkland: hm, what about bug 566792 ? it's pretty high on my list
<uvirtbot> Launchpad bug 566792 in eucalyptus "UEC guests sometimes fail on consuming user data" [High,Confirmed] https://launchpad.net/bugs/566792
<kirkland> ttx: all 3 have proposed fixes, we're just trying to verify the fixes now
<ttx> kirkland: did nurmi comment on that one ?
<kirkland> ttx: right, d) metadata sometimes fails, #566792
<kirkland> ttx: dan is looking into that one, haven't been able to reproduce it
<ttx> kirkland: ok, that matches my list then :)
<kirkland> ttx: appears to be hardware dependent ... the faster your hardware, the more likely/often you hit it
<kirkland> ttx: which of these do you want in RC?
<kirkland> ttx: which of these do you want in SRUs?
<smoser> i think its more io speed related
<smoser> than just general "fast"
<ttx> I think you hit it on slow UEC and fast images
<ttx> (fast to boot)
<kirkland> ttx: so do you want us to target all of these for RC?
<kirkland> ttx: 2 of them are basically "done"
<kirkland> ttx: one of them has a proposed fix that didn't quite work on first round of testing
<ttx> a b c can be done in SRUs idf needed
<kirkland> ttx: and one is still under investigation
<kirkland> ttx: i think all of these can be done in SRUs ... i'm just concerned about the effort required to do these in RC versus SRU
<kirkland> ttx: i'm looking for your guidance on that
<hggdh> eeek. I also see a JavaStackOverflow in the walrus
<ttx> at that point the effort is the same. So it depends on the regression risk of the patch. If any, then SRU
<ttx> but...
<ttx> for (d) we need to come to the bottom of it, make sure its a euca bug and not something we need to fix/workaround in our images
<ttx> (we can still issue an image update but I thin it's less easy than a package sru)
<ttx> kirkland: for sru vs. RC fix, I trust the release team to make the right choice... if you want me to assess it, I can have a quick look at the patches
<ttx> if you point me to them
<kirkland> ttx: https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/567392
<uvirtbot> Launchpad bug 567392 in libvirt "__virExec:362 : cannot create pipe: Too many open files" [High,In progress]
<kirkland> ttx: patch at the bottom;  i just proposed for RC
<ttx> that one sounds rather limited, I'd support it
<kirkland> hggdh: for the heap error, did increasing the memory change the behavior at all?  push out the mem errors further?  anything?
<kirkland> ttx: thanks; i agree
<ttx> if you want it to RC, you need to push it to release team now and ask them to reroll asap
<ttx> any other patch ?
 * jdstrand is ready to upload
 * ttx looks into rev1223 for the NC thread thing
<ttx> that one looks slightly more dangerous...
<kirkland> ttx: okay
<kirkland> ttx: so we should start prepping a Day0 SRU?
<ttx> yes, having something in -proposed would be good
<ttx> the walrus thing... I'm ok with -Xmx384m, but that doesn't seem to work so well
<kirkland> ttx: right, i'm hoping this one is easy to fix
<kirkland> ttx: and easy to verify is-fixed
<kirkland> ttx: but that didn't work yet
<ttx> kirkland: ok, I'll shut down for the day and let all that in your hands
<kirkland> ttx: ack, bon soir
<ttx> (and the release team ones) :)
<ttx> cheers
<kirkland> hggdh: could you "grep -ri pthread /var/log/eucalyptus/*" on each of the lab machines?
<kirkland> hggdh: tell me if you have any hits?
<kirkland> hggdh: i don't see any traces of https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/567371 in my test rig
<uvirtbot> Launchpad bug 567371 in eucalyptus "NC does not detach created pthreads in KVM driver" [High,Fix committed]
<kirkland> ttx: i have targeted https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/567371 at lucid-updates SRU
<_ruben> binBASH: you likely need libglusterfs0 to be upgraded as well
<dbernar1> I'm trying to set up samba as a domain controller. I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html and my windows client can not see my domain.
<dbernar1> http://pastebin.com/tKCJ4yEW
<dbernar1> That's my smb.conf
<kirkland> hggdh: around?
<hggdh> kirkland: on call
<kirkland> hggdh: i'm trying to get onto cempedak
<kirkland> hggdh: n'mind, i got it
<kirkland> hggdh: okay, by changing to 384M, we actually "reduced" the amount of memory (turns out it defaults to 512M)
<hggdh> kirkland: I am back, sorry, was on my 1-on-1
<kirkland> hggdh: no problem; debugging heap mem issue with dan
<hggdh> kirkland: will check for the pthreads now
<hggdh> heh. less mem to alleviate memory starvation is fun :-)
<kirkland> hggdh: did it poop out soon/later/same when you did that?
<hggdh> kirkland: it changed the behaviour, actually -- instead of refusing any, and all, new requests, it would fail *sometimes*
<hggdh> kirkland: no pthread in any of the logs
<kirkland> hggdh: thanks
<hggdh> kirkland: but, OTOH, I have been unable to register a new UEC image
<kirkland> hggdh: can you bump it up to 1024 on each of the clc, walrus, sc and restart those services?
<hggdh> kirkland: roger wilco
<kirkland> hggdh: don't know if that's going to be acceptable though
<binBASH> _ruben: Thanks the message dissapeared ;)
<dbernar1> I'm trying to set up samba as a domain controller. I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html and my windows client can not see my domain. http://pastebin.com/tKCJ4yEW is my smb.conf
<hggdh> kirkland: it's been a time since I worked on Java, but I have a dim memory it was not acceptable. Will find in a few ;-)
<kirkland> hggdh: heh
 * RoAkSoAx feels like coding...
<binBASH> _ruben: Thanks a lot again.
<uvirtbot> New bug: #567538 in net-snmp (main) "[libsnmp-base] unnecessary dependency on gawk" [Undecided,New] https://launchpad.net/bugs/567538
<hggdh> kirkland: swallowed hook, sink, and bait. Will do a new sequence of tests
<hggdh> from an instance console: WARNING:INSTANCE i-3C9E0644:rm: cannot remove `/var/lib/urandom/random-seed': Read-only file system
<hggdh> what does that mean? random-seed is static?
<hggdh> smoser: which image has the debug on metadata?
<kirkland> hggdh: if your filesystem has gone readonly, that's globally bad
<hggdh> kirkland: I see it on some of the failed instances
<hggdh> kirkland: I only really noticed it due to a completely different (and unrelated) issue involving virtual machines
<hggdh> kirkland: now, if this should not happen, then we may have yet another issue to look at
<mathiaz> jdstrand: hi - looking at bug 566803
<uvirtbot> Launchpad bug 566803 in augeas "/usr/share/augeas/lenses/dist/iptables.aug should use a different path" [Low,New] https://launchpad.net/bugs/566803
<mathiaz> jdstrand: is there a default location for the iptables save file?
<jdstrand> mathiaz: using standard iptables-save?
<mathiaz> jdstrand: yes
<mathiaz> jdstrand: I don't see an init script or upstart job
<jdstrand> mathiaz: no-- it just dumps to stdout. You have to redirect it somewhere
<mathiaz> jdstrand: right
<mathiaz> jdstrand: so there is a standard location for the file
<jdstrand> mathiaz: the iptables tuturial mentions /etc/iptables-save
<mathiaz> jdstrand: what would be recommendation for Ubuntu?
<jdstrand> mathiaz: Debian used to put it somewhere, I don't recall otoh
<jdstrand> mathiaz: ufw
<jdstrand> :)
<jdstrand> mathiaz: tbh, there are a bunch of iptables frontends. they all do stuff differently
<jdstrand> mathiaz: /etc/iptables-save seems reasonable enough if you aren't going to use ufw (or shorewall)
<mathiaz> jdstrand: right - /etc/sysconfig/ is definetly not the correct place though
<jdstrand> mathiaz: no
<jdstrand> mathiaz: I wouldn't put it in /etc/default
<jdstrand> either
<jdstrand> mathiaz: what is this for?
<mathiaz> jdstrand: bug 566803
<uvirtbot> Launchpad bug 566803 in augeas "/usr/share/augeas/lenses/dist/iptables.aug should use a different path" [Low,New] https://launchpad.net/bugs/566803
<mathiaz> jdstrand: the location of the default file for augeas
<jdstrand> mathiaz: well, technically, it is saving the state of the firewall
<jdstrand> mathiaz: as such, it should really by in /var/lib
<jdstrand> mathiaz: however, since this is presumably starting early on boot, /var may be on another partition
<jdstrand> mathiaz: and thus not available
<jdstrand> mathiaz: so, you can try to be FHS compliant and put it in /lib/...somewhere (though some interpretations of the FHS wouldn't like that either), or just say /etc/iptables-save
<jdstrand> mathiaz: since /etc/iptables-save is most discoverable, and in the iptables tutorial, I recommend it
<mathiaz> jdstrand: great - thankls
<kirkland> hggdh: yeah, if instance filesystems are going readonly, that's another bug :-/
<kirkland> hggdh: possibly an fsck one?
<gzmask> question: in UEC, using SYSTEM mode in networking, I start an instance with --addressing private, and I got the private IP 172.19.1.2 from euca-describe-instances, but I can't ping or ssh onto the instance. Is it something wrong here? Also, when I euca-run-instances without using --addressing private, it gives a address resource error which is expected since I need to submit MAC address to get assigned an IP here on campus network.
<jdstrand> mathiaz: sure, np
<kirkland> mathiaz: are you planning to take hggdh's recent improvements to the test scripts?
<mathiaz> kirkland: yes
<mathiaz> kirkland: I should create a project for that
<kirkland> mathiaz: twould be nice
<mathiaz> kirkland: are you also running into bug 567396 while doing your UEC test install?
<uvirtbot> Launchpad bug 567396 in partman-base "partman/confirm preseed not taken into account" [Undecided,New] https://launchpad.net/bugs/567396
<Rafael_>  i am new and try this comand and got the following error, anybody can help: rgotten@myplasticare:~$ sudo /etc/init.d/rsync restart
<Rafael_> <Rafael__> write: Resource temporarily unavailable
<Rafael_> <Rafael__>  * Restarting rsync daemon rsync                                                                                                                                                  write: Resource temporarily unavailable
<Rafael_> <Rafael__>  * rsync daemon not running, attempting to start.
<Rafael_> <Rafael__> write: Resource temporarily unavailable
<Rafael_> this was done on my ubuntu server
<kirkland> mathiaz: i think i just had to add "d-i partman/confirm_write_new_label boolean true"
<kirkland> mathiaz: well, hmm, i see you have that
<kirkland> mathiaz: this preseed worked for me yesterday: http://mirror/uec-auto/preseed/preseed-00-24-e8-da-a2-11
<\sh> guys....I have to say "Thank you" to you all...doing jaunty updates (security and updates) and everything works like a charm..no flaws :) thanks for that :)
<hggdh> kirkland: OK, seems the -Xms1024m did the trick. I have reached 890M on RES, and it is still running
<mathiaz> kirkland: hm - could you post your preseed somewhere that I can access to it?
<erichammond> jiboumans: Has any progress been made on getting Amazon's Perl package for SimpleDB into CPAN/Debian/Ubuntu? http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1136&categoryID=148
<g-hennux> hi!
<g-hennux> where does ufw store its configuration, in case i want to migrate it from one host to another?
<g-hennux> or what's the preferred way of backing up my ufw rules, if you want?
<hggdh> kirkland: I am in doubt. Against which package should the bug be (for the readonly messages I saw in the instance console output)
<kirkland> hggdh: hmm, great question :-/
<kirkland> mathiaz: oh, sorry
<kirkland> hggdh: start with cloud-init, i suppose
<RoAkSoAx> mathiaz, I have a quick question. Is the puppet EC2/UEC integration is only the ability to register the instances running to a puppet server automatically?
<RoAkSoAx> \sh, btw... where you able to setup pacemaker/corosync with puppet?
<hggdh> thanks
<\sh> RoAkSoAx, nope...we are still working on that
<\sh> .oO(and more)
<mathiaz> RoAkSoAx: there other alternatives
<mathiaz> RoAkSoAx: you can always create your script to do that
#ubuntu-server 2010-04-21
<RoAkSoAx> \sh, awesome, I was planning to look into that to try to get it for Maverick
<RoAkSoAx> mathiaz, what kind of other alternatives?
<mathiaz> RoAkSoAx: well - whatever you need to do to register a puppet client
<mathiaz> RoAkSoAx: I don't have a specific example
<mathiaz> RoAkSoAx: as I would use the cloud-config support for puppet
<RoAkSoAx> mathiaz, I see then... i'll look into it then. And btw.. would that work with regular KVM's? or Only for the Cloud instances?
<mathiaz> RoAkSoAx: only UEC/EC2 images
<mathiaz> RoAkSoAx: it also depends what you use to run your kvm
<mathiaz> RoAkSoAx: for now the necessary information is brought via the user-data option
<RoAkSoAx> mathiaz, well I would like to test it on my local machine without having to implement a UEC
<mathiaz> RoAkSoAx: it == ?
<RoAkSoAx> mathiaz, ?? :/
<RoAkSoAx> what do you mean
<mathiaz> RoAkSoAx: you wanna test *what* without the cloud?
<RoAkSoAx> mathiaz, i mean auto registration of the puppet client
<RoAkSoAx> as if they were running in the cloud
<RoAkSoAx> but they would be running on a local machine on KVM
<mathiaz> RoAkSoAx: well - that wouldn't work since the work done is to enable automatic registration in the cloud
<RoAkSoAx> mathiaz, that is managed by puppet... correct?
<mathiaz> RoAkSoAx: the cloud? no it's not managed by puppet
<RoAkSoAx> mathiaz, no i the integration of puppet to EC2/UEC will allow a puppet server to register to a puppet master that are both running in the cloud?
<RoAkSoAx> s/puppet server/puppet client
<RoAkSoAx> which also means that the instance will be registering to the cloud, correct?
<mathiaz> RoAkSoAx: well - it's the other way around
<mathiaz> RoAkSoAx: the cloud starts an instance
<mathiaz> RoAkSoAx: and the instance will be able to register to any puppet master
<mathiaz> RoAkSoAx: I need to jet out
<mathiaz> RoAkSoAx: I'd suggest to read up the series of blog post I made about puppet-UEC/EC2 integration
<RoAkSoAx> mathiaz, i will thanks :)
<mathiaz> RoAkSoAx: http://ubuntumathiaz.wordpress.com
<smoser> debug6 hggdh
<smoser> hggdh, i've never seen that error. sigh.
<hggdh> smoser: heh. which error? ;-)
<smoser> red only filesystem
<smoser> read even
<hggdh> smoser: yeah, this sucks... I just opened bug 565101 about that
<uvirtbot> Launchpad bug 565101 in eucalyptus "walrus reports java.lang.OutOfMemoryError: Java heap space" [High,In progress] https://launchpad.net/bugs/565101
<hggdh> smoser: could you prepare a debug6-compatible image for the RC?
<smoser> hggdh, you mean take the rc image and enable some debug ?
<smoser> heres the problem with that.
<smoser> bug 566793
<uvirtbot> Launchpad bug 566793 in eucalyptus "euca-get-console-output gives first 64k of output, not most recent" [Low,New] https://launchpad.net/bugs/566793
<smoser> the reason that is a problem is that if you turn upstart debugging on, output is so verbose that you don't get the end of it
<smoser> i worked around that here by ssh'ing to the NC and getting the console log from there, but in your situation with multiple NC, it'd be harder
<\sh> hggdh, is tomcat somehow involved?
<hggdh> \sh I do not think so
<hggdh> smoser: yes, have the debug code on the RC -- but only if we will learn something new from it, I guess
<hggdh> damm, gave the wrong bug # on the console thingy
<hggdh> the readonly FS is bug 567592
<uvirtbot> Launchpad bug 567592 in cloud-init "rm: cannot remove `/var/lib/urandom/random-seed': Read-only file system" [Undecided,New] https://launchpad.net/bugs/567592
<hggdh> \sh no tomcat (just checked)
<\sh> hggdh, well, the bug sounded like a long time hanging tomcat bug regarding "re-starting/re-deploying" tomcat webapps..
<smoser> hggdh, ok. i have registered 3 amis now
<smoser> euca-describe-images | grep "emi.*20100420"
<smoser> lucid-20100420-debug-upstart/lucid-server-uec-amd64.img.manifest.xml
<smoser> lucid-20100420/lucid-server-uec-amd64.img.manifest.xml
<smoser> lucid-20100420-debug-upstart-loud/lucid-server-uec-amd64.img.manifest.xml
<smoser> debug-upstart-loud has debug at 'info'
<smoser> debug-upstart actually has no upstart debug, but does have some from cloud-init
<hggdh> smoser: thank you. I will see what happens with them ;-)
<smoser> but as i said, hggdh, due to that console output bug, if you don't capture the whole console output, its not that useful
<smoser> but for this read-only one, i have mountall debug on
<smoser> so that might help
<smoser> ah. wait.
<smoser> we've seen this before
<smoser> the plymouth not available
<smoser> kirkland was moaning about this in -devel the other day
<smoser> kirkland, did you open an issie on this ?
<hggdh> smoser: as far as I can remember pretty much all failed instances (I took out the console output for success) seem to have a plymouth barfing
<smoser> yes, but in this case mountall decided to do something about it :)
<smoser> thats the difference
<hggdh> heh
<hggdh> which image has mountall at debug?
<smoser> both
<smoser> both the debug ones
<smoser> the -loud has upstart to
<smoser> stick with the non loud
<hggdh> yes, sounds like a very good idea.
<hggdh> there we go :-)
<smoser> i just instaleld the -debug0 package that i put together for your other bug
<smoser> hggdh, i have to run
<smoser> sorry
<hggdh> smoser: thank you, and have a nice evening
<ajsie> anyone here?
<domas> hi!
<domas> anyone seeing apparmor related oops on install ? http://p.defau.lt/?nBDkcPAlmAk_DmALqzZzag
<sbeattie> domas: I haven't seen anything like that, but jjohansen will be interested.
<domas> I'm having troubles running installer on 2x6 core opteron boxes
<domas> thats brand new CPU, so may be related :)
<domas> though managed to install one box :)
<jjohansen> domas: can you file that in a bug
<domas> have to figure out how can I contact canonical support :))
<jjohansen> domas: also which kernel?
<domas> 2.6.31-14-generic #48-Ubuntu
<jjohansen> what are you trying to install?
<domas> different oops now: http://p.defau.lt/?FSq_675qXqvJxQDZLdwATw
<domas> karmic
<domas> this is unattended install, that succeeds on all our other machines
<domas> just this class of machines fails
<jjohansen> domas: hrmm, strange
<domas> I installed one :)
<domas> tried karmic, failed, tried hardy ,failed, succeeded with next karmic install :)
<jjohansen> domas: have you tried Lucid?
<domas> I'm not sure I have network image for that one around
<domas> is it released yet?
<domas> ah, few more weeks
<jjohansen> domas: its RC so very close, its kernel would probably better support that rig
<MagicFab> domas, there are dailies.
<domas> anyway
<domas> pure magic is that I have it installed on one box ;-)
<domas> let me retrace the steps ;-)))
<domas> hardy kernel was locking up  on all older machines of this type too :)
<domas> hmmm, now hardy installer is working
<domas> btw, is there a way to create stripe-aligned (or 1MB-aligned) partitions with automated installer? :)
<jjohansen> domas: not that I know of, but then I don't play with that stuff much
<bluethundr> I've specified a directory on my new mail server that I would like to mount separately from the rest of the file system (along with a couple of others that do work correctly). I am specifying the directory as this in fstab: /dev/sdm /var/spool/mail/virtual ext3 defaults,noatime,noacl,data=ordered 1 2â¦. it shows up as /var/mail/virtual â¦. http://pastebin.com/LmvZBMWr
<deslector> hi, what is a good way to monitor a server load for a period of time?
 * deslector wonders if it is possible to monitor power consumption too
<domas> you can monitor power consumption, if your chassis supports that :)
<maxagaz> hi
<domas> hehe
<domas> actual_power = 300
<maxagaz> when sending a message with the command mail, can I set the sender's address ?
<domas> maxagaz: use 'sendmail' and provide headers
<deslector> domas, hmm... I don't know, but don't think so... this is one of the cheap ProLiants
<deslector> I'll check into it, though...
<deslector> hmm... pwrkap may be what I want
<uvirtbot> New bug: #567701 in ntp (main) "Date not updated by ntp when network interfaces started" [Undecided,New] https://launchpad.net/bugs/567701
<swift> guys, I have two NIC interface configured on different subnets on my ubuntu server
<swift> one on 192.168.44.x and the other on 192.168.45.x
<swift> please confirm if the gateway used by these interfaces should be different
<swift> when i do a 'route -n' , i see that the gateway for both is 0.0.0.0... which then is 192.168.44.2
<swift> so.. is this a problem?
<swift> please advise
<persia> That entirely depends on the network configuration.
<persia> But unless you're doing something especially fancy, there should only be one route to 0.0.0.0 on a host.
<swift> persia... how can a 192.168.45.x subnet us a 192.168.44.2 gateway?
<swift> persia... shouldn't 192.168.45.x use itself is the gateway?
<persia> Because your host routes packets from 192.168.45.x to the 192.168.44.x interface to go to the 192.168.44.2 device, which then routes them somewhere else.
<persia> No.
<swift> persia.. that's what I dont want.. I done want packets to go from 192.168.45.x to 192.168.44.x
<persia> Assuming you have a single-gateway network, *other* hosts on 192.168.45.0/24 (assuming that's your network size) should use 192.168.45.x as a gateway.
<persia> Can we use numbers?  Your use of "x" confuses me.  Let's call them 17 and 23.
<persia> So 192.168.44.17 uses 192.168.44.2 as a gateway.
<persia> 192.168.44.17 is the same host as 192.168.45.23
<persia> packets originating from that host should be routed to the internet through 192.168.44.2
<swift> it is?
<persia> 192.168.45.19 is a compeltely different host.
<persia> It uses 192.168.45.23 as a gateway.
<persia> If you want the dual-homed host to *not* route IPv4 packets, fiddle with /proc/sys/net/ipv4/ip_forward
<swift> yes.. I dont want the packets sent via 192.168.45.x to go through 192.168.44.x
<swift> how do i guarantee that?
<persia> So you want 192.168.45.19 to not have access to the internet?
<alex_joni> echo "0" > /proc/sys/net/ipv4/ip_forward
<swift> persia... say I ping another machine on the 192.168.45.0/24 network
<persia> from where?
<swift> it should go via 192.168.45.x on this machine
 * persia waits for an example that *doesn't* use "x" to continue responding
<persia> (fake numbers are fine: I don't need the specifics, but I need something to usefully reference to distinguish the dual-homed host from other hosts)
<alex_joni> swift: you only have one default gw that reaches 0.0.0.0 (e.g. internet)
<persia> (usually)
<alex_joni> for 192.168.45.0/24 you want a route that points to 192.168.45.0
<alex_joni> persia: right, for his case
<persia> right.
<alex_joni> so you should have:
<alex_joni> Destination Gateway mask Iface
<alex_joni> 192.168.44.0 * eth0
<alex_joni> 192.168.45.0 * eth1
<alex_joni> default 192.168.44.2 eth0
<alex_joni> forgot the mask in there..
<alex_joni> 255.255.255.0 for the first 2, and 0.0.0.0 for the last one
<swift> if 192.168.45.10 is pinging 192.168.45.11(other machine)... it should use the 192.16845.x gateway...
<_ruben> no, it shouldnt (need to) use a gateway at all
<persia> Yes, and it ought do it automatically (assuming 192.168.45.10 is the dual-homed machine)
<swift> yes..
<swift> but on the server the route shows it uses 192.168.44.2 as the gateway
<persia> That's correct.
<persia> So "gateway" has a couple potential interpretations.  The simplest one is that it's the route used to get to 0.0.0.0
<_ruben> "the gateway" is kind of ambiguous (sp?)
<binBASH> Hi
<persia> swift: So I wouldn't worry much about 192.168.45.10: that machine sounds like it can get everywhere in all the correct ways.  Check from 192.168.45.11 to verify it can ping 192.168.45.10 and can't ping 192.168.44.2
<persia> (where 192.168.45.11 should use 192.168.45.10 for 0.0.0.0)
<swift> how can i use that interface?
<swift> forgot ping syntax
<swift> :D
<persia> On 192.168.45.11 run `ping 192.168.44.2`
<swift> persia.. I can see that it can ping a .44 IP on another machine!!
<swift> i do 'ping -I eth1 192.168.44.13'
<swift> it pings
<persia> From 192.168.45.11?
<swift> where eth1 is 192.168.45.11
<swift> yes
<persia> OK.  So, is this what you want?
<swift> will I have to put a route there
<persia> No, if you can ping, it already works.
<swift> no... I shouldn't be able to communicate with 192.168.44.x network
<swift> from 192.168.45.11... I should only be able to ping another 192.168.45.x IP
<persia> OK, in that case, you want to disable IPv4 forwarding on 192.168.45.10.
 * _ruben votes for a graphical network diagram and clear description of what should and should not be possible/allowed ;)
<persia> *OR* remove the route to 0.0.0.0 through 192.168.45.10 on 192.168.45.11.  For extra points, do both.
<stephank> The topic's tinyurl appears to be broken.
<_ruben> seems to be cut off indeed
<_ruben> adding "er" to it does work
<stephank> Oh! I thought it was intentionally missing. :)
<stephank> But is that really the intended page? It redirects to a blog post, rather than âdoc and resourcesâ.
<_ruben> wouldnt know ;)
<RoyK> hi all. any idea why /etc/postfix/main.cf seems to be missing in lucid?
<persia> RoyK: I have it on a relatively fresh install for which I've done only minimal postfix configuration (setting up satellite system in the prompts).  Did you maybe say "no configuration" on initial setup?
<RoyK> I didn't install the box, but perhaps the guy who did so chose that - wouldn't surprise me
<persia> RoyK: I just tested a fresh lucid postfix install in a chroot, and indeed, if one selects "No Configuration", no main.cf is produced (which seems like the correct behaviour to me).
<persia> Try `dpkg-reconfigure postifx`
<RoyK> persia: that was indeed the problem - the guy had just chosen "no config" because he didn't understand what to do and didn't bother to read those five lines
<persia> RoyK: That's actually probably the safest thing that could have been done, and it makes it easy to fix (with dpkg-reconfigure).
<RoyK> yeah
<raphink> hi there
<raphink> plymouth seems to be blocking startup on lucid
<raphink> anybody witnessed that?
<persia> raphink: That's almost never actually plymouth.  What's the specific issue?
<raphink> when we reboot the server
<raphink> almost no service is started
<raphink> except ntp
<raphink> syslog-ng is not started for example
<raphink> and plymouthd keeps running
<raphink> after I log in ssh
<raphink> deactivating plymouth in /etc/init seemed to help with quite a few services
<persia> Odd.  All plymouth should be doing is IO multiplexing (and maybe some screen draws).
<persia> Are you sure something else isn't hanging on IO, and it gets a bit further when it crashes on an IO failure when plymouth isn't around?
<raphink> I've tried to put bootchart
<raphink> to log what's happening during the boot
<raphink> but it doesn't generate the png
<raphink> it crashes quite badly
<persia> Can you get the bootlog info, and then generate the graphics post-boot?
<persia> Also, have you filed a bug?  This doens7t happen for my serers, and it sounds potentially serious.
<raphink> empathy crashed ;-)
<persia> Heh.  You're having great luck today :)
<persia> Have you filed a bug yet?
<persia> (about the boot)
<raphink> no, I've been searching through the bugs on LP
<raphink> ideally, we'd get rid of plymouth
<raphink> but there's a bug that is marked as invalid about too strict deps on plymouth
<persia> No, plymouth is essential.  Nothing else handles boot-time IO.  Using text mode, it doesn't even do much GUI stuff.
<persia> I'd recommend filing a bug against upstart: it shouldn't half-start a system without giving you useful output.
<raphink> well currently we haven't checked the console output
<raphink> we'll go to the machine room this afternoon hopefully to have a look at it
<persia> That's worth checking: I suspect that it will give you a better target for the bug report.
<raphink> ok
<raphink> thanks for your time
<bronto2> what would one enable on apache to get .htaccess stuff working? i just need to pass protect a certain folder
<_ruben> AllowOverrides
<_ruben> and you dont need .htaccess for that per se, can be done in (global) config just as well
<bronto2> _ruben, yes i see, seems everything is configured, but still not working
<_ruben> not working? tell it to get a job then
<binBASH> _ruben: /etc/glusterfs/store01-tcp.vol 8.1T  116M  8.1T   1% /mnt/storage
<binBASH> working with the lucid packages ;)
<_ruben> binBASH: nice, i should run some tests with it as well, might have some usecases for it
<binBASH> _ruben: Well I only run it with 100 Mbit though
<binBASH> provider doesn't have gbit :p
<binBASH> so only 5.8 MB /sec for writes
<binBASH> but I don't need fast storage
<binBASH> can live with that.
<bronto2> _ruben, i have some other users, that cannot access global conf, so i'd like this to work via htaccess
<bronto2> anything wrong with this http://pastebin.com/fq9ZVSwP ?
<_ruben> bronto2: looks good, tho it being only a partial config, cant say anything definitive about it
<bronto2> hmm, there is no AllowOverrides directive in apache2.conf
<bronto2> but should defaults to ALL right?
<_ruben> a sane config sets the default to None
<smoser> mdz, fyi, i found a bug that had us not un-publishing our daily images, which caused the ramp up
<smoser> in ec2 images as reported by cloudmarket
<mdz> smoser, nice work
<mdz> might save us a few pennies on our S3 bill too ;-)
<lau> hello, runing hardy + samba 3.0.28 I have an error log like
<lau> create_builtin_users: Failed to create Users
<lau> any idea to fix this please ?
<ttx> smoser: any reason why "Ubuntu Server EC2 EBS (Europe) amd64 (ami-8b705aff)" has no registered results so far ?
<smoser> humans suck
<smoser> i tested, just didn't record
<smoser> ttx, fixed
<ttx> smoser: thanks !
<ttx> smoser: I hit the "no ssh connection" issue on amd64 UEC images quite a few times, I confirm it looks like a timing issue, the slower i386 image didn't hit it in my tests
<smoser> ttx, did you get console logs ?
<smoser> because there are 2 possible issues
<smoser> and one i have much less understanding on
<ttx> smoser: yes, I have it, let me pastebin it
<ttx> smoser: http://pastebin.ubuntu.com/419841/
<ttx> it's the test with your test userdatafile
<smoser> is that system u p?
<ttx> smoser: shows hello world alright
<ttx> smoser: no longer
<ttx> i can reproduce it if need be though
<smoser> thats bug https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/565018
<uvirtbot> Launchpad bug 565018 in cloud-init "instance is not reachable via ssh" [Undecided,New]
<smoser> and i have been extremely unsuccessful in reproducing it with some debug on
<smoser> i've run probably 2000 instances trying to
<ttx> smoser: it's also a metadata service issue ?
<smoser> no. i dont think so.
<smoser> i have no clue on this.
<ttx> try 19/20 ?
<smoser> wait, where ?
<ttx> smoser: in your bug comments
<smoser> (note, the 19/20 stuff is just bad, it zero based counting)
<smoser> ttx, the comment... the 25 cases that have that in their logs are *not* your bug
<smoser> that you're sseeing, and that i can't reproduce easily
<smoser> i have some info i'd like to get if it reproduces
<smoser> 1.) want to collect successfully the error messages from ssh when you connect
<ttx> I can reproduce it if you need
<smoser> 2.) want to try ssh-keyscan and get those errors
<smoser> 3.) ideally turn debug on in upstart, but that seems to reduce likelyhood of error
<smoser> ttx, for 1 and 2 if you can get a recreate, please collect
<ttx> on my way
<smoser> for 3 if you can install the cloud-init from https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/566792
<uvirtbot> Launchpad bug 566792 in eucalyptus "UEC guests sometimes fail on consuming user data (metadata service isn't ready)" [High,Confirmed]
<smoser> when you dpkg -i that, it will tell you how to enable upstart debug
<smoser> the problem with upstart debug is that due to bug 566793 you can't get all the console data if you use upstart debug
<uvirtbot> Launchpad bug 566793 in eucalyptus "euca-get-console-output gives first 64k of output, not most recent" [Low,New] https://launchpad.net/bugs/566793
<smoser> its too verbose
<ttx> smoser: hm, can't reproduce it now
<smoser> maybe you need to change the way you're sitting in your seat
<smoser> :-(
<uvirtbot> New bug: #527933 in bacula (main) "wuiso" [Low,Invalid] https://launchpad.net/bugs/527933
<smoser> i would really like to get debug on this, because I can't come up with any idea as to why its not working.  it seems to me that the cloud-init-cfg stuff is just not getting started (ie, upstart jobs not running)
 * ttx grumbles
 * ttx scraps his topology3 setup that now works like a clockwork and tries a topology 2
<smoser> ttx, for this  i really dont think its topology based at all
<smoser> i think its racey inside the image itself
<ttx> smoser: sure, but I need to cover the missing ISo tests more than I need to chase heisenbugs
<smoser> because cloud-init ran, and sshd ran (runs on 'filesystem' event, same as the cloud-init-cfg events)
<ttx> one never knows, it might reappear and be time-since-registration-sensitive
<smoser> or due to having '.tar' regex in the manifest name :)
<ttx> smoser: do I detect some sarcasm ? :)
<ttx> how can you tell, looking at the console logs, the difference between bug 565018 and bug 566792 ?
<uvirtbot> Launchpad bug 565018 in cloud-init "instance is not reachable via ssh" [High,Confirmed] https://launchpad.net/bugs/565018
<ttx> smoser: ^
<uvirtbot> Launchpad bug 566792 in eucalyptus "UEC guests sometimes fail on consuming user data (metadata service isn't ready)" [High,Confirmed] https://launchpad.net/bugs/566792
<smoser> ttx, look at http://launchpadlibrarian.net/44832884/guest-error.log and http://launchpadlibrarian.net/44479315/console.fail.1.txt
<smoser> firs is the "fail on consuming"
<smoser> see, it falls all over the place , all the cloud-init-cfg stuff runs, but fails because its got no metadata
<smoser> in the second, the stuff either runs quietly to success or not at all
<ttx> smoser: it's that verbose even with the default image ?
<smoser> there are no python trace
<smoser> yeah... the python throws error
<ttx> ok, then I definitely have been hitting 565018
<ttx> I don't remember ever seeing those python stacktraces in console logs
 * ttx fixes iso test results accordingly
<smoser> well, if/when you do, please get 'ssh -v instance-ip 2>err.txt 1>out.txt' and 'ssh-keyscan instance-ip 2>err.keyscan 1>out.keyscan' please
<smoser> ttx, well, you shoudln't see them :)
<ttx> excellent.
<baffle> kirkland/nijaba: RH has produced the library "netcf" [https://fedorahosted.org/netcf/] for configuring/polling network configuration. This library is (in theory) distribution-agnostic, but lacks a backend for Ubuntu/Debian. The library is used by libvirt to support advanced (remote) network configuration/usage, and virt-manager now expose this as well. There is also talk about using it in NetworkManager [https://fedoraproject.org/wiki/Features/Shared_N
<baffle> "Someone" should write a new backend for Netcf so that libvirt in Ubuntu can use these new features. It is written in C, and will need a developer that also is knowledgeable in network configuration "the Debian way".
<baffle> I propose that this is written up for discussion at UDS. I do not think the community will develop this, due to it being so tightly coupled with the distribution.
<baffle> (Okay, this is possibly ML material, but I don't really hang around in them much.. :-))
<ttx> zul: could you cover the amd64/printserver and amd64/postgresql ISO tests ?
<zul> ttx: yep
<diago> in fstab for lvm do you use /dev/lvm-raid/shares or the /dev/mapper  device?
<kirkland> baffle: thanks, answered in #ubuntu-virt, though I will copy here for everyone else's benefit
<kirkland> <kirkland> nijaba: baffle: hi guys, I am familiar with netcf, i'm tracking its progress
<kirkland> <kirkland> nijaba: baffle: I'd very much like to see it packaged and used in Ubuntu in Maverick
<kirkland> <kirkland> nijaba: baffle: that's not a commitment, though
<kirkland> <kirkland> nijaba: baffle: but I will put together a spec
<baffle> kirkland: Wunderbar (from #ubuntu-virt)
<kirkland> baffle: ;-)
<kirkland> baffle: what's your LP id?
<kirkland> baffle: i'll subscribe you to the blueprint (once I get around to writing it)
<baffle> kirkland: Hmm. Either dag-stenstad, or dag.stenstad@ventelohosting.no or baffle. :-) Not sure wich is my ID, really. OpenID is https://launchpad.net/~dag-stenstad
<kirkland> baffle: cheers
<baffle> kirkland: I'm so confused! Wich is my ID? :)
<kirkland> baffle: s/^.*~//
<kirkland> baffle: dag-stenstad
<ummagumma> hi everybody! does anyone knows a channel for wxpython without the need to get a registry?
<ttx> smoser: meeting time ?
<ttx> (nm)
<osmosis> kirkland, where do we register our test results? also, sounds like UEC testings is high priority for lucid release.
<kirkland> osmosis: http://iso.qa.ubuntu.com/
<uvirtbot> New bug: #494141 in samba (main) "CUPS starts after SAMBA; printers are not available" [Undecided,New] https://launchpad.net/bugs/494141
<smoser> kirkland, the oops... its the emulated scsi device
<kirkland> smoser: oh, is it?
<kirkland> smoser: well that's not a kernel thing then
<smoser> yeah. i duped hggdh's to my bug that i'd previously opened on that.
<smoser> searching for numbers
<smoser> bug 564924 is dupe of bug 546458
<uvirtbot> Launchpad bug 564924 in linux "UEC guest sometimes gets kernel OOPS (dup-of: 546458)" [Medium,Confirmed] https://launchpad.net/bugs/564924
<uvirtbot> Launchpad bug 546458 in qemu-kvm "kernel NULL pointer in -virtual (-server) kernel" [Low,Confirmed] https://launchpad.net/bugs/546458
<eagles05138785> hummm what am i looking for
<eagles05138785> !lucid
<ubottu> Lucid Lynx is the codename for Ubuntu 10.04, due April 29th, 2010 - Lucid is NOT released and is NOT stable - Discussion and support only in #ubuntu+1 - Development Schedule: https://wiki.ubuntu.com/LucidReleaseSchedule
<eagles05138785> not what i want either
<eagles05138785> anyone have a link to where i can get the beta 2 of ubuntu server
<jdstrand> kirkland, smoser, ttx: fyi, I added an fd leak check to test-libvirt.py in QRT. it only tests start/destroy, but more can be added if needed
<jdstrand> that will hopefully help moving forward
<kirkland> jdstrand: neat :-)
<cloakable> 8 days :D
<Jeeves_> RC tomorrow
<guntbert> eagles05138785: http://cdimage.ubuntu.com/ubuntu-server/daily/current/
<eagles05138785> ty guntbert
<guntbert> eagles05138785: you're welcome :-)
<eagles05138785> Jeeves_: would rather get it now and have something to install with then wait till release when everyone is fighting for a piece of lucid
<eagles05138785> fighting for a piece of the lynx haha
<cloakable> heh
 * cloakable will wait a bit
<shrini> team: need help on nfs client
<eagles05138785> cloakable: regardless of it being the beta u install with or the rc you still get the same updates
<eagles05138785> thanks again guntbert :)
<shrini> My share is disconnected intermettenlt
<shrini> y
<shrini> need help on finding the casue
<cloakable> eagles05138785: Yeah, but I'd rather wait for stable, then the first round of updates to make sure it's stable :P
<eagles05138785> everyone to their own so i say hehe
<Jeeves_> eagles05138785: I'm allready running it for about 5 months
<eagles05138785> ya been on it since early alphas
<eagles05138785> since late alphas on my server early alphas on vm on my desktop running kubuntu
<eagles05138785> would rather do a clean install on my server then upgrading so i dont have any reminants of karmic around hehe
<ajsie> what have they improved in ubuntu server 10.4?
<hggdh> kirkland: really, eucalyptus is not doing garbage collection. Memory usage at the CC and CLC is still high, after 5+ hours of idling
<jdstrand> kirkland: I noticed you said that you wanted to fix bug #562266
<uvirtbot> Launchpad bug 562266 in libvirt "Make virt-pki-validate usable on Ubuntu" [Medium,Triaged] https://launchpad.net/bugs/562266
<jdstrand> kirkland: fyi: ubuntu26 is already in the queue and it might be nice to fix bug #565380 in the process
<kirkland> jdstrand: what do you think?
<uvirtbot> Launchpad bug 565380 in libvirt "postinst fails if missing user is in the admin group" [Low,Triaged] https://launchpad.net/bugs/565380
<jdstrand> I'm fine with fixing these things before release, cause it is easier than SRU, taking into account risk of regression, etc , etc
<jdstrand> kirkland: 565380 is super low risk (we add an '|| true')
<kirkland> jdstrand: gotcha
<kirkland> jdstrand: sure, assign that to me, i'll do an upload that fixes those two
<kirkland> jdstrand: i'm doing an interview right nw
<jdstrand> kirkland: mostly I just wanted to make sure you grabbed ubuntu26 before doing anything :)
<kirkland> jdstrand: of course ;-)
<jdstrand> kirkland: k
<kirkland> jdstrand: you're welcome to snag those bugs if you like, too :-)
<jdstrand> well, I meant to do the 565380, but forgot
<jdstrand> as for the other, I don't know much about it tbh
<maddhat> Hey everyone,  trying to get ubuntu server karmic netboot working but it says it cant find the ethernet driver.  any way to manually add it to the boot img?
<uvirtbot> New bug: #567623 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/567623
<sabator> Where is the best tutorial for gdm over ssh ?
<RoyK> sabator: gdm over ssh?
<RoyK> or just X over ssh?
<bluethundr_> I am attempting to install courierauthlib from source because i would like some finer grain control over the options... configure runs ok, but afterwards when I try to make the app it craps out, and I could use some help interpreting the output..
<bluethundr_> http://pastebin.com/avPiV9w4
<RoyK> perhaps handle-exceptions?
<Guest95767> I am trying to install Ubuntu-or-Debian server in a Xen Guest, on a non-Debian/Ubuntu Xen host.  How/where do I tell the Debian Xen guest's installer to use a preseed file on an nfs volume?  Some parameter at 'xm create ... install-extra="..."' &/or  the Xen cfg's 'extra = ...' clause.
<RoyK> -f
<Guest95767> So far, I've failed to get the guest to see the nfs mount.  It *does* launchg the manual/interactive installer,though ...
<RoyK> bluethundr_: try to remove -fhandle-exceptions
<bluethundr_> RoyK: what is the best way to accomplish this? (i.e. remove -fhandle-exceptions)
<RoyK> bluethundr_: in /home/bluethundr/courier-authlib-0.63.0/gdbmobj/Makefile I guess
<bluethundr_> RoyK: that did it...thanks
<smoser> kirkland, or ttx, how do i manually register an NC ?
<smoser> it seems it didn't "just work". that might be because i re-installed it, but on the re-instal it didn't get registerd
<smoser> never mind. it did. user error.
<electro_> Is there a channel for EUC ?
<RoyK> electro_: #ubuntu-could, but this one works as well
<electro_> RoyK: are you running an EUC cloud?
<RoyK> electro_: no
<RoyK> electro_: I was looking into it, but it seems hard to make it truely redundant, so I guess we'll find another solution
<_Trullo> I installed ubuntu server, did apt-get install xinit , now when I startx a error message, xrdb command not found, X not merged
<RoyK> _Trullo: if you want X on your server, I'd say Ubuntu Desktop is a better way to start
<RoyK> there aren't really much difference between ubuntu server and desktop, just a few kernel changes, and you can install ubuntu server kernel later
<_Trullo> I just want X to work
<RoyK> gui on the server?
<electro_> RoyK: what problems does it have with redundancy?
<_Trullo> probably won't be there anyway
<electro_> RoyK: Im interested to see how it handles a master failure
<RoyK> electro_: there really isn't a good way to make the front-end redundant
<electro_> yeah
<Hypnoz> Upgrading a server from 7.10 to 8.04, I copied the 8.04 sources.list, then did apt-get update && apt-get upgrade
<Hypnoz> however a lot of packges were "kept back"
<RoyK> Hypnoz: the right way is 'do-release-upgrade'
<RoyK> or is that just in newer distros?
<persia> That's in newer things.
<RoyK> ok
<Hypnoz> apt-get dist-upgrade?
<persia> But "newer" in this case appears to include 7.10 :)
<RoyK> hehe
<persia> Hypnoz: More of a concern is that do-release-upgrade appears to upgade you to the latest release (9.10 in this case).
<electro_> RoyK: is there anything better you are testing?
<Hypnoz> persia: exactly, I didn't want to upgrade to the newest ubuntu release, just 8.04 LTS
<RoyK> electro_: we might be using xen or perhaps paying a lot for vmware
<persia> Hypnoz: apt-get dist-upgrade is probably safest (but I may be wrong).  Once you have 8.04, you want to do do-release-upgrade to get to 10.04 (post release)
<Hypnoz> so I put that sources.list in and did apt-get upgrade
<Hypnoz> I don't want 10.04
<persia> apt-get upgrade is too careful.
<Hypnoz> i want 8.04 LTS
<RoyK> apt-get dist-upgrade is a start
<Hypnoz> will dist-upgrade push me past 8.04?
<persia> Hypnoz: Right.  Not now.  Later.
<RoyK> do-release-upgrade takes you to the next (lts) release
<persia> Hypnoz: Use `apt-get dist-upgrade` for now.
<RoyK> Hypnoz: no
<RoyK> Hypnoz: it'll take you to the next lts
<RoyK> the last lts is 8.04
<Hypnoz> ok
<persia> Hypnoz: Sometime between now and the release of 12.04, you'll find your life simpler if you later run do-release-upgrade to get to 10.04 LTS.  You may want to wait up to two years for this.
<RoyK> but roll back your sources.list first
<persia> RoyK: Are you sure?  I thought do-release-upgrade went to LTS only for LTS installs, so a 7.10 install would try repeated upgrades to get to 9.10.
<electro_> RoyK: Im thinking you can do some sort of Active / Passive failover with the front-end
<RoyK> active
<_ruben> afaik, do-release-upgrade get you the next version, which by default is the next lts, but only for lts releases :)
<RoyK> persia: see /etc/update-manager/release-upgrades
<electro_> RoyK: so is EUC pretty much a VM infrastructure?
<persia> RoyK: Ah, right.
<persia> Hypnoz: Check that file and make *sure* it has "Prompt=lts"
<RoyK> electro_: it is, but it contains a single point of failure, the front-end
<persia> Hypnoz: If that has prompt=lts, do-release-upgrade should bring you to 8.04 LTS (as long as you run it before 10.04 LTS releases)
<Hypnoz> persia: in sources.list?
<RoyK> electro_: so unless you use drbd+heartbeat or something for that, all your VMs will go down if that box dies
<persia> Hypnoz: In /etc/update-manager/release-upgrades
<kirkland> ttx: fyi, i walked smoser through his node registration issue privately
<_ruben> do-release-upgrade wont allow you to skip releases (except for lts to next lts), so 7.10 should never get upgraded to 10.04 directly, or 9.10 for that matter
<Hypnoz> persia: there is no /etc/update-manager..
<persia> Ah, then 7.10 doesn't have that.
<Pici> do-release-upgrade will also prompt you before it does anything.
<persia> Yeah, modify sources.list and run `apt-get dist-upgrade` then.
<persia> Pici: But does it let you decide to only update to 8.04 if you want?
<ttx> kirkland: ack
<electro_> RoyK: do you have any documentation stating this redundancy issue?  I cant seem to google anything
<Hypnoz> wish apt-get dist-upgrade told me what dist it was going to upgrade to
<RoyK> electro_: it's pretty well known
<_ruben> also: https://help.ubuntu.com/community/HardyUpgrades#Network%20Upgrade%20from%207.10%20for%20Ubuntu%20Servers%20%28Recommended%29
<_ruben> basically: install update manager, run update manager ;)
<Hypnoz> _ruben: now that i've replaced sources.list with 8.04's, and did apt-get upgrade, do-release-upgrade shows "No new release found"
<Hypnoz> _ruben: I think I would have had to do that first
<Hypnoz> and cat /etc/issue shows 8.04.4 LTS so the system is upgraded, it just held back a lot of packages for some reason
<RoyK> lsb_release -r
<_ruben> Hypnoz: editing your sources.list to a newer version + running upgrade instead of dist-upgrade is a recipe for disaster
<persia> Hypnoz: I think you need to dist-upgrade to get out of this state.  `apt-get upgrade` is never enough to upgrade release-to-release.
<_ruben> Hypnoz: revert your sources.list and hope do-release-upgrade can fix the mess
<Hypnoz> RoyK: "Release:	8.04"
<persia> I don't think reversion is an option at this point: too much has been upgraded.
<_ruben> Hypnoz: or if feeling brave, run apt-get dist-upgrade and hope it wont break any further
<_ruben> when it does, you get to keep both/all pieces, though
<RoyK> Hypnoz: rebooted yet?
<Hypnoz> no i thought about that and doing another apt-get upgrade
<persia> Don't reboot!
<persia> And apt-get upgrade isn't going to help at this point.
<persia> It will not handle the transitions.
<persia> You need dist-upgrade for apt to do anything.
<_ruben> apt-get upgrade was never meant to change versions, that's what dist-upgrade was originally made for
<persia> do-release-upgrade might have worked, but ...
<_Trullo> is ctrl-alt-del disabled in ubuntu-server? :)
<Hypnoz> no
<persia> Just check the output when apt tells you want it plans to do very carefully.
<RoyK> don't think so
<_ruben> do-release-upgrade basically does a dist-upgrade, but has some extra tricks up its sleeve to handle known upgrade problems
<_ruben> _Trullo: not by default, but can be done
<RoyK> _Trullo: it was changed to ctrl+alt+shift+esc+backspace+f+u+v+m
<Hypnoz> persia: result of apt-get dist-upgrade http://dpaste.de/FRw9/
<RoyK> Hypnoz: Y
<_Trullo> hehe
<_ruben> Hypnoz: looks sane to me
<Hypnoz> it doesn't tell me what release its going to put me at
<persia> Hypnoz: Looks reasonably safe to me: nothing is being removed.
<_ruben> (considering the circumstances)
<RoyK> Hypnoz: it doesn't
<Hypnoz> it could keep me at 8.04 or send me to 9.10
<RoyK> 8.04 afaik
<_ruben> Hypnoz: dist-upgrade isnt gonna change releases for you, ever, not without you editing the sources.list
<RoyK> _ruben: didn't he change that?
<Hypnoz> yeah i put sources.list to 8.04
<_ruben> RoyK: to 8.04 yes, so that's where he'll stick
<persia> Then dist-upgrade will take you to 8.04.
<RoyK> yeah
<persia> But next time you upgrade, please consider do-release-upgrade :)
<_ruben> (in a non-supported way though)
<persia> Right.
<_ruben> +1
<persia> Well, we're kinda supporting it, but we offer no guarantee it won't break.
<RoyK> looked a little small amount of packages to take him all the way to 8.04, though
<_ruben> no guarantees for do-release-upgrade either afaik ;)
<Hypnoz> RoyK: a lot were upgraded in apt-get upgrade
<persia> RoyK: Remember, it'S post `apt-get upgrade`: this is just the leftover transition stuff.
<RoyK> final solution: install Windoze!
<persia> heh, no.
<Hypnoz> RoyK: haha
<_ruben> apt-get upgrade did the "safe" part .. dist-upgrade takes care of the more trickier parts
<persia> No, it's not that smart.  It just does the unsafe parts.
<RoyK> apt-get upgrade takes you to the latest x.x.x, where dist-upgrade takes you to the latest x.x
<persia> But for this specific set of packages, it seems to be only removing an obsolete library, and an obsolete way of identifying storage devices.
<_ruben> RoyK: eh?
<persia> RoyK: Hrm?  No.
<RoyK> as upgrade takes you to the latest 8.04.2 and dist-upgrade takes you from 8.04.2 to 8.04.3
<persia> RoyK: safe-upgrade will never remove anything.  dist-upgrade will.
<Hypnoz> seems like updating sources.list to 8.04 was correct, i should have just done dist-upgrade instead of upgrade
<_ruben> Hypnoz: not really ;)
<_ruben> install update-manager-core + running do-release-upgrade would've been correct ;)
<qman__> upgrade also won't install new packages, such as kernel updates, where dist-upgrade will
<_ruben> or atleast the recommended approach
<persia> Hypnoz: Ideally you would have run do-release-upgrade, but yeah, *if* you've already fiddled your sources.list and want to upgrade with apt, dist-upgrade is the correct command.
<persia> qman__: Oh, new dependencies are blocked also?  That makes sense.
<_ruben> correct
<_ruben> kernel upgrade without abi changes are taken care of by upgrade iirc
<RoyK> apt-get install windowsxp
<Hypnoz> sweet after dist-upgrade I'm at Ubuntu 8.04.4 LTS \n \l
<Hypnoz> and apt-get upgrade shows "0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded"
<Hypnoz> hooray for me not being fired!
<Hypnoz> ;)
<_ruben> Hypnoz: you got fairly lucky though ;)
<_ruben> apparently your set of installed packages isnt complex enough for dist-upgrade to fail ;)
<_ruben> (dist-upgrade with altered sources.list that is)
<Hypnoz> I guess, but dist-upgrade was made for this purpose
<Hypnoz> to have it not work would be silly
<_ruben> Hypnoz: its ancient and cant handle certain upgrades/packaging changes, that's why do-release-upgrade was invented, to work around those issues
<Hypnoz> _ruben: sounds good i'll keep it in mind next time
<persia> Hypnoz: You really should have an /etc/update-manager directory now.
<persia> You're running 8.04, but you really want "Prompt=lts" in there if you want to be running 8.04 LTS.
<persia> Just so the next upgrade is really to 10.04 LTS, and not to something else.
<persia> (not that this is going to happen anytime soon)
<Hypnoz> 10.04 LTS won't happen within the next 6 months?
<jpds> Hypnoz: More like next week Thursday.
<persia> The release is the 29th, but as you're just upgrading from 7.10 today, I'm guessing you won't plan on upgrade to 10.04 for a bit :)
<mathiaz> Hypnoz: *upgrading* from 8.04 LTS to 10.04 LTS should be automatically enabled in July when 10.04.1 (the first point release) is released
<mathiaz> Hypnoz: note that upgrading from 8.04 LTS is already possible (and suggested)
<mathiaz> Hypnoz: the end user is not automatically offered the choice yet
<_ruben> mathiaz: not quite following you here, what exactly will change at 10.04.1 ?
<mathiaz> _ruben: when you open update-manager and you've configured your system to only upgrade from LTS to LTS, you'll only see a message stating that there is a new release available around 10.04.1
<_ruben> mathiaz: ahh ok
<_ruben> sounds sane enough :)
<mathiaz> _ruben: people running karmic will see a message that a new release is available as soon as 10.04 is available
<_ruben> also sane enough :)
<smoser> ok. google is fialing me.  is there a way to preseed an apt-get upgrade ? i know that it is going to prompt for 2 questions. 'grub2/linux_cmdline' for example.
<smoser> is there a way to feed my answer , like preseed install, but for apt or dpkg
<mathiaz> smoser: debconf-set-selections
<persia> smoser: Sure.  You can preseed any debconf value.
<smoser> thats what i wanted. debconf-set-selections. thank you mathiaz
<smoser> thanks persia
<mathiaz> smoser: that should work for most of the packages
<mathiaz> smoser: some packages might reset the debconf database
<persia> `echo "buildd shared/accepted-sun-dlj-v1-1 boolean true" | debconf-set-selections` is the trick we used to use in schroots to build Java stuff.
<mathiaz> smoser: but that's a corner case
<persia> mathiaz: Isn't that typically a bug?
<mathiaz> persia: yeah - I agree
<mathiaz> persia: I haven't seen this though
<mathiaz> persia: It would be possible - but I agree it should be a bug
<persia> mathiaz: I know a package that does it, but it's not possible to install an Ubuntu system without that package, and that package has a well-documented way to preseed the values it doesn't reset.
<persia> But I'd *really* not like to see that used for packages that didn't meet that set of criteria :)
<mathiaz> persia: which package are you refering to?
<persia> console-setup
<persia> It rests *part* of its debconf stuff while doing discovery against it's (documented) preseeding.
<ziesemer_> I'm attempting to use LDAP for client authentication.  How can I get local users to have the proper groups, and possibly slightly different on a client-to-client basis?  I looked at /etc/security/group.conf, but it apparently only supports NIS netgroups, and not LDAP groups.
<kirkland> jdstrand: where can i get libvirt-*ubuntu26 from?
<kirkland> jdstrand: i was going to prepare ubuntu27 fixing those two bugs
<jdstrand> kirkland: unapproved
<kirkland> jdstrand: got it
<Dr_Alien> Hi all
<Dr_Alien> i need some help with installing LAMP
<Dr_Alien> ive just configured the ftp server however i noticed my apache isnt starting up
<_ruben> ftp isnt a standard part of lamp usualy ;)
<Dr_Alien> Yeah :)
<guntbert> Dr_Alien: what errors do you find in apache's logs?
<Dr_Alien> Cant see any logs currently bert.
<Dr_Alien> im a newbie at ssh commands :(
<_ruben> tail -30 /var/log/apache2/error.log
<guntbert> Dr_Alien: /var/log/apache2   should contain some
<Dr_Alien> tail: cannot open `/var/log/apache2/error.log' for reading: No such file or directory
<Dr_Alien> reimaging my server 1 sec. (on a cloud)
<Dr_Alien> i used this command.
<Dr_Alien> sudo tasksel install lamp-server
<jdstrand> kirkland: cool, thanks :)
<mean67> anyone in the boston area
<_ruben> Dr_Alien: that's supposed to give you a working lamp stack, then again, havent used that "task" for quite some time
<Dr_Alien> Ok its up now..
<Dr_Alien> any easy way of installing a ftp serveR?
<Dr_Alien> server*
<Dr_Alien> i want to put html files up to my server quickier than editing them in vi.
<_ruben> i tend to use pure-ftpd, but others might have different preferences like vsftpd or proftpd
<_ruben> or even better: scp/sftp
<mean67> anyone assist me with a UEC install that I am trying to do
<Dr_Alien> Ok
<Dr_Alien> Could you help me install this?
<Dr_Alien> im a total newbie at installations lol
<mean67> well I am just trying to set it up right
<_ruben> https://help.ubuntu.com/9.10/serverguide/C/ftp-server.html
<Dr_Alien> hmm interesting
<Dr_Alien> ok
<Dr_Alien>   
<Dr_Alien> /usr/sbin/vsftpd already running.
<Dr_Alien>                                                                          [fail]
<Dr_Alien> What would the default FTP username and password be?
<Dr_Alien> and what could i do to change the username and password
<kirkland> jdstrand: can you give this little patch an eyeball? http://paste.ubuntu.com/420015/
<kirkland> jdstrand: i think it's better (simpler) than the bug reporter's
<kirkland> jdstrand: and I think we can get it upstream
<kirkland> jdstrand: a) instead of changing every line that uses $SYSCONFDIR, just set it if unset
<Dr_Alien> Status:	Connection attempt failed with "ECONNREFUSED - Connection refused by server".
<kirkland> jdstrand: b) change \t to \s* to handle any leading whitespace
<Dr_Alien> Error:	Could not connect to server
<electro_> RoyK: Do you have a link that explains the Redundancy issue?
<kirkland> jdstrand: c) fix the bashism, rather than changing interpretters
<kirkland> jdstrand: opinion?
<_ruben> Dr_Alien: by default it most likely uses the same credentials as your local/ssh login
<Dr_Alien> Ok Thanks
<Dr_Alien> and what about the port number?
<_ruben> i'd guess 21, but you can check with netstat -lnt
<Dr_Alien> Ok
<Dr_Alien> its saying only annoymas connections can be done
<Dr_Alien> Response:	530 This FTP server is anonymous only
<_ruben> read the "User Authenticated FTP Configuration" section
<kirkland> jdstrand: updated, http://paste.ubuntu.com/420019/
<kirkland> jdstrand: part of this is fixed upstream already, part of it isn't
<wack479> would/should a mounted raid array cause the drive that it is mounted on to show as being "full"?
<Dr_Alien> where Ruben?
<Dr_Alien> _ruben where would i find that?
<SirStan> Any recommendations on a server 'panel' like cPanel?
<_ruben> Dr_Alien: the url i pasted earlier
<jdstrand> kirkland: did you test it? does @SYSCONFDIR@ get properly replaced?
<jdstrand> kirkland: otherwise that last paste seems fine
<kirkland> jdstrand: going to test, but that's what's currently upstream
<kirkland> jdstrand: otherwise, see my first paste; that's guaranteed to work :-)
<jdstrand> kirkland: yeah-- I just don't know if the autoconf bits are in 0.7.5 for that file
<kirkland> jdstrand: i'll test
<Dr_Alien> I saw :)
<jdstrand> kirkland: if it works as desired, go with it, otherwise your first attempt seems fine for lucid
<Dr_Alien> Ok, how do you save files in nano?
<kirkland> jdstrand: i've rebased the patch against git and will submit upstream too
<jdstrand> kirkland: excellent
<_ruben> Dr_Alien: ctrl+o .. it says so at the bottom of the screen
<_ruben> anyway im off to bed
<Dr_Alien> tc and thanks!
<kirkland> jdstrand: do you care what i number this patch?
<kirkland> jdstrand: 9023 is "next"
<kirkland> jdstrand: is that okay?
<jdstrand> kirkland: 9023 is just fine-- the 9xxx are Ubuntu only
<wack47> sry my irc froze, so im gonna ask again... would/should a raid array show the drive it is mounted to as being full?
<jdstrand> kirkland: before uploading, hold on a sec
<Dr_Alien> Ok, what would people say is the default password for FTP server?
<wack47> password bahahahaha
<kirkland> jdstrand: sure thing
<kirkland> jdstrand: debdiff is currently http://paste.ubuntu.com/420024/
<kirkland> jdstrand: i'm about to pbuild now
<wack47> anyone know about the raid?
<jdstrand> kirkland: actually, there is a another thing you should change
<jdstrand> kirkland:     echo make sure the gnutls-utils package is installed
<jdstrand> kirkland: that should be gnutls-bin on Ubuntu
<jdstrand> kirkland: (and Debian)
<kirkland> jdstrand: ga-noodles!
<jdstrand> kirkland: obviously not at all critical, but if inclined, since you are already in there, it would be nice
<jdstrand> hehe
<kirkland> jdstrand:
<kirkland>     echo "Could not locate the certtool program"
<kirkland>     echo "make sure the gnutls-utils (or gnutls-bin) package is installed"
<jdstrand> sure
<kirkland> jdstrand: hoping that wording might allow this to go upstream too
 * jdstrand nods
<kirkland> jdstrand: cool
<jdstrand> kirkland: that sed line is not quite right for our version of certtoll
<jdstrand> certtool
<kirkland> jdstrand: okay?
<wack47> should/would a raid array that is partially filled show the disk (filesystem) as full?
<jdstrand> kirkland: eg-- the sed looks for:
<jdstrand> Issuer: CN=Red Hat Emerging Technologies
<jdstrand> but our certool does something like:
<jdstrand> Issuer: C=US,ST=TX,...,CN=example.com,...
<kirkland> jdstrand: okay, so what should the sed look like?
<jdstrand> working on it
<kirkland> jdstrand: okay, i'm testing the autoconf change
<jdstrand> kirkland: sed 's+\s*Issuer: .*CN=\(.*\),.*+\1+'
<kirkland> jdstrand: cool, thanks, i'll jam that in
<jdstrand> kirkland: that should work for both formats
<jdstrand> kirkland: I can make that slightly better I think
<jdstrand> (I don't like the ',' business
<jdstrand> )
<kirkland> jdstrand: and still maintain RH compatibility?
<kirkland> jdstrand: essential for getting this upstream
<jdstrand> kirkland: of course
<kirkland> jdstrand: /me likes the way you said "of course"
<jdstrand> heh
<ziesemer_> Trying to patch and recompile a PAM module, pam_group.  Downloaded the sources, ./configure && make, but I don't have any *.so files - just *.la and *.lo .  What am I missing?
<genii> make install ?
<kirkland> jdstrand: fyi, i had to fix the SYSCONFDIR a little better
<kirkland> jdstrand: it can't work at all, in the way that upstream ships it
<kirkland> jdstrand: ie, $(SYSCONFDIR) can't evaluate
<wack47> should/would a raid array that is partially filled show the disk (filesystem) as full?
<jdstrand> kirkland: *sigh*
<kirkland> jdstrand: anyway, am i still awaiting your magic sed?
<jdstrand> kirkland: I tried for a while to use a single sed, but had to punt and do two:
<jdstrand> sed 's+\s*Issuer: .*CN=++' | sed 's+,EMAIL=.*++'
<jdstrand> kirkland: feel free to play with it, but it is eluding me
<kirkland> jdstrand: can't that be: sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'
<jdstrand> kirkland: I need to get back to iso testing :)
<soren> jdstrand: You know you can just ...
<soren> kirkland: Yeah what kirkland just said :)
 * kirkland high fives soren
<jdstrand> is -e portable?
<soren> I believe it is.
<jdstrand> feel free to use -e and float it upstream then
<kirkland> jdstrand: hmm, i use it a lot now in byobu, which people have running on dozens of distros and even OSX
<soren> At least the docs don't say it's a GNU thing, which I find they're usually pretty good at when that's the case.
<kirkland> jdstrand: ie, i get complaints about shell portability, but that hasn't been one i've heard
<jdstrand> k
<jdstrand> sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'
<jdstrand> ^ confirmed to work with both redhat and us
<uvirtbot> jdstrand: Error: "confirmed" is not a valid command.
<jdstrand> kirkland: ^ confirmed to work with both redhat and us
<kirkland> jdstrand: rock
<kirkland> jdstrand: and i confirmed that autoconf did it's thing
<jdstrand> kirkland: you might want to mention that this works with gnutls 2.8.5 specifically
<jdstrand> kirkland, soren: incidentally, what I really wanted to do is a single regex. that is what was eluding me :\
<kirkland> jdstrand: here's what i'm sending upstream http://pastebin.ubuntu.com/420045/
<kirkland> jdstrand: okay, i'm firing off an upload, and the upstream patch
<jdstrand> kirkland: sounds good, thanks
<jdstrand> though that regex was a group effort :)
<kirkland> jdstrand: ;-)
<wack47> should/would a raid array that is partially filled show the disk (filesystem) as full?
<wack47> hmmm
<omar8102> hola a todos
<wack47> hello
<wack47> should/would a raid array that is partially filled show the disk (filesystem) as full?
<wack47> should/would a raid array that is partially filled show the disk (filesystem) as full?
<wack47> oops
<ziesemer_> I wouldn't think so.  What are you using to view?  df ?
<osmosis> When I lose contact with my ubuntu server at the colo, I have to call the colo and ask for a reset. Is there any way for me to diagnos the cause of the system outage? Appears to be a crash, but without console access before the reboot...i have no idea what the cause is.
<flyback> osmosis, what country you in?
<osmosis> flyback, usa
<flyback> ah is it your own physical server?
<osmosis> flyback, yes
<flyback> you might want to consider one of these if you can spare a pci slot and can hold a full length
<osmosis> flyback, are you gonna say IPMI ?
<flyback> http://webdevsys.com/lightsOut.htm
<flyback> yeah
<flyback> well not ipmi necessarily
<flyback> is it a brand name box
<osmosis> flyback, i actually have an IPMI card..but i cant configure it because its not supported by ubuntu hardy kernel. Once i upgrade to lucid, it will likely be supported.
<flyback> actually
<flyback> you should be able to use the card anyways
<flyback> it should have it's own cpu, ram etc
<flyback> you just won't be able to monitor hw resources or console
<flyback> but you would be able to power cycle or reboot
<flyback> also if it has a virtual serial port on it you could tell the console to use that
<flyback> console=ttyS1,38400
<flyback> etc
<flyback> also if you configure it to support acpi power button event and you configure your linux to reboot if some tapes the power button
<flyback> should all be possibly without needing a direct driver
<flyback> anyways.... just some ideas
<flyback> AAAAAAAAA
<flyback> brb
 * flyback goes to numb his dying tooth
<mathiaz> smoser: hi!
<smoser> hi
<mathiaz> smoser: I'm trying to detach a device using virsh
<mathiaz> smoser: and run into the following issue: http://paste.ubuntu.com/420077/
<smoser> mathiaz, i dont know. i haven't tried using virsh to detach.
<smoser> i've tested in kvm in the console
<mathiaz> smoser: how do you detach usually?
<smoser> and with eucalyptus
<smoser> i rarely use libvirt
<mathiaz> jdstrand: I'm trying to detach a device using virsh
<mathiaz> jdstrand: and run into the following issue: http://paste.ubuntu.com/420077/
<smoser> mathiaz, so, eucalyptusdoes do this
<smoser> other than its not virtio
<smoser> its scsi
<smoser> so that could actually be the difference
<mathiaz> smoser: right - that being said I'm using an older version of libvirt
<mathiaz> smoser: so the lucid version of libvirt may be fixed
<smoser> oh, then easy answer
<smoser> upgrade
<smoser> :)
<mathiaz> smoser: :)
<smoser> mathiaz, but basically it woudl appear to be a bug in the libvirt screen scraping / expectation of kvm
<mathiaz> smoser: libvirt screen scraping?
<smoser> libvirt screenscrapes kvm console
<smoser> s/console/monitor/
<smoser> err... whatever its called
<smoser> the thing that you would type into if you didn't use libvirt
<persia> Does it really reinterpret SDL output, or does it tell KVM to provide a text stream?
<smoser> well it doesn't do graphics to text
<smoser> it gets a text stream
<smoser> but it still 'scrapes'
<smoser> ie, the output changes, its not an api to kvm
<jrwren> in the topic, doc and resources link says http://tinyurl.com/ubuntuserv but tinyurl says it can't find sites url to redirect to
<genii> jrwren: I believe it may have pointed to: https://help.ubuntu.com/9.10/serverguide/C/index.html previously
#ubuntu-server 2010-04-22
<mdp_ona> anyone here familiar with doing an install to a FC san?  I need a bit of help
<mdp_ona> the installer seems to see the san when it scans the scsi system but it shows IO errors
<mdp_ona> any thoughts?
<stiv2k> hello, i am missing the command add-apt-repository ... what package can this be found in? why don't I have it?
<Slidey> with uec where is the interface defined for dhcpd/dhclient? ive changed eucalyptus.conf to make hte privnet eth0 (rather than eth1), but after a restart its still using eth1
<JanC> stiv2k: it's in the 'python-software-properties' package
<stiv2k> ty
<JanC> you can always search on packages.ubuntu.com for such things
<arrrghhh> anyone use their ubuntu server to play music via mpd locally?  i'm having issues, and it's almost certainly because there's no sound drivers installed by default in ubuntu-server (i would assume) so what should i use?  alsa?
<persia> arrrghhh: Are you sure?  My recent lucid server install which I very much never intentionally installed any audio software has a full ALSA stack loaded.
<persia> *on which*
<JanC> arrrghhh: ALSA should be what to use, and the -server kernel should have audio drivers as you need that for e.g. asterix
<persia> Or screaming DC alarms, if you set it up that way :)
<arrrghhh> hrm.  it's a lucid server install, i have no alsamixer.
<arrrghhh> plus mpd has an alsa input configured, but i can't get it to even start playing anything.
<JanC> alsamixer is an application...
<arrrghhh> i just want mpd to play music.  i also made an assumption about alsa.  how can i tell if it's installed (properly) or not?  this is a fresh install.
<persia> arrrghhh: Try just running alsamixer
<arrrghhh> <arrrghhh> hrm.  it's a lucid server install, i have no alsamixer.
<persia> If it doesn't work, install alsa-utils.
<JanC> the mpd user should be in the 'audio' group
<persia> Or install command-not-found, which will notify you of what you need to install when you don't have something.
<arrrghhh> yea, i can install that.  not sure if i needed/wanted to go that way.
<arrrghhh> persia, thanks for the tip!
<arrrghhh> JanC, i'll check the permissions of my user... it's either me or root running mpd i believe.  s/b me.
<JanC> mpd runs as user 'mpd' by default
<JanC> also, make sure it's configured correctly
<arrrghhh> JanC, even from the init script?
<JanC> arrrghhh: the init script should run it as user mpd
<JanC> thats' the default at least
<arrrghhh> ok.  is there a command to see what user is in which groups?
<arrrghhh> wait... i think i have a solution der.
<arrrghhh> alright.  there is an mpd user, and he is a member of the "audio" group.
<jongbergs> !topic
<ubottu> Please read the channel topic whenever you enter, as it contains important information. To view it at any time after joining, simply type /topic
<JanC> so, no problem for mpd to access the audio devices
<arrrghhh> JanC, how can i tell if alsa is functioning?  should i just install alsa-utils?
<JanC> that's a good option
<JanC> maybe the audio cahnnel is just muted  ;)
<arrrghhh> k.  my user is not a member of the audio group.
<arrrghhh> that's what i'm hoping :D
<arrrghhh> alsa-utils also intsalled alsa-base and linux-sound-base.
<jongbergs> hi, forgot to install lamp stack during server install on karmic, ca i install it directly from install cd..this computer do not have internet access..
<arrrghhh> "cannot open mixer: No such file or directory" - after i try to run "alsamixer"...
<arrrghhh> der.  sudo, sorry.
<jongbergs> hi, forgot to install lamp stack during server install on karmic, can i install it directly from install cd?..this computer do not have internet access..
<arrrghhh> jongbergs, why did you just resend that?
<arrrghhh> i don't see why you want a LAMP stack on a machine that has no internet.  i don't think you can install it from the CD w/o a fresh install, but i'm not positive.
 * flyback uses the remote bmc he enabled on a problemsome server at work, to remotely power cycle and save the day :)
<uvirtbot> New bug: #544545 in rng-tools (universe) "rngd doesn't start automatically" [Undecided,New] https://launchpad.net/bugs/544545
<persia> This really isn't a new bug.
<arrrghhh> alrighty all.  now alsamixer is installed, all the volumes were set at a minimum.  i turned them all up, and mpd still does not play... i guess it could be the conf file for MPD?  i'm pretty much using the defaults, i know it comes with an "example" output that uses alsa.
<arrrghhh> i restarted services and eventually the box to see if that would make a difference, unfortunately it did not.
<arrrghhh> hrm i also seem to have a problem with one of my init scripts.  it's pretty stupid simple, i've never really designed a startup script... but when i run the startup script by hand, it works (sudo /etc/init.d/keepass start).  if i restart the machine, it looks like keepass is running, but i can't hit the weppage.  if i kill the PID and start the script by hand after a reboot, it works
<arrrghhh> webpage*
<Gla> hey all, I've been working on a product that allows for real-time, brandable, communities to be created on the web and I was curious if you guys would like to take a look at what we have to offer.  We've been working with a lot of communities on IRC and Freenode to get their feedback.
<persia> Gla: Ubuntu has a massive web presence.  What extra features would you imagine would be considered beneficial?
<Gla> would you mind if I sent you the link persia?
<persia> I'd rather you told me about it.
<persia> And in-channel, where it's logged and others can comment.
<domas> gla: ever heard about launchpad?
<Gla> we add the ability for you to have real-time threaded conversations like that of Google Wave but much more simplistic
<domas> gla: ever heard about launchpad?
<Gla> yes
<domas> ok.
<Gla> though we're focused on the real-time communications piece of a community
<persia> I'm not sure we'd want that.  We already have too many communications media, most of which are threaded.
<domas> gla: anyway, feel free to offer your technology to canonical/launchpad people :)
 * domas whistles
<persia> domas: Why them instead of us?
<Gla> alrighty, will do
<Gla> I've actually been in talks with partnering with canonical, simply seeing some community feedback before hand
<ScottK> I suspect the part of the community that hangs out on IRC probabyl isn't looking for a web thingy to replace IRC.
<Gla> ScottK: yea I'm starting to think that
<Gla> getting like 0 adoption from this
<Gla> while when I show non-irc users they love it
<domas> =)
<Gla> so, it's really fucking interesting the psychology behind it
<domas> persia: because they're ones building communication at large? :)
<persia> !ohmy
<ubottu> Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.
<domas> persia: for all the web-presence :)
<Gla> oops, sorry!
<persia> domas: Well, bits of it.  freenode should be thanked, and we do use mailing lists sometimes :)
<domas> persia: oh yes ;-)
 * ScottK has tried web based alternatives to IRC and universally found them inferior in any way they were different.
<persia> Gla: I suspect it's a tools thing.  There's a bit of a barrier to entry for IRC, but once folks have become accustomed to using it as a tool, other things seem somehow less simple.
<ScottK> I think this is true.
<Gla> yea
 * persia has gone to some lengths to merge most non-irc realtime communications into IRC
<domas> IRC can sit in background, you can sit in multiple talks, you can re-enter communication at will, etc
<Gla> in the grand scheme of things IRC is a REALLY small community
<persia> Gla: undoubtably.
<domas> gla: in the grand scheme of things people use facebook ;-p
<Gla> yea
<Gla> but we still thought it would be the best place to start
<Gla> starting to think that's very incorrect
<ScottK> From an Ubuntu community perspective, Ubuntu Forums is probably a better place to start.
<Gla> so it sounds
<persia> And extra points for having an IRC gateway :)
<Gla> thanks
<Gla> how'd you know? we closed it
<persia> Oh :(
<Gla> sign up page?
<domas> :))
<uvirtbot> New bug: #253895 in kerberos-configs (main) "upgrading to 8.10" [Undecided,Confirmed] https://launchpad.net/bugs/253895
<Gla> we were using Freenode Auth at first
<Gla> then they got pissed
<Gla> shut us down
<domas> use fbconnect!
 * domas giggles
<persia> No.
<persia> Best to discuss things in advance so infrastructure providers don't get annoyed.
<twb> Doesn't surprise me they got pissed.
<twb> Web forums are just NNTP for people too stupid to configure a newsreader.
<persia> No.
<persia> They offer a couple features NNTP doesn't (like avatars, "beans" (or equivalent), etc.)
<twb> xfaces? ;-)
<twb> But yeah, I'll grant you that.  The short story is that they're features *I* don't use, so I dismiss them.
<persia> twb: OK.  Your mission, if you choose to accept it, is to write NNTP plugins for the top three forum engines in Ubuntu.
<domas> =)
<twb> I might do that if I routinely found discussion on forums useful.
<twb> The forum threads that google takes me to (for Ubuntu or otherwise) tend to be pretty vacuous.
<domas> I haven't had an ubuntu question answered by a forum :(
<persia> I've actually found some good answers on the forums for PEBKAC issues.
<ScottK> twb: I think that's about par for the course.
<ubuntu> how would i completely block all network activity? would ufw deny outgoing, and ufw deny incoming completely block all network activity
<twb> ubuntu: "sudo stop networking"?
<twb> Dropping all packets in INPUT and OUTPUT wouldn't affect routing (the FORWARD chain).
<twb> Note: you *really* don't want to do such things on a remote machine.
<jdstrand> ubuntu: the ufw stuff would work generally, but there are several things you'd need to do to stop all networking via iptables
<jdstrand> ubuntu: you'd want to make sure net/ipv4/ip_forward was set to 0
<jdstrand> ubuntu: and you'd want to adjust /etc/ufw/before.rules to not allow the stuff it does (eg, multicast, dhcp and some other stuff)
<jdstrand> ubuntu: the best thing to do is bring down the interface: eg 'sudo ifdown eth0'
<jdstrand> ubuntu: obviously, don't do that remotely
<arrrghhh> so i'm tryin to get mpd to play music thru my ubuntu-server... it keeps crashing everytime i try to play a file, and i'm not assuming it's lack of codecs.  i don't think ubuntu-restricted-extras is a good package to install on my server, i just need mp3 and aac (m4a) support...
<jdstrand> ubuntu: with ufw> that of course is in addition to setting the default policy to deny for incoming and outgoing and enabling ufw
<jdstrand> (like you said)
<ScottK> That or unplug the network cable.
<jdstrand> that works too :)
<jdstrand> quite well actually
<ScottK> Sometimes hardware solutions are the best.
<jdstrand> :)
<twb> Backhoe through the fibre
<ScottK> That's just a specific implementation of unplug the network cable.
<twb> You would think in a facility that doesn't allow cellphones, they'd use shielding to block the signal, wouldn't you?
<ScottK> If they did, there'd be no need to prohibit them
<twb> Sorry, I was thinking about the wifi case, and wandered into a rant about DoJ
<twb> ScottK: multiple layers of security
<arrrghhh> anyone use mpd with ubuntu-server?
<jdstrand> I do not
<jdstrand> arrrghhh: if it is crashing, there is surely a bug
<arrrghhh> i had it working previously, but i decided to wipe my server and start fresh.  i can't get it working now.
<arrrghhh> well i was thinking alsa at first, then mpd configuration, then i thought codces, but i'm pretty sure i just installed the correct codecs so i'm not sure where to turn now.
<jdstrand> sorry, I've got nothing :(
 * jdstrand wanders off
<arrrghhh> lol thanks
<domas> does one need to rerun GRUB after editing GPT ?
<twb> That would depend how you edited it.
<twb> I would say generally no (assuming grub 2).
<arrrghhh> don't you need to run "update-grub2"?
<domas> mmmm, the evil thing I did was creating a filesystem at different offset with same UUID (but that wasn't / or /boot)
<twb> That just updates the cfg file to point to the current kernels
<domas> server didn't boot afterwards :)
<twb> domas: you should NEVER have two filesystems with the same UUID (well, except LVM snapshots)
<domas> twb: well, I dropped old partition, created new one, then assigned same UUID via xfs_admin
<twb> So there was only one filesystem that that UUID at boot time?
<domas> yep
<twb> Hmm, I'm surprised that didn't Just Work
<domas> there was unreferenced space between two partitions that could have had partition header
<domas> I'm not sure if it is related
<domas> I have these six-core opterons that have miserable failures with karmic
<twb> You could easily fix that by zeroing those blocks.
<domas> mhm
 * domas reboots
<domas> ok, it didn't boot
<arrrghhh> so no mpd users?  does anyone play musically locally from their server?  or even an httpd stream?
<domas> reinstall takes nearly 10 minutes
<twb> arrrghhh: what was the actual problem?
<twb> domas: why don't you boot a live CD and just fix grub?
<arrrghhh> fresh install and i can't get mpd to play music.  crashes everytime i try.  at first it was showing volume n/a, but i changed mpd.conf to make the alsa config more basic, and now volume shows 100%.
<domas> twb: reinstall = Ctrl+N :)
<domas> twb: using live-cd requires flying to datacenter
<domas> or using java-UI remotely with some CD emulation
<domas> or building network recovery image
<twb> Ugh
<domas> and while this server is being reinstalled, I can break another one
<domas> :)
<twb> Just assign the live CD .iso to the second SCSI LUN
<twb> qemu -curses -hda foo.img -hdb rescue.iso or similar.
<domas> don't use virtualization
<twb> Oh, just those bloody KVM-over-IP things?
<domas> ssh server.mgmt; start /SP/console
<twb> Ah, serial-over-IP.  MUCH nicer
<domas> yup
<twb> I got a sheevaplug (OMAP-in-a-box) a while back, and I was pleasantly surprised that it's ttyUSB0 connector Just WorkedTM
<domas> saw some sheevaplugs around :)
<twb> Mine's running buildbot :-)
<domas> hah!
<domas> with distcc to all the computers connected to powergrid?
<arrrghhh> oh and i also thought it could be codecs.  i didn't install ubuntu-restricted-extras, i just want music... so i think i installed the proper gstreamer & faac codecs for mp3 & aac playback...
<twb> Catches pesky x86isms.
<twb> arrrghhh: "crashes" as in segfaults?
<arrrghhh> twb, well i'll be in ncmpc, and as soon as i hit "enter" on a song to play it, the connection is immediately lost, and when i check if mpd is running, it is not... i'm not getting errors in /var/log/mpd/mpd.log, wouldn't it show a segfault there?
<domas> 437 seconds since kernel boot, install done
 * domas waits for reboot
<arrrghhh> hey since i installed codecs i have new errors in mpd.log!!
<twb> arrrghhh: not necessarily.  dmesg(1) often reports segfaults.
<twb> mpd isn't modular, so I don't know what you mean by "install codecs".
<arrrghhh>  mpd[5406] general protection ip:b6e841b5 sp:b5369850 error:0 in libavcodec.so.52.20.1
<twb> mpd will have a strict Depends: on the decoder libraries it can use.
<arrrghhh> hrm.  where is the depends list?  i was hoping dependencies would've been taken care of by the initial install
<domas> meh, sucky part of these uninstalls is that we get ssh warnings
<domas> there's one quick fix
<domas> use same key each time :)
<twb> domas: ssh-add -R 10.0.0.1; ssh -oStrictHostKeyChecking=no 10.0.0.1
<twb> Hmm, not -R
<domas> twb: we use puppet to distribute ssh keys too
<domas> but have to re-authenticate puppet too
<domas> oh well :)
<twb> There was a way to tell ssh to remove entries from the host key list
<twb> If you want to be REALLY naughty, ssh -oUserKnownHostsFile=/dev/null
<twb> Ah, ssh-keygen -R 10.0.0.1
<domas> meh, hardy has 0.97 grub
 * domas runs update-grub
<twb> Does GRUB Legacy support GPT at all?
<twb> I always forget
<domas> well, it boots with installer-built GPT
<twb> Shrug; OK.
<domas> so, partially, yes
<domas> the odd part is that I don't even get grub menu
<domas> ok, let's check if it boots now :)
<domas> crap
<domas> does not
<twb> Are you doing the install with -- console=ttyS0?
<twb> Otherwise it won't propagate that into the grub config.
<domas> menu.lst has 'serial' line
<domas> hmmm
<ubuntu> jdstrand, ok and how do i disable all network interfaces
<arrrghhh> ubuntu you can restart networking if you have  that file configured
<arrrghhh> /etc/network/interfaces
<arrrghhh> twb, so any ideas?  I'm out.  I'm not sure how I got it working previously, other than I used pulse before.  I'd rather use alsa, pulse was a pain and I think the reason mpd stopped working on  my previous install.
<twb> Is pulseaudio installed?
<arrrghhh> twb, no, i'm tryin to do it with just alsa... is that not possible?
<twb> Are you working with a single, known-good audio file?
<twb> It certainly *used to* work with plain alsa; last time I used mpd, pulseaudio didn't exist.
<arrrghhh> i can focus on one file
<arrrghhh> yea, i like the concept of pulse but the implementation seems... poor.
<arrrghhh> or perhaps i'm not leveraging it properly, which is entirely possible as well.
<twb> Assuming that pulse is just esd2, I really don't see the point.  Anything intel-hda based probably has hardware mixing.
<arrrghhh> (i had to do horrible, horrible things to get it to run as a daemon/init script.  i guess that's "not recommended", it's supposed to be session-based)
<rafaelsoaresbr> do you know any online service that tests personal proxies?
<twb> rafaelsoaresbr: personal proxies of what?
<arrrghhh> yea, i like the idea of network audio that's relatively angnostic.
<arrrghhh> i couldn't get it to work tho
<rafaelsoaresbr> twb, I want to test my proxy server
<twb> rafaelsoaresbr: what kind of proxy?
<rafaelsoaresbr> twb, squid
<twb> So an HTTP proxy.
<twb> rafaelsoaresbr: What do you want to test about it?
<rafaelsoaresbr> twb, I've activated authentication
<rafaelsoaresbr> twb, so I want to known if was working
<twb> That doesn't require anything special on the server side.
<ubuntu> arrrghhh, i want to completely disable interfaces, i nano that interfaces file and it says aouto lo
<ubuntu> iface lo inet loopback
<arrrghhh> so that's your loopback
<arrrghhh> if you do "ifconfig" what do you get?  pastebin it pls.
<twb> The loopback interface is needed for some things (e.g. portmapper).
<ubuntu> then why are my wlan and ethernet active if not listed
<twb> ifconfig is deprecated; you should use "ip addr".
<arrrghhh> it is?
<twb> ubuntu: probably because you installed NetworkManager
<twb> ubuntu: did you install this server using the Server install CD, or the Desktop install CD?
<arrrghhh> on a server install?  interesting.
<twb> arrrghhh: I always blame NM until I see evidence to the contrary.
<arrrghhh> i like the output of "ip addr" much better.
<arrrghhh> twb, probably a good idea.
<ubuntu> ahh twb sorry i am on a desktop atm i want to make an encrypted system on my laptop that has no internet connection so im asking ahead of time
<domas> twb: update-grub didn't help, grub-install did
<domas> soooo, parted corrupts grub on GPT
<domas> good to know
<twb> domas: well, yeah; update-grub writes menu.lst; grub-install writes the MBR
<domas> hehe, so I figured
<twb> But I don't know why parted would "corrupt" grub.
<twb> It might be that grub legacy on GPT does a lilo style "just remember the block offset" instead of actually grokking the GPT layout.
<persia> domas: It *can* work (e.g. some forms of the parted based installer work).  gdisk may be more suitable for some of your tasks.
<ubuntu> this way the only way files come on and off are via disks so no way to hack my personal files
<twb> persia: I've never heard of gdisk.  Is it a GUI for something?
<arrrghhh> twb, so i'm guessing you're not a mpd guru... how about codecs?  i don't really think installing ubuntu-restricted-extras is a good solution for just music playback...
<persia> twb: It's fdisk for GPT (in lucid)
<ubuntu> i figured the server side would know more about blocking network interfaces and ufw
<domas> persia: well, parted works, as long as you rewrite MBR record afterwards
<rafaelsoaresbr> twb, http://pastebin.com/r23gAqT7 That's my squid.conf. take a look at lines 21-25, 54 and 56. how does it looks like?
<twb> persia: hmm, why not GNU fdisk/cfdisk, which back onto libparted?
<arrrghhh> ubuntu, disconnect the cable turn off the wlan switch.  nothin better.
 * persia points at random upstreams vaguely
<ubuntu> but i am going to use the same laptop to acess the net via live cds
<persia> twb: parted can be made to work (and several bugs were fixed in the lucid cycle, letting me install a previously uninstallable machine), but there remain some.
<twb> Shrug.  Fair enough.
<ubuntu> then i can reboot and acess my files on a crypt with no network ifs
<twb> I couldn't get GPT to work without EFI, and I don't have a crapbook.
<domas> persia: parted works
<domas> =)
<domas> persia: just GRUB doesn't work afterwards parted works
<domas> anyway, one mystery less
<persia> heh.  Yeah.
<persia> Well, sometimes.
<domas> you can reinstall GRUB
<persia> My experience is that grub works after parted works *unless* I use LVM.
<domas> no LVM here
<domas> GPT though
<persia> Dunno then.  worked for me.
 * persia just want through the guided install on the installer
<domas> hehe
<domas> how can I get aligned partitions with installer? :)
<domas> (thats the only reason I'm doing this post-install partition magic now)
<twb> My experience is that grub works until it doesn't, and then I have to spend three hours on the phone with some poor bugger who can barely speak english trying to get him to burn and boot a live CD
<domas> :)
<twb> Which is why I use extlinux for most deployments.
<persia> domas: Use the lucid installer?  I beleive it aligns paritions by default.
<domas> persia: ah, great
<domas> I'll give lucid a try once it is released :))
<domas> too lazy to setup netboot imagesnow
<twb> libparted 2.2 will warn about unaligned partitions, too.
<domas> yeah, I've looked at fresh parted source
<domas> it aligns at 1MB boundary if you ask it to
<persia> RC comes out on the 22nd, which is today for some folks.  May as well give it a try if you're doing a new install anyway.
<twb> Though I couldn't work out how to say "great, then please pick the nearest aligned block"
<domas> pity though that you can't specify custom alignment
<domas> unless you want to hack libparted, of course
<domas> or calculator and 'unit b'
<twb> Yeah
<twb> I was trying to align on my 128kB erase blocks, which is easy with GPT but a massive pain with msdos disk labels
<domas> 15% performance improvement after aligning on 256k stripes
<domas> \o/
<arrrghhh> so does anyone use ubuntu-server to play audio out of the local soundcard?
<twb> domas: did you actually measure that?
<arrrghhh> mpd[6156] general protection ip:b6ff71b5 sp:b54dc850 error:0 in libavcodec.so.52.20.1 - those are the errors i'm getting when mpd crashes
<domas> twb: yes
<twb> domas: with what, Coker's bonnie++?
<domas> twb: ~/raidbench.c
<twb> Hm.
<domas> I have a tool that does not have any command line options
<domas> and I edit source
<domas> to do what I want it to do
<domas> :)
<twb> Is it public code?
<domas> now it is: http://p.defau.lt/?Z_lDclYEgquRx64Hhcdz2Q
<domas> this is uniform-random-load-tester
<domas> for apples-to-apples comparisons
<twb> Ah, so you're testing without the filesystem layer?
<domas> similar results are with filesystem layer
<domas> I was just too lazy to format filesystem with correct alignment options
<twb> Nod.
<domas> twb: I had 'align your filesystems' on my mysqlconf slides :)
<domas> http://docs.google.com/present/view?id=dgjzt2ms_40gjxrjkdx \o/
<domas> slides 4/5 are db-agnostic
<twb> Bleh, doesn't work in w3m.
<domas> :)))
<domas> there's pdf export there
<twb> Not in w3m
<domas> http://docs.google.com/present/export?format=pdf&up=1&bg=1&inline=0&id=dgjzt2ms_40gjxrjkdx&notes=0
<domas> haha
<domas> there is...
<twb> http://pastebin.com/QbDaGRcq <-- what I see
<domas> 'view together' ?
<domas> people should start using real browsers
<twb> Oh, right.
<twb> I was looking for something with "PDF" in it.
<twb> IMO "real" doesn't equate to "attempts to reinvent NeWS on top of HTTP"
<domas> well, browser is not just about HTTP, is it? :)
<domas> oh dear
<domas> what did I do wrong when I got 15% difference
<arrrghhh> so aplay makes horrible sounds from the sound card... i'm guessing audio works then?
<twb> domas: have you tried bonnie++?
<domas> I hate it when this happens
<twb> arrrghhh: are you playing a wav file?
<domas> twb: hehe, I don't want to initialize 2TB arena with bonnie :)))
<twb> domas: OK :-)
<arrrghhh> twb, it was an mp3
<twb> arrrghhh: what evidence do you have that aplay works with MP3s?
<arrrghhh> i just wanted to see if i could get any sound at all
<arrrghhh> it sounded like my speakers were shredding themselves haha
<arrrghhh> so mplayer can handle this mp3, i get audio... it says thru alsa :D  yay!  so the issue is indeed with mpd.
<uvirtbot> New bug: #568223 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.3 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/568223
<domas> damnit, what did I do to get >10% difference
<domas> I want that NUMBER back!!!
<lukehasnoname> I'm installing Ubuntu Server, and I set up a raid 5 array. After reboot, the raid5 array says it's resyncing, and since the three disks are 1TB, it's taking forever. Is it natural for it to be auto-resyncing right after RAID/FS creation?
<twb> Yes.
<twb> Assuming you mean md raid
<lukehasnoname> yes
<lukehasnoname> why? If the raid and FS are new, why is it trying to sync data that isn't really there?
<twb> When an array is first created and assembled, it will do an initial sync
<twb> The data *is* there, it's just not meaningful data
<twb> Since the md layer doesn't know what data the filesystem considers meaningful or not, it has no choice but to sync it all
<lukehasnoname> twb, ah, the raid and the fs don't communicate.
<twb> AFAIK, that is correct
<twb> If you want that, you might investigate btrfs or zfs; they do some md/lvm stuff internally.
<lukehasnoname> And I assume I shouldn't mess with the raid until the sync is done?
<lukehasnoname> aka write data to it
<twb> lukehasnoname: it doesn't matter, but a reboot will cause it to re-start the sync
<twb> It's perfectly OK to write data during the sync
<lukehasnoname> mk
<lukehasnoname> sigh, when will btrfs support parity raids?!
<twb> Probably when it's production-ready :-P
<Slidey> with uec where is the interface defined for dhcpd/dhclient? ive changed eucalyptus.conf to make hte privnet eth0 (rather than eth1), but after a restart its still using eth1
<libertiy> hi everyone hi  anyone knows a good howto on how to setuo mailservero on ubuntu?
<_ruben> libertiy: check the server guide on help.ubuntu.com
<libertiy> is there some automated postfix installer that sets things up ?
<_ruben> "things" ?
<libertiy> i dont feel like digging realy deep into the mailserver stuff i just need a solution for my webserver to host some mailbox
<libertiy> something like qmail toaster
<libertiy> i dont want to spend a whole day installing the mailserver
<_ruben> there a mailserver task available that sets up postfix+dovecot (and possibly more)
<libertiy> thats what i need indeed ialso need devecot
<libertiy> imap and perhaps and a easy way to manage mail accounts on the terminal
<libertiy> preferrable with some scripts so you dont have to messa around in the config files everytime for a simple change in username or password
<_ruben> ebox might have support for postfix and/or dovecot
<libertiy> ebox?
<_ruben> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<libertiy> i have an ubuntu server already its a vps so i cnanot reinstall it
<twb> You can reinstall some VPSs without telling the owner
<twb> Assuming it's full virtualization, you simply do something like preseeding and kexecing the netinst d-i kernel and ramdisk.
<libertiy> hmm looks like nice that ebox
<libertiy> only i run ruby on rails and have specialised deployment tools installed so thats not an option alhough i appreciate the suggestions
<libertiy> atmail seems nice, but it costs money
<libertiy> i love linux and i love system adminstration, i love to know all the details but at this point i dont just have the time to digg in really really deep
<twb> It's that ignorance that keeps the flame alive
<libertiy> so perhaps theres an easy mailserver build on postfix that simplifys the installation
<libertiy> hehe no its really true ;)
<twb> If you knew sysadm you wouldn't like it
<twb> It's like sausages
<twb> People say things like "it'll cost to much to deploy SSL, just use unencrypted LDAP" or "can't you just write a cron job to restart the daemon every hour?"
<libertiy> hmm i see no other option just than to get some howto's and install postfix with devocot
<twb> postfix has debconf questions to hold your hand
<_ruben> and the postfix-dovecot packages takes care of the integration of the 2, again, never used it myself ;)
<lil_cain> Aye debconf should do most of it (at least with exim4. I've never used postfix)
<twb> lil_cain: away, heretic!  exim4 doesn't Provides: default-mta on Ubuntu! ;-)
<lil_cain> twb: It is (or at least was) still supported by Cannnonical though.
<okokokok> i am using ubuntu with vmware, i started a web server on it which is accesible within vmware, but not accessible to anyone else. but when i switch back to windows i can't access the server. does anybody know how to fix that?
<okokokok> can someone help me please?
<_ruben> okokokok: you might wanna give more info, as your question doesnt make any sense to me
<lil_cain> Your issue is almost certainly one with vmware networking.
<okokokok> i am using windows 7, i used vmware virtual machine to load latest version of ubuntu. in ubuntu i installed and started a webserver. using firefox in ubuntu I am able to load 127.0.0.1:3000 which takes me to the index page. but, when i Minimize Vmware virtual machine/ubuntu and try to load 127.0.0.1:3000 in windows 7, it says it can't access the server.
<okokokok> does it make more sense now?
<_ruben> okokokok: yes, and it also makes sense that it doesnt work like that
<_ruben> 127.0.0.1 of the vm is not the same as 127.0.0.1 of the host
<okokokok> i see.. so how would i access it?
<_ruben> by using the non-localhost ip address of the vm obviously
<okokokok> how do i do that?
<_ruben> start by buying a book on networking, since obviously you dont have the faintest idea how networks work
<okokokok> i will do that later, right now i just need this simple thing, i wanna access the webserver running on vmware. so if you could just direct me towards some networking term or something, i'll look it up on google and try to figure it out on my own
<_ruben> in the vm run the command "ip address show" to see which ip addresses it has
<okokokok> inet 192.168.232.131/24 brd 192.168.232.255 scope global eth0
<okokokok> i tried to run those ips in windows with port 3000, but it didn't work. i then tried the ipconfig command in windows 7, it listed 2 adapters under vmnet, i tried those ips as well with port 3000 but they didn't work.
<_ruben> can you ping 192.168.232.131 from your windows machine?
<_ruben> and can you ping google.com for instance from your vm?
<okokokok> i can access google.com from firefox in vm. so i assume i can ping it
<okokokok> yes i was able to ping 192.168.232.131 from windows machine
<_ruben> what does this say in your vm: netstat -lnt | grep 80
<_ruben> err
<_ruben> make that 3000 instead of 80
<okokokok> tcp        0      0 127.0.0.1:3000          0.0.0.0:*               LISTEN
<_ruben> whatever program you have running on port 3000 is only listening to localhost (127.0.0.), so you cant access it from another machine
<okokokok> how come in ipconfig i get 192.168.232.1 and in vmware i get 192.168.232.131?
<_ruben> because they're not the same machine
<_ruben> a vm acts just like another physical machine on your network, with its own ip addresses obviously
<okokokok> i found a port forwarding tool
<okokokok> in vmware
<okokokok> i entered host port: 8080. virtual machine ip: 192.168.232.1 virtual machine port: 3000
<okokokok> but that didn't help.
<_ruben> indeed
<okokokok> what did i do wrong? ^_^
<_ruben> because it listens on localhost only, you need to change the webserver configuration to listen on any ip address
<okokokok> hmm
<okokokok> when i run the webserver on windows, it also listens to 127.0.0.1, but others can access it
<lil_cain> You need to change the config file.
<lil_cain> and restart/reload the webserver.
<okokokok> i am using WEBRICK
<okokokok> with ruby on rails
<lil_cain> I don't know anything about ruby, sorry.
<Slidey> someone must know how the dhcp instance in eucalyptus/uec decides which interface to use?
<FFF666> Can I ask UEC questions here?
<Pici> Sure
<FFF666> Im trying to deploy the UEC following this guide https://help.ubuntu.com/community/UEC/CDInstall, but I don't know if the step 4 has to be done in the ubuntu 9.10 server
<FFF666> Im trying to deploy the UEC following this guide https://help.ubuntu.com/community/UEC/CDInstall, but I don't know if the step 4 has to be done in the ubuntu 9.10 server
<FFF666> hi, is anybody here?
<ttx> FFF666: on 9.10 yes, on 10.04 no
<a_ok> why does "tar --update" not descend into directories? like the other tar operations?
<FFF666> ahh,
<FFF666> ttx: Is 10.04 beta equals to the realease that is coming in one week?
<ttx> FFF666: no, but the UEC in there is still much better than the one in 9.04
<ttx> I mean 9.10
<FFF666> ok, because y tried to install de UEC but some errors came up
<FFF666> thanks
<e-DIO-t> yo!
<Slidey> anyone know how the dhcp server in uec knows which interface to use? its using eth1, but i would *love* for it to use eth0. cant find for the life of me why its doing what its doing though
<e-DIO-t> does anyone knows how to check HD Hardware Status without considering fs type? [no, i don't mean smartmontools]
<soren> e-DIO-t: Then what /do/ you mean?
<e-DIO-t> i mean that i'd like to check the hd healt status
<soren> Yes.
<soren> The answer to that "question" is smartmontools.
<e-DIO-t> mmmh
<soren> ...but since that's not what you're looking for, I clearly don't understand the question.
<e-DIO-t> well
<e-DIO-t> i'm looking for a "low level" check on clusters.
<e-DIO-t> smartmon checks only s.m.a.r.t. values, or not?!
<soren> It does.
<soren> Are you looking for badblocks?
<e-DIO-t> yep!
<soren> Ok.
<e-DIO-t> well: i'm going to install it this evening! [i'm currently not in the right-site]
<diago> I'm running KVM with an internal network bridge and an external network bridge (2 nics). Can I still use iptables as a nat firewall on a bridge level?
<uvirtbot> New bug: #568435 in apache2 (main) "symbol lookup error: /usr/sbin/apache2: undefined symbol: apr_atomic_xchgptr" [Undecided,New] https://launchpad.net/bugs/568435
<zul> *sigh* it never stops
<Jeeves_> RC is out
<cloakable> :D
<Jeeves_> http://lvsd.lucid.bit.nl/stats/index.php
<_ruben> nice stats :)
<Jeeves_> thanks
<SWAT> is the UEC high available? I've read the documentation and Eucalyptus does not seem to support it. Is this correct? Because if one node fails, you want the other nodes to automagically start the 'missing' nodes.
<uvirtbot> New bug: #568468 in apache2 (main) "lucid server: mod_mem_cache with mod_dav_svn crashes apache for certain files" [Undecided,New] https://launchpad.net/bugs/568468
<bigbrovar> Hi guys I am having some issues with apt-cacher on ubuntu 8.04.. every client pointing to the apt-cacher is reporting 403 forbidden when i try to install a package. I dont get this error when am using the original ubuntu source.list..
<wack47> good morning
<wack47> anybody home? lol
<mcas> hi wack47
<wack47> i guess it still is kinda early! hey mcas
<mcas> that depends on the timezone it could be late for someone ;-)
<wack47> mcas: haha good point! question: u know much about raid, and how it effects the filesystem?
<mcas> wack47: i would say that raidlevel and filesystem have no big effect on each other
<mcas> but that's only my opinion
<wack47> mcas: ok, thats what i was thinking too, but im trying to figure out some storage space issues
<wack47> ill show ya what i got on the system, and then go from there
<mcas> if you use zfs you have a relation between raid and fs ;-)
<mcas> !seen ttx
<ubottu> I have no seen command
<wack47> ok here is my mdstat: http://pastebin.com/dZG6eTvY
<wack47> and here is my df -h : http://pastebin.com/tpMc2DwV
<wack47> mcas: my problem is that /dev/sdf1 is full
<wack47> and i dont know why
<wack47> the /dev/md0 is mounted on /budir, is that why / is saying its full?
<mcas> no
<mcas> is this a fresh install or a system that is in use for some weeks?
<wack47> i have had it a little while
<Jeeves_> wack47:
<Jeeves_> sudo -i
<Jeeves_> cd /
<Jeeves_> du -chsx *
<mcas> you could run du -h --max-depth=1
<wack47> here is  du -hsx /*: http://pastebin.com/sq6i34z8
<mcas> wack47: could you please umount /budir
<mcas> and the run du -chsx again?
<wack47> k
<wack47> http://pastebin.com/6d82VHGB
<wack47> after unmount
<wack47> is it just me or am i seeing stuff in /budir that isnt part of the array?
<mcas> yes :-D
<wack47> aha!
<wack47> lol
<wack47> thanks!
<mcas> i think you cp data over there without having it mounted
<wack47> yeah looks that way
<wack47> ok thnks!
<uvirtbot> New bug: #568485 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/568485
<mcas> so mount the array to something like /mnt and then cp over the files ;-)
<wack47> yep! thanks!
<mcas> yw
<wack47> oh look, only 5% of / used1
<wack47> how nice is that!
<wack47> lol
<bigbrovar> Hi guys I am having some issues with apt-cacher on ubuntu 8.04.. every client pointing to the apt-cacher is reporting 403 forbidden when i try to install a package. I dont get this error when am using the original ubuntu source.list..
<lionel> bigbrovar, strange, the default configuration authorize all incoming request
<lionel> bigbrovar, can you check the /var/log/apt-cacher/access.log and error.log
<bigbrovar> lionel: this is the access log http://pastebin.com/vnjhmexy
<bigbrovar> and this is the error.log http://pastebin.com/uspXG8G8 everything has been running fine now for like 2 years.. this problem  started like some days ago.
<ttx> mathiaz: around ?
<mathiaz> ttx: yes
<ttx> about bug 563829
<uvirtbot> Launchpad bug 563829 in openldap "olcAccess are options broken on upgrade in {-1}frontend.ldif" [Medium,Triaged] https://launchpad.net/bugs/563829
<ttx> mathiaz: could you please look into it and comment on pre-release feasbility ?
<ttx> since it affects upgrades, might make sense to fix
<mathiaz> ttx: yes - I was planning to look into that issue today
<ttx> mathiaz: ok thanks
<mathiaz> ttx: right - upgrade from 8.04 LTS though
<mathiaz> ttx: which won't be automatically turned on next week
<ttx> the other (bug 423252) sounds quite unilkely before release anyway
<uvirtbot> Launchpad bug 423252 in sudo "NSS using LDAP on Karmic breaks 'su' and 'sudo'" [High,Confirmed] https://launchpad.net/bugs/423252
<mathiaz> ttx: IIUC LTS to LTS upgrade will be automatically suggested with 10.04.1
<ttx> mathiaz: right, but still :)
<ttx> zul: same for https://bugs.launchpad.net/ubuntu/+source/autofs5/+bug/533029
<uvirtbot> Launchpad bug 533029 in autofs5 "[FFE] autofs5-ldap doesn't work immediately after bootup" [High,Triaged]
<ttx> zul: please ping the release team for review
<ttx> (now that rc is out)
<ttx> hggdh, kirkland: please mark the UEC RC testing related items DONE in the blueprints, when you officially signoff on them :)
<mcas> ttx: why did you mark this bug as won't fix? https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/321091
<uvirtbot> Launchpad bug 321091 in bacula "Bacula fails to install correctly if mysql wasn't installed before" [Medium,Triaged]
<ttx> mcas: I marked it as wontfix as a server papercut. The bug is still open
<mcas> yes but why?
<ttx> now that we know we'll probably do paercuts again... maybe I should reopen it
<ttx> because the lucid papercuts session was over
 * ttx reopens
<ttx> there.
<mcas> ok
<ttx> it will be considered for maverick now
<mcas> i would try to fix it myself but i am not familiar with packaging
<mdp_ona> has anyone here ever  tried to use preseed to install to a SAN with multiple paths?
<hggdh> ttx: I am resetting the UEC rig to use the RC, and should have it done by end-of-day
<ScottK> mathiaz or ttx: Do you have any priorities for packages to get in before release?  libvirt is already in.
<ScottK> It's not clear we have time to build all the stuff that's in queue now.
<hggdh> smoser: anything you want to save from cepedak? I am going to blow it away
<bigbrovar> lionel: did u see the errorlogs i losted?
<lionel> bigbrovar, yes, but I can't see somthing wrong in it
<bigbrovar> lionel: hmm weird
<ttx> ScottK: I have nothing else "needed" in the queue yet
<ScottK> OK.
<smoser> hggdh, i dont need naything there.
<ScottK> dovecot is in too
<RoAkSoAx> would I still be able to upload new packages for the cluster stack by the end of the weekend?
<RoAkSoAx> ScottK, ttx ^^
<hggdh> smoser: thank you. rig going down now
<zul> ttx: for bacula im considering ripping out dbconfig again
<ScottK> RoAkSoAx: By "New" you mean new updates to existing packages right?
<ScottK> If so and they are in Universe, yes.
<Xbert> I've installed a server from the mini image and its installed the generic-pae kernal, should I install the server kernal manually?
<RoAkSoAx> ScottK, new upstream releases which are pretty much big fix releases
<ScottK> If pretty much != are then they need FFe
<RoAkSoAx> ScottK, ok then, but i still can then
<ziesemer_> Under what contexts should /etc/pam.d/login be used?  Shouldn't "su - someuser" use it?
<zul> mathiaz: im going to try to migrate most of the mysql-5.0 bug to mysql-5.1 if they still are valid
<uvirtbot> New bug: #553142 in nis (universe) "gdm does not obey NIS settings for user groups" [Low,New] https://launchpad.net/bugs/553142
<webmasteroli> Hi im running a ubuntu server and i have LAMP instaled, i need to now install webmin should i wipe LAMP and just install webmin or keep LAMP and install webmin? many thanks
<persia> webmasteroli: Why, precisely, do you want webmin?  If you have LAMP, you're likely expecting folks to hit the webserver, only adding to the set of aguments as to why webmin makes for poor security.
<guntbert> !webmin | webmasteroli
<ubottu> webmasteroli: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<webmasteroli> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<webmasteroli> hmm
<webmasteroli> how do i install ebox?
<uvirtbot> New bug: #375371 in mysql-dfsg-5.1 (main) "MySQL must not use /tmp" [Medium,Triaged] https://launchpad.net/bugs/375371
<RoyK> webmasteroli: apt-get install ebox?
<webmasteroli> ah great.
 * RoyK kindly tells webmasteroli to apt-cache search
<webmasteroli> Thanks, sorry im new to Unix shells
<RoyK> webmasteroli: get used to it - when you know your environment, you won't like a web gui
<webmasteroli> :)
<webmasteroli> im running linux on a VMware partition for my terminal/dev stuff
<RoyK> webmasteroli: I think getting to know linux won't be too hard, and you'll gain a lot of doing so instead of trying to manage it through some web gui - just my two cents
<webmasteroli> Agreed, however im just starting, my short term memory is rather bad so im looking forward to being able to use a web GUI for basic configs.
<RoyK> webmasteroli: try using it for a couple of weeks without using some gui, and things will stick
<webmasteroli> Iv:)
<webmasteroli> ops
<uvirtbot> New bug: #568445 in qemu-kvm (main) "LVM backed drives should default to cache='none'" [Wishlist,Incomplete] https://launchpad.net/bugs/568445
<webmasteroli> reimaging my server due to multiple apache systems
<persia> So, having seen 568445, I'm all excited about new uses for my LVM chroots.  Does anyone have a good pointer to a reference on making qemu-kvm work well with LVM storage?
<webmasteroli> Hi guys, ive got the ebox running
<webmasteroli> however i cant login,
<webmasteroli> its ment to be for example http://yourdomain.com/ebox
<webmasteroli> however mine is giving me a "page not found"
<Daviey> persia: nothing has changed, has it?
<RoyK> webmasteroli: see my two cents above :)
<RoyK> webmasteroli: what are you trying to do, anyway?
<webmasteroli> setup a lamp stack.
<webmasteroli> with FTP
<persia> Daviey: What changed is that I learned it's possible :)  I have N LV chroots that I use with schroot, and being able to *also* use them with kvm enables whole new realms of testing.
<webmasteroli> i know its your way to do it Roy, just wondering if i could have some help. im new to shell commands like ive said before.
<persia> (where N is currently 7 on my laptop, and more in other environments)
<RoyK> webmasteroli: "apt-cache search" for php, apache and mysql
<RoyK> it's not really hard
<Daviey> persia: using libvirt?
<RoyK> then apt-get install them
<webmasteroli> ive done that Roy
<webmasteroli>  just want somthing alittle easier.
<persia> Daviey: I used libvirt for the first time yesterday.  The LVs are for schroot, but I'd be happy repurposing them.
<RoyK> webmasteroli: sure, but please, give it a week or two and you'll feel at home with the command line
<persia> I should rephrase: I used libvirt *successfully* for the first time yesterday.
<webmasteroli> I understand, however just for now could you help me with the ebox installation?
<RoyK> webmasteroli: or apt-get install dselect
<RoyK> then run dselect
<Daviey> persia: virsh # attach-disk persia-schroot /dev/vg/persia-schroot sdb1 <--- ?
<Daviey> persia-schroot, being the libvirt domain
<webmasteroli> Ok
<webmasteroli> ive ran that now roy, what next?
<RoyK> dselect
<RoyK> there you can choose from available packages
<persia> Daviey: Hrm.  That looks trivially simple, but I think I'll need to go read some more about libvirt :)  The end goal would be to have a script that auto-launched VMs based on schroots.  Thanks!
<Daviey> persia: sounds like an interesting blog post is in the works :)
<persia> No, just a script.  I don't blog.
<mean67> anyone know if I you can have a windows machine access resources on UEC
<RoyK> why not? it's all bridged, isn't it?
<ange> hi
<ange> can a ubuntu server cloud ed provide amazon S3 compatible services ?
<RoyK> it's mostly the same thing
<persia> Same interface.  I'm not convinced it's the same implementation.
<ange> I've an app who need to tap into S3 (or I suppose equivalent) to store files, but I've an ubuntu server running somewhere else, so I'm wondering if I can tap into it or not
<webmasteroli> Hi all
<webmasteroli> ive setup ebox on 173.203.80.194 however it seems its not working
<webmasteroli> ive tried going to the directory /ebox/
<mean67>  anyone know if I you can have a windows machine access resources on UEC
<webmasteroli> if anyone can lend me a hand in installing Ebox pls let me know (before i give up)
<bogeyd6> BUT WHAT WILL MONITOR THE NETWORK MONITOR
<pmatulis> bogeyd6: huh?
<smoser> hggdh, around ?
<Scunizi> Can someone look at my smb.conf file and perhaps tell me why the shared directories are not allowing 777 permissions even with unauthenticated guests? http://ubuntu.pastebin.com/C06LEcD5
<hggdh> smoser: here
<smoser> hggdh, are yo uusing the dc cloud ?
<bluethundr_> ok this is truly strange... I can ssh up to a host in an Amazon Cloud... I can change to the directory I want to use, thereby verifying that it is there... but when I return to my original host and try to scp to that location the response that I get back is that it doesn't exist... http://pastebin.com/KYEpdr3P
<hggdh> smoser: on the process of installing the RC on topo2. the two NCs, plust the SC will start to install in a few
<smoser> ok. never mind then. i was hoping to run a test there.
<hggdh> give it some 20 minutes, and it will be ready
<hggdh> I have just started netbooting santol, sapodilla, and soncoya, so in about 20m it will be ready
<hggdh> smoser: BTW, how do I change boot options in the uec image?
<smoser> you dont
<hggdh> darn!
<smoser> if you want, you can hack it
<hggdh> great! How?
<smoser> looking
<smoser> hggdh, each node controller has: /usr/share/eucalyptus/gen_kvm_libvirt_xml
<smoser> that writes out the libvirt xml . it should be self explanatory, open that and hack away
<hggdh> smoser: thanks, will do
<osmosis> how do I have my iptables rules saved for reboots ?
<soren> osmosis: Use ufw if you can.
<osmosis> soren, i think my rules are too complicated for that.
<guntbert> osmosis: sudo iptables-save  > my.firewall.policy (it has a short man page too)
<RoyK> osmosis: ufw is nice
<osmosis> guntbert, that will save it...but how do I auto install it at bootup ?
<osmosis> RoyK, does ufw support bridging and logging ?
<guntbert> osmosis: look at iptables-restore :-)
<sebas891> Anyone trying to setup a slapd slave server with lucid?
<sommer> yep
<sommer> sebas891: if you look at the server guide for lucid there are instructions
<uvirtbot> New bug: #568668 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/568668
<libertiy> oh im totally sorry about the away message.. my irc client does that automatically
<libertiy> and i havebt been at the system for 2 hours
<aleray> Hi, is it possible to bind mount /var? eg. /srv/somedisk     /var             none    bind
<aleray> Isn't it dangerous ?
<persia> It's possible.  It's risky if 1) you run anything that needs to write to a common file inside the chroot or 2) you have any information in /var that you don't want to expose to the chroot.
<sebas891> sommer: ok, is the server guide for lucid online? don't see it on the https://help.ubuntu.com/  I see there is a package with that name.
<sebas891> I found it here file:///usr/share/ubuntu-serverguide/html/C/openldap-server.html
<metalf8801> If you have a home server what are you using it for? I'm only using mine as file server but I would like to get more out of it so I'm just looking for ideas
<hggdh> where are ue images stored?
<luca`gervasi> Hallo
<luca`gervasi> I'm looking for a good postfix hardening guide on ubuntu server, is anybody willing to address me? :)
#ubuntu-server 2010-04-23
<Hajuu> Hey guys - What would be the most likely place to find a log of why my server keeps dropping its network connection?
<Hajuu> :)
<Rafael_> Executing: rsync.exe  -v -rlt -z --chmod=a=rw,Da+x --delete --exclude="/cygdrive/D/My Documents/Charts/Search" "/cygdrive/D/My Documents/" "192.168.1.11::backuptest/My Documents/"
<Rafael_> sending incremental file list
<Rafael_> rsync: send_files failed to open "/cygdrive/D/My Documents/Charts/Search/Data/Applications/Windows/MSS.log": Device or resource busy (16)
<Rafael_> anybody can tell me why is tha msitake
<Hajuu> msitake lol
<qman__> Rafael_, the file is currently open in a program and can't be copied
<Rafael_> qman__ that is why is being excluded..i want to exclude that fodler
<Rafael_> --exclude="/cygdrive/D/My Documents/Charts/Search"
<Rafael_> qman__ any idea?
<qman__>  --exclude="/cygdrive/D/My Documents/Charts/Search**"
<qman__> for more info, see the manual
<Hajuu> Hey guys - What would be the most likely place to find a log of why my server keeps dropping its network connection?
<qman__> Hajuu, dmesg
<Hajuu> even after rebooting it?
<Hajuu> cause I really dont want to haul out a monitor and connect it etc
<qman__> I think it logs dmesg by default
<qman__>  /var/log/dmesg
<Hajuu> sweet lemme check it out
<Hajuu> hmm
<Hajuu> nothing particularly helpful that I can see
<Hajuu> the last line is;
<Hajuu> [42949408.800000] eth0: no IPv6 routers present
<Hajuu> but im using ipv4, so thats not a problem
<Hajuu> It always works if I restart the server again
<Hajuu> is there maybe like, some way to make a connection auto-reconnect?
<Hajuu> or would I have to make some daemon script for that?
<Hajuu> theres a possibility its as simple as my router making its lease expire and it isnt getting a new one
<Hajuu> like, automatically
<Hajuu> but I obviously cant ssh in to restart networking
<qman__> well, if there's no log there, as far as the kernel is concerned, everything is working
<Hajuu> well, I definately cant connect :P
<qman__> check the dhcp logs, and if there's nothing there, I'd suggest a driver or hardware issue
<Hajuu> meh I dont see how itd be a driver or hardware issue (except the router maybe)
<Hajuu> cause like, it works when it first starts up
<Hajuu> and I bet if I did /etc/init.d/networking restart itd probably come back up
<Hajuu> ill check anyway.
<Hajuu> I don't seem to have a dhcp log
<qman__> looks like that goes in /var/log/daemon.log
<qman__> I'm also seeing some in /var/log/syslog
<Hajuu> only logs in daemon.log are about mysql doing stuff
<Hajuu> and I couldnt see anything in syslog
<Hajuu> ill paste what it gives me
<Hajuu> (not here, obviously :P)
<Hajuu> http://pastebin.com/xgZvM6wx
<Hajuu> thats the last few lines of my syslog
<Hajuu> so it obviously shows it connecting
<Hajuu> then nothing after that
<qman__> when I do a grep -i dhcp, I get stuff like this
<qman__> Apr 22 18:03:41 mediaopty dhclient: DHCPREQUEST of 192.168.1.7 on eth2 to 66.227.157.119 port 67
<qman__> Apr 22 18:03:41 mediaopty dhclient: DHCPACK of 192.168.1.7 from 192.168.1.1
<qman__> in daemon.log, and a few in syslog
<Hajuu> how do you do that command, sorry?
<qman__> grep -i dhcp /var/log/daemon.log
<qman__> or
<qman__> grep -i dhclient /var/log/daemon.log
<Hajuu> not getting anything for either of those in daemon.log or in syslog
<qman__> then dhcp is probably not running
<Hajuu> which is strange, since I am using dhcp to issue a static address
<qman__> what's your /etc/network/interfaces look like?
<Hajuu> as far as I remember
<qman__> you mean a dhcp reservation
<Hajuu> yeah
<Hajuu> auto eth0
<Hajuu> iface eth0 inet dhcp
<qman__> yeah, you should be getting some dhclient messages somewhere then
<qman__> try grep -iR dhclient /var/log
<qman__> see if you get anything back
<Hajuu> ahh yeah there we go
<Hajuu> for some reason in /var/log/installer/syslog
<Hajuu> oh
<Hajuu> and in /var/log/daemon.log.0 too
<Hajuu> lots in there
<qman__> ok, so it was working at one time
<qman__> it just hasn't gotten any since the last log rotation
<qman__> head /var/log/daemon.log to see when it rotated
<Hajuu> man
<Hajuu> it wont let me paste these log lines lol
<Hajuu> /var/log/daemon.log.0:May  5 05:24:48 liveSRV dhclient: No DHCPOFFERS received.
<Hajuu> /var/log/daemon.log.0:May  5 05:24:48 liveSRV dhclient: No working leases in persistent database - sleeping.
<qman__> that's the most recent?
<qman__> also, may 5?
<Hajuu> well like I say
<Hajuu> theres no logs at all for that in daemon.log
<Hajuu> only in daemon.log.0
<Hajuu> its date is probably wrong
<Hajuu> lol
<qman__> ok
<qman__> well, date and time is pretty important, especially for SSL
<Hajuu> ssl is all working
<Hajuu> everything works
<Hajuu> except every few days
<Hajuu> it becomes disconnected
<Hajuu> and I have to either haul out a keyboard and monitor
<Hajuu> or restart the thing (which is what I do)
<Hajuu> its just a dev server
<Hajuu> but its inconvienient to not just be able to fire up my dev stuff and get to work
<handheldCar> anybody know which mail server ubuntu server installs during the software selection?
<qman__> handheldCar, postfix+dovecot
<nealmcb_> handheldCar: typically I think postfix is the favorite
<persia> It's up to the user, but postfix is recommended
<qman__> tasksel uses postfix and dovecot
<qman__> exim is also a supported configuration
<qman__> but most people use postfix
<handheldCar> That's what I want.
<nealmcb_> it is nicely integrated with other mail services in tasksel
<qman__> I like postfix, it's really easy to set up with debconf, and lots of people use it
<qman__> so it's easy to find information on special configurations
<handheldCar> Does anyone use some alternative package instead of vim-nox? Last I checked, it wasn't available.
<smoser> hggdh, here makes more sense
<hggdh> heh
<smoser> so... ther eisn't by chance another dhcp server running in that lab somewhere is ther e?
<smoser> did you see my comments https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/566792
<uvirtbot> Launchpad bug 566792 in eucalyptus "UEC guests sometimes fail on consuming user data (metadata service isn't ready)" [High,Confirmed]
<smoser> that was the root cause of many (unfortunately not all) of my failures.
<hggdh> I do not know... up to now I do not know the whole net setup there :-(
<hggdh> yes, I saw it, and I wondered also
<hggdh> one way is to sniff for DHCP server offers
<smoser> right
<smoser> easy enoug to do on the CC
<smoser> it would see all of them
<hggdh> yeah
<smoser> well, maybe it wouldn't though
<hggdh> want me to start one? I am running a test there
<smoser> are responses broadcast
<smoser> ?
<smoser> it might not see the NCs response
<smoser> let me look in my logs
<hggdh> as long as they go through the same subnet we are listening to, yes, we can get the responses
<hggdh> smoser: there is also a bit of news -- I moved back to topo1; I have run, so far, 120 instances, and *no* errors
 * hggdh wonders
<smoser> hm..
<smoser> topo1 is all-in-one + NC
<smoser> ?
<hggdh> I am in the middle of a 400-instance right now
<hggdh> and yes, topo1 is CLC+CC+SC, and 5 NCs
<hggdh> er, walrus also
<smoser> what topo did we see the success and blank instance-id from ?
<hggdh> topo2
<smoser> what is that ?
<hggdh> one machine each for CLC, walrus, CC and SC, 2 for NC
<SpaceBass> lost power, hard drop and now my software raid5 won't come back - seem to have lost superblocks, any way to recover?
<hggdh> brb -- time to eat
<mathiaz> smoser: hggdh: there is a dhcp server on the UEC network but it should *not* hand out lease to unknown hosts
<smoser> mathiaz, thanks.
<hggdh> and, meanwhile, 100% success on topo1
<hggdh> except memory usage is growing
<flyback> is it just me
<flyback> or is squashfs a fucking failure
<flyback> every machine I seen it on
<flyback> eventually starts spitting out massive errors
<flyback> cdrom or flash
<persia> !ohmy | flyback
<ubottu> flyback: Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.
<persia> But generally, I think it's only best to use for short-term read-only stuff.
 * flyback laughs
<flyback> you know what you get for a lifetime of being nice to others
<flyback> fucked over
<flyback> you get me
<handheldCar> u get 2 stand up 4 yourself every now and then.
<persia> standing up for oneself is fine.  Seeking support or to improve collaboratively-maintained software is best done by being nice to other folks with whom one collaborates.
<persia> The catching more flies with honey than vinegar thing.
 * handheldCar was just speaking in regards to flyback being a push over, taking kindness to extreme.
<persia> Yeah.  flyback /parted though :)
<uvirtbot> New bug: #417380 in nmap (main) "wrong paths in zenmap *.destop-launchers" [Undecided,Confirmed] https://launchpad.net/bugs/417380
<uvirtbot> New bug: #568823 in tomcat6 (main) "Improved Java Memory/Performance Defaults" [Undecided,New] https://launchpad.net/bugs/568823
<Lantizia> Hey UEC, why?
<Lantizia> I know it's a very generic question, but I've read as much information I can find and I don't see why I should bother.... Surely theres OpenVZ and KVM
<twb> Lantizia: they divide up the resources of a single host.
<Lantizia> so does OpenVZ
<twb> I was talking about VZ and KVM.
<twb> UEC doesn't do that
<Lantizia> ok confused
<twb> Lantizia: the purpose of a cloud is to distribute a virtual host across a number of physical hosts, theoretically making it easier to scale resource allocation up/down as demand requires, and possibly improving reliability.
<Lantizia> again... done... you can migrate servers without downtime with either of those 2
<twb> I'm assuming that clouds run a virtual host on multiple hosts *CONCURRENTLY*.
<Lantizia> hmm thats an advantage I guess
<twb> http://en.wikipedia.org/wiki/Cloud_computing
<Lantizia> twb, by that definition then... even VMware's ESX isn't cloud
<Lantizia> because it can't run a machine concurrently on two heads at once and keep them synced
<ttx> twb: you have a strange definition of cloud computing
<ttx> cloud computing is just "utility computing"
<persia> That's also a bit of a strange definition, I think.
<Lantizia> ttx, i.e. run an "appliance" "up there"
<Lantizia> lol
<persia> There's an assuption of some abstraction in "cloud": e.g. storage-as-a-service+cpu-as-a-service combining.
<ttx> On Demand Service, Ubiquitous Network Access, Location Independent Resource Pooling, Rapid Elasticity, Measured Service
<Lantizia> can I just chalk "cloud" computing as a silly sales buzz word and think nothing more of it except it's just virtualisation
<ttx> Lantizia: no
<persia> Often also combined with multiple layers of service, so one has an app that restfully coordinates with other apps, without any knowledge of how many hosts serve the apps, etc.
<ttx> It's a technology transition
<Lantizia> buzz buzz buzz
<ttx> not really, all technologies go through that type of transition, why not computing ?
<persia> Lantizia: Note really.  It's about persistance.  So if I have a server (real, virtual, whatever), I typically expect it to run for a while, and do cronjobs, etc.
<Lantizia> so if it's not just a buzz word... then it's twb's definition
<ttx> But I'd agree it's difficult to see clear through the hype
<Lantizia> by the very fact it's "cloud" computing it means it's not limited to just 1 location
<persia> If I have a cloud app, it's quite likely to be composed of a demand-based set of hosts running each layer of an app, where the servers are created and destroyed in minutes based on use.
<Lantizia> but by that I don't just mean high availability either... thats something else lol
<ttx> Lantizia: you can build HA on top of cloud computing... but using cloud won't make all your things HA by magic
<ttx> it's just a different way to offer and consume computing resources
<Lantizia> fluff, lots of fluff
<ttx> technology maturity makes it more and more of a commodity
<twb> Lantizia: ESX is certainly not cloud computing.
<ttx> like electricity
<ttx> twb: right, ESX is just managed virtualization
<Lantizia> i don't get why you've argued against twb's position then ... when he was right
<ttx> think KVM + a shiny and powerful adminGUI
<Lantizia> already got that... Proxmox
<ttx> twb said "clouds run a virtual host on multiple hosts *CONCURRENTLY*."
<Lantizia> I'd swap "on" for "over"
<ttx> no, it still runs a VM in a single place
<Lantizia> but otherwise he is right
<twb> With cloud computing you give your service provider a diskless VM image which runs, say, a bunch of shitty Java or PHP in apache, talking to their database service.
<persia> Or really good code: doesn't matter
<twb> And the service provider decides on what host(s) the VM will be started/stopped, and how much memory and such it'll have
<twb> persia: IME enterprise-level software is automatically bad code :-P
<Lantizia> bored now, bye
 * persia goes back to trying to figure out how to enable emulation on a PPC 7447A
<ttx> twb: then your service provider is adding value on top of cloud... nothing will make your "shitty Java" automatically scalable
<ttx> anyway, I see there is still a lot of confusion, and more advocacy is needed
<ttx> I only recently understood it's not hype, and it's not new
<persia> Targeted advocacy as well: there's lots of different folks saying different things are "cloud computing".
<persia> A managed service offering is a critical component, but at least from what I see, it's insufficient to achieve the overall goals often used as examples of why the old model is outdated.
<twb> I confess I haven't tried to get it working.
<ttx> persia: I can only recommend Simon Wardley's talk (Situation normal, everything must change), it's clarifying where all the others are confusing
<twb> I don't approve of any app that requires a graphical web browser as its base platform.
<persia> twb: Who said you need that?
<ttx> twb: I run a private cloud every day. It's been a few months since I used a web browser to do any interaction with it
<ttx> so I wouldn't call it "base platform"
<twb> Well, it'd be a bit silly to run something like Emacs on a cloud VM
<ttx> ah, you mean most cloud apps would end up being served by HTTP ?
<persia> twb: Wrong model.  Consider M-x-plagarism which makes a call to some service that distributes a text match against the entire contents of the internet on N servers, and returns scheme that auto-marks significant blocks of text that might be plagarism.
<twb> ttx: in my head I lump SOAP and REST as "tacked onto the browser model as an afterthought"
<twb> persia: I guess...
<persia> cloud doesn't need to be REST: REST just makes it easier to write the services.
<twb> I suppose you could also use it for stuff like NNTP servers or game servers.
<ttx> you can, and you will, use it for anything. It's just a question of time :)
<persia> ttx: You don't happen to know whether if I call `qemu ...` it will auto-invoke kvm where appropriate, do you?
<ttx> persia: no, I admit never have run "qemu", only kvm
<persia> heh, OK.
<ttx> persia: Daviey might know the answer
<ttx> otherwise #ubuntu-virt
<persia> Daviey already gave me the virtsh answer, but it didn't work perfectly for me, but part of that seems to be issues with qemu running how I want, which in turn appears to be related to a build-failure.
<persia> And from what I read upstream, I might run into other issues due to potentially not having a working kernel target and very much expect to have an issue due to not having any firmware to feed qemu)
<persia> So it's more of a long-term thing :)
<Daviey> persia: Is this for a funky arch?
<ttx> funky funky
<Daviey> persia: fwiw, i've tried to use qemu to emulate arm.. and USING it is slow.. compiling on it is impossible :)
<persia> Daviey: Of course :)
<persia> Works for me.
<persia> `mk-sbuild --arch=armel lucid; sbuild -d lucid-armel foo.dsc`
<persia> Speed seems similar to native.
<Daviey> persia: odd, i last tried it in the karmic cycle..  I wasn't using sbuild, and it made me pull my hair out.  I was tempted to use an n810 as a build box :)
<persia> There were massive improvements in lucid: thank lool.
<persia> It got good enough that I added support in mk-sbuild and pbuilder-dist
 * ttx hugs sbuild
<Daviey> persia: that is great news.
<persia> The thing that was bugging me today is that when I run virt-manager, it offers to connect to my powerpc server as a Virtualisation Host, but qemu-kvm FTBFS on powerpc.  I haven't been able to sort out whether a PPC 7447A (my chip) can use it.
<persia> Next game will be to find a way to have qemu/kvm be able to auto-launch against schroots.
<Daviey> persia: cowbuilder might be appropriate?
<persia> why?
<Daviey> i'm assuming you are using schroots for the enviroment?
<persia> Yep.
<persia> sbuild is designed to build against schroots with configurable overlay mechanisms.
<persia> Used to mostly be LVM with snapshots, but smoser and I added support for other sorts of overlays in lucid, so it can do directory chroots with aufs (which is *fast*) or tarball-based schroots kinda like pbuilder.
<Daviey> persia: that is interesting.. My local build server uses cowbuilder and some support for qemubuilder, i might switch it.
<persia> Soyuz uses sbuild :)
<persia> (mind you, it's a different fork of the original sbuild than the fork that later became the packaged sbuild)
<Daviey> :(
<persia> Nah, it has different requirements.  I think I know what they are now, but I didn't discover them early enough for lucid, which means we can't merge until LTS+1
<Daviey> Well my project for next week is rebuilding the build server :)
<persia> How do you dispatch/collect builds?
<Daviey> persia: It's not elegant; dput over scp -> fsniper for detecting uploaded source files (other ionotify solutions could do this) -> I can't remember if the publishing is done by apt-ftparchive or mini-dinstall.
<Daviey> It's not elegant, but i hate compiling locally and often the packages i test are for other boxes (not my dev box), so having a bunch of local debs is a PITA when i really want a repo.
<persia> Makes sense.  I'm fiddling a bit with some tools to easily separate work and build as a developer: once I get a bit closer, I might ask you to help test.
<Daviey> persia: happy to!
<persia> Because I'm *not* planning on doing serious compilation on a 700MHz netbook, even if I find it nice to have enough battery to last all day.
<eagles0513875> hey guys im just wondering is xen precompiled with the kernel or does the kernel require recompilation
<Daviey> persia: Oh, and powernap is an obvious benefit :)
<persia> eagles0513875: It needs a special kernel, but that kernel isn't compiled by default (at least for amd64)
<eagles0513875> ok but its included in the main stream kernel just not compiled right
 * persia doesn't know
<eagles0513875> ok im hearing 2 different things
<eagles0513875> persia: ignore my question
<persia> There used to be a xen flavour of the kernel offered by default.  It went away.  I suspect it's still required.  kvm is the recommendation.
<persia> Daviey: which powermap?
<Daviey> persia: powernap, kirklands auto hibernate magic.
<persia> Oh well.  I'm confused.  I won't fix qemu-kvm/powerpc for lucid ( http://launchpadlibrarian.net/45034888/buildlog_ubuntu-lucid-powerpc.qemu-kvm_0.12.3+noroms-0ubuntu8_FAILEDTOBUILD.txt.gz )
<persia> Daviey: Oh.  Doesn't affect me: my netbook lasts all day without hibernate (Sharp PC-Z1).
<Daviey> persia: sorry, i mean for a dedicated build server.
<persia> (plus it has no hibernate suppoort in the kernel)
<persia> Hmm.  My servers run at ~60W, but I might look into that, since one of them could be asleep most of the time.
<Daviey> persia: Is that buildd healthy for ubuntu-lucid-powerpc.qemu-kvm_0.12.3+noroms-0ubuntu8, somewhat suprised to see a bunch of packages that "cannot be authenticated"
<persia> (well, except for the 15W one, but that has enough other issues that fiddling with power management is likely to cause pain)
<Daviey> heh
<persia> I think it's only sorta healthy.  There was some issue that caused the powerpc buildds to die hard in February, and lamont hacked something up: I think they are looking forward to clean lucid installs.
<Daviey> ahh
<persia> But I trust ftpmaster.internal enough to expect it's unlikely to fall victim to a MiM attack.
<Daviey> oh aye, i just wondered if it was an indicator that something else wasn't clean in the enviroment
<persia> soren: So, do you actually know what causes the issue, if it's not the prototype?
<soren> persia: Yes. Hang on.
<persia> Daviey: I can replicate the issue in my chroots, so while it might not be clean, it's not better than what I have.
<persia> Err, not worse.
<Daviey> sure
<soren> persia: So, the problem is that qemu-kvm and our kernels are out of sync for powerpc/kvm.
<persia> Hrm?
<soren> http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=ec3c11aa5f9d0a7f48f46d6790c33ccc654fd6ec
<soren> We don't have that patch, for instance.
<persia> Then why does it only fail for powerpc?
<soren> The kvm code for powerpc attempts to access a member of a struct which doesn't exist in the version of the struct we have in our kernels.
<persia> Ah!  The patch is only for powerpc
<soren> Yes.
<persia> Thanks!
<Daviey> persia: looks like there might be a fix in upstream kernel
 * persia hunts for a bug, prepared to file a new one
<Daviey> looking at the git logs
<soren> persia: The fix (for Lucid) is to disable kvm for powerpc.
<soren> persia: (in qemu-kvm's build)
<persia> Why?
<persia> I'd rather leave it FTBFS, and do a rebuild in a couple weeks once the kernel SRUs.
<soren> persia: What's the kernel going to be updated to?
<persia> Oh, probably -updates.  RIght.
<persia> Err, -proposed
<soren> No no, I mean which version?
<persia> Just cherrypicks, I think.
<persia> I've been told that a config change will happen to enable LVM booting on powerpc, for example.
<soren> persia: Ok. Because that pvr member did not land in that struct in 2.6.32.
<persia> soren: Should that patch apply against 2.6.32?
<soren> persia: ...so someone needs to figure out what to cherry pick to make this work.
<persia> Ah, so it's more than just that bit.
<soren> persia: I don't know if that patch alone will fix it.
<soren> persia: In fact, I'm reasonably sure it won't.
<soren> persia: http://www.mail-archive.com/kvm-ppc@vger.kernel.org/msg00856.html
<soren> persia: It's a pretty hefty patch set.
<soren> persia: Take it from someone who's had to do this way too many times: Don't bother.
 * persia stops the bug filing process, and looks forward to being able to actually use the "Virtualisation Host" on the powerpc server for maverick
<persia> soren: Yeah.  I'd have to actually care more than "Huh: be nice to do virtual test installs on that server once in a while".
<soren> persia: So, again: The fix for Lucid is probably just just disable kvm for powerpc.
<persia> I think you're right.  I can't upload that.  Feel like pushing a fix?
<soren> You can't? Why?
 * persia isn't core-dev
<soren> That's just silly.
<soren> It's probably the same problem for ia64, by the way.
 * soren looks at build logs..
<soren> Uh... No.
<soren> :)
 * persia has yet to find a small, quiet, low-power ia64 or sparc server, so has limited interest in those arches.
<soren> persia: I'm crazy busy these days.. If you whip up a patch, I'd be more than happy to sponsor it.
<soren> Who here is going to UDS, by the way?
 * soren raises his hand
<soren> Daviey: Are you coming this time?
<Daviey> soren: Oh aye o/
<soren> \o/
<Daviey> \o/
<persia> soren: `sed -i 's/any/i386 amd64 sparc armel/' debian/control; dch -i "Don't build on architectues where there is no kernel support"`
<soren> persia: Oh, no no.
<soren> persia: Just pass --disable-kvm to configure if attempting to build on powerpc.
<persia> That gives us qemu on powerpc?
<soren> persia: That's the idea.
<persia> Oh nifty.  I'll actually spend time on a patch that does that.
<soren> Well, hypothesis is more accurate, I guess.
<bluethundr> Why do I not see a  05-domain_id in /etc/amavis/conf.d on my Ubuntu mail server and why do I care/not care? http://pastebin.com/mjnL8uef
<soren> persia: Confirmed: http://www.mail-archive.com/qemu-devel@nongnu.org/msg23996.html
<soren> persia: (If anyone knows, it's agraf)
<persia> heh.
<persia> What's the ia64 fix?
<soren> persia: I'm not sure... Let me check.
<soren> persia: To not try at all, I think.
<soren> persia: Yup. ia64 host support didn't exist at all up until about a month ago.
<persia> soren: Thanks.  I'll adjust debian/control for that.
<soren> persia: Or we could just leave it as ftbfs. It's meant to work eventually.
<persia> Long as I'm cleaning up: it can be re-enabled for maverick, and it looks nicer.
<soren> persia: Certainly no reason to go and fix PaS at least. And if we don't do that, it's going to turn up as a ftbfs anyway.
<persia> soren: I was given an example earlier that implied Soyuz was smart enough to not need P-a-s for lots of stuff anymore, and am a bit interested in trying it out :)
<soren> persia: I was under the impression that it was intentional.
<persia> soren: What, ignoring .dsc input?  I think it was originally.
<soren> persia: I see. We finally realised it was a wart?
<persia> I think so.
<soren> Great. I've always thought it was. :)
<pths> I'm setting up DRBD and the notify scripts there use the mail command. Any suggestions for a pacakge that provide that command and would require the least possible configuration?
<joebike> >	i'm trying to set up source control, will i run into any problems if I use apache on my local and then nginx for my production environment? both on ubuntu
<twb> You don't need an httpd to run a VCS
<uvirtbot> New bug: #568908 in samba (main) "slow connect to samba shares" [Undecided,New] https://launchpad.net/bugs/568908
<ewook> I so do not like appliance-boxes.
<uvirtbot> New bug: #568946 in clamav (main) "clamav-base.postinst doesn't check user of clamd when it sets LocalSocketGroup" [Undecided,New] https://launchpad.net/bugs/568946
<NCommander> coffeedude: ping?
<persia> soren: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/568904
<uvirtbot> Launchpad bug 568904 in qemu-kvm "qemu-kvm FTBFS on powerpc and ia64" [Low,Triaged]
<persia> Tested and built successfully on powerpc.  Feel free to clean up the changelog if you have better explanations.
 * persia dislikes 2 minutes of coding taking 4 hours to check
<ttx> kirkland: about bug 532733, do you agree we should move it to potential SRU target rather than potential pre-release candidate ?
<uvirtbot> Launchpad bug 532733 in qemu-kvm "apt/dpkg in qemu-system-arm hangs if a big task is installed" [High,Incomplete] https://launchpad.net/bugs/532733
 * kirkland looks
<ttx> zul: same question about bug 541439
<uvirtbot> Launchpad bug 541439 in php5 "php5 should provide php5-mhash transitional package to remove mhash.ini conffile" [Wishlist,Triaged] https://launchpad.net/bugs/541439
<kirkland> ttx: yes, absolutely
<ttx> zul: did you ping the release team for bug 533029 ?
<uvirtbot> Launchpad bug 533029 in autofs5 "[FFE] autofs5-ldap doesn't work immediately after bootup" [High,Triaged] https://launchpad.net/bugs/533029
<ttx> me asks questions again
<ttx> zul: about bug 541439, do you agree we should move it to potential SRU target rather than potential pre-release candidate ?
<uvirtbot> Launchpad bug 541439 in php5 "php5 should provide php5-mhash transitional package to remove mhash.ini conffile" [Wishlist,Triaged] https://launchpad.net/bugs/541439
<zul> ttx: yep
<zul> ttx: what about it?
<ttx> zul: did you ping the release team for bug 533029 ?
<zul> ttx: yes
<zul> ttx: yep no response from slangasek
<ttx> ok
<persia> kirkland: You're doing qemu-kvm stuff now, right?  What do you think about bug #568904?
<ttx> i'll keep it on the "potential" list then
<uvirtbot> Launchpad bug 568904 in qemu-kvm "qemu-kvm FTBFS on powerpc and ia64" [Low,Triaged] https://launchpad.net/bugs/568904
<zul> if he did i missed it though
<ttx> smoser/kirkland: i'm keeping bug 565018 and bug 566792 on the release radar, even if I doubt we'll find anything by release day
<uvirtbot> Launchpad bug 565018 in cloud-init "instance is not reachable via ssh" [High,Confirmed] https://launchpad.net/bugs/565018
<uvirtbot> Launchpad bug 566792 in eucalyptus "UEC guests sometimes fail on consuming user data (metadata service isn't ready)" [High,Confirmed] https://launchpad.net/bugs/566792
<zul> ttx: im trying to tack down a php cgi crasher as well
<ttx> smoser: could any of those be explained by a DHCP conflict ?
<ttx> mathiaz: I keep bug 563829 as a potential pre-release fix, since you're on it... I suspect bug 423252 is quite unlikely and shouldbe moved to the "potential SRU" category ?
<uvirtbot> Launchpad bug 563829 in openldap "olcAccess are options broken on upgrade in {-1}frontend.ldif" [Medium,In progress] https://launchpad.net/bugs/563829
<uvirtbot> Launchpad bug 423252 in sudo "NSS using LDAP on Karmic breaks 'su' and 'sudo'" [High,Confirmed] https://launchpad.net/bugs/423252
<mathiaz> ttx: bug 563829 - yes I have something ready to rool
<smoser> ttx, for "not reachable via ssh" i can't come up with an explanation that would be caused by dual dhcp. additionally, other people see it and don't have the dhcp symtoms. kirkland saw it several times last night. i had him enable debug and kick off  arun
<mathiaz> ttx: roll
<ttx> kirkland, mathiaz, hggdh, please update status for your remaining work items on http://people.canonical.com/~pitti/workitems/canonical-server-ubuntu-10.04.html
<mathiaz> ttx: I was planning to get slangasek review
<smoser> for the other, that originally came from the data center, where we have no reason to suspect dual dhcp
<ttx> mathiaz: sounds good.
<ttx> smoser: ok
<smoser> and also, there we saw "200 OK" response from the server, with empty data
<ttx> which cannot be right.
<SpaceBass> hey folks
<smoser> which i guess could be routing... if there was another server answering
<smoser> some server that thought it was that funky address
<SpaceBass> any software raid gurus? My system crashed in the middle of running fsck on my raid - now I cannot mount it, although it seems to be running cleanly
<ttx> mathiaz: what about bug 423252 ?
<uvirtbot> Launchpad bug 423252 in sudo "NSS using LDAP on Karmic breaks 'su' and 'sudo'" [High,Confirmed] https://launchpad.net/bugs/423252
<mathiaz> ttx: sru
<ttx> ack
<e-DIO-t>  yO!
<SpaceBass> false alarm... found it... system is still running fsck on the drive...must have resumed after the reboot?
<ttx> mathiaz, kirkland, smoser, zul: please have a look at https://wiki.ubuntu.com/ServerTeam/ReleaseStatus and confirm it reflects our current status -- meeting in 1 hour
<kirkland> ttx: doing now
<zul> ttx: looks good
<smoser> ttx, yeah, looks good here.
<smoser> i hope that hggdh can run a topo2 test today
<smoser> kirkland, you have results form your last night debug run ?
<ttx> the idea is "what we might try to sneak into release", given that everything that can be safely SRUed will be, to leave some room in the build q
<kirkland> ttx: the two UEC bugs under "might try to fix by release" ... those are almost certainly SRUs
<ttx> the two cloud image issues ?
<zul> ttx: can you poke slangasek about autofs5 in the meeting today
<ScottK> ttx: There's a clamav upload that might yet get in.  It's got an unfortunately large and complex diff due to problems in our current package's debconf handling.  What's in queue now is what Debian went with.
<zul> ttx: my large pointy stick doesnt seem to be pointy enough
<ttx> ScottK: you have a bug number ?
<ScottK> ttx: No bugs written, just some stuff ends up configured in ways that would suprise users if they noticed.
<ScottK> AFAIK no one noticed yet.
<ttx> ScottK: ok, added
<ttx> ScottK: I also have a "universe" section for last minte opportunity fixes on that page
<ttx> ScottK: following up on your ML post
<ScottK> Great
<ScottK> Once the language packs are done and it's clear there aren't major Main uploads coming I'll push more of that
<oru_work> can someone please remind me where DNS servers are defined ?
<klaas> resolv.conf
<klaas> in /etc
<hggdh> smoser: I will run a topo2, yes. As soon as I find out wht cempedak rebooted in the middle of the night
<oru_work> i see
<nxvl> zul: i'm uploading fix for Bug #566803 to debian
<uvirtbot> Launchpad bug 566803 in augeas "/usr/share/augeas/lenses/dist/iptables.aug should use a different path" [Low,Triaged] https://launchpad.net/bugs/566803
<nxvl> mathiaz: ^^
<zul> nxvl: mind if i just cherry pick it?
<nxvl> if you want to
<zul> i really dont want to do a FFE for the version in debian
<nxvl> ok, will paste the patch in a bit
<nxvl> let me finish uploading
<zul> thanks
<nxvl> paste.ubuntu.com/421067/
<nxvl> http://paste.ubuntu.com/421067/
<crazygir> ssh known_hosts question.. how do you identify which host is which?
<crazygir> I'm cursing these damn uuid conventions
<crazygir> I have to remove one host from my known_hosts file, as the system has changed.. but knowing which host is which isn't so straight forward with uids
<raphink> crazygir: you can use real names if you prefer
<raphink> use HashKnownHosts no
<raphink> if your ssh config
<raphink> s/if/in/
<ScottK> crazygir: When you fail to connect to the host, the error gives you the line number of the offending entry.
<raphink> also
<crazygir> thanks!
<zul> nxvl: fix uploaded
<nxvl> :D
<kamusin> I was installing RC of Lucid and I get https://bugs.edge.launchpad.net/ubuntu/+source/debian-installer/+bug/569035, have you seen something similar?
<uvirtbot> Launchpad bug 569035 in debian-installer "[Lucid-RC] exiting on error base-installer/kernel/failed-install" [Undecided,New]
<ttx> <ttx> kirkland, mathiaz, hggdh, please update status for your remaining work items on http://people.canonical.com/~pitti/workitems/canonical-server-ubuntu-10.04.html -- or I'll assume it's the current state
<kirkland> ttx: i just need to have a short conversation with hggdh to sign off on the rc tests
<ttx> kirkland: ack
<kirkland> ttx: actually, i can sign off on the RC-candidate tests
<hggdh> ttx: I cannot perform the upgrade tests, cannot run KVM yet on my box
<kirkland> hggdh: do you have mumble working yet?
<hggdh> kirkland: yes, plugging in
<kirkland> hggdh: jump in my channel for a couple of minutes, and let's hammer out the sign-off bits
<hggdh> kirkland: ack
<hggdh> kirkland: of course, if I do not sounds like a chipmonk
<\sh> hmmm...I wonder why couchdb needs libasound somehow and several X libs
<\sh> + libavahi on a server
<\sh> oha...erlang and it's X crap
<\sh> oh damn...it's xulrunner dep and I have a server with a desktop installation ;)
<npope> greetings all.
<npope> I am trying to move /var (which is currently on /) to its own disk, lvm.  Whenever i drop to single user mode and copy /var/* over to /new_var/ update fstab and reboot. it fails saying can not mount /var/lock and /var/run (however both directories both exsist on /new_var).  Any suggestions?
<smoser> https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/564355
<uvirtbot> Launchpad bug 564355 in eucalyptus "Second euca-run-instance request in same security group causes eucalyptus to remove network assoicated with security group" [High,New]
<Eric^-> Hey gues
<Eric^-> guys*
<Eric^-> Does dell have a diffrent cord to external screens?
<hggdh> smoser: topo2 logs from 04/23 are at tamarind:/home/cerdea/rig-topo2-logs.tar
<jdstrand> mathiaz: hi!
<jdstrand> mathiaz: why does the mysql error log have these permissions:
<jdstrand> /var/log/mysql/error.log -rw-rw---- mysql adm
<jdstrand> ttx: also, do you know why the tomcat webapps directory has these permissions:
<jdstrand> /var/lib/tomcat6/webapps drwxrwxr-x tomcat6 adm
<jdstrand> 'adm' seems on odd choice for the group in both...
<jdstrand> zul: this looks odd:
<jdstrand> /var/lib/php5 drwx-wx-wt root root
<mathiaz> jdstrand: hm - it may be related to the umask
<mathiaz> jdstrand: are you running a specific script?
<jdstrand> mathiaz: I'm confused
<jdstrand> mathiaz: what do you mean? I used find and discovered these
<zul> jdstrand: not sure why?
<mathiaz> jdstrand: sorry - you've just started to list a lot of permission problems
<mathiaz> jdstrand: I thought you were a specific security scripts that look for these issues
<mathiaz> jdstrand: that's all I meant
<jdstrand> zul: world writable for /var/lib/php5?
<zul> jdstrand: hmmm...
<jdstrand> mathiaz: I am using the QRT get_file_info.sh script
<mathiaz> jdstrand: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/lucid/mysql-dfsg-5.1/lucid/annotate/head%3A/debian/mysql-server-5.1.mysql.upstart
<mathiaz> jdstrand: ^^ there is a umask settings there
<mathiaz> jdstrand: I'm not sure what's the impact of it
<jdstrand> mathiaz: I'm more concerned about the group 'adm' having write permission
<mathiaz> jdstrand: so for the mysql error log the unusual part is that adm has write permision?
<jdstrand> mathiaz: that is highly unusual for a log
<mathiaz> jdstrand: right
<zul> jdstrand: well i know the /var/lib/php5 is used for garbage collection at least
<jcastro> mathiaz: so puppet is sending michael dehann, who worked as cobbler upstream for a while.
<jdstrand> mathiaz: do you consider this a bug (I do)? if so, I can file it
<mathiaz> jdstrand: if the umask is set to 007 could that produc such a permission?
<jcastro> mathiaz: so if you care about that you can get 2 birds with 1 stone
<mathiaz> jcastro: great - thanks
<mathiaz> jdstrand: please file a bug
<mathiaz> jdstrand: and outline why it's an issue
<Scunizi> How do I list the contents of a directory on a samba share using cli?  ie.. "ls smb://<ip>/<share>" ??
<jdstrand> mathiaz: possibly-- it could maybe be fixed with 027, but I don't know what impact that would have on other files created
<jdstrand> mathiaz: I'll mention that in the bug
<mathiaz> jdstrand: great - thanks
<mathiaz> jdstrand: I don't think this is releace critical though
<jdstrand> mathiaz: no, it isn't
<Pici> Scunizi: You'll either need to mount it or use smbclient.
<jdstrand> mathiaz: possibly, SRU, but that is your decision
<Pici> Scunizi: smbclient probably has a batch-like mode where you can just issue an ls.
<Scunizi> Pici: ok.. I'll man smbclient for info .. I've been messing with an Fstab line to auto mount the share but have been unsuccessful at this point.. manually mounting it is no problem
<jdstrand> mathiaz: filed as bug #569085. I'll let you decide how to triage it
<uvirtbot> Launchpad bug 569085 in mysql-dfsg-5.1 "improper group write permission for error.log" [Undecided,New] https://launchpad.net/bugs/569085
<jdstrand> mdeslaur: do you know why php5 has this:
<jdstrand> /var/lib/php5 drwx-wx-wt root root
<jdstrand> mdeslaur: that looks very wrong to me...
<jdstrand> mdeslaur: zul speculated garbage collection
<mdeslaur> jdstrand: well, it's where php stores stuff like session information
<mdeslaur> jdstrand: what exactly do you think is wrong with the permissions?
<jdstrand> mdeslaur: I don't know what it is used for-- if it is only session info, then fine. if it is part of include_path, far less fine ;)
<jdstrand> mdeslaur: I guess I was thinking sessions should be /var/cache/php5 or something... /var/lib seemed like it suggests something else (but may not)
<jdstrand> hardy is the same btw...
<uvirtbot> New bug: #569085 in mysql-dfsg-5.1 (main) "improper group write permission for error.log" [Low,Confirmed] https://launchpad.net/bugs/569085
<jdstrand> mdeslaur: well, I've added it to my list of further investigations
<mdeslaur> jdstrand: it's the default session.save_path
<jdstrand> mdeslaur: ok cool. thanks :)
<uvirtbot> New bug: #569118 in tomcat6 (main) "improper group write permission for /var/lib/tomcat6/webapps" [Low,Confirmed] https://launchpad.net/bugs/569118
<ivoks> kirkland: have a minute?
<kirkland> ivoks: shoot
<ivoks> kirkland: i'm investigating why qemu image won't boot with drive option boot=on (default and only option in libvirt)
<ivoks> kirkland: and i noticed different instructions from seabios with boot=on, boot=off
<ivoks> with boot=off, seabios resets ata drive
<ivoks> while with boot=on it doesn't
<kirkland> ivoks: interesting; i've not seen this
<ivoks> kirkland: have you tried booting without kvm? :)
<ruben23> hi any knows how to used phpsysinfo
<ivoks> kirkland: http://pastebin.com/KbUhXJqW
<ivoks> i've modified seabios's source to print debug info (level 8)
<kirkland> ivoks: you mean just through qemu?
<ivoks> kirkland: yes
<kirkland> ivoks: i have not tried that
<kirkland> ivoks: perhaps ask aliguori in #ubuntu-virt ?
<ivoks> simple command: /usr/bin/qemu -M pc-0.12 -no-kvm -m 512 -smp 1 -name blabla3 -no-acpi -boot c -drive file=/home/ivoks/VM/blabla3/tmpojECnn.qcow2,if=ide,index=0,boot=off -serial file:/tmp/bla2.log -parallel none -usb -vga cirrus
<ivoks> this works, but with boot=on it doesn't
<Dr_Alien> Hi guys
<Dr_Alien> i want to deploy a web server with an ftp function. ive been trying to install ebox but appamour fails and blocks the installation, any alternatives or ideas on what i should do? many thanks
<nealmcb_> Dr_Alien: what is the apparmor error message?
<Dr_Alien> just FAILED according to my putty system.
<mathiaz> hggdh: I've just created an LP project for uec-testing-scripts
<mathiaz> hggdh: I've also created a team uec-testing-scripts-dev to host the bzr branch
<mathiaz> hggdh: I've added you as a member of the team
<mathiaz> hggdh: which means you should have write access to the branch
<mathiaz> hggdh: lp:uec-testing-scripts/
<hggdh> mathiaz: thank you. And, BTW, the scripts are marvelous!
<mathiaz> hggdh: thanks
<mathiaz> hggdh: is the debugging info enough?
<hggdh> yes, just received an email about the project
<zul> mathiaz: ping for the testcase for 292971 be applied to the older versions as well?
<mathiaz> zul: bug 292971 ?
<uvirtbot> Launchpad bug 292971 in libnss-ldap "nscd leaking memory using libnss-ldap" [High,Fix released] https://launchpad.net/bugs/292971
<hggdh> mathiaz: I think so. The only thing to look at is make sure the logs have the correct {debug,info,warning, etc} settings
<mathiaz> zul: you may not be able to use the openldap-dit project for an older version of ubuntu
<mathiaz> zul: especially for hardy
<zul> mathiaz: i was afraid of that ;)
<mathiaz> zul: you may be able to go back in the bzr branch history
<mathiaz> zul: there should be a version in the history of the openldap-dit project that was targeted at hardy
<mathiaz> zul: so you could use that version for testing
<zul> mathiaz: ok thanks ill go pick away at it
<mathiaz> zul: great - thanks
<Dr_Alien> Neal ill run diagnostics in a sec and see if i can do it again
<Dr_Alien> im not sure how to install ebox really..
<Dr_Alien> i cant FTP files up
<Dr_Alien> so i have to use ssh to get the files.
<MattCampbell> I configured a virtual machine using libvirt, using the NAT networking option, and now I went to set up some port forwarding, e.g. so connections to port 25 on one of the host's IP addresses are forwarded to port 25 in the VM.  But I want the VM to see the real source IP.
<MattCampbell> My guess is that I should use iptables to do this.
<Dr_Alien> does anyone have issues configuring ebox?
<guntbert> Dr_Alien: no offense - but don't you think that in the time you've put into ebox you would have been able to configure your server completely to your needs?
<Dr_Alien> Guntbert, im having issues with adding new uses to an FTP server.
<Dr_Alien> if you could tell me how to do this and seccure my ftp box that would be prue gold.
<guntbert> Dr_Alien: that is nothing I have done - but for a start: what ftp server are you using?
<Dr_Alien> vtftp i think
<guntbert> Dr_Alien: sorry "I think" is not good enough - the configuration files and methods are different between servers
<Dr_Alien> Ok let me see.
<Dr_Alien> its http://doc.etherpad.org/F7Txtk7IeB
<Dr_Alien> ops
<Dr_Alien> sorry
<Dr_Alien>  vsftpd
<guntbert> Dr_Alien: please use my nick when you are talking to me to highlight me - I'm participating in several channels - let me look into the docu - I'll be back
<Dr_Alien> Sure. thanks
<hggdh> smoser: do you need topo3 on the rig for tests?
<ruben23> hi nayone can help how to used phpsysinfo..?
<smoser> did you already run them ?
<smoser> hggdh, ?
<hggdh> I ran the stress on topo3, 93% success. I will reconfigure to topo4 is you do not need the rig now
<hggdh> smoser: ^
<smoser> sure.
<smoser> you can have it
<smoser> can i see the topo3 results some where ?
<smoser> and 93% of what
<hggdh> k, topo4 on the way now ;-)
<jeeves_Moss> how can I make a startup script that runs ONCE @ startup (ie. server startup) under a specific user?  (ie., I need to get 2 game servers to start @ startup, but have them run as a non priv user)
<hggdh> smoser: 93% success on creating, using, and destryoying instances
<smoser> T * .93 = S
<smoser> what is the value of T
<smoser> hggdh,
<guntbert> Dr_Alien: please have a look at http://howto.gumph.org/content/setup-virtual-users-and-directories-in-vsftpd/  -- its written for debian but I see no reason why it wouldn't apply to ubuntu - ask if questions remain :-))
<hggdh> smoser: 400
<FFF666> I've started an image in UEC, it's my first run.  Then I use the "watch -n5 euca-describe-instances" command to see the current state of the image. After a while the image doesn't start
<hggdh> smoser: 400 total instances, 384 OK, 16 KO
<smoser> yeah. can you post console logs of 16 failures ?
<FFF666> smoser: are you talking to me?
<hggdh> smoser: I will upload everything (uec_test.py results, euca logs) to tamarind
<smoser> FFF666, no, i wasnt.
<smoser> but what is "a while"
<FFF666> 3 minutes
<FFF666> but the state now says terminated
<smoser> my first guess is that image is to big to fitin your --instance-type
<FFF666> i put small
<smoser> whats your image ?
<FFF666> ahhhhh
<FFF666> ubuntu 9.10
<smoser> yeah, that wont fit in 2G
<smoser> the lucid ones do
<smoser> so you can either
<smoser> a.) run lucid
<smoser>  (image)
<smoser> b.) modify instance type of small to 3G
<smoser> c.) use --instance-type c1.medium
<FFF666> ok, I'll try
<hggdh> smoser: tamarind:/home/cerda/rc-topo3.tar
<hggdh> smoser: sorry, /home/cerdea
<funkycat90210> I'm having a problem whereby 8.04LTS packages are too old for newer apps I want to install. So I want to move from 8.04LTS to 9.10 or even 10.4 non-LTS, can I upgrade remotely or should I do a fresh install?
<npope> funkycat90210: upgrade remotley with dist-upgrade
<ScottK> funkycat90210: Upgrading is generally reasonably safe, however to upgrad to 9.10 you need to do it in steps: 8.04 -> 8.10 -> 9.04 -> 9.10.
<funkycat90210> npope, thx
<npope> funkycat90210: you need to follow ScottK's steps though, you cant just go from 8.04 to 9.10
<guntbert> funkycat90210: LTS -> LTS goes in one step - every other combination: only step by step
<npope> can you go from 8.04 to 10.04 yet?  (10.04 is not released yet?)
<ScottK> Also use update manager to do it.
<ScottK> npope: It's not recommended unless you know what you are doing.
<funkycat90210> guntbert, which is fine assuming the steps work, some reports on the web suggest that doing so results in an unbootable system requiring manual intervention so I may have to drive to the datacenter to do this
<ScottK> sudo do-release-upgrade is the command
<npope> ScottK: dist-upgrade?
<ScottK> npope: Going direct from 8.04 -> 10.04 before it's release is not recommended for general use.
<FFF666> smoser: I installed the cloud UEC in the vmware  virtual machine, is that ok?
<ScottK> do-release-upgreade is better for going from release to release than just dist-upgrade.
<funkycat90210> ScottK, i dont have access to the gui but would do-release-upgrade do it?
<npope> ScottK: oh I know thats why I posed the question
<ScottK> Yes
<ScottK> funkycat90210: Yes.  That's all cli
<funkycat90210> ScottK, nice
<guntbert> funkycat90210: well - in my experience upgrades only have problems with things like sound or video - which you don't need in this case :-)  but of course my experience is limited
<funkycat90210> guntbert, thx.. I'll upgrade a machine and see how that works, in theory I can upgrade all 6 or so machines via do-release-upgrade
<smoser> FFF666, i'm not sure if you can install all components on a single system or not.  i know its on-trivial. lifeless was working on trying that.
<funkycat90210> so do-release-upgrade 8.10 then 9.04 then 9.10
<guntbert> funkycat90210: yes but either you wait for the release of lucid or you do it step by step :-)
<smoser> additionally you need vt extensions on the node controllers (ie, they must run 'kvm-ok')
<smoser> i'm not sure if that is possible in a vmware guest or not
<smoser> it *could*, but its not going to be fast.
<uvirtbot> New bug: #569167 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/569167
<funkycat90210> guntbert, so when lucid comes out i'll be able to do do-release-upgrade 10.04 directly?
<FFF666> smoser: I followed this guide https://help.ubuntu.com/community/UEC/CDInstall.
<FFF666> I have two ubuntu servers installed
<guntbert> funkycat90210: according to documentation yes - thats one of the points of LTS releases
<ScottK> You CAN do it now, it's just not recommended or supported.
<funkycat90210> guntbert, well in that case I'll go from 8.04LTS to 10.10LTS and I want to move away from LTS
<smoser> FFF666, you have 2 virutal servers installed as vmware guests ?
<funkycat90210> err 10.4 LTSi ment to say
<guntbert> Dr_Alien: there will be one or two adaptions to the tutorial
<funkycat90210> Can I go from 10.4LTS to 10.10non-LTS?
<smoser> FFF666, what does 'kvm-ok' show on the node controller
<FFF666> smoser: yes I've two
<guntbert> funkycat90210: of course you will be able to do that - but from  then  on you will need to upgrade step by step
<FFF666> smoser: kvm-ok  is a coomand?
<smoser> y
<FFF666> it says: your cpu does not support KVM extentions
<FFF666> KVM acceleratoin can NOT be used
<funkycat90210> guntbert, got it.
<FFF666> Do I have to used two real compuers?
<smoser> FFF666, then without some hacking you wont be able to do this.
<smoser> FFF666, the requirement is for vt extensions on the cpu.
<smoser> most likely that means "real computers"
<FFF666> but Ihave a "new" pc, it's a core 2 duo 8600,
<FFF666> but Ihave a "new" pc, it's a core 2 duo P8600,
<FFF666> I'll check the bios
<smoser> because your host supports VT does not mean your guests do
<smoser> kvm has support for nested vt with amd processors
<smoser> it would appear that vmware does not support nested vt with intel
<smoser> it *could*
<funkycat90210> ohh so I should wait for 10.4 LTS, upgrade to that from 8.04 LTS, then when 10.10 comes out, edit /etc/update-manager/release-upgrades, change prompt from lts to normal then do do-release-upgrade
<funkycat90210> sounds right or do i need more coffee?
<funkycat90210> http://www.howtoforge.com/how-to-upgrade-ubuntu-8.04-to-ubuntu-8.10-desktop-and-server has info on upgrading out of LTS
<sirninja> I've put ubuntu server 9.10 on an old laptop that I don't use any more. How do I get it to automatically connect to a wireless network on startup?
<sirninja> and I know I don't need restricted drivers because in the desktop version, the wireless card was detected automatically
<funkycat90210> sirninja, years ago I set up a custom wpa_supplicant command to do this, it seems like distros assume only people logging into a gui will use wireless.
<sirninja> funkycat90210: if it's really difficult, it's not that big of a deal to run a cable, will that be easier?
<funkycat90210> sirninja, much easier
<funkycat90210> sirninja, just set up dhcp/static ip and it will work on bootup
<sirninja> funkycat90210: I found wicd supports wireless networks. Would that work?
<FFF666> smoser: are you there?
<smoser> yeah
<FFF666> smoser: the image state is terminated, it doesn't work
<smoser> right.
<smoser> its not going to.
<FFF666> smoser: why?
<smoser> because you have to have VT support in the node controller
<smoser> ie, 'kvm-ok' needs to say : KVM acceleration can be used
<FFF666> so, that is a requerimient?
<AtomicSpark> Does anyone know what power profile Ubuntu Server defaults to? Ubuntu Desktop defaults to on demand where it scales back the cpu freq when it's not needed.
<smoser> *or* you'd need to hack it so that it would use kvm without acceleration, whic hwoudl give you terribly slow guest performance (guest performance without vt acceleration is bad on real metal in kvm)
<smoser> FFF666, yes, it is a requirement.
<funkycat90210> sirninja, non familiar with wicd
<AtomicSpark> smoser: which is just qemu.
<smoser> AtomicSpark, right.
<AtomicSpark> indeed.
<AtomicSpark> I just joined, let me guess, someone wants to libvirt without cpu extentions?
<smoser> this could in theory work.  with amd processors, you could run 2 guests on the same virtual network using kvm as the hypervisor.
<smoser> then, those guests would see vt support also.
<smoser> it'd be slow. but it would (in theory) work.
<smoser> AtomicSpark, well, yes, but at a higher level. FFF666 wants to run UEC (which uses libvirt) inside VMware guests.
<smoser> it isn't an uncommon request.. it makes sense for trying something out.
<smoser> its just not supported.
<AtomicSpark> So basically a VM within a VM?
<FFF666> yes
<smoser> yeah
<AtomicSpark> Interesting.
<smoser> nested vt is supported with kvm and amd
<AtomicSpark> I did not know that.
<smoser> http://www.linux-kvm.com/content/kvm-nested-virtualization-works
<AtomicSpark> Makes sense I suppose.
<FFF666> smoser: so, I have to install UEC in a real PC?
<smoser> the simple answer is yes
<smoser> on 2 real pcs
<smoser> that have VT extensions
<FFF666> I've in my laptop VT extension, it's a core2 duo P8600
<smoser> yeah. anything recent other than netbooks its the norm
<smoser> and if its amd64 you'd be hard pressed to not find it
<AtomicSpark> It's tricky with Intels. They didn't put VT on everything.
<FFF666> but why the kvm-ok command says that I don't have acceleration?
<smoser> or, rather, they put VT on everything and disable it control pricing more effectively :)
<AtomicSpark> FFF666: Did you enable it in BIOS? Did you know you have to power off *and* remove the battery?
<smoser> FFF666, because the virtual machine that you're running that command in does not have vt
<FFF666> ok, I'll check the bios
<AtomicSpark> smoser: Something like that, yes. Business 101: Make a single thing with a set of features then clone it and disable features. Instant tiered pricing!
<FFF666> Will you both still there?
<FFF666> 	Will you both still here?
<smoser> i'll be here for a bit.
<AtomicSpark> Maybe. I don't lurk in here often, but I'll wait for you.
<smoser> FFF666, most likely your laptop does have it
<smoser> you ran kvm-ok on your laptop ?
<smoser> "bare metal" ?
<FFF666> ok, if you havent noticed I'm learning english
<FFF666> jaaj
<FFF666> or haha, as you laugh
<FFF666> :)
<AtomicSpark> smoser: i didn't know about kvm-ok. what is that packaged with? the wiki just tells you to grep the cpu info file.
<smoser> in lucid it is packaged with cpu-checker
<AtomicSpark> Hmm.
<smoser> previously it was in kvm.  which didn't make it easy to use. i *think* (kirkland would know better) it was moved to a different package, that was tiny and easily installed (possibly by default), so that you could run it without installing kvm
<AtomicSpark> Makes sense.
<AtomicSpark> I use virt-manager to remotely manage/install virtual machines on my headless proliant server. Works *very* well.
<hggdh> kirkland: topo3 complete, 400 total runs, 16 failures, available at tamarind:/home/cerdea/rc-topo3.tar
<hggdh> kirkland: now setting up topo4
<hggdh> BTW -- the package is cpu-checker, and -- IIRC -- it is installed by default
<sirninja> how do I set up a static ip?
<AtomicSpark> sirninja: /etc/network/interfaces
<AtomicSpark> sirninja: man interfaces
<AtomicSpark> sirninja: or read the ubuntu server guide
<AtomicSpark> It's pretty simple.
<AtomicSpark> With that said, I usually use static DHCP for all of my servers so I can have a single place to reassign them. Changing many computers would be a pita without it.
<sirninja> AtomicSpark: That's a good idea. I didn't think of doing that
<AtomicSpark> It's a very good idea. Unless your DHCP server goes down. :)
<AtomicSpark> But most people seem to use hostnames anyways for uris. So if your DHCP/DNS server goes down, you're screwed either way.
<sirninja> AtomicSpark: well, I'm just setting up a torrent box, so it may just be easier to set it on the actual torrent box
<AtomicSpark> Ah. I still use static dhcp. Very nice. Same place to set up port forwarding too.
<sirninja> AtomicSpark: I'm looking to see if my router has an option for that, but I don't see any
<AtomicSpark> Shame.
<AtomicSpark> Mine is called static leases?
<AtomicSpark> I use the Tomato firmware on my WRT54GL
<sirninja> I found it
<AtomicSpark> Yay!
<sirninja> I'm using dd-wrt
<AtomicSpark> Boo. :P
<sirninja> it's the only thing my router could run besides the default firmware sadly
<AtomicSpark> I know. :(
<AtomicSpark> I forgive you for your gpl violation.
<AtomicSpark> Dinner time.
<ruben23>  hi guys how do i ssh command form my linux box
<uvirtbot> New bug: #569200 in openssh (main) "openssh on ubuntu 9.10" [Undecided,New] https://launchpad.net/bugs/569200
<uvirtbot> New bug: #569203 in mysql-dfsg-5.1 (main) "failed to start MySQL database server mysqld [fail] " [Undecided,New] https://launchpad.net/bugs/569203
<ecrane> Hi can someone advise me how to start ubuntu's NFS server in verbose mode? Need to debug why other unix boxes can connect to my NFS shares, but windows can't....
<konqrunner> @ecrane: Did you check the 'Troubleshooting' section at https://help.ubuntu.com/community/NFSv4Howto ?
<ecrane> yeah but I saw nothing in there for logging for nfsd, just for logging on gssd/kerberos
<konqrunner> @ecrane: Looks like you have to start logging differently for the different daemons.
<konqrunner> I found this site: http://docs.hp.com/en/5992-0715/ch08s05.html where they explain logging for rpc.mountd, rpc.statd and rpc.lockd
<konqrunner> You'll probably have to adjust paths etc. to your distro
<konqrunner> I guess with connection problems, rpc.mountd would be the natural choice, right?
<ecrane> konqrunner: good stuff, ty.
<konqrunner> you're welcome. HTH
<Jeeves_Moss> what am I doing wrong with my apache file?  http://pastebin.com/zzEriT4m  I can't get my v-hosts to work
<konqrunner> Jeeves_Moss: What do you mean by 'can't get my vhosts to work'? What kind of error do you get?
<Jeeves_Moss> konqrunner, it won't direct to the proper public_html directory
<Jeeves_Moss> konqrunner, so, I don't think that it's directing to the proper directory baised on domin name
<konqrunner> Jeeves_Moss, Did you enable the config file for the vhost you're trying to access?
<konqrunner> Jeeves_Moss: Check /etc/apache2/sites-enabled. There needs to be a symlink to the vhost config file in /etc/apache2/sites-available/
<konqrunner> Then you'll have to restart httpd, naturally
<konqrunner> If that doesn't help: Do you have any server management software installed. Esp. Plesk is very unnerving if it comes to overriding manual configs...
<Jeeves_Moss> konqrunner, nope, virgin install
<konqrunner> How about that symlink?
<Jeeves_Moss> ???
<konqrunner> With apache2, you can configure as many vhosts as you like, without taking up resources
<konqrunner> So, if you want to actually run a vhost, you need to tell apache that you want to enable it
<Jeeves_Moss> well, that's a copy of the vhost config file for one of the domains
<konqrunner> you do so by placing a symlink in /etc/apache2/sites-enabled, which points to the configuration file in /etc/apache2/sites-available.
<Jeeves_Moss> yes, it's set up like that
<konqrunner> But you do get a page served when you call up the vhost's URL?
<Jeeves_Moss> I get the default "it works!" page
<bogeyd6> !apache2
<bogeyd6> hmm
<bogeyd6> !apache
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<bogeyd6> https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<Jeeves_Moss> konqrunner, any ideas?
<konqrunner> Hang on, I had a similar error a while back. Trying to figure out, what it was...
#ubuntu-server 2010-04-24
<Jeeves_Moss> konqrunner,  kk, as I said, I think it's something stupid
<konqrunner> Jeeves_Moss: Check your main configuration (/etc/apache2/sites-available/default). Is the default server configured as a vhost as well?
<Jeeves_Moss> konqrunner, one sec.
<Jeeves_Moss> konqrunner, this is an example of the v-host Dear Madam or Sir:
<Jeeves_Moss> I would like to introduce myself as a candidate for the systems administrator position that is currently available within your organization.
<Jeeves_Moss> Over the last twelve years I have been involved in many sales and information technology functions, in both retail and customer support environments.  Recently I have been doing contract work for local clients in a Systems and Network administrator role.
<Jeeves_Moss> Accomplishments:
<Jeeves_Moss> As the owner of Scotty Knows I.T., I managed many projects under contract ranging from small one person businesses up to multi-million dollar organizations.
<Jeeves_Moss> I have had to negotiate all levels of organizations, at sites of up to 1000 employees. i.e.: Vice Presidents, Site Services Managers (Environment, Maintenance, IT, HR, Accounting, Purchasing, Engineering).
<Jeeves_Moss> My experience at all levels and sizes of organizations has given me a better understanding of time/mission critical installations and I.T.
<Jeeves_Moss> maintenance has become in a businessâs infrastructure, and has given me the skills to best navigate and plan such work.
<Jeeves_Moss> Implementation of:
<Jeeves_Moss> o    Enterprise Resource Planning System as a system manager for
<Jeeves_Moss> Northbound publications;
<Jeeves_Moss> o    Designed training programs as Training Manager for RadioShack
<Jeeves_Moss> Guelph (as the assistant manager);
<Jeeves_Moss> o    Human Resources Manager (including scheduling & payroll) for Scotty
<konqrunner> Whoa, I guess that was the wrong copy, wasn't it ;-)
<Jeeves_Moss> konqrunner,  lol, yep
<Jeeves_Moss> konqrunner, ok, here we go.
<Jeeves_Moss> konqrunner, 000-default = http://pastebin.com/sNxHntXE, first v-host = http://pastebin.com/zzEriT4m
<konqrunner> Jeeves_Moss: I think I see something
<Jeeves_Moss> konqrunner, yea!!!  LOL
<konqrunner> There seems to be one slash too many in your document root of the vhost
<Jeeves_Moss> lol
<Jeeves_Moss> ok, one sec
<konqrunner> Try ocumentRoot /mnt/raid/www_root/moseley.ca/public_html
<Jeeves_Moss> I want to see if this works
<Jeeves_Moss> nope, dosn't work
<Jeeves_Moss> brb, I have to quickly deal with an equine
<konqrunner> Jeeves_Moss: I re-wrote part of your vhost config: http://pastebin.com/SbYJWUBT
<cloakable> Anybody testing 10.04 at the moment? :)
<Jeeves_Moss> konqrunner, ok, I'm back
<Jeeves_Moss> cloakable, 10.04, not yet
<cloakable> aha
<konqrunner> Jeeves_Moss: I re-wrote part of your vhost config: http://pastebin.com/SbYJWUBT
<Jeeves_Moss> konqrunner, I think that did it, one sec
<Jeeves_Moss> konqrunner, well, it looks like the first site works, but the rest of them don't work
<konqrunner> Hmm, I at a loss here... All config files look exactly the, all vhosts were enable (a2ensite) and all permission grant apache access to the respective directories?
<Jeeves_Moss> konqrunner,  lol, so am I.  it should just be, make the v-host configs, restart the server, and away we go
<konqrunner> Jeeves_Moss: Did you change the default site's config as well? I'm pretty sure there was something about _not_ placing a trailing slash on DocRoots...
<Jeeves_Moss> hummm, not that I remember
<konqrunner> What- the slash or the change of the default config..? :-)
<Jeeves_Moss> konqrunner,  this is pissin' me off!  LOL
<Jeeves_Moss> konqrunner, the ONLY configs in the sites-enabled are the 2 v-hosts (same as the ones you sent me, diff server/doc roots),
<konqrunner> Jeeves_Moss: Well, if the first site works, then disengage the other vhosts (a2dissite), delete the configs in /etc/apache2/sites-available...
<Jeeves_Moss> ok, one sec
<konqrunner> then copy the working vhost's config and alter it to the appropriate names etc
<konqrunner> then a2ensite, apache2 restart and try again...
<Jeeves_Moss> we're getting this when I restart apache.  "[Fri Apr 23 19:38:37 2010] [error] (EAI 2)Name or service not known: Could not resolve host name *: -- ignoring!"
<konqrunner> Hah! Then check your dns config!
<konqrunner> If you're trying to set the sites up locally, you'll probably have to enter their name in /etc/hosts
<jorge_> hi everyone, im having problems connecting to a PPTP VPN server, it works in windows, but it doesnt on ubuntu 9.10, I check syslog says: modem hangup..any clues?
<Jeeves_Moss> konqrunner, this box dosn't have DNS installed on it (and neither did my last config before the HDD died), and I had it working
<konqrunner> jorge_: that's a network manager problem (it was for 9.04) - check Launchpad for the bug report
<Jeeves_Moss> konqrunner, ideas?
<konqrunner> Jeeves_Moss: Hang on, I found a similar error in a German ubuntu forum - I'll have to translate it first
<konqrunner> Jeeves_Moss: Okay, no. 1: Are you testing locally or on a fully-qualified internet host?
<konqrunner> Jeeves_Moss: And no. 2: Are the domains possibly registered to an IP address other than the machine's that you're currently working on?
<Jeeves_Moss> konqrunner, this box is behind a NAT (with port forwarding), and the domains are pointing to my static IP
<konqrunner> Okay, looks like the directive 'NameVirtualHost' is the culprit.
<Jeeves_Moss> konqrunner, ???
<konqrunner> Seems that apache gets hickkups when several config files have this directive. the guy here in germany solve the problem by commenting the directive
<Jeeves_Moss> konqrunner, sorry, how do I fix it?
<konqrunner> Jeeves_Moss: I don't have NameVirtualHost defined in my configs and all vhosts work like a charm
<Jeeves_Moss> konqrunner, one sec.
<konqrunner> So, comment or delete NameViortualHost from your configs and give it a shot
<Jeeves_Moss> konqrunner, ok, I'm going to try taking it out
<konqrunner> Alternatively, place 'NameVirtualHost 127.0.0.1:80' in your 000-default and omit it from the vhost configs
<Jeeves_Moss> konqrunner, some thing.  "[error] (EAI 2)Name or service not known: Could not resolve host name *: -- ignoring!"
<konqrunner> Jeeves_Moss: Could you paste your /etc/hosts, please?
<arrrghhh> hey all, i'm trying to use MPD on a fresh ubuntu-server install... it's segfaulting when i try to play anything, but mplayer can play the songs just fine.  it *looks* codec related, does MPD need some special codecs above and beyond what mplayer would need?
<konqrunner> Jeeves_Moss: Yep, I googled and found tons of references to dns lookup going haywire. So, we've gotta look at your hosts...
<Jeeves_Moss> konqrunner,  lol, ok, where to start?
<arrrghhh> pastebin your hosts file?
<Jeeves_Moss> konqrunner, I know that my sites are pointing to my static IP (the setup through zoneedit.com worked before)
<Jeeves_Moss> konqrunner, http://pastebin.com/fuudWH7j
<arrrghhh> maybe i'm not following.  those look fine.
<konqrunner> exept for the fact, that the vhosts are not listed...
<arrrghhh> oh i don't have any vhosts in mine
<arrrghhh> just one site
<Jeeves_Moss> lol, sorry, was that related to me?
<konqrunner> Should be something like '127.0.0.1 localhost moseley.ca', so that your machine knows that it must route your browser's request to your local machine, I guess
<Jeeves_Moss> well, will that fix the external requests as well?  (and I never remember setting it up in the hosts file on the old config)
<arrrghhh> that has nothing to do with external requests
<arrrghhh> it'd only effect your local machine
<konqrunner> yep, exactly
<Jeeves_Moss> I'm lost
<arrrghhh> who is your host?  is that where you're having trouble?
<arrrghhh> i missed the problem, i kinda jumped in sorry...
<Jeeves_Moss> arrrghhh, you're refering to me?
<arrrghhh> yes
<Jeeves_Moss> arrrghhh, ok, sorry.  the box is in my basement.  I'm on a ADSL line (wiht a static IP).  I orignally had a server set up here (the HDD's spindle died), so I lost everything.  And now, I'm trying to get it set up again.  So far, the ONLY thing I can get setup is my FTP.  :-(  I need to get 9 domains setup on this box (via v-host).
<arrrghhh> thru apache...?  or on the box itself?
<konqrunner> Jeeves_Moss: I just saw this: Your vhosts are outside your server's root, right?
<Jeeves_Moss> arrrghhh, it's on the box (ie. e-mail (still not looking forward to seeing that up), FTP, HTTP, etc)
<Jeeves_Moss> konqrunner, each domain has it's own user
<Jeeves_Moss> konqrunner, the only thing they share is the same group (www-data)
<konqrunner> Sorry, I meant 'root directory'
<Jeeves_Moss> konqrunner, sorry, I'm not sure what you're asking.  All of the v-host's roots are off of "/mnt/raid/www_root/"
<konqrunner> yes, but your server's root directory is on /var/www
<Jeeves_Moss> konqrunner, it should me
<konqrunner> ???
<arrrghhh> it doesn't have to be /var/www tho
<Jeeves_Moss> konqrunner, there should be no other HTTP requests on this box.  ANY HTTP resuest has to be one of the v-hosts
<Jeeves_Moss> and all of the vhosts roots are in "/mnt/raid/www_root/"
<arrrghhh> i'm assuming you're using bind9?
<Jeeves_Moss> arrrghhh, my ISP won't allow me to run a DNS server, so I have the DNS hosted @ ZoneEdit.com
<Jeeves_Moss> arrrghhh, and we know all of the vhosts point to the proper static IP
<arrrghhh> i guess i'm confused as to how you point that... i've only used vhosts with apache.
<Jeeves_Moss> arrrghhh, ok. DNS is handled by ZoneEdit.com  (try pinging www.moseley.ca, it'll resolve to my static IP).  what I'm having the issue with is that I can't get the Apache server to point requests for moseley.ca to /mnt/raid/www_root/public_html/ and requests for www.tessawhite.ca to point to /mnt/raid/www_root/tessawhite.ca/public_html/
<arrrghhh> Jeeves_Moss, i know how to split up apache servers into virtual hosts, you sounded like you wanted the whole server split into virtual hosts... i have no clue how that works.
<arrrghhh> other than, well virtual machines... but that's completely different.
<Jeeves_Moss> arrrghhh, all of the websites and other vhosted sites are ALL on the same server
<arrrghhh> you made it sound like you wanted more than just apache vhosts
<Jeeves_Moss> arrrghhh, nope, I just need apache v-hosts.  that's all I want.
<arrrghhh> oh
<arrrghhh> well
<Jeeves_Moss> arrrghhh, I'm dealing with the other vhost stuff (ie. FTP, e-mail, etc) on my own.
<arrrghhh> http://ubuntu-tutorials.com/2008/01/09/setting-up-name-based-virtual-hosting/
<Jeeves_Moss> arrrghhh, one sec, I have something like that set up already
<Jeeves_Moss> arrrghhh, brb, I have to move this PC.  2 mins
<kirkland> smoser: you're dead on correct about kvm-ok
<kirkland> hggdh: cool, let me know how that goes
<Jeeves_Moss> arrrghhh, ok, sorry, I had to move locations
<arrrghhh> ok...
<konqrunner> Jeeves_Moss: Please check the permissions for /mnt/raid/www_root. apache2 needs r-x access to theses directories. Additionally, make sure that it says '<VirtualHost 216.75.169.29:80>' in each of the config files - instead of VirtualHost *:80
<Jeeves_Moss> arrrghhh, ok, so, what's the plan here?  let me get a copy of one of my vhost configs
<arrrghhh> did you read the tut?  that's the plan.
<arrrghhh> it walks you thru it, much better than i ever could.
<Jeeves_Moss> ok, one sec
<Jeeves_Moss> will that take care of being behind a NAT (port forwarding on), etc?
<Jeeves_Moss> URL again?
<arrrghhh> i'd do that in the router
<arrrghhh> http://ubuntu-tutorials.com/2008/01/09/setting-up-name-based-virtual-hosting/
<Jeeves_Moss> arrrghhh, I did the port forward allready on the router, etc
<arrrghhh> then don't worry about it on the server
<arrrghhh> just match up ports
<arrrghhh> to the vhosts config
<Jeeves_Moss> arrrghhh, I have port forwarding on the router to the server's internal address.  and this is a paste of one of the vhost configs.  http://paste.ubuntu.com/421383/
<arrrghhh> so are you having issues?  did that tut not get you thru it/
<Jeeves_Moss> arrrghhh, try hitting moseley.ca and tessawhite.ca
<arrrghhh> they both say the same thing, but yea
<Jeeves_Moss> arrrghhh, that's the problem.  each vhost doccument root has something TOTALLY differen't in them!
<arrrghhh> well you're doing something wrong :D  i'm no expert on this, that tut should take you thru the apache config.
<Jeeves_Moss> arrrghhh, thanks.
<konqrunner> (02:49:31)Jeeves_Moss: Please check the permissions for /mnt/raid/www_root. apache2 needs r-x access to theses directories. Additionally, make sure that it says '<VirtualHost 216.75.169.29:80>' in each of the config files - instead of VirtualHost *:80
<arrrghhh> i mean if something is buggered on the provider side, in your router... there's too many variables.
<Jeeves_Moss> arrrghhh,  when I try to restart apache, I get "[error] (EAI 2)Name or service not known: Could not resolve host name *: -- ignoring!"
<arrrghhh> you can't put in *
<Jeeves_Moss> arrrghhh, into WHAT though?  that's the queston
<arrrghhh> the IP?
<Jeeves_Moss> in what config file though?
<arrrghhh> i'm not trying to be a d!ck, but did you read the tut?
<Jeeves_Moss> lol, not yet.  reading it now
<Jeeves_Moss> arrrghhh, and no, you're not being a dick
<Jeeves_Moss> arrrghhh, ok, followed the "howto", and we're still getting "[error] (EAI 2)Name or service not known: Could not resolve host name *: -- ignoring!"
<arrrghhh> did you put an IP in for the *?
<arrrghhh> it looks like IP:Port
<Jeeves_Moss> yep.  I made a global.
<Jeeves_Moss> http://paste.ubuntu.com/421388/
<Jeeves_Moss> arrrghhh,  FIGURED IT OUT!!!!  add "NameVirtualHost *" to the apache2.conf file!!!!!
<hggdh> kirkland: topo4 has some config problems
<arrrghhh> lol that's in the tut too.  but i'm glad you figured it out...
<Jeeves_Moss> arrrghhh, in some sick ways, it's better than sex@
<arrrghhh> what, going thru tutortials step-by-step?
<arrrghhh> nvm, you couldn't have done that.
<uvirtbot> New bug: #569292 in opie (main) "opiepasswd does not always generate valid seeds" [Undecided,New] https://launchpad.net/bugs/569292
<au> hello everybody :) I have my usb modem plugged in the usb port of my home server, about to get it running with wvdial however I've ran into the problem of what the device is in /dev/something. How can I find out?
<au> I can see it in lsusb, Bus 001 Device 005: ID 19d2:2000
<axisys> is there any tool that take csv files and generate google chart ?
<KurtKraut> axisys, what is a 'Google Chart' precisely?
<axisys> KurtKraut: i meant google chart api
<axisys> http://code.google.com/apis/charttools/index.html
<apctr> hi all plz tell me how to start internet without gui in server edition. I use manual proxy settings to start internet.
<KurtKraut> apctr, you may upload the CSV to Google Spreadsheet and then use Google Chat: http://code.google.com/intl/pt-BR/apis/visualization/documentation/spreadsheets.html
<KurtKraut> ooops
<KurtKraut> axisys,  you may upload the CSV to Google Spreadsheet and then use Google Chat: http://code.google.com/intl/pt-BR/apis/visualization/documentation/spreadsheets.html
<scar> hi all :)
<scar> thinking about installing ubuntu server with several virtual machines too... looking forward to working with you
<ShadeS> working with you?
<uvirtbot> New bug: #569313 in bacula (main) "package bacula-director upgrade failed because it couldn't connect to mysql-server" [Undecided,New] https://launchpad.net/bugs/569313
<scar> ShadeS, indeed. "you all"
<peterlh> Hi all, we'r running jaunty servers now, and i want to upgrade to the new LTS version thats comming up. Do you advise to make a release upgrade to karmic first, and then to LTS? or to release upgrade directly to lucid when its released?
<red2kic> peterlh: You can't upgrade directly to lucid from jaunty.
<peterlh> red2kic: oh okay, then its a easy choice... Thoughts one could do it directly with do-release-upgrade -p lucid
<peterlh> i'll just do it in two steps, i know that works too
<red2kic> peterlh: Hardy (LTS) --> Lucid (LTS).  Yes.
<red2kic> peterlh: You're always advised to make a backup first before making any changes.
<peterlh> okay, once iam in a LTS release, i can continue staying it LTS, thats great.
<peterlh> red2kic: yes indeed, one of the nice features of virtualization :-)
<peterlh> so easy to test stuff like upgrades
<red2kic> I think I'm going to make a final backup and roll over to lucid. I can't wait a week. :(
<peterlh> hehe :)
<peterlh> got a lucid running too, but only for test until its release.. i dont dare upgrade the production machines just yet
<peterlh> but lucid has some nice updates, indeed
<morrowyn> mroning
<lool> Hmm plymouth is included in the UEC images, is that intended?
<persia> lool: Can't safely boot without plymouth anymore, so I'm sure the answer is "yes".  UEC images are kinda special, because they should never have meaningful boot-time messages, but that's a different matter, and likely needs special-casing.
<xr600> Any of you guys familiar with diferent types of mailservers for Ubuntu ?!
<lil_cain> I've used postfix a little, and exim4 a lot.
<lool> persia: Do you know how to disable switching to graphics mode entirely?  tried nomodeset, modeset=0, text, nosplash and still no luck
<lool> I'm using kvm -curses, and after the early kernel output, I get "640 x 480 mode" full screen and kvm -curses is useless..
<persia> I don't.  I know there's a text theme for plymouth that happens.  I think you have to make the framebuffer not load.
 * persia checks backscroll for a reference
<lool> persia: Yes, that's what I'm trying to do
<xr600> -Hm, well I'm looking for a mail server solution that registers the read history of messages... Meaning who reads the messages and when. Possibly wit ha web-interface (If not, I will make an interface myself...)
<lil_cain> xr600: You're not looking for a mailserver in that case. You're looking for a client.
<lil_cain> I don't think I've ever heard of such a thing though. I suspect dovecot or squirrel mail could do it if you turned their logging up loads though. (dovecot being an imap server, and squirrelmail a webmail system)
<xr600> lil_cain: well, I would prefer a web-based client solution... But a stand alone client is also an option...
<xr600> I do know the squirrelmail
<persia> lool: I *think* it might be related to "<Keybuk>  echo FRAMEBUFFER=y >> /etc/initramfs-tools/conf.d/splash"
<persia> <Keybuk> update-initramfs -u
<persia> Err, no I'm reading that backwards.  Try FRAMEBUFFER=n or similar.
<persia> FRAMEBUFFER=y is supposed to *disable* the text mode
<xr600> I once made something similar on Windows with hMailserver... It ran MySQL, and I simply made an additional history table + a trigger as I recall...
<lool> persia: I'm not using an initrd
<lool> UEC just has a kernel + ext fs
<lool> ext3 actually!!
<persia> Oh, right, and there were some special upstart jobs to try to make that work.  Now I'm unsure, but I think mountall needs plymouth to communicate at all.
<lool> persia: In itself, plymouth would be ok in text mode
<persia> But it may be that plymouth is not configured correct.  You probably want to ask smoser who spent a fair amount of time digging at this.
<lool> but it's switching to VGA graphics mode
<persia> Right, which is the issue.
<lool> smoser: ^
<lool> even with vga=ask and selecting 0 (80x25 text mode), it switches over
<lool> grmpf
<jayvee> does anyone else run ipsec on linux-image-virtual?
<jayvee> I'm trying to do is, and I get "no netkey IPSec stack detected" when attempting to start strongswan
<jayvee> which basically means it can't load the ipsec modules
<jayvee> I've got several other ubuntu machines it works on
<jayvee> just this one is the virtual kernel
<jayvee> I'm running the virtual kernel because I thought it might use less resources or something. Is that true?
<persia> lool: What happens when you do vga=none? and boot to virtual serial console?
<lool> persia: booting with vga=none now
<lool> same thing
<lool> to reproduce: kvm -kernel lucid-server-uec-amd64-vmlinuz-virtual -hda lucid-server-uec-amd64.img -curses -append "root=/dev/sda vga=none"
<persia> File a bug then.  It *really* shouldn't load any graphical interface when there isn't even a video adaptor available.
<lool> persia: there's an emulated video adapter
<lool> oh you mean to kvm
<lool> I thought you were mentionning the kernel cmdline
<lool> -vga none + -curses gives me no output
<persia> No, vga=none should turn of emulation of the video adaptor in kvm.  My use case of interest is NAS devices, but that's irrelevant to the nature of the bug :)
<jayvee> -nographic is what I use
<persia> UEC also has no meaningful video adaptor (and it's probably a waste of processor to bother initialising it in many cases)
<morrowyn> what is recommended for imap/pop dovecot or courier?
<jayvee> I prefer dovecot
<jayvee> it's really simple
<uvirtbot> New bug: #503467 in vm-builder (universe) "vmbuilder default account not well-documented" [Wishlist,Confirmed] https://launchpad.net/bugs/503467
<ubuntu> does anyone know if it would be possible to istall uuntu server on my aptop then install the various ubuntu desktops as virtual machines?
<ubuntu> i saw something in the 9.10 setup about vm for 64bit machines
<morrowyn> so basically it's a matter of how easy it's to set it up, but when it comes to performance/security it doesn't matter
<morrowyn> ubuntu, sure you can, look at xen, vmware, virtualbox
<jayvee> ubuntu: you don't need the "server edition" to be able to use virtual machines
<ubuntu> morrowyn, i thought these were sperate os
<jayvee> nope
<jayvee> they are the same operating system
<jayvee> they just come with different packages by default
<jayvee> so it's the same operating system, just in different "flavours"
<jayvee> you can turn one into the other by installing and removing the various packages :)
<morrowyn> different default installed packages
<morrowyn> server has more server related ones (mail, dns, web, etc.) , desktop has ( x11, media stuff etc.)
<ubuntu> jayvee, i know that part but i meant vmware i thought was an os by itself and a proprietary one
<morrowyn> you just install the vmware on your machine, that one will act as a host for your guest vm
<ubuntu> i figured if the server was the base then the vm could acess the server ervices like mail etc
<morrowyn> you could do that, but you might want ot grab the desktop ed. and install the postfix/dovecot/courier/etc.etc. on it instead of creating overhead on your vm's
<ubuntu> i was envisioning a srver base then i could just bring up the other ubuntus with a command but i didnt want to ue vmware because it costs does ubuntu server allow something like this
<jayvee> yes, I'd use virtualbox personally
<persia> ubuntu: You could set it up that way: but which flavour you happen to install on a machine doesn't in any way restrict you to which packages you can install; you can even switch flavours from an installed system, if you like.
<jayvee> by the way, I wouldn't install the server edition, because the server edition only comes with a command line interface by default
 * persia uses kvm and/or qemu
<jayvee> which means that you wouldn't be able to see the VMs you are running
<morrowyn> you can install sudo apt-get install gnome-desktop  ???
<morrowyn> on the server
<persia> jayvee: Why not?  Use libvirt-bin, and export them over VNC to some (other) client :)
<jayvee> he has said it is a laptop
<morrowyn> if its a powerful laptop
<jayvee> yes, I know you can and do run headless VMs in practice, but I don't really think this is what he wants to do
<ubuntu> i know but i like to compartmentalize my systems for different tasks instead of having everything on one system
<persia> morrowyn: No, but that's only because there's no "gnome-desktop" package.  You can run `apt-get install ubuntu-desktop` and end up with a full desktop environment on next reboot.
<ubuntu> and i dont want to have several boxes
<persia> (actually, you don't need to reboot, but you may have to fiddle some services by hand if you don't)
<persia> jayvee: I'm not talking about headless VMs: using VNC as X output works just fine :)
<ubuntu> i know the cloud computing option has installabl vms but can i bring the vm up on the same box as the server is installed?
<persia> ubuntu: Install a minimal base, and a virtualisation host (libvirt-bin, etc.).  Create a bunch of virtual machines there, and run your stuff in the virtual machines.  Should work just fine.  I believe "Virtualisation Host" is one of the available options on install of the server flavour.
<persia> Yep.  Works trivially easily.
<ubuntu> persia, that sounds about like what i want to do
<morrowyn> ubuntu, why not look at http://onlamp.com/pub/a/bsd/2003/09/04/jails.html  or chroot everything on your one box
<ubuntu> 10gig vms should be enough to have every flavor on my laptop then
<lool> wow running the ec2 kernel in kvm -curses gives spectacular results
<persia> 4G each should be sufficient (although 10 allows for installing more additional software)
<persia> lool: How does it differ from running e.g. -server?
<morrowyn> and dump everything into a database, so you can easily export to other boxes
<morrowyn> if need be
<ubuntu> im going to google for virtualization host install mode and see if thats what i need after firefox frees up im uploading a video to vimeo
<ubuntu> it locked up my entire firefox for some reason
<morrowyn> because you will hurt your system on the ram
<persia> morrowyn: Why?
<ubuntu> so until i can get goog again i will continue to ask questions so once i setup a vm host they will be able to be pulled up on the box the host is on right?
<morrowyn> well,  running server + vmware + (guest os + mailserver) +  (guest os + desktop) vs.   server + mailserver + desktop on laptop with capped system resources on cpu/ram
<ubuntu> and will i be able to install the systems on the vm using the isos or do i have to get some vm iages or will i have to make them somehow?
<morrowyn> just tell your vm's to boot from iso
<persia> morrowyn: Ah, right.  because kernel+some libraries are loaded twice.
<persia> But I'd not use vmware for the vms anyway :)
<ubuntu> i know it will bog myt ram i can just buy some more, im envisioning a big security avantage because i can have my personal data encrypted on a vm with no network  ifs on and then brows in another vm that is like a live cd so
<morrowyn> you can encrypt you entire harddrive , use imap or pop3 over ssl, gpg your email, but all this has nothing to do with using vm's and separate stuff
<ubuntu> well if someone exploits a vm they cant touch the rest of the sytstem
<morrowyn> well if you jail/chroot your stuff, they also have a hardtime
<morrowyn> to jailbreak out, especially if you hdd is encrypted
<morrowyn> to me, the weakest link in your entire security will always be the human mindset using the system
<ubuntu> besides i like the different desktops because i can setup one vm for ubuntu studio which needs special settings and kernal but then another for pesonal data and yet another for security auditingg
<morrowyn> they can be social engineered or just become lazy or annoyed by security settings and eventually will sabotage everything to get their stuff done
<ubuntu> exactly if i get lazy on a vm wont matter because the other vm isnt even connected
<morrowyn> :)
<persia> morrowyn: HD encryption completely fails to provide any protection against chroot jailbreaking: the binaries in the chroot *already* have access to the unencrypted filesystem.
<persia> ubuntu: Running ubuntu studio in a VM is very likely to have unacceptable performance.  This is expected behaviour.
<jayvee> agreed
<persia> But ask in #ubuntustudio if you want deeper explanantion on that,
<morrowyn> wow, i didnt know that, ubuntu studio
<morrowyn> hopefully that ditched cinelerra
<morrowyn> that/they
<morrowyn> if it still exist
<ubuntu> they use kino now
<ubuntu> its very basic
<morrowyn> hmmm, you want to run heavy duty ram usage program inside a vm ?
<ubuntu> im going to hope over there and ask some questions
<morrowyn> hmmm, kino, wow, thats really basic
<jayvee> ubuntu: maybe you should change your nickname from âubuntuâ :)
<ubuntu> im about to wipe this system as soon as my video gets to vimeo
<morrowyn> pity shake is discontnued by apple
<morrowyn> and gimp, well, it's gimped in comparison to photoshop
<ubuntu> thanks for the talk guys
<morrowyn> welcome
<lool> persia: It gives garbled output on the host, using random colors and chars, it's a piece of modern art
<persia> Oh, cool!
<morrowyn> cool
 * persia suspects that's a bug though
<morrowyn> kind of like a snowcrash on old crt screen
<ubuntu> crap intel dont support virtualization
<ubuntu> i guess because its not true 64
<ubuntu> looks like all amd cpu support vt
<persia> It's significantly more complex than that.
<ubuntu> i have a core2duo
<persia> Plus, there's two flippable bits on the chips that support virtualisation, and the BIOS may do one or another things with them.  One turns on and off virtualisation support, the other locks/unlocks the first.  So the common implementations are 1) BIOS locks VM on, 2) BIOS locks VM off, 3) BIOS allows the user to set VM on/off and locks the result, 4) BIOS doesn't lock.
<jaypur> does anyone know how can i monitor my cpu and motherboard temperature at ubuntu-server???
<jaypur> is it the same way as the ubuntu desktop?
<ubuntu> persia, but the cpu doesnt have it according to intel website the thing is if it were just a bios issue im sure coreboot would fix that
<persia> jaypur: It's precisely the same
<ubuntu> jaypur, im sure there is a package that will monitor it but i dont know the name
<persia> If the CPU doesn't have it, you're out of luck.
<persia> But don't think it's a per-CPU vendor thing
 * persia has CPUs from AMD that don't do VMX
<ubuntu> i think the package you need depends on your hardware
 * persia also has chips from Intel that report no VMX in the specs that support VMX perfectly fine
<lil_cain> persia: There is an AMD lookalike to VMX
<ubuntu> im thinking this is because amd pioneered 64bit x86 cpus thier site says:  Powering ultrathin notebooks to blade servers, all AMD processors shipped are designed to use AMD-Vâ¢ features.
<ubuntu> i guess it is all opterons
<ubuntu> i need to start searching for an operon laptop with 1394
<lil_cain> I'd be surprised to see an Opteron laptop.
<lil_cain> But, some of the phenoms have the virtualisation bit, at least
<persia> lil_cain: Not for the Athlon XP 64 X2 4600+ :p
<jaypur> persia, i installed lm-sensors and gkrellm... to run at my laptop by ssh... but it's not getting the temperature...
<persia> The point being that the presence or absence of virtualisation support is per-chip, not per-vendor.
<persia> jaypur: It may be that your hardware doesn't report it in a way that your software understands.  I have one server where /proc/acpi/thermal_zone has no entries, as an example.
<ubuntu> i wonder if corporations install backdoor virtualization in the hardware maybe thats why toshiba is called sattelite
<jaypur> persia, i have ubuntu-desktop at the server machine, and now i'll test it...
<persia> That's not how that company selected that name.
<ubuntu> well i guess i cant do vm unless the cpu supports it right?
<persia> Not without significant performance penalty.
<persia> virtualbox and qemu are two tools you can use without processor support, but you'll never get quite the performance you would get with processor support.
<ubuntu> i imagine instead of the vms acessing the cpu directly they would go through the base kernall is that why
<persia> No.
<persia> Well, kinda.
<jaypur> persia, yup... just tested... it does not give support to my server hardware...
<jaypur> i installed lm-sensors and gkrellm
<persia> jaypur: There may be special utilities for your hardware, but you'll have to search for them.
<persia> So, if the processor doesn't support virtualisation, one needs to support virtualisation in software, which means running code to manage separation of host/guest memory, processes, etc., which adds overhead.
<jaypur> persia, my cpu is a p4 2.0 and the motherboard is an asus p4s533...
<persia> Some of this code is kernel, but lots of it is userspace.  When the processor supports virtualisation, much of the userspace stuff can be passed to the kernel virtualisation module, which can pass it to the hardware.
<persia> jaypur: I don't know offhand what you need, sorry.
<jaypur> persia, i wanna know what should i do to detect my hardware....
<ubuntu> i think it has to do with acpi jaypur
<jaypur> ubuntu, tell me more plz...
<ubuntu> read the desriptions of the packages t explains it
<persia> It doesn't necessarily have to do with ACPI: not all hardware exposes that information to ACPI: for some stuff you have to poll i2c directly, etc.
<ubuntu> there are several packages for it
<persia> (one could hack the DSDT, but that depends on whether the BIOS can track i2c, etc.)
<ubuntu> persia, so either way the virtualization acesses the cpu thrugh 1 kernal
<ubuntu> jaypur, all i know is that when i was installing the monitoring packages there is one for older sstems and one for newer and that was  explaied in the package descriptions might want to make sure all that stuff is turned on in bios also if it has the option
<jaypur> ubuntu, so i'll go to bios to see it.....
<persia> ubuntu: Kinda: the kernel abstracts the HW from userspace, and the virtualisation is running in userspace.  That said, the virtual machine never uses the host kernel *except* by interaction with the virtualisation layer.
<jayvee> just so you can get a second opinion
<jayvee> I don't perceive any difference between SW and HW virtualisation
<persia> This is *very* different from things like LXC, where multiple userspace stacks may be interacting with the same kernel.
<ubuntu> gkrell is for desktop jaypur
<persia> jayvee: I notice a speed difference for otherwise comparable hardware.
<jaypur> ubuntu, i'm using it at my laptop by ssh to see the server
<jaypur> :D
<jayvee> persia: are you referring to VT-x/AMD-v vs. software VM acceleration?
<jayvee> or are you thinking more along the lines of no-kqemu/kvm vs. kqemu/kvm?
<jayvee> I was thinking along the lines of the former. I haven't found AMD-v to add any performance personally.
<ubuntu> persia, i see so it only slightly uses the kernal as a door but no work is done by it
<jayvee> But I very much agree that KVM/kqemu is orders of magnitude faster than raw qemu.
<ubuntu> the work all goes to the virtualization kernal
<persia> jayvee: Or any of the other silicon-support solutions, yes. :)
 * persia found kvm faster than kqemu when kqemu still worked
<jayvee> yeah kvm is faster than kqemu
<jayvee> but sometimes, for things like DOS, qemu is still faster occasionally
<jayvee> whereas KVM grinds to a halt
<jayvee> probably bugs more than anything
<ubuntu> jaypur, well gkrell isnt designed to acess ssh
<jaypur> ubuntu, i usually run nautilus by ssh too...
<persia> ubuntu: Computation is done by the kernel running in the VM.  Hardware access by the kernel in the VM is trapped by the virtualisation layer.  The virtualisation layer then accesses host hardware through the host kernel.  How much host hardware is available depends on the configuration of the virtualisation layer (I set mine to only allow access to memory, storage, and cpu cycles, usually)
<jaypur> ubuntu, what do you use for temperature monitoring...
<jaypur> i connect ssh with -X
<jayvee> I use lm-sensors for temperature
<jayvee> I find lm-sensors can see some temperatures that don't appear in /proc/acpi/thermal_zone
<jaypur> jayvee, how do you see the temperature... what command...
<jayvee> but maybe that's my imagination
<jayvee> jaypur: apt-get install lm-sensors
<jayvee> then just type "sensors" to run it
<jayvee> k8temp-pci-00c3
<jayvee> Adapter: PCI adapter
<jayvee> Core0 Temp:  +36.0Â°C
<jayvee> Core0 Temp:  +28.0Â°C
<jayvee> Core1 Temp:  +29.0Â°C
<ubuntu> so kvm can work without hardware support , but if so what is the difference in the way it operates
<jayvee> Core1 Temp:  +35.0Â°C
<jayvee> kvm runs slower
<jayvee> if you take my advice, use virtualbox
<jayvee> virtualbox is the fastest VM software for GUI applications, and runs fast even without hardware support
<persia> ubuntu: If kvm runs without hardware support, it falls back to qemu (or at least it did last time I ran it on a machine with no VMX support).
<jaypur> jayvee, i'll try that, just a sec...
<ubuntu> jaypur, i lick my finger and tap it and if i hear a sizzle its too hot
<jayvee> I was able to meet all my virtualisation needs with virtualbox on my Eee PC
<jaypur> ubuntu, hahaha
<jayvee> for college
<jayvee> it ran plenty fast for a few Ubuntu servers and Windows Server 2003 instance
<jayvee> on a 1.6GHz Atom
<persia> jayvee: lm-sensors works for *some* sensors (it's especially good at ISA and i2c stuff), but it's not always complete.  For instance the Panasonic "Let's Note" series prior to 5th generation required an additional special bit of software.
<jayvee> all I know is that it works for me. :)
<ubuntu> jayvee, but im wondering why it runs slower how would it operate any differentle would it process through the kernal instead of offering direct acess of the hardware to the vms kernal?
<jayvee> I believe kvm goes into "raw qemu" mode if the kvm module is not loaded
<jayvee> and the kvm module only loads if you have the hardware support for VT
<ubuntu> jaypur, if you installed lm-sensors already on the server it should work i dont think its going to send it through ssh to a remote x
<ubuntu> for gkrell
<jaypur> ubuntu, it's all working... but it's not getting the temperature....
<jaypur> i'll check now lm sensors i was at the bios...
<ubuntu> jayvee, so you are saying rawqemu is slow but virtualbox is almost as fast as kvm with vts on cpu?
<jaypur> jayvee, now it's monitoring... i think it was something on bios... dunno...
<jaypur> but thanks for the help guys!!!
<persia> ubuntu: *ANY* X application can be run as a remote client: it runs on some host, and then exports the interface to the X server on some other host.  The data collected is the data fom the host on which the program is running.
<ubuntu> jaypur, well did you change anything in the bios? if not it prob just needed to be started and the reboot started it
<jayvee> ubuntu: yes, that's what I'm saying
<jayvee> in my experience anyway
<jaypur> i just enabled q fan function and set the fan to run faster lol.....
<jayvee> virtualbox is not so great for running headless servers
<ubuntu> persia, how can the gkrell ap be running on the host if the x is on the client
<jaypur> maybe it was about rebooting...
<jayvee> but for running desktop apps, there is no comparison
<jayvee> virtualbox even supports 3d acceleration
<jayvee> I used to play Quake Live on virtualbox before they brought out a Linux version.
<persia> ubuntu: X is designed to be network transparent.  It's a client-server model.  The X server runs somewhere with a monitor, keyboard, mouse, etc.  The X client runs anywhere it likes, and tells the X server what to draw.
<persia> So if you run an X client on a server, and tell it to talk to the X server on your desktop, it just works.
<persia> This enables interesting stuff, like thin clients
<ubuntu> persia, for some reason that sounds backwards to me the server is on the desktop but the sever has the client?
<jaypur> lol, can i change the text color at ubuntu server?
<jaypur> like black screen with green letters....
<jaypur> ppl would think i'm running matrix at my bedroom lol
<ubuntu> jaypur, well if you are running eveything remotely just change your terminal settings
<ubuntu> jaypur, theres a good matrix scrensaver too but for some reason i couldnt find a prepackaged matrix gnome theme
<jaypur> ubuntu, no.. not at laptop but at the main server.... but its monitor is always off so... it does not make so much difference....
<persia> ubuntu: Yes, the way the client-server model is used in X often confuses folk who believe "server" and "client" describe hardware, rather than services.
<jaypur> yeaaah gkrellm is running
<jaypur> lol temperature4 = -47C lol
<ubuntu> persia, well when running a vnc server the serve serves the services not acesses them
<ubuntu> you are saying the xclient acesses the system and sends the info to the remote server
<persia> No.
<persia> I only said the X client talked to the X server.  local/remote is irrelevant.
<persia> So if you run an X server backed by VNC, and then view that somewhere else, you get another layer of indirection,.
<ubuntu> uhow thats confusing me
<persia> A fanciful use case is someone reading their mail: they sit at host A, connecting to a VNC server on host B.  The VNC server on host B is running an X server.  A mail reader on host C is connected to the VNC-backed X server on host B.  The mailreader then checks an IMAP server, running on host D.
<ubuntu> if it were me i would just acess the server through sshd vnc instead of running x on the remote machine
<ubuntu> if you set all of your things up like that then its like u are chained to the server
<ubuntu> it doesnt seem to provide any extra advantages
<ubuntu> exept maybe releaving the server of about 100megs of ram
<ubuntu> and provides the big disadvantage of rendering the laptop nearly useless without the server
<jaypur> it's all working
<jaypur> thanks guys
<ubuntu> glad to hear it
<ubuntu> dont forget to exesize
<jaypur> :D
<ubuntu> when u work on servers a lot u need to exersize get a nintendo wii and exaggerate all of the motions
<ubuntu> and get one of those as seen on tv pullup bats that just connect to the doorframe without any drilling
<ubuntu> *bars
<ubuntu> my vimeo video finally processed http://www.vimeo.com/11185731 im starting a tech show add me if u want to
<jaypur> ubuntu, lol nintendo wii lol
<ubuntu> and if gkrell stops remember just lick your finger and tap
<jaypur> :D
<jaypur> i set my fan to run at 15/15 speed... the max speed... now my pc is cool...
<ubuntu> now  i could see thinclient bieng cost effective if the server was so strong and served all of the services to mids or 100 dollar netbooks but still if you are going to run stuff on the laptop that doesnt work without the server that would only be effetive i your laptop was the beast and your server was the weakling
<ubuntu> otherwise there is no poit except to complicate things
<ubuntu> i guess for it at a corporation job security
<ubuntu> and need to sign on friends to help with the extra complications
<persia> No.
<persia> A couple common applications:
<persia> 1) putting all one's monitors on one computer for massive screen real-estate, and then running lots of CPU-hungry applications on separate dedicated servers whilst using a single desktop.
<persia> 2) Having a complex or confusing configuration of an application that's hard to sync between machines, and always wanting to run the same app with the same configuration on one's laptop, one's desktop, and (perhaps) one's phone.
<ubuntu> 1 was what i said i would do 2 is a scenario where it would be handy to run xserver on a client but then agai 2 can still be accomplished acessing xserver on server from client
<ubuntu> ]
<ubuntu> the only change is where the resources are bieng used
<persia> Running VNC breaks window management, plus ends up with odd mouse grabs.
<persia> But sure, that works too.
 * persia does both
<ubuntu> how does vnc break window managment
<persia> You end up with some windows limited to only one area of the screen.  You end up with different meanings of "minimise" for different applications.  You have to keep track of which host is running each application, etc.
<ubuntu> i guess the advantage would be graphic rendering apps like games but then why not just run the game from the sytem u are on
<ubuntu> just mount a drive and run the pp from there then
<ubuntu> app
<ubuntu> say thunderbird
<ubuntu> on a ssh in and run it it will pull up in the x and save all data to the server
<persia> Mounting a drive doesn't use remote CPU/RAM/etc.
<persia> Anyway, I'm not going to argue use cases with you anymore.  That's how X is designed.  Using it is optional.
<ubuntu> neither does running the xserver on the client
<ubuntu> well thanks for arguing but it has very little advantage besides a little bit of allocating resources
<ubuntu> and rendes the client nearly useless in the event a connection is lost
<ubuntu> im going to go study virtualbox i guess
 * persia fails to say nothing, but settles for no content
<ubuntu> yeah thats like codependance syndrome
<ubuntu> extra complications to just allocate resources a bit
<ubuntu> im going to go take a blast of coffe and then do some pullups and get beefed up
<k2s> pls. give a tip how to convert Amazon EBS from ext3 to xfs
<kirkland> hggdh: can you get with mathiaz on those config issues on Monday?
<uvirtbot> New bug: #569452 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu11 failed to install/upgrade: subproses skrip pre-installation baru menghasilkan kesalahan status 'exit': 1" [Undecided,New] https://launchpad.net/bugs/569452
<bov3n> I need to configure my ubuntu server for mail so that I can use the mail() functionality in php without any troubles
<bov3n> should I go for postfix?
<ScottK> Postfix is what is generally supported and recommended in Ubuntu server for an MTA.
<guntbert> where could I take a look at the 10.04 version of the server guide?
<ScottK> sommer: ^^^
<bov3n> ScottK: Ok, good. I've installed it and configured the basics. But it has to use smtp do you know how I can edit which smtp server it should use?
<ScottK> bov3n: You want it to relay via another mail server?
<bov3n> yes
<ScottK> sudo dpkg-reconfigure postfix and pick the option that is something like internet with satellite relay
<ScottK> It'll ask you the name of the server it should relay through
<bov3n> I'm supposed to develop some script for a company in order to send some mails automatically and they couldn't configure their ubuntu server and I'm quite new to it too, but at least I'm comfortable with the commandline :)
<bov3n> and they told me that it has to go against a certain smtp server
<bov3n> ScottK: ok, I'll try that out
<bov3n> thanks
<poningru> bov3n, did you get it?
<bov3n> not sure yet :)
<bov3n> It's configured according to my wishes, I'm coding now to attempt to send a test mail :)
<bov3n> poningru, ScottK: it works!
<bov3n> thanks a bunch for the help
<ScottK> You're welcome.
<Dravekx> I have my users setup so they can host websites from their home directories. So, I installed joomla in mine, but when joomla creates a file on the ubuntu server, ubuntu changes the permissions so I can't access the file. then I hafta login via SSH, change the permissions via root, and go back again. Anyone know how to fix this?
<Dravekx> earth to ubuntu-server.... come in, ubuntu-server. anyone?
<ScottK> !weekend | Dravekx
<ubottu> Dravekx: It's a weekend. Often on weekends the paid developers and a lot of the community may not be around to answer your question. Please be patient, wait longer than you normally would or try again during the working week.
<Dravekx> LOL
<Dravekx> "the bot responses" are so nice.
<Irunongames> Does anyone know a program to manage a ubuntu server from win 7?
<Dravekx> Irunongames, putty and winSCP (it's what I use with Win7)
<Irunongames> will putty alow me to view the server envirement?
<guntbert> Irunongames: "server environment"?? what do you mean?
<Irunongames> So I can see what is on the monitor server side
<guntbert> Irunongames: why would you want that?
<Irunongames> No good reason really, I just like it better that way :/
<Dravekx> It's like trying to force ubuntu to be an unsecure windows. :(
<guntbert> Irunongames: I believe it will be possible - but as it makes no sense for me I never thought about it -- I'd expect some work to be done and a heavy load .... but I might err
<Dravekx> can someone tell me how to fix apache to where, when a web app does something on my ubuntu server, the user:group is set to user:www-data instead of www-data:www-data?
<Dravekx> or maybe its server related?
<Dravekx> idk.
 * Irunongames screams "Litespeed"
<guntbert> Irunongames: ??
<Irunongames> It's a "wanna be apache" software :P
<morrowyn> lrunongames: webmin ?
<guntbert> !webmin | morrowyn, Irunongames
<ubottu> morrowyn, Irunongames: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<morrowyn> :)
<Irunongames> Oh ok, thanks
<morrowyn> Dravekx, www-data:www-date means user:group
<morrowyn> date/data
<Eric^-> hey
<Eric^-> I downloaded the server and it's a ISO file. But how do f- do i get it on a disc so i can install it on my other comp?
<RoyK> huh?
<Eric^-> yeah, i got a mac computer
<RoyK> iso files are for burning on small discs
<Eric^-> aw, k lol.
<RoyK> open disk utility, burn it
<Eric^-> i've tried
<Eric^-> dosen't work wtf
<RoyK> works for me (tm)
<RoyK> Eric^-: after burning it, you need to move the CD to the other computer and boot it
<Eric^-> oh shit i think i know what now.
<Eric^-> I got a dvd-r disc lol.
<Eric^-> How can i make it on USB then ? x.x
<RoyK> that's a bit complicated, but from ubuntu desktop, it's automated
<RoyK> install a VM with VirtualBox or something on your mac and you'll have it done quite easily
<Irunongames> Question: should I "Manage System With Landscape" OR "auto security Update"
<Irunongames> What type of server do I need for a IRC bot?
<RoyK> Irunongames: manage system with landscape if you use it, which you probably don't since you ask. auto security update is nice
<guntbert> Irunongames: if I understood that correctly the landscape option costs real money
<RoyK> Irunongames: anything - even DOS will do
<RoyK> guntbert: yeah, nominally $150 a year per box, but it's worth it in large setups
<Irunongames> blah does anyone here run a IRC bot from ubuntu?
 * RoyK has a few
<guntbert> RoyK: thx
<RoyK> Irunongames: seriously, you can run an irc bot on any OS
<Irunongames> Blah, ok
<RoyK> ubuntu might be a good choice if you like it
 * Irunongames is scared of using to much space even with a 1.5 TB drive XD
 * RoyK takes a little time off to ROTFL
<RoyK> Irunongames: I'm working with embedded systems these days, large, embedded systems with ARM 400MHz CPUs and 64MB memory and 128MB flash disks
<RoyK> huge systems
<Irunongames> o.o
<RoyK> and you can run a few thousand IRC bots on each of them
 * Irunongames goes to build a few thousand
<wise_crypt> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<hggdh> kirkland: I will. I looked for him yesterday, but I guess it was already too late in the evening
<ShadowTale> Hi all. I'm at the "postfix configuration" section of installing ubuntu, what should I do "no configuration, internet site, internet with smarthost, satellite system, local only"?
<ShadowTale> I've never installed a server before
<ShadowTale> hello?
<guntbert> ShadowTale: do you need email on that machine?
<ShadowTale> not particularly, I'm only going to use it to post on my IRC channel whenever someone edits on my wiki
<ShadowTale> thanks for your time and effort by the way guntbert :)
<kirkland> hggdh: ack
<ShadowTale> I'm a bit of a noob when it comes ot this kinda thing.
<kirkland> hggdh: can you please create a junk branch of test results from your various runs and commit/push your results there?
<kirkland> hggdh: make a dir structure like lucid/rc/*
<kirkland> hggdh: maybe lucid/rc/topo1/*
<kirkland> hggdh: you can gzip/bzip em
<guntbert> ShadowTale: in that case I suggest you choose "no config"  -- misconfigured mail servers are *bad*
<kirkland> hggdh: we really need to keep an archive of these
<guntbert> ShadowTale: and on ubuntu a not configured service will not be started
<ShadowTale> cool. thanks much for the info, mind if i keep popping in and out of chat asking noob questions? lol
<ScottK> kirkland: screenbin is accepted.
<guntbert> ShadowTale: there is no such thing as "noob" questions - and be welcome any time :)
<scar> yes, we all had to start somewhere ;)
<ShadowTale> thanks ^__^. it's still installing, 84%
<Eric^-> guys
<Eric^-> If i got a computer from 04, will the new ubuntu server edition work on it?
<Eric^-> (32 bit i guess right)?
<guntbert> Eric^-: I don't see a reason why not
<Eric^-> we..
<Eric^-> well, i kinda had the 64 bit version downloaded but diden't seem to work..
<scar> Eric^-, which cpu does the computer have?
<ShadowTale> hmmm, anyone else have a problem with installing the newest ubuntu? my "finishing the installation" is stuck at 25%
<ShadowTale> is it supposed to take this long? it's been like 20 minutes.
<Eric^-> scar: i don't know really lmao. But it's a dell and it's old.
<guntbert> ShadowTale: did you md5sum check the image?
<guntbert> !md5sum | ShadowTale
<ubottu> ShadowTale: To verify your Ubuntu ISO image (or other files for which an MD5 checksum is provided), see http://help.ubuntu.com/community/HowToMD5SUM or http://www.linuxquestions.org/linux/answers/LQ_ISO/Checking_the_md5sum_in_Windows
<ShadowTale> md5sum? i dunno what that is. I did do a simulated burn before burning it
<ShadowTale> oh
<ShadowTale> ok i'll read it
<scar> Eric^-, what is the model of the dell?
<Eric^-> i've got no idea about that neither. Gonna see if i find anything on the shell
<scar> Eric^-, that should be on the box itself. also you can look up the service tag on support.dell.com and find the documentation
<Eric^-> could it be preceision 360?
<Eric^-> uhm, pentium 4 800 mhz
<Eric^-> yeah, i need the 32 bit version, dam it takes 22 min to download
<skrite> hey all, i am having a rough time with replication on mysql  our server crashed, rebooted, and recovered, but the slave replication is no longer updating.
<fbc-mx> is a type 83 partition an ext3 or ext4?
<qman__> it's a "Linux" type
<qman__> which could be any number of filesystems, including ext[2-4]
<RoyK> xfs, jfs, jffs2, even FAT12 if you like
<RoyK> it's just a number
<MTecknology> icky... server ran out of space
<MTecknology> Can I use libvirt to add a drive to a vm?
<ShadowTale> ok it looks like my ubuntu server is up and running. thanks again everybody for the help :)
<MTecknology> ShadowTale: what are you going to use it for?
<ShadowTale> my friend is hooking me up with a bot that'll message me in IRC chat whenever someone edits on my wiki
<ShadowTale> that way I can see what people are doing and possibably stop any vandalism rather quickly.
<fbc-mx> qman__, How can I tell which one it is? I have to add it to fstab.
<ShadowTale> sound cool MTecknology?
<MTecknology> ShadowTale: sounds like something your wiki should be able to do by itself
<ShadowTale> Idk, it's a wikia.com wiki
<fbc-mx> I have to add a drive to fstab. FDISK tells me its a type 83. So how do I tell if I need to specify it as a EXT3 or EXT4 in fstab?
<ShadowTale> I can give you alink if your interested in finding out
<MTecknology> never used it - i know moinmoin will let you sbscribe to everything
<ShadowTale> "moinmoin"???...
 * ShadowTale googles it
<RoyK> fbc-mx: you need to specify the filesystem type in fstab - man fstab
<fbc-mx> RoyK, I formatted that drive like a year ago.. I don't recall if I formatted it EXT3 or 4. How can I tell?
<ShadowTale> so do you have to host moinmoin off of your own server or is it hosted by a website?
<RoyK> if you're unsure about the fs type, try to mount /dev/whatever /somewhere and type 'mount' alone to see what it says
<MTecknology> or fdisk -l
<MTecknology> doesn't that show it?
<MTecknology> nope, nevermind
<fbc-mx> RoyK,  damn your good... I did that and typed MOUNT and shows it as an EXT4
<fbc-mx> RoyK, thanks
<RoyK> :)
<RoyK> you learn a few tricks after working with linux for 15+ years :)
<MTecknology> RoyK: I have ~5 so far :)
<fbc-mx> RoyK, I have ~2 years
<MTecknology> barely knew computers back then
 * RoyK feels like an old man
<MTecknology> RoyK: how old are you?
 * MTecknology is 22
 * fbc-mx 40
<RoyK> MTecknology: 36
 * fbc-mx got into ubuntu linux 5 years ago and started playing around with linux guts and servers 2 years ago. Evangelizing ubuntu in Guadalajara, Mexico for 3 years now.
<RoyK> :)
<RoyK> linux is nice, but for firewalls, pfsense rocks
<MTecknology> I started in my senior year in high school, i'm in my senior year in college now
<MTecknology> RoyK: I'd likely never use anything other than *BSD for a router system
<RoyK> linux works well too, though
<MTecknology> it does, I just prefer the 'set it, forget it, don't muck with it' approach to something sitting there
<RoyK> yeah
<RoyK> pfsense is nice in that
<andreserl> kirkland: ping
<fbc-mx> RoyK, yeah that's what I use for a firewall as well because I got a dual-wan setup
<RoyK> nice
<fbc-mx> RoyK, I got a PFSENSE machine as a router and an UBUNTU SERVER for EBOX and network services.
<RoyK> I'll be setting up an old 500MHz VIA thing for a firewall once I get the CF-card-to-ATA adapter, and I guess it'll be running linux
<RoyK> I know iptables by heart and it's nice to have a full distro on the box
<fbc-mx> RoyK, I used to swear by IPCOP but it doesn't do dual-wan. But since I've been using pfsense, I've grown kinda fond of it as well.
<scar> i have two, identical physical servers. on one i was thinking of installing ubuntu server to use as sort of a hypervisor for several virtual servers. now i want to reduce downtime by mirroring this setup onto the other physical server.  how can i do something like that?
<RoyK> fbc-mx: yeah, but I only have this crappy DSL link, so not a problem :)
<RoyK> scar: DRBD + heartbeat is a good thing
<RoyK> scar: it takes some reading and stuff to get into it, but essensially it's RAID-1 over IP
<scar> RoyK, ok.. i thought drbd might be involved. but i was confused because it is classified under clustering, and i thought that was combining multiple servers into one virtual server or something...
<RoyK> not really
<RoyK> DRBD for mirroring is just having one standing by
<RoyK> mirroring the partitions
<RoyK> and then having Heartbeat kicking in if the main box fails
<MTecknology> How can I see what devices are available?
<MTecknology> /dev/sd*
<scar> RoyK, all right cool. thanks... i'll read more about those
<RoyK> MTecknology: there'll be a notice in the system log, dmesg
<MTecknology> RoyK: It's added during boot, will it still be in there?
<RoyK> MTecknology: and all processes trying to do something on that or those devices will hang in D state
<RoyK> MTecknology: what sort of device?
<MTecknology> RoyK: I'm trying to add a drive to a vm
<RoyK> does linux see the drive?
<RoyK> as in cat /proc/partitions
<MTecknology> RoyK: that'd be the exact answer to my question :D
<MTecknology> thanks
<MTecknology> mkfs seems to have just freaked out
<fbc-mx> RoyK, My only gripe with pfsense is that you cannot manually specify the adapter name in squid. I would like to configure squid to cache my load balancing pool, but it's currently not able to.
<RoyK> fbc-mx: for reverse caching, have you tried varnish?
<RoyK> it's far better
<RoyK> originally developed for fbsd, but ported to other platforms later
<RoyK> works best on fbsd last I checked
<RoyK> some issues with sendfile() on linux making it impossible to do zero-copy
<scar> is there a webdav server available? am i to use python-webdav?
<fbc-mx> RoyK, nope, let me read up on it.
<MTecknology> mkfs.ext4 /dev/sdb1 | 100G | virtual disk | takes a while....
<fbc-mx> RoyK, I'm in the process of adding two indentical sata drive in a raid 1 configuration. WOuld you recommend software raid or the raid controller on the motherboard. I understand the the software raid has processing overhead. Any thoughts?
<fbc-mx> * the the= that the
<MTecknology> fbc-mx: depends... #1 - does your hardware support a true raid setup?
<MTecknology> usually that's not the case - in which case I shoot for software because it gives you more control
<MTecknology> if it's true raid, you get better performance letting the disk handle it
<scar> it looks like it is just some extensions i add to apache...
<fbc-mx> MTecknology, I don't think so, I just have a bios option for my sata controller that says IDE or RAID.
<fbc-mx> MTecknology, I was gonna activate the RAID on the motherboard controller thinking that it was hardware based raid. Am I wrong?
<MTecknology> fbc-mx: that would be hardware raid but probably isn't the case in reality - true hardware raid is usually a pretty penny
<MTecknology> fbc-mx: if that's the case then my personal choice would be to use software to manage it
<fbc-mx> MTecknology, ok, you've convinced me to go with software raid.
<MTecknology> fbc-mx: well....
<MTecknology> fbc-mx: do you want control or performance
<MTecknology> either way you get mirrored drives
<fbc-mx> MTecknology, Hmm... I guess control would be my guess
<MTecknology> then software
<Irunongames> how do I install vmware tools on ubuntu server?
<fbc-mx> MTecknology, now that has been decided, the only guide I can fine give you the instuctions to do it at the install phase. Is there one for a server that is already setup?
<MTecknology> Irunongames: what cersion?
<MTecknology> fbc-mx: mdadmin iirc
<MTecknology> mdadm*
<uvirtbot> New bug: #569533 in dovecot (main) "dovecot doesn't support configuration setting ssl_disable" [Undecided,New] https://launchpad.net/bugs/569533
<fbc-mx> MTecknology, K, let me go give it a whirl.
<Irunongames> I am running 6.5
<MTecknology> 6.5?
<MTecknology> you mean vmware server 6.5?
<MTecknology> What version of Ubuntu
<MTecknology> iirc vmware only supports the last LTS
<Irunongames> 9.10
<Irunongames> and 6.5 workstation
<MTecknology> You're not likely to make it work right
<MTecknology> check out #vmware
<Irunongames> thanks
<RoyK> fbc-mx: software raid has little overhead, but it's a bitch for linux boot
<RoyK> grub isn't too happy about that
<RoyK> for data volumes, I'd use software raid
<RoyK> it's faster and cheaper
<MTecknology> also saves on you if the controller dies in that you don't need to get an exact replacement
<RoyK> if you need to boot off a raid, I'd recommend 3ware or areca
<RoyK> reasonably priced and works well
<MTecknology> I hate it when an rsync failure can't resume :'(
<MTecknology> If I was local it would take <10min to copy
<MTecknology> the rsync failed because of lost space; i had to run off - it was <10MB from being transferred - now I get to start all over remotely and it's estimated to take >6hr
<fbc-mx> MTecknology, I type sudo apt-get install mdadm and it wants to install postfix. Any idea why?
<MTecknology> fbc-mx: not sure, maybe for notification of issues
<MTecknology> It's been a long time since i used raid - i tend to shy toward lvm now
<skrite> hey all, i am having trouble starting a slave in mysql after the master had a problem that caused a reboot. The error log on the slave is empty
<ShadowTale> hi all. whats it mean when I type "    hg clone http://core.gozerbot.org/hg/dev/0.9" and i get the response, "the program 'hg' is currently not installed.  you can install it by typing: sudo apt-get install mercurial"?
<ShadowTale> then when i tpye "sudo apt-get install mercurial" it responds "Package mercurial is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: package mercurial has no installation candidate
<ShadowTale> >.< i've never used ubuntu server before so I dunno what to do.
<JanC> ShadowTale: try "sudo apt-get update" first, then the "sudo apt-get install mercurial" again ?
<ShadowTale> ok i got a whole ton of "Err http
<ShadowTale> err. 1 sec lemme type this
<guntbert> !pastebin | ShadowTale
<ubottu> ShadowTale: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<JanC> do you have a working internet connection on that machine?
<ShadowTale> It's hard lined into the router. plus before I installed ubuntu the wireless internet was working on windows vista
<ShadowTale> is there a command like "ipconfig" were i can see if i'm connected to the internet?
<JanC> you only have wireless on the machine?
<ShadowTale> I have wireless and I'm hooked into the internet with a ethernet cable
<guntbert> ShadowTale: type ip ad   -- should give you a list of interfaces and addresses
<JanC> or just try "ping www.ubuntu.com"  ;)
<JanC> hm...
<ShadowTale> hi, my firefox crashed
<ShadowTale> I didn't get a chance to read a response. i had said i'm hooked up to the internet via Ethernet cable
<guntbert> JanC: no - there remain too many possibilities when that ping fails
<guntbert> ShadowTale: type ip ad   -- should give you a list of interfaces and addresses
<ShadowTale> ok it looks like 00:00:00:... and so on
<ShadowTale> "lo: <loopback,up,lower_up> mtu blah blah blah
<ShadowTale> eth0: <brodcast,multicast> mtu 1500 gdisc noop state down glen 1000
<ShadowTale> so I think your right i'm not connected to the internet
<guntbert> ShadowTale: here that part is wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 ----    link/ether 00:19:d2:0a:d2:a1 brd ff:ff:ff:ff:ff:ff ---    inet 192.168.0.11/24 brd 192.168.0.255 scope global wlan0
<fbc-mx> MTecknology, I created two identical primary particions on my identical sata drives then ran "mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdc1 /dev/sdd1" but when I do a fdisk -l is says no particions found. What am I doing wrong?
<ShadowTale> i don't have that part displaying
<guntbert> ShadowTale: for wlan in my case
<ShadowTale> i have lo: eth0: and virbr0:
<MTecknology> fbc-mx: fdisk -l /dev/md0 ?
<guntbert> ShadowTale: and my (not connected) eth0 looks like: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
<guntbert>     link/ether 00:15:58:80:10:d1 brd ff:ff:ff:ff:ff:ff
<fbc-mx> MTecknology, Disk /dev/md0 doesn't contain a valid partition table
<MTecknology> fbc-mx: do without -l; probably just need to create it
<fbc-mx> MTecknology, do I need to remove the two identical primary particions that I previously created?
<ShadowTale> argh gotta wait for my little brother to get home. he apartently put some thing on our router that won't allow computers to hook up unless they're gateway or whatever is typed into our router manually.
<MTecknology> ooh.. wait.... can you use partitions for a raid device?
<ShadowTale> -_- gotta wait half an hour
<fbc-mx> MTecknology,  dunno...
<MTecknology> fbc-mx: I think you might need to use the whole drive - I'm not sure..
<fbc-mx> ok, then I will delete the existing partitions on the drives before creating one through /dev/md0
<micw> hi
<micw> i tried to setup a simple apache virtual host config. on other distros that worked fine: NameVirtualHost *:80 ... <VirtualHost *:80> ...
<micw> i always get an error: VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
<micw> any help what could be wrong?
<RoyK> see what NameVirtualHost is set to and use the excat name in VirtualHost
<RoyK> VirtualHost 80:* and <VirtualHost *:80>
<RoyK> et cetera
<micw> the problem was the 000-defaults within sites-enabled
<micw> there was virtualHost *
<micw> when coming from a different distro (like gentoo in my case) ubuntu feels very wired...
<RoyK> iirc the default site includes NameVirtualHost
<RoyK> so either remove that and place it somewhere else or obay the roles set there :)
<micw> yes. but the ports.conf says listen :80 and  (with ssl) listen :443
<micw> so namevirtualhost should point to these ports
<RoyK> sure, but NameVirtualHost names a string
<RoyK> anyway - apache config is something that can be troublesome at times
<micw> i removed the default
<micw> on gentoo i never had problems iwth that
<RoyK> yeah, there are some issues with the "default" config in debian/ubuntu
<fbc-mx> MTecknology, OK, I did a mkfs.ext4 /dev/md0 and ended  up with a /dev/mp0p1 so in FSTAB i put "/dev/md0p1       /mnt/250gbr      ext4    defaults     0        2"
<fbc-mx> MTecknology, when I tried to mount I get an unknown FS error
<RoyK> put /dev/md0 in fstab
<RoyK> that's where you put the filesystem
<fbc-mx> RoyK, awesome , that worked
<RoyK> >(
<RoyK> :)
<MTecknology> md0p1 is running into unix land :P
<micw> i ran into problems with defaults for the bash profile as well when i tried to set up a PS1 for my user's shels
 * RoyK pats his Solaris 8 box
<micw> the scripts in ubuntu are very wired
<MTecknology> i like opensolaris, but it's a little too heavy for my tastes
<micw> e.g. any of these scripts changed $PS1
<RoyK> MTecknology: 'cept zfs which rocks
<micw> so in /etc/profile.d i could change it but at least 2 other scripts changed it otherwise
<MTecknology> zfs is full featured - but also heavy
<RoyK> it is
<RoyK> for a 30TB workload, like we have, we're low on memory with 12GB
<RoyK> with dedup, double that a few times
<MTecknology> my best server has 8GB
<RoyK> supermicro has this cute little 1U box with 4 12-core opterons and 512GB RAM
<MTecknology> my probuction servers have 360MB
<RoyK> we can probably replace most of our servers with that alone and some storage place
 * JanC doesn't want to ask the price of that thing with 512 GiB RAM installed...
<RoyK> :D
<RoyK> abou EUR 30k
<RoyK> but - with 48 cores and 512GB?
<RoyK> not a whole lot
<JanC> if you use all of it
<RoyK> I guess we'll start off at half of that
<RoyK> it'll reduce power consumption a wee bit
<JanC> I guess it's useful for a huge database server or something
<RoyK> compared to 80+ dedicated servers
<JanC> or to run *lots* of web traffic mostly from memory
<RoyK> varnish is made for that
<RoyK> but no, virtualisation
<RoyK> lots of VMs instead of lots of dedicated servers
<JanC> OTOH, it's more of a SPoF
<RoyK> spof?
<RoyK> yeah
<RoyK> it is
<RoyK> but xen has failover
<JanC> you'll need at least 2  ;-)
<RoyK> yeah
<RoyK> but only two 12-core CPUs and just 128 or 256 gigs of memory will help a lot too
<JanC> "boss, please hand me some 60k please, I need it tomorrow"  :-P
<failover> xen has what ?
<RoyK> she has requested a failsafe environment :P
<RoyK> failover: with shared storage, xen supports failover iirc
<JanC> to some degree I suppose
<RoyK> our systems can handle a reboot - they're not needed that much
<MTecknology> I'll be developing a high availability system soon enough - I'm thinking 128GB RAM & 2TB HD on two different server - then Xen to keep virt servers on that
<fbc-mx> MTecknology, RoyK , when I disconnect my /dev/sdb my /dev/sdc will become sdb and sdd will become sdc. How do I reassemble the raid?
<JanC> fbc-mx: using mdadm?
<fbc-mx> JanC, ok.. guess I'll figure it out..
<JanC> it should do taht automaticly, using a UUID ?
<RoyK> fbc-mx: md normally labels the drives
<RoyK> meaning no manual stuff needed
<fbc-mx> RoyK, That is just too good to be true...I'll try it out though.
<RoyK> just reboot and let linux try to sort it out
<MTecknology> I love the ability Linux has to 'just sort itself out' as opposed to a certain other system
 * RoyK loves ZFS
<MTecknology> zfs just kills my view of the osi
<RoyK> osi_
<RoyK> ?
<MTecknology> IMO the FS should be right down abouts level 1; ZFS  goues much higher
<MTecknology> s/level/layer/
<MTecknology> http://en.wikipedia.org/wiki/OSI_model
<RoyK> well, sure
<RoyK> but I disagree
<RoyK> having a filesystem cover everthing from media to dataset is quite awesome
<RoyK> if you want deduplication, why not dedup all you have?
<JanC> how is dedup implemented in ZFS ?
<RoyK> block level
<JanC> I hope they are not stupid enough to use only hashes?  ;)
<RoyK> md5 iirc, but you can use md5+verify if you're paranoid
<RoyK> erm, sha1, not md5
<JanC> using only a hash means you will have data loss sooner or later
<RoyK> yeah
<RoyK> I spoke to someone from nexsan, they only uses hashes, but they use md5 _and_ sha1
<RoyK> the chances of a double hit is rather low
<JanC> which makes the chance somewhat smaller, but it might still happen tomorrow
<JanC> and the day after tomorrow again
<RoyK> or in a thousand years
<RoyK> the verify flag in osol is safe, though
<MTecknology> I have a massive update scheduled for the 1st
<MTecknology> a lot of systems going 9.04 to 10.04 - the php-5.3.x change is going to suck
<RoyK> why so early? 10.04 isn't even out
<MTecknology> it will be
<RoyK> wait a month or two and upgrade when it stabilisess
<MTecknology> the issue will be the php issues - a lot of code needs to be patched
<MTecknology> I've already tested everything else
<MTecknology> Then I'm going to try to keep the system up until the next LTS
<failover> question, wich system UEC use to create virtual machines?
<failover> * to run virtual machines ?
<scar> i am setting up some brand new servers... data and settings will be transferred to them, though (web sites, mailing lists, ...).  i was hoping to start with 10.04 but, would it be better to start with 9.10 and then upgrade later? why?
<MTecknology> scar: personally... I'd do 10.04 - overcome any issues with it up front and avoid the whole upgrade process
<MTecknology> scar: and... 10.04 is an LTS that's being released very soon
<MTecknology> 5 days
<scar> i do have until about mid-june to deploy everything
<MTecknology> If I were doing it, I'd use 10.04.
<MTecknology> If you want to be able to copy/paste your old systems - 9.10 (if that's what the old systems are)
<scar> hehe i don't know... they are virtual servers on bluehost.com they run some type of GNU/Linux
<MTecknology> I don't know much about GNU, but if it's Linux you should be able to easily drag/drop configs - different system means you may need to use a different location - but for most Linux systems things fall pretty much in the expected places
<MTecknology> You should figure out what they're using now
<MTecknology> if it's ubuntu, lsb_release -a
<ShadowTale> is there any for sure way to see if my ubuntu server is getting internet? I have it hooked up to the ethernet cable, I was told "ip al" earlier on this channel. but i really don't know what to look for to see if it is connected
<MTecknology> ShadowTale: ping google.com
<scar> MTecknology, it doesn't have lsb_release
<ShadowTale> it says "ping: unknown host google.com"
<MTecknology> scar: ls /etc/*version
<MTecknology> scar: what file shows up?
<MTecknology> ShadowTale: no internet
<MTecknology> ShadowTale: try dhclient eth0
<scar> MTecknology, nothing
<MTecknology> scar: odd, that means it's likely not redhat, debian, or slackware
<MTecknology> scar: cat /etc/issue ?
<ShadowTale> "cannot create /var/lib/dhcp3/dhclient.leases: permission denied
<scar> MTecknology, no such file or directory
<MTecknology> ShadowTale: sudo
<ShadowTale> k i'm there
 * RoyK takes out his soldering iron http://xkcd.com/730/
<MTecknology> scar: ok... what do you see in ls -l /home/ ?
<ShadowTale> http://xkcd.com/347/ is my favorite xkcd
<ShadowTale> ummm
<ShadowTale> i do not see -1/home/
<ShadowTale> my install did crash at the final half "setting up passwords" and whatever lol
<MTecknology> ShadowTale: hu?
<ShadowTale> nvm
<MTecknology> ShadowTale: permission denied  17:01 < MTecknology> ShadowTale: sudo
<MTecknology> ShadowTale: coupled with previous suggestion?
<ShadowTale> -1/home: no such file or directory
<scar> MTecknology, it has a link to home4, and in that is our username
<ShadowTale> yeah i tried sudo
<ShadowTale> nothing in sudo says "home"
<MTecknology> ShadowTale: pastebin what you do when you see sudo -s
<MTecknology> do<->see
<MTecknology> scar: .....
<MTecknology> scar: Do you at least have cat /proc/version ?
<scar> Linux version 2.6.28-10.21.intel.E1000E.BHsmp (kernel@bluehost.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Tue Mar 23 13:17:07 MDT 2010
<MTecknology> hm.. you should have /etc/redhat_version
<MTecknology> anyway - now we know what OS you have :P
<ShadowTale> http://pastebin.com/raw.php?i=XwDBjMTr
<scar> MTecknology, some red hat variant?
<MTecknology> scar: ya
<MTecknology> ShadowTale: man sudo
<ShadowTale> cat proc version brings up "Linux version 2.6.310140server (buildd/2crested) (gcc version 4.4.1 (ubuntu 4.4.1-4ubuntu8) ) #48-Ubuntu SMP /fru ict 16 15:07::34 UTC 2009"
<ShadowTale> ok "man sudo" brings upo a ton of text
<MTecknology> scar: You may as well start with 10.04 - you're going to have the same hurdles wherever you start
<scar> acknowledged
<MTecknology> scar: the biggest issue will be that 1) redhat keeps software pretty far out of date and 2) the configs will be different
<MTecknology> overall - it's all linux - you can make it all work - and you should be able to do so in the time limit you have
<scar> i think so too
<MTecknology> ShadowTale: how much of it did you read?
<ShadowTale> i read the opening discription and a few of the commands that struck my eye
<MTecknology> ShadowTale: and do you have your answer yet?
<scar> RoyK, erm... what does that do?
<ShadowTale> not really. I have no idea why/if i'm not getting internet.
<MTecknology> ShadowTale: http://gd.tuwien.ac.at/linuxcommand.org/learning_the_shell.php
<ShadowTale> I used to have to program c# in the command line >.<
<ShadowTale> so i sorta get the basic idea.
<ShadowTale> but not how to do it with linux
<ShadowTale> so thanks for that link i'll try reading it
<MTecknology> It should get you to a clue of how to run the command I gave you - time to learn ;)
<ShadowTale> argh this sucks. i just want a working server right now lol
<MTecknology> ShadowTale: you don't want to know how to use it?
<ShadowTale> I see why people hire teches
<MTecknology> that link covers the absolute basics
<Irunongames> I need to download mercurial onto my server but sudo apt-get mercurial does not work
<Irunongames> says it can not find the package
<MTecknology> Irunongames: "sudo apt-get mercurial" ?
<Irunongames> I need to do it to run "hg clone <link>"
<MTecknology> Irunongames: "sudo apt-get mercurial" ?
<Irunongames> sudo apt-get install
<MTecknology> does aptitude search mercurial show it?
<Irunongames> idk how to do that
<Irunongames> I am new to server
<MTecknology> I just told you how
<MTecknology> !info mercurial
<ubottu> mercurial (source: mercurial): scalable distributed version control system. In component universe, is optional. Version 1.3.1-1 (karmic), package size 52 kB, installed size 332 kB
<ShadowTale> hey MTecknology, how do i log in as my _root user?
<MTecknology> ShadowTale: man sudo
<ShadowTale> thanks
<fbc-mx> RoyK, It was too good to be true.. I disconnect /dev/sdb and reboot and /dev/md0 has nothing in it.
<ShadowTale> how do i get out of all this text in "man sudo" i can't seem to get out of this read me file thing
<MTecknology> q
<ShadowTale> thanks
<MTecknology> ShadowTale: you figure out how to run dhclient yet?
<ShadowTale> uh.........
<ShadowTale> "permission denied"
<fbc-mx> MTecknology, I disconnect /dev/sdb and reboot and /dev/md0 has nothing in it. When I try to recreate the raid it tells me that sdb has an ext2fs file system on it..
<ShadowTale> when i type dhclient
<jpds> ShadowTale: Try: sudo dhclient
<ShadowTale> oh cool a bunch of stuff popped up
<MTecknology> jpds: I was trying to guide him into figuring that out - i failed
<MTecknology> fbc-mx: I wish I knew how to help you further.. I have very limited experience with mdadm
<ShadowTale> ultimately though it says "chown: failed to get attributes of '/etc/resolv.conf' : No such file or directory
<ShadowTale> "*reloading /etc/samba/smb.comf cmbd only"
<fbc-mx> MTecknology,  k thanks. I'll try to figure it out..
<ShadowTale> MTecknology:  this is awesome that you take out of your time to help people out like this.
<MTecknology> JanC: You around to try to help fbc-mx?
<MTecknology> ShadowTale: many ubuntu users do it
<ShadowTale> holy crap it's doing something
<ShadowTale> I think i might be connected
<MTecknology> ShadowTale: now ping
<ShadowTale> "sudo apt-get install" it's downlioading stuff i think
<MTecknology> or that
<ShadowTale> w00t! i'm getting pings!
<ShadowTale> 37.6 ms
<ShadowTale> 35ms
<ShadowTale> 40ms
<MTecknology> stop
<ShadowTale> sorry to spam that lol
<ShadowTale> how do i stop the pinging?
 * MTecknology is getting VERY tired of the spam on TV
<ShadowTale> q?
<jpds> ShadowTale: Ctrl-C
<MTecknology> weather warnings make me want to stop having cable
<ShadowTale> sweet it's downloading mercurial now
<ShadowTale> THANKS!!! i'll be on later.
<fbc-mx> MTecknology, I think I figured it out... it changed the name of the block device only. It's no longer /dev/md0 now its /dev/md_d0
<MTecknology> fbc-mx: interesting.. glad you figured it out :)
<MTecknology> fbc-mx: oh - as RoyK mentioned earlier - cat /proc/partitions
<MTecknology> might have helped - I didn't think of it, sorry
<fbc-mx> MT nope what ever I figured out didn't really work
<fbc-mx> MTecknology,  nope what ever I figured out didn't really work
<MTecknology> fbc-mx: what if you recreate the device as /md_d0 ?
<MTecknology> fbc-mx: I'm guessing though...
<fbc-mx> MTecknology, I'm gonna try the mdadm --reassemble command and see if that helps
<MTecknology> good luck
<fbc-mx> MTecknology,  No matter what I try I get mdadm: Cannot open /dev/sdc: Device or resource busy
<fbc-mx> MTecknology,  nothing is really using  it,, it's not really assigned to anything.
<JanC> it's not mounted?
<JanC> and it's not being fsck'ed or something?
<fbc-mx> JanC, nope
<MTecknology> there we go - a smart person to help :)
<MTecknology> I'm gonna take a nap now
<fbc-mx> JanC, then I tried sudo mdadm --assemble /dev/md0 /dev/sdb /dev/sdc and it tells me it has no SUPERBLOCK
<fbc-mx> /dev/sdc has no superblock
<JanC> is this an old RAID array, or something you just created ?
<fbc-mx> JanC, /dev/sdc has no superblock
<fbc-mx> JanC, I just created it and removed /dev/sdb
<fbc-mx> JanC, sdb
<JanC> eh
<fbc-mx> JanC, sdc is now sdb and sdd is now sdc
<JanC> you created it as sdc + sdd ?
<MTecknology> ya, then he removed sdb
<JanC> you sure you got the disk names right?  âº
<fbc-mx> JanC, like this sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc
<JanC> eh
#ubuntu-server 2010-04-25
<fbc-mx> JanC, but I get mdadm: Cannot open /dev/sdc: Device or resource busy
<JanC> so actually, sdd is now sdc, and was never part of the array, right?
<MTecknology> fbc-mx: um? - i thought you said you combined sdc and add
<fbc-mx> Yes, sdc and sdd were the array
<MTecknology> s/add/sdd/
<MTecknology> "mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc" <- not sdd
<fbc-mx> MTecknology, no sdc and sdd were always a raid 1
<fbc-mx> MTecknology, I did but I get mdadm: Cannot open /dev/sdc: Device or resource busy
<MTecknology> i have to nap - else I'm going to pass out- I hope JanC can help out
<fbc-mx> MTecknology, JanC , http://pastebin.com/hbAk3hTG
<JanC> fbc-mx: what's in your fstab ?
<fbc-mx> JanC, http://pastebin.com/qXP9aW87
<fbc-mx> MTecknology, thanks for all your help
<fbc-mx> JanC, any idea?
<JanC> my idea is you screwed something up, but I'm not sure where  ;)
<fbc-mx> JanC, how do I format /dev/sdc as to erase the disk and start over again
<JanC> first of all, it seems like you partitioned those disk?
<JanC> that's not really necessary
<JanC> and you better not partition a disk before using it as a raid
<JanC> *better not format is*
<MTecknology> JanC: that's what happened; he had partitions on it
<mrb_> Hello, Anyone can help me setting up a FreeRadius Server with Ubuntu ?!! And the idea here is to get it to generate users and passwords for customers of my coffee shop !
<MTecknology> what does Ubuntu use to hash its shadow files?
<MTecknology> s/files/file/
<jpds> MTecknology: crypt() ?
<MTecknology> jpds: thanks
<jpds> MTecknology: As in: man 3 crypt
<MTecknology> jpds: yup :) - I also found this - http://en.wikipedia.org/wiki/Crypt_%28Unix%29
<Irunongames> help
<Irunongames> my server can't find any packages
<jpds> Irunongames: Which mirror are you using?
<Irunongames> I don't know
<JanC> you can see in the Software sources configuration
<jpds> Irunongames: Pastebin: /etc/apt/sources.list
<Irunongames> no file or directory
<jpds> Well, that explains it.
<Irunongames> how do I get it?
<jpds> Irunongames: Pick a mirror on https://launchpad.net/ubuntu/+archivemirrors and copy and paste the entries on the mirror's page.
<JanC> that file missing might point to other things missing too...
<Irunongames> I just type in "deb http://mirror.anl.gov/pub/ubuntu/ YOUR_UBUNTU_VERSION_HERE main "
<Irunongames> nothing else?
<Irunongames> (besides swap "ubuntu version here"
<Irunongames> "No command "deb" found"
<jpds> Irunongames: Paste: http://pastebin.ubuntu.com/422005/ into: /etc/apt/sources.list
<Irunongames> how do I do that using VMware
<JanC> there are sources list generators like: http://repogen.simplylinux.ch/
<JanC> sudo nano /etc/sources.list
<JanC> taht will open an editor
<JanC> paste it in
<Irunongames> do I just paste in the links?
<JanC> the shhortcuts to save & exit should be at the bottom somewhere
<JanC> the whole file as jpds gave them
<jpds> Irunongames: You might want to read: https://help.ubuntu.com/community/Repositories/CommandLine
<skrite> what does reset slave on a slave replication MySQL do ?   i am getting conflicting info
<apstanto> I have an ibm laptop with a Pentium III.  Should I use the 32bit version of ubuntu 9.10 server?
<qman__> yes
<qman__> Intel didn't implement the x64 extensions until the Pentium 4 Extreme Edition
<apstanto> ok thanks! why is the 32bit iso image 690MB and the 64bit iso image only 655 MB?
<ubuntu> im guessing there are some packages that have not been compiled for 64bit yet that are not included in the 64bit edition
<ubuntu> these packages probobly introduce bugs in a a64bit environment
<ScottK> ubuntu: There aren't many of those that are an issue on servers.
<ubuntu> just a guess
<ubuntu> ScottK, im guessing they arent an issue because they were excluded
<ScottK> Usually 64 bit binaries are bigger, so the package selection on CD is somewhat less, but they are still available online.
<uvirtbot> New bug: #224665 in ntp (main) "ntpd starts but does not contact peers" [Undecided,Confirmed] https://launchpad.net/bugs/224665
<apstanto> What does "package selection on CD" mean?
<ScottK> The stuff that's on the ISO.
<ScottK> It's been a while since I looked hard at what was seeded on the 32/64 bit server ISOs.
<apstanto> if the binary is bigger, why is the iso smaller?
<ScottK> I'm not sure.
<ScottK> As I said I haven't looked at it recently.
<ScottK> Generally though any package that's not on the ISO for 64 bit can still be installed from the online repositories, so I don't find it particularly concerining.
<apstanto> Yeah
<netritious> Hi, how do I mount a USB thumb drive from console? Using Hardy Server i386.
<blue-frog> netritious, has it been recognized by the system when you inserted it?
<blue-frog> do you see it in dmseg
<blue-frog> dmesg
<netritious> blue-frog: not appearing in dmesg :-/ this is an older machine with a PCI USB 2.0 adapter card though..might that be my problem maybe?
<blue-frog> netritious, if the server does not create an entry in /dev/ it will be a problem indeed
<netritious> looks to be the problem...strange, it seems that the card is detected but as of yet anything I connect doesn't seem to have an effect
<netritious> blue-frog: will try some other things. Thank you for assisting. :)
<strings_> hello. Does anyone know how to remove the packages that a meta package installs?
<reves> Im looking for some support relating to ubuntu server 9.10. Im on a fresh install. whenever i VNC into it from another ubuntu desktop, the session doesn't update on the client side. showing mouse movements only on server side. also, i have firewall turned off and all VNC ports forwarded, yet i cannot access it from outside the network. please somebody help me with whats going on with my ports/permissions.
<guntbert> reves: not sure why you want to use VNC instead of ssh?
<reves> is it can i use SSH for a gnome session?
<reves> if so how, and how do i get around these port blockages?
<ivoks> wrong channel
<ivoks> gnome is on #ubuntu
<ivoks> in
<reves> oh for fuck sake
<ivoks> :)
<reves> whatever dickhead
<guntbert> !language | reves
<ubottu> reves: Please watch your language and topic to help keep this channel family friendly.
<timhaines> Hey guys - is this a good place to ask iptables related questions?
<ivoks> sure
<timhaines> Figured it out.  eth1 needed to be changed to eth0  :-)
<paul_andrew> For what i understand its possible to run ubuntu enterprise cloud on private server like esxi? Correct me if im wrong. The one reason for me not to use esxi is that the client for managing esxi is only running on windows. What are my options managing ubuntu enterprise cloud on mac and linux?
<ivoks> i don't use uec
<ivoks> but afaik, it has web interface
<ivoks> paul_andrew: look at https://help.ubuntu.com/community/UEC/ElasticFox
<paul_andrew> ivoks: thank you
<uvirtbot> New bug: #569734 in mysql-dfsg-5.1 (main) "fails to build from source: mysql-dfsg-5.1 on sparc" [High,Confirmed] https://launchpad.net/bugs/569734
<uvirtbot> New bug: #569741 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/569741
<uvirtbot> New bug: #567188 in krb5 (main) "krb5 and ADS error using 10.04, not 9.04" [Undecided,New] https://launchpad.net/bugs/567188
<bogeyd6> 9.04?
<paul_andrew> I have this virtual machine from linhost. Networking in ubuntu server, is this done manually?
<uvirtbot> New bug: #569757 in nis (universe) "NIS upstart dependancy broken for lucid" [Undecided,New] https://launchpad.net/bugs/569757
<jaypur> do you know any temperature monitor that sends the stats to a webpage... like phpsysinfo but for temperature???
<Zider> phpsysinfo shows temp too
<Zider> both cputemps and HDDs
<jrwren> you probably need sensors setup correctly for phpsysinfo to show it.
<jrwren> does sensors work from cmdline ?
<jaypur> jrwren, sorry if i'm too late, didn't see
<jaypur> jrwren, yes... everything is ok... where can i set at phpsys?
<jaypur> jrwren, i think it just shows the HD temperature, not the cpu or mb
<Irunongames> Hello???
<Irunongames> I need help with getting packages
<Irunongames> My server doesn't have any packages
<lil_cain> What do you mean?
<lil_cain> Is apt not workign?
<Irunongames> Their are no packages at all
<lil_cain> so you have nothing installed?
<Irunongames> their is no /ext/apt/sources.list
<Irunongames> how do I create it?
<guntbert> Irunongames: the correct path is /etc/apt/sources.list
<lil_cain> Irunongames: What version of ubuntu?
<Irunongames> guntbert Wow, that explains a lot ><
<Irunongames> 9.10
<Irunongames> But then why can't I download any packages?
<guntbert> Irunongames: :),  and remember on linux case is significant too  -- you can use the <tab> key to autoexpand paths and file names
<jrwren> do you have a working network connection?
<lil_cain> what happens when you try and install something?
<lil_cain> can you pastebin the error?
<Irunongames> I am running it on a virtual box
<Irunongames> could that be the issue?
<Irunongames> *vmware workstation
<lil_cain> Unlikely. However, if your VM lacks a working network connection, that could be it.
<Irunongames> I pinged google yesterday
<Irunongames> So it should be working
<lil_cain> Try connecting to google.com now?
<Irunongames> just ping http://www.google.com
<guntbert> Irunongames: won't work - it must be ping www.google.com (without the http:// part)
<Irunongames> woops
 * Irunongames tires it
<Irunongames> *tries
<Irunongames> Ok I get a ping
<lil_cain> right. Can you paste bin the error you get from apt-get install sl?
<lil_cain> (or some other similar package)
<Irunongames> can I do that even in VMWare?
<lil_cain> the fact that it's running in vmware shouldn't change anything.
<Irunongames> I'll just screenshot it
<Irunongames> one sec
<Irunongames> http://tinypic.com/r/2vlqpg5/5
<guntbert> Irunongames: please type sudo apt-get update
<Irunongames> Connecting to security
<Irunongames> how long should that take?
<lil_cain> a minute or so. Probably less.
<Irunongames> It's still on security -_-
<guntbert> Irunongames: do I see correctly that you have no GUI?
<Irunongames> guntbert probaly not
<jrwren> 7.3% of 9.15GB also means a very minimal install. that is pretty cool
<guntbert> Irunongames: my question was: do you have a graphical interface?
<Irunongames> no
<Irunongames> jrwren I should expand that o.o
<Irunongames> but I am running VMWare so it's limited
<guntbert> Irunongames: please use my nick or I don't get highlighted  -- next test: type w3m http://www.ubuntu.com   -- do you get the page?
<Irunongames> I tend not to highlight because people find it annying guntbert
<Irunongames> ok i'll try
<Irunongames> opening socket
<guntbert> Irunongames: in a support case it is important - I'm reading several channels and doing my own work too ...  so it might take a long time till I notice your answer
<Irunongames> http://tinypic.com/r/afeqfm/5 guntbert here is the resutl for update
<guntbert> Irunongames: that shows you cannot connect to the server -- what about w3m?
<Irunongames> can't load
<Irunongames> guntbert
<guntbert> Irunongames: could it be that you configured the system to use a proxy?
<Irunongames> I think i selected it NOT to do that
<Irunongames> Should I try to reinstall?
<Irunongames> guntbert
<guntbert> Irunongames: no need - have a look into the browser config on your host please -- is there a proxy configured?
<Irunongames> nope guntbert
<Irunongames> Or atleast I didn't set it up
<guntbert> Irunongames: please have a look into it -- would be silly to work into the wrong direction in your guest :)
<Irunongames> guntbert how do i do it?
<guntbert> Irunongames: how do you what? looking into the browser config on your host system?
<Irunongames> yes guntbert
<guntbert> Irunongames: what is your host OS, what web browser do you use on your host system?
<Irunongames> Windows 7, opera
<jrwren> are you sure its not a firewall thing?
<jrwren> because ping works, but the http for apt-get update fails.
<jrwren> can you wget http://security.ubuntu.com/ubuntu/dists/karmic-security/Release.gpg ?
<jrwren> Irunongames: for the record, I'm of the opinion that reinstall is NEVER a good idea. These screwups are the best way to learn.
<Irunongames> it resolved it
<Irunongames> it is connecting
<guntbert> jrwren: +1
<Irunongames> Ok, it is failing
<Irunongames> not getting past security
<jaypur> does anyone know a "web temperature" monitor, like... phpsys but for temperature?
<axisys> how do I allow my router 192.168.1. run rdate against my ubuntu server 192.168.1.244 ?
<guntbert> Irunongames: I have no idea about opera - sorry - but try (in your guest) w3m -no-proxy www.ubuntu.com
<axisys> how do I allow remote IP talk to ntpd in other words ?
<axisys> i want to run rdate against it
<Irunongames> guntbert opening socket
<guntbert> Irunongames: that rules out the proxy idea - time to listen to jrwren's idea - are you certain that a ping from the guest to an outside system worked?
<Irunongames> guntbert I got a ping back, so yes
<Irunongames> want a screenshot?
<guntbert> Irunongames: no, thx - now please type sudo iptables -L (will probably give several lines)
<Irunongames> guntbert done
<guntbert> Irunongames: I need to see the output
<Irunongames> http://tinypic.com/view.php?pic=1zzm342&s=5
<Irunongames> guntbert
<guntbert> Irunongames: thats just a syntax help -- means you probably mistyped  - did you forget the -L ?
<Irunongames> woops
<Irunongames> http://i40.tinypic.com/1zzm342.jpg
<Irunongames> guntbert
<guntbert> Irunongames: same as before -- please  show me the line you are typing in
<Irunongames> sudo iptables -L
<guntbert> Irunongames: strange -- it should give something like http://paste.ubuntu.com/422273/
<Irunongames> let me try again
<Irunongames> http://tinypic.com/r/or4f2x/5 guntbert
<guntbert> Irunongames: so it has nothing to do with the firewall of the guest  -- please try once more: ping -c1 www.ubuntu.com  -- you should get 1 received
<Irunongames> http://tinypic.com/r/2v30jtf/5 guntbert
<guntbert> Irunongames: its getting stranger and stranger ... please (just for a test) disable any kind of firewall on the host, then try w3m http://www.ubuntu.com    again
<bluethundr> courier-imap-ssl wont install.. can someone enlighten me on what the capital 'C' means if you do an aptitude search for an application? http://pastebin.com/TYpm2qY2
<Irunongames> guntbert I will be back in 5 miniutes, playing with firewall = shut off internet for me
<guntbert> Irunongames: oops -- I'll be here
<wbrb> I've lost control of a samba share and can't figure out why. the owner/group looks right and and I'm in the correct /etc/group entries. beyond that I'm out of ideas. anybody?
 * SpamapS realizes its been at least 4 years since he logged ino a samba server
<Irunongames> guntbert ?
<guntbert> Irunongames: I'm here
<Irunongames> What do I do now?
<Irunongames> I played with my firewall a bit
<guntbert> Irunongames: did you manage to disable any firewall on your host?
<Irunongames> yep
<guntbert> Irunongames: no in your guest type w3m www.ubuntu.com  - does it connect now?
<guntbert> *now
<Irunongames> Opening socket
<guntbert> Irunongames: same as before ....   please ask in #vmware - tell them host OS, guest OS, vmware product/version and tell them that ping to remote servers works but tcp-connections don't - its either a problem in vmware or with your router
<guntbert> Irunongames: I'm at the end of my knowledge -- sorry
<Irunongames> guntbert adding entries into /etc/resolv.conf for DNS?
<guntbert> Irunongames: improbable - as ping www.ubuntu.com worked - and that needed name resolution too
<FFF666> hi, anyone knows something about UEC?
<FFF666> sommer, do you remember me?
<FFF666> how can I  connect to an image from a pc(which is not the cloud controller)?
<arooni> i added a user
<Pici> congrats?
<arooni> how do i make it so they have sudo access?  how do i generate a key for them to login in with?  how do i make authentication for this user to be pass + key
<arooni> haha
<Pici> Add them to the 'admin' group for sudo access.
<arooni> what command to use to do that?
<arooni> i dont see anything for addgrp
<Pici> sudo adduser theusername admin
<arooni> ok thanks
<arooni> i dont have an admin group :(
<Pici> The default ubuntu server install creates one.
<arooni> well i'm pretty sure i'm running ubuntu server something ... i think hardy lts
<shennyg> I am interested in changing the hostname on my ubuntu ec2 server....
<shennyg> I found out you should edit /etc/hostname but I don't think it works for amazon ec2... does anyone know how to do it in ec2? just mention my nick I will be around
<SpamapS> shennyg: did you reboot the instance?
<guntbert> !hostname | shennyg
<ubottu> shennyg: Use hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hostname and /etc/hosts . WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly.
<shennyg> thanks SpamapS & guntbert: I put "hostname the.name.com" into /etc/rc.local b/c in /etc/hostname all it had was ubuntu
<shennyg> i have yet to test it by restarting...
<qman__> shennyg, I suggest opening a root session via "sudo -i" before you change the hostname, because it's easy to break sudo by doing so
<qman__> and then be stuck unable to reboot or undo the change
<shennyg> I was using su
<shennyg> is that the same thing?
<qman__> not exactly but close enough for this purpose
<qman__> there's some technical differences between sudo su, sudo -i, and sudo -s
<shennyg> so how do I know if I didn't break it?
<shennyg> I can still use su
<qman__> I usually open a second terminal or SSH session
<shennyg> but will it take a reboot to find out?
<shennyg> I did it to 4 of our productions servers and then closed the ssh session
<shennyg> and I can still get into them
<shennyg> with su
<qman__> well, it might not be correct after the reboot
<qman__> the problem is when you change the hostname live, and then it breaks sudo auth
<shennyg> but I have yet to reboot any of them
<shennyg> gotcha
<qman__> sort of like messing with pam
<guntbert> !sudo | shennyg
<ubottu> shennyg: sudo is a command to run command-line programs with  superuser privileges ("root") (also see !cli ) . Look at https://help.ubuntu.com/community/RootSudo for more information. For  graphical applications see !gksu (Gnome, XFCE), or !kdesudo (KDE). If you're unable to execute commands with  sudo see: http://www.psychocats.net/ubuntu/fixsudo
<qman__> you want to leave a root session open while you do it, so you can fix it
<shennyg> but it won't stay open if I reboot
<guntbert> qman__: well said :-)
<qman__> well, when you reboot
<qman__> it'll either work, or the system won't let anyone log in
<shennyg> wow, that sucks
<qman__> in which case you need to boot single user/recovery mode to fix
<qman__> that's a possibility with the way you did it, adding it to /etc/rc.local
<qman__> I suggest undoing that, and doing it the right way
<shennyg> well I did it there, and I also ran hostname the.hostname.com
<qman__> yes, but by having that in rc.local
<shennyg> and started a new ssh session and it worked
<qman__> it changes the hostname after the system boots, but before anyone can log in
<qman__> which is a very bad idea
<shennyg> ok
<shennyg> so what is the proper way of doing it and testing it so I don't need to use recovery mode
<qman__>  /etc/hosts and /etc/hostname
<guntbert> !hostname | shennyg
<ubottu> shennyg: Use hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hostname and /etc/hosts . WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly.
<shennyg> ok, I think there is a trick b/c I am using an amazon ec2
<shennyg> my /etc/hostname file has ubuntu in it
<shennyg> and it is not that
<qman__> that's the default hostname
<shennyg> and my hosts file doesn't have the current hostname in it
<shennyg> all it has is 127.0.0.1 localhost and some ipv6 stuff in it
<qman__> well, I don't know anything about ec2, so I don't know what kind of dirty tricks they may have used
<qman__> but that's the correct way to set the hostname
<shennyg> when it says edit those two files... do I just add a line that says "hostname the.hostname.com"?
<qman__> no
<qman__>  /etc/hostname contains just the hostname
<shennyg> ok
<qman__> and /etc/hosts links your IP to your hostname
<qman__> normally you'd use your actual IP
<shennyg> so it would read 127.0.0.1 localhost the.hostname.com
<qman__> no
<shennyg> or would I have to use the ip
<qman__> it should contain
<qman__> 127.0.0.1 localhost
<qman__> 1.2.3.4 yourhostname.site.com
<shennyg> qman__: thanks a lot for sticking w/ me on this...
<shennyg> the ip changes on each reboot, so it looks like I am destin to screw things up....
<shennyg> I am just going to remove the line from the rc.local file
<qman__> well, if it's dynamic, you can't put it in the hosts file
<shennyg> and I am guessing there was no harm in setting the hostname via command line?
<shennyg> b/c on reboot it will not "stick"
<qman__> there isn't, just the possibility of breaking things
<shennyg> am I correct? or should I undo it somehow?
<qman__> if you're still able to log in, nothing broke
<shennyg> but *after* the reboot
<qman__> but if you put that in rc.local, you can lock yourself out
<qman__> because if it breaks, it'll break before you can log in
<shennyg> I am removing/undoing what I did in that
<shennyg> * the rc.local file
<shennyg> and I have to deal w/ me setting the hostname via cli
<qman__> I'm guessing that with ec2, there's some kind of trick in the configuration that loads the instance
<qman__> to set the hostname
<shennyg> yeah, but setting the hostname via "hostname the.hostname.com" via commandline as su should be undone when I reboot right?
<qman__> yes
<shennyg> great, glad I actually got in here and asked! I would have been in some trouble...
<shennyg> thanks a TON
<uvirtbot> New bug: #569904 in mysql-dfsg-5.1 (main) "mysql-server-5.0 from hardy conflicts with mysql-server-core in karmic" [Undecided,New] https://launchpad.net/bugs/569904
<uvirtbot> New bug: #569919 in ntp (main) "ntpd constantly complains about being unable to create socket" [Undecided,New] https://launchpad.net/bugs/569919
<axisys> gnome-do is keep crashing
<axisys> now i cant start it.. lol
<axisys> gnome-do that is
<axisys> now that I have gnome-do out of the way.. anyone else have anyother suggestion on google desktop like search tool for laptop ?
#ubuntu-server 2011-04-18
<uvirtbot> New bug: #764094 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/764094
<uvirtbot> New bug: #764096 in postfix (main) "DNS hostname lookups fail in chroot after natty upgrade" [Undecided,New] https://launchpad.net/bugs/764096
<van7hu> hello, I've just finished installing LAMP in my server
<van7hu> what I need to do next?
<twb> van7hu: that rather depends what you want to achieve.
<van7hu> twb:I just want to develop a  local website to test
<van7hu> twb: How could I do that
<van7hu> twb: if I want to test whether my website is working, localhost?
<twb> I imagine so.
<twb> Or if your server and desktop are separate systems (as we recommend), it would be http://<hostname of server>
<van7hu> twb: I am in a LAN network
<twb> I don't see how that matters.
<van7hu> how to I install LAMP in a command?
<twb> sudo tasksel?
<van7hu> ah yeah
<van7hu> thanks
<van7hu> twb: sorry
<van7hu> but what I need to do
<van7hu> it shows me an select, but how could I select, what button to use?
<twb> There should be a LAMP option there
<van7hu> yes
<twb> So pick it
<van7hu> but I could not select it
<van7hu> bump, what button should I use to choose it
<twb> space?
<twb> Dunno, I don't use that stuff
<van7hu> ah, thanks
<van7hu> I check all keyboard, except it
<The_Kernel> hi, does anyone know how to clear the mailqueue on courier
<The_Kernel> ?
<twb> The_Kernel: is there a mailq or postqueue command or similar?
<The_Kernel> I found it
<twb> The_Kernel: maybe dpkg -L courier-thingy | grep sbin -OK
<The_Kernel> jsut had to figure out how to ask google properly
<rnigam> I want to update qemu-kvm package from default version 0.12.5 to the latest 0.14.0 without breaking any other dependencies on ubuntu-server maverick. I see that Natty has 0.14 version. Can someone here tell me how can i do it in maverick. Thanks
<twb> KVM version appears to be 1:84+dfsg-0ubuntu16+0.12.5+noroms+0ubuntu7.2
<twb> Do you mean the 0.12.5 part of that ?
<twb> Ah, I guess you mean the qemu-kvm source package.
<rnigam> yes twb
<twb> qemu-kvm | 0.12.5+noroms-0ubuntu7 |      maverick | source, amd64, i386
<twb> qemu-kvm | 0.14.0+noroms-0ubuntu4 |         natty | source, amd64, i386
<twb> Unless there's already a reliable backport, you will want to roll your own.  This is not something inexperienced packagers should do.
<rnigam> :(
<twb> That, or upgrade your system to natty.  IIRC that hasn't been released, so that wouldn't be a good idea either.
<rnigam> cant i do manual install of the new package with all the dependencies ? and then use the absolute path to run kvm?
<twb> If you're happy to make your system less reliable, maintainable, and secure -- sure.
<rnigam> :(
<twb> Why do you want the newer qemu-kvm?
<rnigam> so the newer kvm supports a feature called vhost which improves network throughput between kvm guests !
<qman__> well, natty IS about to release, so if you can wait a week or two, do that
<qman__> otherwise, I agree, rolling your own package is the best option
<qman__> everything else is too messy
<twb> Unless you're burning for that feature, I advise you to wait
<twb> IMO backporting like that is only worth it to get show-stopper bugfixes/features/security patches.
<twb> e.g. I do it for openldap because otherwise I can't use sudo-ldap and users can't reset their own passwords.
<twb> That and eatmydata, because lucid's dpkg is particularly silly wrt I/O
<rnigam> ok I am very desperate to test this out ! today or tomorrow.
<rnigam> I think I will go for Natty.. Can I download beta yet?
<rnigam> are there any issues that I should be worried about while swithcing to the beta?
<twb> I don't know.  I only run LTS releases
<twb> IMO non-LTS releases are ALL flaky
<Datz> no trying out unity for you?
<twb> I don't use GUIs
<Datz> hardcore
<twb> Not my fault if normals are weak
<Datz> I couldn't do that. I need some GUI for web browsing
<Datz> what do you use? lynx, links?
<twb> I do launch X on demand for web banking ("xinit /usr/bin/opera http://bank.example.net/")
<twb> For normal browser I use emacs-w3m and w3m
<twb> They support inline images, which is about the only "GUI-y" feature I really need for browsing
<Datz> humm, haven't tried emacs-w3m
<Datz> humm
<twb> emacs-w3m is more-or-less just w3m inside emacs
<twb> It's not actually *implemented* that way, but that's what the users see
<Datz> humm
<Datz> I know not of this
<Datz> looks interesting though
<twb> The real kicker is to use intelfb to get native resolution on the framebuffer, and kbd+console-setup to get nice small terminus 12x6 font
<twb> Oh, and setterm to get nice colours
<Datz> yea, doesn't sound like a hassel or anything :P
<twb> Shrug
<Datz> hehe
<twb> It's no harder than xf86.conf used to be
<Datz> ah, haven't really had to deal with that sutff
<twb> THese days xorg.conf isn't needed, it's all auto-detected
<twb> ten years ago, not so much
<Datz> but I'm sure it's great once it's all configured
<Datz> um hum
<Datz> you use emacs for irc as well then?
<twb> For me, fbcon looks pretty much identical to X+ratpoison+xterm
<twb> Datz: yes
<Datz> ah
<Datz> cools
<twb> Try "emacs -f irc"
<Datz> haven't tried that out, pretty used to irssi
<Datz> hey look it autoconnects to freenode
<Datz> is that the -f ?
<twb> No -f is like M-x
<Datz> humm
<Datz> so.. I don't know how to use it anyway :)
<twb> Without configuration, M-x irc should connect you to #emacs on freenode automatically
<twb> Or maybe #rcirc, I forget.
<Datz> oh.. I see it's just working
<twb> That's only one of the IRC clients, though
<datz`> test
<datz`> heh
<twb> Emacs also ships with M-x erc, and there are a handful of others to install
<Datz> ah
<twb> "darcs get http://cyber.com.au/~twb" for my dotfiles, if you feel like looking around them
<Datz> maybe I'll have to look into emacs irc a bit more
<Datz> thanks, I'll have a look
<twb> Damn, permissions are broken on that
<Datz> ah
<twb> You can hit individual files in there, but autoindexing is disabled
<twb> So e.g. http://cyber.com.au/~twb/.profile
<Datz> humm
<twb> OK, *now* "darcs get" should work.
<adac> Is someone familiar here with tomcat clustering?
<jamespage> adac: I've done a bit in the past; might be a bit rusty - whats your question?
<adac> jamespage, I was wondering how seesion replication works with simple: "<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>" flag?
<adac> do you know whcih port is used for to exange the sessions?
<twb> Wow, already I'm glad I don't know
<jamespage> adac: http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html - should have all the information you need
<adac> jamespage, I know that page already ;)
<jamespage> adac: "The TCP port listening for replication messages is the first available server socket in rangeÂ 4000-4100"
<jamespage> adac: I think that multicast is just used for control across the cluster - the TCP port is used for replication
<adac> jamespage, oh i see
<jamespage> adac: so more that likely it will be port 4000 - but it might not be :-)
<adac> jamespage, hehe
<adac> lets try it out
<adac> there are only a hundred possibilities right? =)
<adac> no but maybe I can fix his port somehow
<adac> set it  by default
<jamespage> adac: org.apache.catalina.tribes.transport.nio.NioReceiver is the configuration element that will probably do this for you
<adac> jamespage, yes you right this looks like the place to set this port
<jamespage> adac: http://tomcat.apache.org/tomcat-6.0-doc/config/cluster-receiver.html - more info
<jamespage> adac: autoBind="0" might do the job - worth testing though.
<adac> jamespage, still no luck... with 4000, lets try with autobind="0"
<uvirtbot> New bug: #764391 in cobbler (universe) "cobbler fails to manage bind9 " [Undecided,New] https://launchpad.net/bugs/764391
<adac> jamespage, still does not work even with autobind=0. This is wath i have on both tomcat servers now (two own server): http://pastie.org/1806441
<jamespage> adac: what behaviour are you actually seeing?
<adac> balancing is fine, it switches when one tomcat goes down. but the session is lost, jamespage
<adac> so when one tc goes down, and i reload the page a new session appears
<jamespage> adac: have you set the <distributable/> flag in the web application web.xml?
<adac> jamespage, yes i did
<jamespage> adac: anything that might indicate that its not working in the tomcat logs?
<adac> wait a second jamespage I will check that
<adac> jamespage, hmm on starting up tomcat 2 says: Apr 18, 2011 11:46:43 AM org.apache.coyote.AbstractProtocolHandler init
<adac> INFO: Initializing ProtocolHandler ["http-bio-8080"]
<adac> Apr 18, 2011 11:46:43 AM org.apache.coyote.AbstractProtocolHandler init
<adac> INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
<adac> Apr 18, 2011 11:46:43 AM org.apache.catalina.startup.Catalina load
<adac> INFO: Initialization processed in 2983 ms
<adac> Apr 18, 2011 11:46:43 AM org.apache.catalina.core.StandardService startInternal
<adac> INFO: Starting service Catalina
<adac> Apr 18, 2011 11:46:43 AM org.apache.catalina.core.StandardEngine startInternal
<adac> INFO: Starting Servlet Engine: Apache Tomcat/7.0.11
<adac> Apr 18, 2011 11:46:43 AM org.apache.catalina.ha.tcp.SimpleTcpCluster startInternal
<adac> INFO: Cluster is about to start
<adac> Apr 18, 2011 11:46:44 AM org.apache.catalina.tribes.transport.ReceiverBase bind
<adac> INFO: Receiver Server Socket bound to:/188.40.170.187:4000
<adac> Apr 18, 2011 11:46:44 AM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket
<adac> INFO: Setting cluster mcast soTimeout to 500
<adac> Apr 18, 2011 11:46:44 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
<adac> INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4
<adac> Apr 18, 2011 11:46:45 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
<adac> INFO: Done sleeping, membership established, start level:4
<adac> Apr 18, 2011 11:46:45 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
<adac> INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8
<adac> Apr 18, 2011 11:46:46 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
<adac> INFO: Done sleeping, membership established, start level:8
<adac> ouch sorry
<adac> Apr 18, 2011 11:49:38 AM org.apache.catalina.ha.session.DeltaManager startInternal
<adac> INFO: Starting clustering manager at localhost#/cluster
<adac> jamespage, ^^ this one
<adac> Apr 18, 2011 11:49:38 AM org.apache.catalina.ha.session.DeltaManager getAllClusterSessions
<adac> INFO: Manager [localhost#/cluster]: skipping state transfer. No members active in cluster group.
<jamespage> adac: it looks like the cluster manager is binding to localhost rather than the real IP of the server
<adac> jamespage, ok I will ahve anotehr look on the config
<jamespage> adac: once your tomcat instances are started take a look and see where they are binding to
<jamespage> if you see port 4000 on localhost you might need to use the 'address' parameter in the configuration
<jamespage> i.e. auto might not be working quite as expected!
<adac> jamespage, http://pastie.org/1806506 thist is the startup
<adac> message
<jamespage> adac: just spotted you are using Tomcat 7
 * jamespage goes to see if anything is differnt
<adac> jamespage, shoudn't be that different
<adac> :)
<jamespage> adac: it would appear so
<adac> bu maybe there is a tiny tiny little thing
<adac> like ession replication
<adac> that is different hehe
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<jamespage> adac: well it could be - it would appear that the two nodes are not forming a cluster - this is done over the multcast address
<jamespage> adac: assume that is consistent between the two nodes?
<adac> jamespage, taht was exactyl the nextquestion I wanted to ask you
<adac> thsi mulitcast thing
<adac> is this soemthing tomcat internal
<adac> or is this a real network adress?
<adac> ip adress
<jamespage> adac: its not tomcat internal - http://en.wikipedia.org/wiki/Multicast
<jamespage> adac: its a nice efficient way of getting information to a large number of nodes without sending it to each individually.
<jamespage> adac: the two nodes in your cluster need to use the same multicast IP address AND port number.
<adac> I see so this is a network setup
<jamespage> adac: you should not need todo anything else to your systems network configuration
<adac> no?
<adac> only give this ip that the tomcat docs suggest?
<adac> within the server.xml
<adac> ^^jamespage
<uvirtbot> adac: Error: "^jamespage" is not a valid command.
<adac> hehe
<jamespage> adac: you should only need to specify this in the server.xml
<jamespage> adac: if you execute 'ifconfig -a' you should see that 'MULTICAST' is mentioned in the output for your network adapters.
<adac> jamespage, http://pastie.org/1806558 this is what ifconfig -a gives me
<adac> so it seems that multicast is missing...
<adac> right?
<jamespage> adac: yes - no multicast no cluster comms :-(
<jamespage> adac: are you running this in a container?
<adac> this is a openvz container, yes jamespage
<adac> hehe
<jamespage> adac: thought so
<adac> but all fine now I finall know what is wring
<adac> wrong
<jamespage> adac: great - glad I could help :-)
<adac> thank you a lot jamespage!!
<jamespage> adac: np
<jamespage> Daviey: as I'm fixing up the bind9 integration for cobbler do you think bind9 should be added to suggests?
<Daviey> jamespage, suggests sounds safe.
<Daviey> jamespage, suggests doesn't add much value... but is logical.
<jamespage> Daviey: ack
<adac> command: "brctl addbr vzbr0" error: "add bridge failed: Package not installed" Do you guys have an idea? The package is installed
<adac> does the kernel not know how to handle it maybe?
<aperson> I've tried a few times and failed.  How would I write a .htaccess file to redirect my /map/ to my map subdomain?
<m|kael> hello, i would like to add a site in apache2 for wildcard subdomains. kinda like *.dev.domain > /var/www-dev/* can anyone help me with it please, i use the lamp package which comes with ubuntu server
<andriijas> is it possible to restrict access to a certain account over ssh for 1 ip?
<andriijas> or does adding ip limitation apply to all accounts?
<JanC> m|kael: you'll need something like this: http://httpd.apache.org/docs/2.2/rewrite/vhosts.html
<m|kael> JanC: thank you, ill check it out
<m|kael> JanC: so its not possible to add a site in /etc/apache2/sites-available ?
<JanC> eh, you *have* to
<m|kael> JanC: kk
<zul> morning
<Daviey> jamespage, is your cobbler branch good to go?
<jamespage> Daviey: just testing now
<Daviey> cool
<Error404NotFound> anybody here used varnish? I have installed varnish on http://www.bitesource.com/ and enabled detailed headers according to http://www.varnish-cache.org/trac/wiki/VCLExampleHitMissHeader. Problem? Its a MISS for everything and X-Cacheable is always NotCacheable for some reason
<jamespage> Daviey: cobbler branch now GTG if you would like to sponsor :-)
<Daviey> jamespage, you rockstar
<Daviey> jamespage, Maybe next cycle the bind binary could be a config option, and we could submit that upstream
<jamespage> Daviey: that would be a good idea; more time than we have ATM but def next cycle
<Daviey> jamespage, agreed
<ttx> kirkland: ping
<jfb_h20> anyone up for a challenge? http://ubuntuforums.org/showthread.php?t=1725957
<jfb_h20> Or so it seems by the lack of response...
<patdk-wk> jfb_h20, this is ubuntu server, not ubuntu or ubuntu laptop help
<jfb_h20> patdk-wk: thanks. I know, seems though that folks here are a little more focused... a lot of noise on #ubuntu, but i'll give it a ping over there if you think it's better.
<jfb_h20> patdk-wk: I guess though, given it's a GPU issue, 'server' might not be the best place ;)
<adac> jamespage, I just wnated to let you now there is a new mechanism with memcached for the session replication: http://code.google.com/p/memcached-session-manager/wiki/SetupAndConfiguration
<RoAkSoAx> morning all
<jamespage> adac: thanks for the pointer - looks interesting
<jamespage> adac: considering looking at packaging tomcat7 next cycle and this might make a nice supplement.
<adac> jamespage, I knew you would like it
<adac> :)
<MTecknology> what was that software that was around the kernel level for keeping file systems in sync across disks?
<patdk-wk> mdadm?
<MTecknology> er.... across different systems..
<patdk-wk> heh, nothing stopd mdadm from doing radi1 between systems :)
<patdk-wk> drbd?
<MTecknology> THAT!
<MTecknology> Thanks :D
<patdk-wk> hmm, raid1 two iscsi mounts :)
<MTecknology> which would also work great; not for me - someone on cheap hardware that thinks they're going to do a high availability setup; sounds like that's what they're looking for
<RoyK> patdk-wk: what sort of iscsi target?
<patdk-wk> any, I was just saying it is easy to setup mdadm to use disks across different physical systems
<smoser> Daviey, i un-milestoned bug 745930
<uvirtbot> Launchpad bug 745930 in cloud-init "cloud-init timeout waiting for metadata service on EC2" [Low,New] https://launchpad.net/bugs/745930
<Daviey> smoser, why?
<smoser> because its not a bug. its hardware failure.
<smoser> hardware, or platform, or *something* failure.
<smoser> i can't fix amazon's platform bug.
<Daviey> smoser, you should.
<uvirtbot> New bug: #745008 in samba (main) "Files left behind on upgrade from Maverick" [Undecided,New] https://launchpad.net/bugs/745008
<ppetraki> patdk-wk, have you ever actually deployed that setup, without corrupting your data?
<patdk-wk> never said it was very sane :)
<patdk-wk> and drbd defently doesn't protect you from data corruption
 * SpamapS stretches
<SpamapS> morning people
<SpamapS> drbd is an availability solution, not a backup solution. :)
<patdk-wk> busy studing xkcd today
<ppetraki> drbd, in mode C, with a battery backed cache is extremely reliable
<SpamapS> yes, as an availability solution. :)
<ppetraki> sure
<SpamapS> your DB could still mangle all the data due to a bit error
<ppetraki> if it does, then it's a bug in drbd
<SpamapS> snapshots, transaction logs, offsites ... backups will never go out of style. :)
<patdk-wk> or the drive is bad
<ppetraki> that's why it's recommended to use a smart raid in such a deployment
<SpamapS> what is "smart raid" ?
 * SpamapS guesses its the kind where the pirates don't get drunk before they land
<patdk-wk> no idea, cause I have had raid cards freak out, and cause the drive array to go nuts
<ppetraki> something that checks your disk's integrity on a regular schedule
<ppetraki> though DRBD has a verify feature too
<ppetraki> having said all of that, I'd much rather prefer a good SAN
<cloakable> What would you use as a SAN head?
<cloakable> :P
<ppetraki> an FT machine like a Stratus box
<SpamapS> ppetraki: how does it know what the integrity of MySQL tables is?
<SpamapS> a SAN is not an availability solution. :)
<ppetraki> SpamapS, it doesn't, but in mode C, it can't complete the IO unless it receives verification from the other side
<SpamapS> ppetraki: I'm well aware of how drbd works, having been a user since 2000. :)
<ppetraki> SpamapS, :)
<SpamapS> ppetraki: I still copied everything to tapes once a day. :)
<ppetraki> SpamapS, never said it was a backup replacement
<SpamapS> Right, somebody asked if drbd protects you from data corruption.
<SpamapS> emphatically, *no*
<ppetraki> SpamapS, I simply wanted to emphasis that DRBD is better suited for "raid 1 over the network" than iSCSI/MDADM
<RoAkSoAx> ppetraki: But, with 3-way replaction with DRBD (as disaster recovery) might be cofused as backups
<patdk-wk> actually the question was what replicates filesystems across disks
<ppetraki> RoAkSoAx, well, the 3 way sometimes makes good sense if the third node is the backup server
<patdk-wk> it wasn't till later the question was modified to across servers
<RoAkSoAx> SpamapS: indeed, but that's why we use fencing, but even drbd has its own preventing methods, but of course, those are not a complete solution
<RoAkSoAx> ppetraki: indeed, but the idea of the 3-way replication was specifically use it as a backup server
<ppetraki> SpamapS, nothing perfect, but with battery backed storage controllers, UPS, and proper fencing you can get close
<RoAkSoAx> ppetraki: however, it is now used as site replacation
<RoAkSoAx> ppetraki: and some sense of a 4 node cluster
<RoAkSoAx> or 4 way replication
<RoAkSoAx> s/way/node
<SpamapS> there's also some FS's now that replicate across network instead of using block level replication
<SpamapS> glusterfs is pretty cool.. ceph will follow btrfs into the mainstream and should be pretty awesome
<ppetraki> DRBD is neat, but the supporting community is too small to get real free help
<ppetraki> I can remember several instances where I've gotten responses that basically said "if you only had a support contract"
<RoAkSoAx> ppetraki: those are the sales guys lol
<RoAkSoAx> ppetraki: but anyways, they do have good documentation
<ppetraki> RoAkSoAx, nope, it was the head devs
<RoAkSoAx> ppetraki: fghaas, lge?
<ppetraki> RoAkSoAx, I used to maintain a branch of DRBD internally for a time. Miserable work
<RoAkSoAx> ppetraki: hehe well from my point of view they have to make money out of something, otherwise there wouldn't even be a DRBD
<SpamapS> With something like DRBD .. you really should be ready to pay a little.
<RoAkSoAx> indeed
<RoAkSoAx> SpamapS: so how's it going today man?
<ppetraki> I tell people, think of DRBD like a "virtual SAN", and budget accordingly
<SpamapS> I learned that w/ MySQL .. paying percona for 8 hours of consulting did fantastic things for the response time of our queries. :)
<SpamapS> RoAkSoAx: I am sore in almost every muscle and bone of my body.. but good. :)
<RoAkSoAx> SpamapS: hehe too much alcohol or too much working out?
<SpamapS> RoAkSoAx: 3 hour karate test
<SpamapS> 3 hours of kicking, punching, spinning, sparring, "HIIIYYAAAHHH"'ing, and pushups.. soo.. many.. pushups
<RoAkSoAx> SpamapS: oh wow! that definitely hurts... I run yesterday after more than 1 year with absolutely no excercise (post surgery) and I'm sore, but feel better than ever
<SpamapS> RoAkSoAx: I'm drinking green tea and eating flax seed oatmeal.. hopefully the omega 3's and anti-oxidants will do their pseudo-science-certified dance and make me feel better soon
<macno> hi, in 10.10  there's a /etc/default/rsyslog but it's not read by the upstart script. The argument now is written directly in /etc/init/rsyslog.conf is it correct?
<Delemas> Anyone know how to determine what is currently set as the admin password or admin email of an Ubuntu enterprise cloud?
<SpamapS> Delemas: not sure, but you can probably reset it via dpkg-reconfigure eucalyptus-cc
<Delemas> hmm no luck there...
<SpamapS> bummer
<SpamapS> kirkland: ping, Delemas is trying to figure out how to reset his admin account on UEC.. any ideas?
<SpamapS> Daviey: ^^
<kirkland> SpamapS: if he set his email address when he first logged in, just reset password
<kirkland> SpamapS: if not, i have no idea
<Delemas> I tried the recover password route but no email was sent out... I obviously tried all the accounts I thought that should work but the web interface is accepting nothing and emailing nothing...
<SpamapS> kirkland: btw I just tried out the nested byobu fix. Much smoother. :)
<SpamapS> kirkland: next step is to just have it open as a new window inside your existing byobu.
<Delemas> Nevermind, after a restart it let me login. Not sure what that was about... Thanks anyways...
<smoser> SpamapS, you want to read bug 740390 for me ?
<uvirtbot> Launchpad bug 740390 in dbus "libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown" [Undecided,New] https://launchpad.net/bugs/740390
<smoser> i'm asking you because the bug-opener mentions  bug 672177
<uvirtbot> Launchpad bug 672177 in sysvinit "libc6 upgrade causes umount to fail on shutdown because init cannot be restarted" [Critical,Fix committed] https://launchpad.net/bugs/672177
<SpamapS> smoser: reading
<SpamapS> smoser: you missed his point, on reboot it probably would actually have to fsck /
<SpamapS> oh wait
<SpamapS> no you didn't
<SpamapS> haha I should read the whole thing
<SpamapS> smoser: yes touching /var/run/init.upgraded is actually probably something we should do on all libs that init dynamically links
<smoser> i did almost miss the point SpamapS
<SpamapS> smoser: let me try this on an up to date natty system.. the key is whether or not you get orphaned inodes in the dmesg on reboot
 * SpamapS is always shocked when he sees how many updates accumulate for a bare bones VM in one week of release freeze
<smoser> SpamapS, there were 42 in the 36 hours prior to me coming in this morning
<SpamapS> we almost need to create a trigger for upstart on /lib
<SpamapS> smoser: ok I marked that one Triaged and High. The next upgrade to dbus really should handle the init.upgraded thing unless we've put the trigger in place for upstart.
<SpamapS> Though there is some hope that upstart will be able to re-exec itself without losing state when upstart 2 comes out
<zul> hallyn: ping
<hallyn> zul: hey
<user5v> hello, how do disable internet/network access for some linux users, are there special groups?
<SpamapS> user5v: you can disable access for local users yes..
 * SpamapS isn't sure how to do it w/ ufw tho
<user5v> SpamapS: whats the keyword to google?
<jdstrand> don't bother looking, ufw doesn't have that via the cli. any iptables-style stuff can be added to /etc/ufw/*rules of course
<SpamapS> jdstrand: ahh thats how. :)
<SpamapS> user5v: man iptables, search for 'owner'
<user5v> SpamapS: does NX or VNC work for this user after disabling internet access?
<SpamapS> user5v: depends on how you "disabled" the access
<SpamapS> user5v: if you say iptables -A OUTPUT -m owner --uid-owner baduser -j DROP  .. then they will have no ability to do any kind of network communication.
<user5v> SpamapS: the user should be able to log in with NX but shoudn't download anything inside of the nx session a. e. wget
<SpamapS> user5v: so then allow the NX port first, but drop everything else.
<user5v> SpamapS: i have done this:
<user5v> SpamapS: iptables -A OUTPUT -m owner --uid-owner test -p tcp --dport 22 -j ACCEPT
<user5v> SpamapS: iptables -A OUTPUT -m owner --uid-owner test -j DROP
<user5v> now nx doesn't work
<user5v> ssh works
<SpamapS> because.. you used port 22
<SpamapS> you're allowing 22 *out* there btw
<SpamapS> i suspect you want something different
<user5v> SpamapS: should I allow 22 IN, too?
<SpamapS> user5v: you can't control incoming ports per user
<user5v> SpamapS: what's the problem with 22
<SpamapS> user5v: I'm sorry.. this is a *really* advanced topic, and I don't think IRC is an appropriate way to try and learn this.
<user5v> SpamapS: thank you, but how to delete the two rules?
<MetaJake> using ubuntu-server on VMWare locally, is there any way to use "real world" URL's to visit sites on the local server? or do you know if I'm stuck with just using my network's IP address as the URL as i develop locally? (--- recommend any google search phrases for reading on this topic?)
<SpamapS> user5v: just do '-D' instead of '-A'
<pethkaqeni> hi all
<SpamapS> user5v: your next best way to learn this is to read up on iptables as a whole system, so you can understand how INPUT/OUTPUT work together
<pethkaqeni> someone may help me plz
<pethkaqeni> im new to ubuntu server and im so dammed confused with this one
<pethkaqeni> i have a attansic technology co device 1062 (rev c0) driver problem
<SpamapS> MetaJake: you could put the "real world" hostnames in /etc/hosts
<SpamapS> MetaJake: if you're on windows.. thats not the right file.. its like.. C:\windows\lmhosts or something like that
 * SpamapS hasn't had to do that in a long... long time
<SpamapS> pethkaqeni: whats a "co device" ?
<MetaJake> SpamapS, I see. heh.
<MetaJake> thanks i'll toy with that.
<SpamapS> MetaJake: there are also some firefox plugins that let you spoof the Host: header.. that helps if thats the thing you need to fix.
<MetaJake> alrighty.
<RoAkSoAx> SpamapS: ping
<adac> Hi guys, my backup servers inodes are full, even though I still have 43 gigs free disk space
<SpamapS> RoAkSoAx: rama lama ping pong
<adac> any ideas how to resolve that?
<SpamapS> adac: heh, too many tiny files.
<SpamapS> adac: IIRC, ext4 can't expand the inode pool without creating a new FS
<RoAkSoAx> SpamapS: if you free, could you take a look to cluster-agents which I just uploaded to maverick-proposed :)?
<RoAkSoAx> it's an SRU
<SpamapS> RoAkSoAx: sure, I'm planning a run through the -proposed queue in a bit
<adac> SpamapS, arrg....
<RoAkSoAx> SpamapS: cool, thanks!
<adac> RoAkSoAx, what is cluster-agents?
<RoAkSoAx> adac: the package that contains the resource agents for cluster environments
<RoAkSoAx> adac: resource agents as in scripts that help manage services in terms of HA Clustering (pacemaker/heartbeat/corosync/etc)
<adac> RoAkSoAx, and for which clustering?
<adac> mean wich software to cluster
<RoAkSoAx> adac: HA Clustering -> pacemaker based
<adac> let me google that
<RoAkSoAx> either pacemaker/corosync stack or pacemaker/heartbeat stack
<RoAkSoAx> adac: RHCS resource agtents should be pacemaker compatible in newer versions (post natty)
<RoAkSoAx> adac: http://www.linux-ha.org/wiki/Resource_Agents
<adac> RoAkSoAx, sounds interesting
<adac> I will mkae ma note and read through once I have solved my indodes problem ;)
<adac> *indes
<adac> inodes
<RoAkSoAx> hehe cool
<adac> SpamapS, what ths standard indode number?
<hallyn> zul: YUCK.  can't run debootstrap inside a lxc container bc it wants to read /dev/kcore and such
<SpamapS> adac: there's no standard. When you create filesystems, you need to have some idea of how many files/inodes you will consume
<SpamapS> adac: I'm guessing you're using something that creates a lot of hard links to files when they haven't changed, right?
<SpamapS> hallyn: kcore?!
<adac> SpamapS, well this host is a backup host
<adac> I have backuppc running on it
<adac> and it couls be that there are a loot files
<adac> *lot
<SpamapS> adac: you might be able to shrink your current filesystem, and create a new one with a lot more inode space
<SpamapS> adac: thats tough if you just have "one big /"
<adac> SpamapS, yes that is my plan, but I might install it from scratch
<adac> again
<adac> since backup is relatively new
<SpamapS> adac: I'm not entirely sure if the installer lets you tweak these things easily. I hope it does
<adac> Lets hope
<zul> hallyn: why would you want to do that?
<SpamapS> adac: you may want to just create a minimal system partition and put all the backups in a specialized /var/lib/backuppc that you create after the fact.
<adac> otherwise I do it manually, aye exactly
<adac> reiserfs shhould be good dealing with lots of small files
<adac> just read it in the intenets
<hallyn> SpamapS: /dev/core
<hallyn> zul: it only does it if you do --arch=
<hallyn> zul: presumably trying to verify
<SpamapS> adac: you'll want to read 'man mkfs.ext4' when doing it manually.. -i in particular is what you want.
<adac> SpamapS, kk, thank you for the hints!
<hallyn> Daviey: i suppose someone is going tohave to do the maverick fix for open-vm-tools
<Daviey> hallyn, I don't think it needs to be a priority atm, it only affects -backport repository, right?
<Daviey> if it is easy enough to backport the natty package, then shoot for it i guess.
<hallyn> Daviey: that's what i did, but i don't know for sure that it'll work.  Guess we'll see what the guy says
<hallyn> maybe i wasn't clear enough that he shoudl try those packages
<Daviey> hallyn, rocking
<Daviey> hallyn, we'll see - btw, are you familiar with https://help.ubuntu.com/community/UbuntuBackports#Technical%20Information%20for%20Ubuntu%20Developers ?
<hallyn> Daviey: no
<RoAkSoAx> zul: ping
<zul> RoAkSoAx: what up?
<RoAkSoAx> zul: are server ISO's the only ones that can be used with cobbler. Or Desktop ISO's can also netinstall (or can we netboot in this case)
<zul> RoAkSoAx: desktop or server afaik
<RoAkSoAx> zul: ok thanks. I guess I'll have to give it a try
<patdk-nb> I netinstall server and desktop
<patdk-nb> never used cobbler though
<RoAkSoAx> patdk-nb: thanks for the info
<RoAkSoAx> patdk-nb: by any chance you have a Debian source/mount/iso/CD or anything?
<patdk-nb> heh?
<patdk-nb> I just copy the netboot code into my pxe tftp folder and add it to my pxe boot menu
<RoAkSoAx> patdk-nb: oh ok. Never mind then :)
<hallyn> Daviey: so, if the natty open-vm-tools package works fine for maverick...  i don't suppose there still would be any chance of sru'ing that to maverick?  :)
<robbiew> SpamapS: ping
<Daviey> hallyn, if open-vm-tools works with the natty-updates kernel, there is really no desire to SRU it IMO.
<Daviey> hallyn, AIUI, the kernel in -backports doesn't work with open-vm-tools, so open-vm-tools should go into -backports pocket.
<hallyn> Daviey: (sorry i didn't see you'd replied) not sure what you were saying.  But maverick package is broken too (at last there are duped bugs for it)
<SpamapS> robbiew: pong, sup?
<hallyn> Daviey: so i'm saying that the newest open-vm-tools package appears to work fine with maverick's kernel.  It's a huge delta though
<hallyn> kirkland: i  know you had some experience with likewise-open - just wondering, have you looked at, or were you planning to look at bug 655533?
<uvirtbot> Launchpad bug 655533 in likewise-open "[master] package likewise-open 5.4.0.42111-2ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [High,Confirmed] https://launchpad.net/bugs/655533
<hallyn> oh, nm
<hallyn> i see, that thinks it has beenf ixed
<ap0c> anyone had any problems running ddr3 with ubuntu 10.10 LTS ?
<ap0c> my box seems to freeze after a couple days of operation
<T3CHKOMMIE> hello everyone im having problems getting my x11 to work with putty on a windows machine. can anyone help me figure out why the tutorials arent getting me where i wanna go?
<guntbert> T3CHKOMMIE: what sort of problems?
<T3CHKOMMIE> guntbert im trying to configure my mythtv backend via ssh.... when i enable x11 forwarding it tells me it cannot open the display its a GTK+ error
<guntbert> T3CHKOMMIE: you have to run an X server on the windows machine
<guntbert> T3CHKOMMIE: have a look at MobaXTerm
<T3CHKOMMIE> im running cygwin.
<guntbert> T3CHKOMMIE: just as well (cygwin/X I suppose), did you tell putty to forward X?
<T3CHKOMMIE> yes
<T3CHKOMMIE> so i have x server running. should i ssh from that window?
<T3CHKOMMIE> or just use putty in windows like usual?
<guntbert> both ways normally work, at first start something simple - like xeyes
<T3CHKOMMIE> ok so xserver is running on win machien i used ptty with xll forward and ssh to target box.
<T3CHKOMMIE> i ran "startx" and it gave me a fatal sever error.
<T3CHKOMMIE> "server is already active for display 0
<guntbert> T3CHKOMMIE: NOOOO, startx is wrong, you start single applications
<T3CHKOMMIE> oh
<guntbert> try with xeyes - its a little fun
<T3CHKOMMIE> ah /user/bin/mythtv-setup
<T3CHKOMMIE> thats working.
<T3CHKOMMIE> suuuuuuuuppper slow.
<T3CHKOMMIE> is that normal?
<guntbert> T3CHKOMMIE: depends on the machines and on the network, you can enable compression though
<T3CHKOMMIE> guntbert, it looks like it is working. very slowly. i clicked on a yes/no box and its taking about 2 minutes and nothing else has popped up. does that sound about right?
<guntbert> T3CHKOMMIE: as I said, it can happen, but try to enable compression
<T3CHKOMMIE> can i enable compression on the fly or should i kill the command and start the seesion over again=?
<T3CHKOMMIE> guntbert, i would give you some gold stars if i could. thanks for helping me figure that out. it has taking me months to finally get it working! thanks!
<guntbert> T3CHKOMMIE: glad to help - have fun :-)
<T3CHKOMMIE> guntbert compression helped out aLOT!!!
<hallyn> Daviey: so the poster rolled their own for bug 746152.  Don't know how that should be classified.  (not 'fix released')
<uvirtbot> Launchpad bug 746152 in open-vm-tools "open-vm-dkms fails to build with officially backported kernel" [Low,Confirmed] https://launchpad.net/bugs/746152
<hallyn> kim0: thanks for drafting the trusted cloud blueprint - great info in the whiteboard, too.
<kim0> hallyn: cool :)
<uvirtbot> New bug: #765224 in cobbler (universe) "import from mini.iso fails" [Undecided,New] https://launchpad.net/bugs/765224
<jMCg> Hey folks, I've got a host with a number of KVMs running on it, and I'd like to use the Hosts firewall to protect all the guests. That firewall is currently ufw, and works perfectly in that it doesn't allow access to the guests.
<jMCg> Rather than none, I'd like to have controlled/restricted access.
<patdk-nb> you need to put the kvm's on a bridge interface
<patdk-nb> and control routing from the host interface to the bridge
<patdk-nb> done this many times, but I normally use shorewall to do it, instead of ufw and manual
<uvirtbot> New bug: #765249 in samba (main) "tarmode exclude no longer working" [Undecided,New] https://launchpad.net/bugs/765249
<patdk-nb> lots of examples on the shorewall website
<hallyn> RoAkSoAx: i can't reproduce your results on bug 760288
<uvirtbot> Launchpad bug 760288 in ubuntu "JeOS is oversized" [Low,Confirmed] https://launchpad.net/bugs/760288
<RoAkSoAx> hallyn: yeah... we discovered that when installing with TestDrive the installation ends up with 533M, and when using virt-manager is less than 500
<hallyn> i was just using kvm
<jMCg> hallyn: not a big fan of shorewall.
<RoAkSoAx> hallyn: that's weird then... jamespage also found the same as me. Installing with TestDrive results oversized
<hallyn> RoAkSoAx: i've not tried testdrive
<patdk-nb> you don't have to be a fan, to get ideas on how to get it setup from the examples :)
<hallyn> RoAkSoAx: should we refile it as a bug against testdrive then?
<patdk-nb> installing jeos in vmware was 532megs for me also
<RoAkSoAx> hallyn: ^^
 * hallyn frowns
<RoAkSoAx> hallyn: i don't really think is TestDrive but rather something else...
<hallyn> what is the size of your /lib/modules?
<RoAkSoAx> hallyn: could it be something with the type of disk image?
<hallyn> it could...
<RoAkSoAx> hallyn: let me check
<hallyn> you are giving the result of 'df -h' right?
<RoAkSoAx> hallyn: yes
<hallyn> RoAkSoAx: we could just compare results of 'du -sh /*' and walk down the tree to find the disrepancies, if you have a few minutes?
<hallyn> patdk-nb: or you
<patdk-nb> mine was df -h
<patdk-nb> I can't access it from here at the moment :(
<patdk-nb> I know the /lib/modules was small, like 26megs I think
<hallyn> patdk-nb: thanks  (mine was 22M)
<patdk-nb> hallyn, going off memory :)
<patdk-nb> so don't quote me :)
<patdk-nb> but it was in the 2x range
<hallyn> close enough on tax day
<RoAkSoAx> hallyn: http://me.roaksoax.com/results.png -> du -sh /* results
<hallyn> RoAkSoAx: same as mine.  makes no sense.  (add those up :)
<hallyn> RoAkSoAx: oh, df -h /boot?
<hallyn> and, i guess, cat /proc/swaps?
<hallyn> nm on swaps
<hallyn> RoAkSoAx: ext4fs, and you chose non-lvm?
<RoAkSoAx> hallyn: http://me.roaksoax.com/results2.png
<patdk-nb> mine, I do 8gig drive, guided partition, no lvm
<hallyn> well, i did a 2G raw partition.  RoAkSoAx is doing 5.5G.  I wonder if its' all metadata
<hallyn> RoAkSoAx: can you try to reproduce with a 2G root?  I'll try with a 6G
<patdk-nb> might be
<RoAkSoAx> hallyn: ok will do with a 2g
<patdk-nb> I only do 8gig cause that is vmware default :)
<hallyn> mind you i'm running a server iso grabbed today, so it's possible it's just that the bug has been fixed ;)
<hallyn> but let's try this for kicks
<RoAkSoAx> ok, downloading ISO now
<RoAkSoAx> hallyn: might indeed be the disk size as the one that I'm installing with virt-manager is with a 2G disk, while TestDrive is a 6G disk
<hallyn> RoAkSoAx: CONFIRMED
<hallyn> (sorry, little blakes7 zen moment)
<RoAkSoAx> hallyn: so it is metadata then
<hallyn> if i knew a lick about ext4 (other than to avoid it) i'd know how to double-check
<RoAkSoAx> heheh
<hallyn> RoAkSoAx: 'du -shx /' gives me 394M
<hallyn> RoAkSoAx: maybe that is how we should have people check, rather than using df -h
<RoAkSoAx> hallyn: yeah I think that the test case should probably be updated then
<RoAkSoAx> hggdh: ^^
<hggdh> hallyn: and what does 'df -h' return?
<RoAkSoAx> hggdh: in my case 533M
<hggdh> RoAkSoAx: and 'du -shx'?
<hggdh> the point is I would like to have both values from the same install
<RoAkSoAx> hggdh: 'du -shx /' returns  394
<hallyn> RoAkSoAx: tune2fs -l /dev/sda1...
<hggdh> yeah
<hggdh> RoAkSoAx: yes, we will update the test to request 'du -shx'
<uvirtbot> New bug: #765275 in eucalyptus (main) "metadata server cannot be contacted when deploying new instances on EUC" [Undecided,New] https://launchpad.net/bugs/765275
<hallyn> <shrug> 4 times as many inodes,
<hallyn> RoAkSoAx: hggdh : ok so the bug should be marked invalid?
<hggdh> hallyn: yes, please mark it invalid. 'df -h' does have a large, er, error
<hallyn> more than 10x as many blocks
<hallyn> hggdh: (or we could mark it against e2fsutils :)
<hallyn> RoAkSoAx: you have that (updating the test case) under control?
<hggdh> hallyn: I will check
<RoAkSoAx> hallyn: yeah I'm on it
<hallyn> RoAkSoAx: awesome, thanks
<hallyn> all right i think i'm stopping for the day.  see ya'll tomorrow
<RoAkSoAx> hallyn: see ya
#ubuntu-server 2011-04-19
<Daviey> hallyn, rolling own... hmmpf.. can they provide a diff?
<Daviey> bye bye hallyn
<hallyn> Daviey: dunno
<Daviey> ah, just caught you
<Daviey> something for tomorrow :)
<hallyn> Daviey: i was hoping to tackle the firstboot ones tomorrow, but i'm gonna need bootstrap help from smoser or someone
<hallyn> well, maybe i should just try to actually solve the lucid and maverick open-vm-tools bugs now
<hallyn> in an SRU-friendly way
<hallyn> for natty there would have been no way (so good thing we got it in), but hopefully lucid's kernel hasn't changed too much
<hallyn> Daviey: all right, i'm shutting down the client, good night :)
<Daviey> o/
<mr_orange> Hey, I am installing ubuntu server 10.10 and I am wanting it to  be a mail server as well what option should I choose for the mail configuration?
<mr_orange> Hey, I am installing ubuntu server 10.10 and I am wanting it to  be a mail server as well what option should I choose for the mail configuration? can anyone help me
<uvirtbot> New bug: #765367 in xinetd (main) "xinetd fails to parse config files with comments when HUPped" [Undecided,New] https://launchpad.net/bugs/765367
<Tukanfan> if you have a backup system where a client backs up to a central server, what do you then do if the client gets compromised?
<twb> Tukanfan: push or pull?
<Tukanfan> push, because clients is often behind NAT
<twb> Using what, rsync over ssh?
<Tukanfan> yep
<twb> Learn about rrsync
<Tukanfan> will google that
<twb> It's in /usr/share/doc/rsync/scripts/rrsync.gz
<Tukanfan> okay
<twb> For example, I allow managers to upload to /var/www as root with command="/usr/local/bin/rrsync /var/www/",no-agent-forwarding,no-port-forwarding ssh-rsa [their hash] [their email address]
<Tukanfan> so you execute that command on the server or client side?
<Tukanfan> nvm, seems like i found out looking in the script source
<Tukanfan> but would it be possible to use it with duplicity too?
<twb> What does adding a google-site-verification TXT record to my domain actually *do*?
<twb> $manager is asking me
<mr_orange> im trying to install a gui for my server but it tells me that it is unable to locate the package. Can someone tell me how I can fix this?
<patdk-nb> twb, I think google just uses that to verify you are the owner
<patdk-nb> cause only the owner can change dns
<twb> So they're reinvented DNSSEC?
<twb> Also, presumably that hash is *not* a shared secret?
<patdk-nb> http://googlewebmastercentral.blogspot.com/2010/03/dns-verification-ftw.html
<patdk-nb> I doubt it
<twb> Presumably this is for that "analytics" stuff?
<twb> Where you put js into your HTML to make it spy on GUI browser users
<twb> Oh, apparently this is to allow us to remove content from google's cache
<twb> FSVO content = "whoops, that's accessible externally?"
<twb> OK, I get it now.  I talked to $coworker about it
<iceman34> anyone know of a a good irc widget
<twb> emacs
<nealmcb> :)
<patdk-nb> hmm, launchpad seems to be back to it's normal forever slowness again :(
<twb> So the kernel is OOM-killing apache2 and mysqld.
<twb> But upstart restarts them... I'm not sure that is the Right Thing in these circumstances.
<Roxyhart0> hi there, sombody know why dhcp3-server doesn't start at boot time? is there any bug?
<cmdbbq> hello, i am setting up a server from the commandline (there will be no GUI) over ssh and I have some questions about adding a user. I ran adduser myusername and set a password with passwd then logged in as that user, but it complained of no home directory. so i logged back in as root and created a home directory /home/myuser and set myuser as the owner with chown. now when I log in i am presented with just a $, preceded by no text a
<Roxyhart0> ther is someconfiguration that you indicate which kind of shell or c shell the user is going to use. I think it is correct that you are seen
<twb> did you use "adduser" or "useradd"?
<cmdbbq> ah yes, my mistake, useradd
<twb> Do not use useradd, for this reason
<twb> useradd is a low-level command; adduser is a high-level command that creates /home and everything else it should do.
<cmdbbq> ok, should i delete the user/directory and use adduser to recreate or will this create conflicts?
<twb> Recommend you deluser fred, delete the home dir, and then adduser fred.
<twb> If it was me I might clean it up by hand, but it's not worth talking you through it
<cmdbbq> ok cool thank you very much :)
<twb> The reason your shell was $ was because 1) you didn't get the dotfiles from /etc/skel, and 2) your shell was probably /bin/sh not /bin/bash.  Using adduser will fix both.
<cmdbbq> twb: everything works as expected now, I appreciate the education
<twb> No problem
<Roxyhart0> i just installed dhcp-server, however when i boot it doesn't start automatically. Someone know how to fix it to start on boot?
<Roxyhart08> hi there, i installed dhcp-server but it can't start on boot time, somebody know how to do it? if there any bug why it is not starting automatically
<jamespage> Daviey: morning
<jamespage> Daviey: I have a fix from upstream for bug 759943
<uvirtbot> Launchpad bug 759943 in mod-wsgi "mod_wsgi.so-3.2 gives errors" [Medium,Confirmed] https://launchpad.net/bugs/759943
<Daviey> jamespage: yeah, i saw the comment on the bug report.. Have you integrated it, and some mild testing?
<jamespage> Daviey: yes - it passed my simple 'Hello World' wsgi test case for both python 3.1 and 3.2 versions
<jamespage> Daviey: want me to propose it?
<jamespage> Daviey: and feel free to give brutal feedback on my conditional patch application in debian/rules :-)
<Daviey> heh
<Daviey> jamespage, whilst i look at that, have you seen bug 745946 in any of the recent jenkins tests?
<uvirtbot> Launchpad bug 745946 in cloud-init "cloud-final job did not run in ec2-automated-tests" [Medium,Confirmed] https://launchpad.net/bugs/745946
<jamespage> So the last round of testing did not throw up any tests with the same symptoms - that was for beta-2
<jamespage> Daviey: those two instances where seen during beta-1 I think
<Daviey> jamespage, If smoser agrees, might mark it fix released later.. It could have been infrastructure breakage rather than platform.
<Daviey> jamespage, What makes you think the patch might be incompatible with mod_python?
<jamespage> Daviey: thats what Graham from upstream indicated; description on patch is based on his comments
<jamespage> something todo with threading and mod_python not following the rules :-)
<Daviey> ah
<jamespage> Daviey: Does it look OK to you?
<Daviey> jamespage, well - i have a feeling that you can't call it source format 3.0 (quilt) with that.
<Daviey> just trying to check.
<jamespage> Daviey: ack - thanks for your help :-)
<Daviey> jamespage, it seems functional!  And nicely done... just trying to check somthing
<Daviey> jamespage, I've not had to have condtional patches before since the new world order of 3.0 (quilt).
<Daviey> the problem is, dpkg-source -x, doesn't give you what will necessarily build.  It's a convention that with 3.0 (quilt) that is the case.
<Daviey> jamespage, Half balancing 'getting it done' and the other half wondering if the patch should contain the condition.
<Daviey> jamespage, hmm, has the patch author already done that?
<Daviey> jamespage, usage of #if PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION >= 2 ?
<Daviey> ie, if python = 3.2:
<jamespage> Daviey: well there is some conditional code for 3.2
<jamespage> Daviey: I would be more concerned where there is no condition for 3.2 on code - I think that is where the problems might lie.
<Daviey> jamespage, yeah... i just wondered if that was /safe/ code that didn't need conditioning
<Daviey> jamespage, http://pb.daviey.com/Im3W/ - probably easier to view!
<Daviey> lines starting, 18? DaveWal - is the new patch
<Daviey> jamespage, I think you are correct that it doesn't filter.
<Rickardo1> Is there any way I can restore the routing tables on my ubuntu server?.. https://gist.github.com/1d52cb79114fcb782a79   I can ping my lan but not internet
<jamespage> Daviey: no completely :-(
<jamespage> /no/not/
<jamespage> Daviey: I was more  concerned that the upstream developer was saying 'I don't think this will work with python 2.7'
<jamespage> hence the conditional application for Python 3.2 only
<pethkaqeni> may someone help me to install an attansic driver!
<pethkaqeni> i have a ubuntu server 9.04 installed
<pethkaqeni> may someone help me to install an attansic driver!
<pethkaqeni> i have a ubuntu server 9.04 installed
<pethkaqeni> HELP plz
<pethkaqeni> camooon no one here knows !!!
<raphink> I have no idea what attansic is
<pethkaqeni> thanks for reply
<pethkaqeni> is a network card
<pethkaqeni> and the driver nedet is attansic
<pethkaqeni> raphink: any idea ???
<tyreza> hello
<tyreza> is there any one there ?
<tyreza> how to check if the server hold the load well or not ?
<zul> morning
<tyreza> hi
<tyreza> how to check if the server hold the load well or not ?
<jMCg> tyreza: what do you mean?
<tyreza> i mean what i mean
<tyreza> just only need to check the server capacity
<tyreza> how to check my server is good or not ?
<tyreza> perfomance indicater
<jMCg> Good for what?
<tyreza> need to check my system perfomence
<tyreza> i don't know how to explain you in other way
<Dr_Jekyll> tyreza: perhaps you mean "top"
<Dr_Jekyll> it shows the current system load and the running processes
<RoAkSoAx> morning all
<tyreza> no not really
<tyreza> i host a apache server
<tyreza> what i have to do, to understand my actual server configuration is good or need to increase something ?
<patdk-nb> tyreza, there are so many variables for you to check
<patdk-nb> cpu performance, network performance, disk performance, responce time, ....
<tyreza> correct
<tyreza> and i can't run a command every few sec
<tyreza> to check my all those performance
<tyreza> my question is simply is there any tool able to check every ' few variable ' and to notify
<tyreza> me
<tyreza> when there is an over usage
<semiosis> tyreza: nagios
<tyreza> correct answer
<tyreza> will check that one
<tyreza> thanks
<b0gatyr> total unrelated but August 4, 1997 marks the day skynet goes operational or is it today?
<smoser> jamespage, i think that we should dupe bug 760725 to bug 745946
<uvirtbot> Launchpad bug 760725 in cloud-init "Cloud-init failed to complete actions" [Undecided,New] https://launchpad.net/bugs/760725
<uvirtbot> Launchpad bug 745946 in cloud-init "cloud-final job did not run in ec2-automated-tests" [Medium,Confirmed] https://launchpad.net/bugs/745946
<smoser> Daviey, you need to get over your issues with having open bugs.
<jamespage> smoser: they do look very similar
<uvirtbot> New bug: #765989 in ipsec-tools (main) "ipsec-tools version 1:0.7.3-12ubuntu1 failed to build on i386" [High,New] https://launchpad.net/bugs/765989
<smoser> did you change the test suite to grab 'initctl list' ?
<smoser> and 'ps -a' output?
<uvirtbot> New bug: #765969 in mysql-5.1 (main) "mysql-5.1 version 5.1.54-1ubuntu4 failed to build on i386" [High,New] https://launchpad.net/bugs/765969
<smoser> one other feature request for that... log the timestamp of when you do the collection some where. as it is right now we can't really tell if you just grabbed something in the middle of boot, or if it was 15 minutes later (where the system should have certainly booted).
<jamespage> smoser - ack I'll add the timestamp to the list as well
<Daviey> smoser: uh?
<smoser> Daviey, you seem to just want bugs to be closed.
<smoser> i would much rather have the bug open, so that when i find bugs, i can search for other occurences of the same issue
<smoser> and say "oh look, this happened before"
<Daviey> smoser: Call me old school... but i guess i like a bug to reflect it's current status.
<smoser> which is open
<Daviey> Ie, if a Fix has been Released, i like to call it "Fix Released"
<smoser> if a bug occurs twice in 100 cases, and then doesn't happen to occur in the next 100, i dont think that calling it "fixed" is appropriate
<smoser> unless you know you did something that should have had that affect
<Daviey> smoser: It does sound like you need a better mail client :)
<Daviey> smoser: Hmm.. i see your point... but often bugs are fixed accidently, through someone touching something else.
<garymc> Hi guys anyone know anything about ubuntu-ltsp?
<raphink> garymc, ask your question, you'll see if someone can answer
<garymc> ok m y LTSP thin clients keep losing connection to the website on the LTSP server. The website is PHP based and it is for taking people details over the phone.
<garymc> So firefox stops working on all thin clients
<garymc> but If I log in from a remote machine like my Macbook its stilll working fine, which makes me think something on the server which lets the thin clients pxe boot is not working properly
<garymc> 5 mins later all thin clients are using firefox fine again
<garymc> its becoming a hassle when someone takes a call and it has stopped working
<garymc> so any help would be appreciated
<patdk-nb> garymc, dhcp renewal issue?
<garymc> i dont know
<garymc> how would i tell?
<patdk-nb> well, I dunno either :)
<patdk-nb> logs
<garymc> im a total newb and i set this up over a year ago
<Daviey> .
<therobot> Hello, I just want to install one package (redis) from a ppa repository, I have this (https://gist.github.com/02b0b01b8215ff5b2e27) apt preferences file, but apt keeps chosing candidates from this ppa for the other packages, what I am doing wrong?
<patdk-nb> heh, generally it's not that easy to select a single package from a repository
<patdk-nb> you could just download the .deb you want, and install it using dpkg -i
<therobot> then I miss updates
<patdk-nb> yep
<Slyboots> Mm..
<Slyboots> Starting to wonder if I have too much crap installed on my server
<TheEvilPhoenix> Slyboots:  why would you wonder about that, out of curiosity?
<Slyboots> Seem to be running out of disk space primarlly
<Slyboots> Plus its just generaly slow to boot
<mynameistux> I'm currently using debian server, but I want to use ubuntu server. Is it possibly for me to install the new server OS without loosing my LVM
<patdk-nb> installing it to where?
<mynameistux> I have the / partition on sda1, and the LVM uses sda2 and sdb
<patdk-nb> if you just install ubuntu ontop of sda1, then no
<mynameistux> so I just want to install a new server OS on sda1 (which is not part of the LVM) and then recover the old LVM
<patdk-nb> lvm is selfcontained
<mynameistux> I don't have enough HDD's to backup my data
<patdk-nb> all you have to do is activate the lvm and mount it
<mynameistux> ok
<mynameistux> can I just say, the support I got in the last couple of seconds was tens of thoasands of times better than all the support I got through the debian channel
<mynameistux> your a legend patdk-nb =)
<mynameistux> *you're
<mynameistux> grammar is good
<uvirtbot> New bug: #766229 in cobbler (universe) "koan --replace-self relies on grubby" [Undecided,New] https://launchpad.net/bugs/766229
<Wolfsherz> kennt sich jemand mit den bildschirmen von eizo aus?
<Wolfsherz> sorry, wrong channel
<TheEvilPhoenix> how can i get the system to stop yelling at me about a non-public GPG key in a PPA package?  because when I run 'aptitude update' it triggers an alert about NO_PUBKEY
<fosterdv> TheEvilPhoenix: I don't know how to fix that personally, but I found this, http://ubuntuforums.org/showthread.php?p=1653773
<TheEvilPhoenix> yep that fixed it
<TheEvilPhoenix> fosterdv:  thanks
<fosterdv> Anytime :D
<TheEvilPhoenix> fosterdv:  i should probably write a bash script for that kind of thing... but i suck at scripting, so meh
<TheEvilPhoenix> s/should/could/
<fosterdv> TheEvilPhoenix: Lol, you and me both
<fosterdv> I've been trying to figure out bash scripting for a while, and then just moved to a new project.
<TheEvilPhoenix> fosterdv:  if only i knew how to get input from the command line... for example, ./getppgkey.sh <key here>
<alaing> hi does anyone know if/how I go about configing my ubuntu 10.04 server edtion so I can use classic ASP
<alaing> I'm currently running an apache web server
<TheEvilPhoenix> there's apache plugins for various scripting languages
<TheEvilPhoenix> do you mean the ASP .net scripting language?
<alaing> no not .net just classic ASP
<alaing> I know its really old but its for a university course I'm doing
<alaing> and thought it would be good to setup my server and do a bit of practicing before it starts
<TheEvilPhoenix> hmm i dont see a plugin/module/etc. for the non-.net version of ASP :/
<remix_tj> asp can be executed only on iis
<TheEvilPhoenix> ^
<alaing> I dont really know to much about asp/asp.net all I know is classic ASP is really old.
<fosterdv> http://www.mono-project.com/ASP.NET
<fosterdv> ASP Hosting with Apache:
<fosterdv> http://www.mono-project.com/ASP.NET
<remix_tj> and as far as i know microsoft hope that as far as possible asp to be died
<alaing> so my best bet would be to use IIS.....grr microsoft
<fosterdv> alaing: Will this help? http://www.howtogeek.com/howto/ubuntu/run-aspnet-applications-on-ubuntu-for-developers/
<alaing> fosterdv: no I dont think it will because its .net
<alaing> though I may just setup .net anyway so thanks for the links
<fosterdv> Yeah, sorry..
<fosterdv> Anywhere I looked, that said anything about .net/asp, all pointed back to that first link I posted. Good luck.
<fosterdv> http://redditech.wordpress.com/2009/03/01/quick-and-dirty-aspnet-on-linux-ubuntu-mono-and-monodevelop/
<alaing> thank you.....just did a google and there seems to be quiet a few ASP web hosting options so perhaps I go with that in the mean time.
<fosterdv> Cool, best of luck
<alaing> thank you i just wish the university course covered asp.net rather than ASP but its also based on the server-side  of application development which the principles shoudl be the same
<fosterdv> That's the truth
<ivoks> SpamapS: ping
<ivoks> SpamapS: https://bugs.launchpad.net/bugs/661453
<uvirtbot> Launchpad bug 661453 in dovecot "dovecot.conf always shows as having been locally modified on update" [Medium,Fix released]
<TeTeT> I added a bridged device to a kvm guest, now it fails to start: http://pastebin.ubuntu.com/596157/
<SpamapS> ivoks: sup?
<TeTeT> been solved :)
<ivoks> SpamapS: sorry, phone :/
<ivoks> SpamapS: problem is that installing dovecot-imapd|pop3d overwrites dovecot.conf
<ivoks> SpamapS: ucf doesn't solve that
<ivoks> SpamapS: and proposed patch would introduce new problems for mail-stack-delivery package
<SpamapS> ivoks: oh dovecot-imapd is the one that screws it up? hrm
<ivoks> yes, with their .postinst
<ivoks> proposed patch is a good way to solve this
<SpamapS> ivoks: the description is really poor (I can say that because I wrote it myself. ;)  ... if you want to make it more clear what the problem is we can possibly address it better.
<ivoks> just make sure to rename 01-mail-stack-delivery.conf to something with bigger number than the one that would define protocols
<SpamapS> I'm not fixing it at this point
<SpamapS> the problem is poorly defined in the description.. I wrote that a while back and forgot the details
<ivoks> well, it's not:
<ivoks> I suspect the maintainer scripts are modifying the file. If this is true, then doevcot.conf should be removed from the package and maintained by the maintainer scripts directly.
<SpamapS> if you want to change the description to have a TEST CASE: I will re-open it gladly.
<ivoks> sigh... this patch actualy overcomplicates things
<ivoks> but, anyway, since nothing will be changed now, i guess this can be fixed in natty+1
<SpamapS> ivoks: just please either open a new report or change that description and re-open it.
<SpamapS> ivoks: otherwise it probably won't be fixed because the problem is not totally obviously a bug to most users.
<ivoks> hm.. wow
<TheEvilPhoenix> fosterdv:  i wrote a bash script that adds gpg keys :P
<ivoks> i can't reopen it
<ivoks> my ubuntu privileges are degrading :)
<cloakable> heh
<sjm> I've got a problem with my network.  Anyone know why I could reach anywhere locally on the network, but not through the firewall except through a proxy?  There are no outbound rules on the gateway (and this was working only a few days ago) (Ubuntu 10.04)
<RoyK> sjm: wrong default gateway?
<RoyK> pastebin netstat -rn
<sjm> I've checked that with route -n, also /etc/resolv.conf is the same as a working computer
<RoyK> can you ping the gateway?
<sjm> http://pastebin.com/b7w4uXpb
<RoyK> what does a traceroute tell you?
<sjm> yes, pinging the gateway or other things internally to the network is fine.
<sjm> traceroute (and pings) stop at the gateway for this computer.
<RoyK> does the gateway NAT the connections?
<sjm> I can ping externally on a laptop next to this box.
<sjm> gateway Is set to nat.
<RoyK> dunno then, sorry
<sjm> I'm stumped too.
<uvirtbot> New bug: #766407 in samba (main) "package smbclient 2:3.5.8~dfsg-1ubuntu1 failed to install/upgrade: subprocess dpkg-deb --fsys-tarfile returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/766407
<hallyn> jbernard: I suppose that (1) create_default_cgroups.sh needs to be bash (not sh), and (2) its post-stop script should umount /sys/fs/cgroup?
<hallyn> jbernard: and finally, (3) cgconfig.conf has to have a mount entry or the gconfigparser bails
<hallyn> (pushing a branch based on yours)
<jbernard> i agree with 1 and 2
<jbernard> is gconfigparser bailing now?
<hallyn> it was for me, with empty cgconfig.conf
<hallyn> so i just uncommented the last block (actually then added two more), and it worked
<hallyn> lp:~serge-hallyn/ubuntu/natty/libcgroup/upstart-jb
<jbernard> ahh, that parser make me hate my life
<hallyn> I'm not attached to any of that, don't care how it's actually done
<hallyn> yeah
<hallyn> i know
<hallyn> i KNOW
<hallyn> the whoel concept of a cgroup-bin doesn't really work for me, because you arent free to change (without reboot) how some cgroups are bound!
<hallyn> (or has that been improved upon in the last year?)
<jbernard> i belive you are correct, that's what I'm seeing as well
<jbernard> i say if it works to your satisfaction, then lets try to get it into natty. It's certainly loads better than the current version
<hallyn> so with those changes the package is good for me
<hallyn> jbernard: yup, works for me, let's do it
<hallyn> that is, the package works for me, let's try to get it into natty :)
<jbernard> awesome
<hallyn> maybe we should ask for more guinea pigs:
<hallyn> hi all, does anyone here use libcgroup?
<hallyn> jbernard: is there an open bug for the security issue?
<jbernard> bts or lp?
<hallyn> jbernard: or, did we decide you can just dput bc you're in universe?
<hallyn> lp
<hallyn> to tie the bzr tree to
<jbernard> i have not seen an lp one
<hallyn> well, let me know if you need anything from me
<rizzuh_laptop> I have a Lucid VM that is configured only with root, sudo is installed but apparently there's go group to it. How do I configure it and allow a user to use sudo, so I can disable root?
<jbernard> hallyn: i will need someone to upload, i don't have that ability
<hallyn> jbernard: oh, hey, i may actually have those
<jbernard> ;)
<hallyn> jbernard: though it wouldn't hurt to have someone else look at it (who wasn't part of writing it)
<hallyn> in fact,
<hallyn> maybe SpamapS would be a good one -
<hallyn> given the upstartification
<jbernard> i do agree
<hallyn> SpamapS: ^ would you mind?
<hallyn> SpamapS: i'll do the upload if you prefer, but your feedback would be appreciated nevertheless
<hallyn> bbl
<ChmEarl> rizzuh_laptop,  http://paste.ubuntu.com/596226/
<rizzuh_laptop> ChmEarl, thanks
<ChmEarl> rizzuh_laptop, np
<rizzuh_laptop> ChmEarl, run that as root?
<ChmEarl> rizzuh_laptop,  thats from a script to setup a lucid xen VM - yeah root
<hggdh> TeTeT: ping
<TeTeT> hggdh: hi, how can I help?
<hggdh> TeTeT: this is about the bug you folks opened -- 765275 -- the interface capture shows errors and RSTs flowing
<hggdh> TeTeT: errors == ICMP dest unreachable
<TeTeT> hggdh: very confusing - how can there be a dest unreachable, the redirect on the clc worked just fine. We sort of thought another cloud install would interfere with ours
<TeTeT> hggdh: as the labs equipment has been used for different clouds already
<TeTeT> hggdh: to be honest we gave up on this for now and just went with plain kvm - but if you have a good idea I can give it a test
<hggdh> TeTeT: I am not sure yet. But -- for example -- there is a TCP/IP open against 169.254.169.254:80, and this is immediately replied with a RST
<hggdh> TeTeT: packet 1367-1368 in the capture
<TeTeT> hggdh: yeah, it looked to us like some other host would reply?
<hggdh> it might, even (if there is another one with the same IP, which would be bad in a different way)
<rriggin> anyone know why my domain name is automatically getting added at the end of anything I request? For example nslookup www.google.com actually tries www.google.com.domain-name.com
<TeTeT> hggdh: wouldn't the instance be having the front-end as router and thus reaching the right metadata service
<hggdh> but the point is something/someone sent a RST on the line
<hggdh> yes
<TeTeT> rriggin: take a look at /etc/resolv.conf
<TeTeT> hggdh: we used 'sudo tcpdump port 80' and nothing wsa seen from the front-end
<TeTeT> hggdh: same as with 8773
<hggdh> joy, joy, there we go again... now on tornado watch, probably soon to tornado warning :-(
<TeTeT> hggdh: good luck!
<rriggin> resolv.conf shows an entry for "nameserver 127.0.0.1" and and enty below it for "search domain.com"
<hggdh> TeTeT: so it sounds like another machine is answering
<TeTeT> hggdh: yep, though we couldn't figure out where it came from :( and I find it weird that a remote host answers when I thought all the traffic would go through the CC by default
<rriggin> dhclient.conf does have a supersede domain-name "domain.com" in it. could that cause the issue?
<SpamapS> hallyn: was at lunch, whats up?
<rriggin> TeTeT:resolv.conf shows an entry for "nameserver 127.0.0.1" and and enty below it for "search domain.com
<rriggin> TeTeT:dhclient.conf does have a supersede domain-name "domain.com" in it. could that cause the issue?
<TeTeT> rriggin: weird, if it appends domain-name.com
<rriggin> TeTeT: really throwing me for a loop because I have the config files setup the same way they are on the current server that is working properly.
<TeTeT> rriggin: as it points to your localhost for DNS, what server is running there? Probably misconfigured bind?
<rriggin> TeTeT: dnsmasq
<TeTeT> rriggin: what's the output of dig +short www.google.com @127.0.0.1 from the server
<rriggin> TeTeT: all dig requests come back with only 127.0.0.1
<TeTeT> rriggin: guess you need to check your /etc/dnsmasq.conf then and see what's happening. Unfortunately I know next to nothing of its proper configuration
<rriggin> TeTeT: thanks though.
<uvirtbot> New bug: #766177 in postfix (main) "package postfix 2.6.5-3ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/766177
<SpamapS> jbernard: hallyn seems to think you have something for me to review/sponsor ...
<ChrisBuchholz> Hey guys. Is there a preferred way to install django on my ubuntu server=
<ChrisBuchholz> ?*
<SpamapS> ChrisBuchholz: you'll get security updates and such with 'sudo apt-get install python-django' .. you will still need to configure your webserver to access it tho.
<uvirtbot> New bug: #766519 in clamav (main) "freshclam crashed with SIGSEGV" [Undecided,New] https://launchpad.net/bugs/766519
<|TurBo|> hey guys
<koolhead17> hi
<|TurBo|> im wondering what web interface would u use on ubuntu server 10.10 64bit for web administration
<|TurBo|> ?
<|TurBo|> i see their is some choices and would want the best for my box
<|TurBo|> ?
<|TurBo|> would love some input on this
<|TurBo|> since it seems that webmin isent the best choice?
<guntbert> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<|TurBo|> yeah that's what i was thinking to
<guntbert> |TurBo|: to my knowledge there is none
<patdk-nb> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<koolhead17> security relate
<|TurBo|> hmm
<|TurBo|> thanks alot
<|TurBo|> ill checkit out
<guntbert> ebox is horrible
<patdk-nb> it's the *other* option :)
<|TurBo|> lol
<koolhead17> guntbert: what is the point of using such apps
<guntbert> |TurBo|: ebox is in no way a replacement for webmin
<|TurBo|> hmm
<patdk-nb> personally I think all are horrible
<|TurBo|> is freepbx any good ?
<koolhead17> patdk-nb: true
<SpamapS> I was never ecstatic about webmin..
<guntbert> koolhead17: for the parttime admin they provide an easier way around the system (even a full time admin might not know every corner...)
<SpamapS> but it was good enough I could put it on a box that I couldn't support remotely and have the night operator restart services over the phone..
<|TurBo|> but the issue is that i cba to run gui on server as it is a waiste of cycles, but i want to be abel to admin it from another client without having to use to much of its reso
<|TurBo|> is it possibel to do this in a good way ?
<SpamapS> its a lot easier to tell somebody "click DNS, then 'restart'" than "ssh.. no EHS-EHS-AYCH box12"
<koolhead17> SpamapS: true
<TeTeT> hggdh: found another prob in UEC 11.04: http://pastebin.ubuntu.com/596257/
<koolhead17> hey TeTeT
<TeTeT> hi koolhead17
 * koolhead17 is happy with the natty beta2
 * patdk-nb wonders why you would need to restart dns :)
<|TurBo|> lol
<koolhead17> patdk-nb: haha
<koolhead17> i would never recommend any one to use web interface for administration though :)
<jbernard> SpamapS: hallyn has pushed a libcgroup branch: lp:~serge-hallyn/ubuntu/natty/libcgroup/upstart-jb
<jbernard> SpamapS: you're feedback would be most appreciated
<semiosis> just encountered a problem with the recently updated language-selector-common package, specifically in ec2 but it may affect other platforms as well
<semiosis> a fresh maverick install, updated & upgraded to the latest packages, leaves dpkg in a bad state, the error is...
<semiosis> Errors were encountered while processing: language-selector-common E: Sub-process /usr/bin/dpkg returned an error code (1)
<SpamapS> jbernard: reading.
<guntbert> semiosis: please !pastebin the complete output
<SpamapS> jbernard: upstartifying it 9 days before release seems a bit.. risky. ;)
<jbernard> SpamapS: yes, _but_ it fixes two security bugs
<SpamapS> jbernard: are the bugs related to the boot ordering?
<semiosis> guntbert: the complete output of what?  apt-get upgrade?
<jbernard> SpamapS: the are not,
<jbernard> SpamapS: buffer overflows, both of them i believe
<SpamapS>         [ ! grep "^cgroup" /proc/mounts &> /dev/null ] && { stop; exit 0; }
<guntbert> semiosis: the command from which you showed us one line ^^^
<SpamapS> double negatives are bad in english *and* shell script. :)
<guntbert> semiosis: but please use a pastebin!
<jbernard> SpamapS: no problem, i can fix that
<SpamapS> grep -q is your friend
<SpamapS> all pre-start's are run with set -e
<SpamapS> so I usually like to use     test || { stop; exit 0;}  ...
<SpamapS> jbernard: keep in mind I'm not filtering my review at the moment.. you might be ok with it "as is"
<SpamapS> But yeah, I'm surprised the ! &&'s haven't bit you .. I'd think  [ ! grep ... ] && foo would mean if it does find what its looking for it would exit 1
<jbernard> SpamapS: no problem, ill clean that up
<jbernard> SpamapS: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987
<uvirtbot> Debian bug 615987 in libcgroup "CVE-2011-1022" [Grave,Fixed]
<SpamapS> jbernard: I'm testing right now if that actually is true
<kirkland> \o/
<kirkland> rabbitmq-stomp is now built in natty!
<jbernard> kirkland: well done!
<semiosis> guntbert: http://pastebin.com/TURKEzAh
<SpamapS> kirkland: what was broken?
<kirkland> SpamapS: build dep
<kirkland> SpamapS: needed to symlink an erlang library into the expected /usr/lib/erlang location
<semiosis> guntbert: anyone can reproduce this error by creating an EC2 instance from ami-cef405a7 (the official 64-bit maverick image in us-east-1 for ebs-root) and do apt-get update, then apt-get upgrade
<SpamapS> fun
<semiosis> guntbert: which worked fine until this afternoon
<guntbert> semiosis: in that case I suggest you file a bug report (although I don't know against what package) - the actual error is reported in lines 629,630
<SpamapS> jbernard: also no []'s
<semiosis> guntbert: how about package language-selector-common?
<guntbert> semiosis: good idea :-) (I obviously was not thinking straight)
<semiosis> guntbert: been there myself, thanks for the help :)
<guntbert> semiosis: :)
<SpamapS> jbernard: what shell syntax is that { } stuff? It doesn't work in dash.
<semiosis> guntbert: https://bugs.launchpad.net/ubuntu/+source/language-selector/+bug/766534
<uvirtbot> Launchpad bug 766534 in language-selector "Regression on maverick when updating to 0.6.7 (security upload)" [Critical,Fix committed]
<hallyn> SpamapS: '[' is a program
<hallyn> SpamapS: and upstart seems to find them just fine...
<semiosis> so that language-selector bug is in state Fix Committed, any idea how long it takes to get from there into the repository?
<hallyn> SpamapS: and oddly enough, '{' seem sto be working
<hallyn> SpamapS: when you say 'doesn't work', do you mean it'll be unpredictable?
<hallyn> SpamapS: in dash:
<hallyn> $ [ -f /etc/aliases ] && { echo -n 'hi '; echo 'there'; }
<hallyn> hi there
<hallyn> :)
<SpamapS> hallyn: [ grep works ?
<SpamapS> hallyn: for me { } wasn't working
<hallyn> /etc/init/ssh.conf and mountall.conf show exacmples of them too
<SpamapS> hmm I probably forgot the trailing ;
<hallyn> well, and you ahve to have a space
<SpamapS> hallyn: I get [] .. but not    [ grep something ]
<hallyn> that gets mundane
<SpamapS> $ [ grep foo ] && { echo -n "foo "; echo "found"; }
<SpamapS> [: 3: grep: unexpected operator
<SpamapS> hallyn: and you see my point about using || not && ?
<hallyn> no
<SpamapS> hallyn: exit code of the statement needs to be 0
<SpamapS> && means it was 0, then you did the stop ; exit
<SpamapS> so otherwise it will be 1, and the set -e kicks in and stops your pre-start
<RoyK> use both
<hallyn> stupid -e
<RoyK> $[[ `true` ]] && echo true || echo false
<SpamapS> thats confusing when there's only one action needing to happen
<SpamapS> grep -q "thing" || { stop; exit 0; }
<hallyn> SpamapS: well it's a good thing I did this, these are all things which I didn't quite know, and which I *do* know have bitten me in lxc upstart jobs (but i never knew why)
<hallyn> so, two things:
<SpamapS> hallyn: you are not alone. ;)
<hallyn> jbernard: SpamapS : let's push only the security fixes (not the upstart ones) for natty, and queue up the upstart ones for the first week of o-series being open
<hallyn> SpamapS: let me do a merge request for the upstart tree, assign you as reviewer, and you reject it and put all of the above feedback in there?  That way I ahve a permanent record
<jbernard> hallyn: sounds good, just pop the upstart patches off the top and you're good to go
<SpamapS> hallyn: does it still work w/o the upstart job to make sure it starts at the right spot in the boot?
<SpamapS> hallyn: good plan. :)
<hallyn> SpamapS: no
<hallyn> SpamapS: so it wont' play nice with libvirt
<SpamapS> hallyn: that sux
<hallyn> jbernard: will do
<hallyn> SpamapS: yeah...
<SpamapS> hallyn: libcgroup is still in universe right?
<hallyn> yes
<SpamapS> hallyn: worth it I think to fix the bug then
<SpamapS> as much as I'm tearing your shell script apart.. its fairly straight forward as an upstart job goes. :)
<hallyn> drat
<hallyn> lemme translate for SpamapS
<hallyn> "it's a pretty trivial upstart script to write.  You just messed up so badly, it make sme want to facepalm"
<hallyn> :)
<SpamapS> http://lolpics.se/pics/482.jpg
<hallyn> weird, this is the first pentadactyl bug I've seen in months.  But when I click on SpamapS in 'choose reviewer', it has deselected the input field, and doesn't fill the input field in
<hallyn> you, sir, have a pending review
<hallyn> jbernard: it occurs to me, the 'grep "^cgroup" /proc/mounts" check in cgred's init script is redundant.  cgred won't run unless cgconfig has run (and succeeded), so it seems like it's guaranteed that cgroup is already mounted
<hallyn> I'll just leave a comment by the code, rather than remove it now
<hallyn> SpamapS: (I've gone ahead and pushed lp:~serge-hallyn/upstart/natty/libcgroup/upstart3 to start addressing your feedback, but will still re-compare to your feedback on the other tree)
<hallyn> or would that be lp:~serge-hallyn/ubuntu/natty/libcgroup/upstart3 :)
<SpamapS> hallyn: just update the branch you submitted for MP
<SpamapS> hallyn: Still wading through a few other things
<hallyn> SpamapS: hm, ok - i wasn't sure if htat would muck up your review
<SpamapS> hallyn: yes the review is active basically forever
<hallyn> sure, but do your comments get targeted at specific revisions?
<SpamapS> hallyn: idea being I can mark it "needs fixing" multiple times then you just re set it to "Ready for review" when you think you've fixed it
<SpamapS> yes my comments will show above revisions pushed
<SpamapS> so if I comment now, and then you push, your push will come after the comment
#ubuntu-server 2011-04-20
<hallyn> jbernard: btw, you had no objection to my adding 'devices' and 'memory' cgroups to the default config?
<hallyn> SpamapS: my newest update works perfectly for me, so just waiting for your smackdown to give me some more busywork to do after i cry a bit
<SpamapS> hallyn: ugh.. aclocal changes.. :-P
<hallyn> SpamapS: don't look at me
<SpamapS> hallyn: its a borken rules file most likely doing the wrong thing in clean. :-P
<hallyn> rules file doesn't touch clean
<SpamapS> oh this is an actual upstream sync
<hallyn> right
<SpamapS> which, oddly enough, seems to have been built with an older version of autoconf :-P
<hallyn> :)
<hallyn> SpamapS: you're looking through the online diff, instead of 'bzr branch' followed by 'bzr log -p' ?
<hallyn> in this case, given the sync being in there, the latter would be less confusing
<hallyn> Daviey: just fyi, i don't know if you thought you'd sent it, but i've not seen your email on docs yet
<Daviey> hallyn, no not yet... will be first thing tomorrow now.
<Daviey> i've spent all night doing something i didn't want to :/
<genii-around> Sleeping? ;)
<sirgad> Hi. I'm trying to set up a home server that functions in the same way as companies such as PublicVPN.net for securing connections through public wifi.  What is that called? A VPN Gateway?
<hallyn> Daviey: np - just making sure it didn't go to a list i wasn't on!
<SpamapS> hallyn: I'm looking at the diff in email, but yeah.. would be easier if I pulled the whole branch down. ;)
<hallyn> it's a tiny branch
<hallyn> not like libvirt, which is a bastard to pull down the first time
<SpamapS> try samba some time
<SpamapS> ;)
<SpamapS> ~/pkg/samba/bzr$ du -hs .bzr
<SpamapS> 372M	.bzr
<diffra> Hi, I've got a 10.04.02 server build, installed apache2 and php5 but php isn't working -- apache sends a test php file in plain text as a download.
<diffra> I've removed/purged the packages and reinstalled, same thing.  Any advice?
<ScottK> Read the relevant docs in the server guide.  See /topic for where to find it.
<patdk-nb> diffra, sounds like you expect to use mod_php and it's not enabled, cause you didn't enable it
<diffra> In the past, even with 10.04, It's been enabled by default when the packages were installed. That's what I found odd
<diffra> bizarre, now after purging and recreating it, it's not creating /etc/apache2
<diffra> ah, aptitude remove apache2 doesn't remove apache2.2-common or apache2.2-bin
<diffra> The following packages are BROKEN:  apache2-mpm-prefork apache2-mpm-worker
<patdk-nb> in what way are they *broken*
<patdk-nb> they have worked fine for me
<diffra> patdk-nb: that's what I'm trying to figure out
<diffra> Aptitutde is reporting that they're broken, not me
<hallyn> SpamapS: still there?
<hallyn> SpamapS: you say to use 'env OPTIONS=', but doesn't that mean it'll try to get it out of the boot arguments as well?
<hallyn> jbernard: do you have a ubuntu.com address?
<hallyn> (package doesn't seem to want to build without a maintainer with ubuntu.com address, bc it has -ubuntu1 in the version)
<zul> hallyn: run update-maintainer in ubuntu-dev-tools
<hallyn> zul: hm, i did it by hand.  wonder what update-maintainer will do
 * hallyn tries
<zul> do the same thing
<hallyn> so it did :)
<hallyn> thanks, it'll save me opening another packags control file next time to see the format :)
<diffra> One more round of apt-get remove --purge of both apache2 and php5 and all related packages did it.
<diffra> *no* idea why
<diffra> and removing mpm-worker and mpm-prefork as well
<ScottK> diffra: apache2.2-common provides the Apache config files, so until you got that one purged they wouldn't be regenerated.
<diffra> ScottK: I discovered that in the course of troubleshooting it.  Not sure why removing apache2 wouldn't remove apache2.2-common since it was installed as a dependency but no longer required.
<ScottK> Autoremoving everything that's no longer required is not standard.
<diffra> really?
<diffra> hrm, weird.
<diffra> so in the course of normal events, if I were to install apache2, then decide I want to use lighttpd so I remove apache2, but it leaves all its dependencies?
<diffra> Just trying to make sure I understand.
<ScottK> Yes.
<diffra> Hmm.  Noted, thanks.
<ScottK> sudo apt-get autoremove will take care of it.
<ScottK> That removes everything that was pulled in by something else and is not longer needed.
<diffra> o.O d'oh.  I knew that.
<hallyn> jbernard: http://people.canonical.com/~sergeh/cgroup_0.37.1-1ubuntu1.tgz has the source package and the amd64 .debs, wich all work for me
<hallyn> jbernard: if you wanna take aquick look before I upload....
<hallyn> jbernard: in particular, the bzr workflow seems to have created an extra patch in debian/patches.  I want to make sure that the end result has all the little nits the wya you wanted them (i.e. changes to the manpages are in there for some reason)
<uvirtbot> New bug: #766731 in exim4 (main) "sieve not working with i386 build" [Undecided,New] https://launchpad.net/bugs/766731
<van7hu> hello, is there a case when I do dhclient, I receive a DHPACK from an IP that I could not ping to it?
<ScottK> If the remote host is configured not to respond to pings would be one.
<sarthor> Hi, i am setting vpn server on ubuntu machine, i am not able to connect the  client xp and ubuntu both to the server, logs are here, http://pastebin.ubuntu.com/596358/ ,I followed this  http://www.ewdisonthen.com/how-to-setup-pptp-vpn-server-on-linux-tutorial-07577.php how to
<van7hu> where is www folder in ubuntus-erver
<van7hu> ?
<sarthor> van7hu, /var/www/
<van7hu> thanks
<sarthor> np
<david234> It says "Kernel panic - not syncing : VFS : Unable to mount root fs on unknown-block(0,0)", I have a KVM-IP connected to the machine but CTRL+ALT+DELETE won't reboot it. What do I do? It's a prod machine...
<mattyfail> anyone have experience installing netflow collectors/ analyzer? nfdump, nfsen, etc?
 * mattyfail hears crickets 
<van7hu> hello, is there ipfwadm in lucid?
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<twb> van7hu: apparently not.
<twb> van7hu: I recommend you write rulesets directly in iptables-restore format; see #netfilter for more information.
<twb> van7hu: simple allow/deny rulesets can be generated using the ufw wrapper.
<van7hu> twb: ok, I'll try that
<twb> Apparently ipfwadm is for linux 2.0; Lucid ships 2.6
<twb> So anything that tells you to use ipfwadm is about ten years out of date
<smoser> SpamapS, around ?
<SpamapS> smoser: am now, sup?
<smoser> https://launchpad.net/awstrial-tools
<smoser> thats a mix of shell, and python
<sarthor> Hi, i am setting vpn server on ubuntu machine, i am not able to connect the  client xp and ubuntu both to the server, logs are here, http://pastebin.ubuntu.com/596358/ ,I followed this  http://www.ewdisonthen.com/how-to-setup-pptp-vpn-server-on-linux-tutorial-07577.php how to
<smoser> i have one python library
<smoser> (a single file)
<smoser> how should i package that ?
<smoser> SpamapS, ^
<CrazyGir> hi, I have 2 physcial ubuntu-servers running kvms for me, which when I use nmap to scan a particular subnet shared by the hosts and guests, I see the two physical hosts by IP just fine, but the VMs do not show up
<CrazyGir> I know the guests are up and running, I know one is even actively providing services, but I can not see either with nmap.
<CrazyGir> one of the 'missing' guests can be pinged just fine (I know its IP, but I'm trying to find the other)
<SpamapS> smoser: sorry I pong'ed then got distracted from IRC
<smoser> no problem
<SpamapS> smoser: best bet is to create a setup.py
<SpamapS> smoser: then try out 'pkgme'
<SpamapS> https://launchpad.net/pkgme
<smoser> SpamapS, i dont know thats helpful. how / what am i supposed to do there?
<sako> is it a good idea to run 10.10 on my prod webserver or should i keep it at 10.04?
<sako> im in a situation where i need the latest puppet package (which is on 10.10)
<SpamapS> smoser: you should be able to run 'pkgme' in a dir w/ a setup.py and it creates the entire package for you
<SpamapS> smoser: you can also just use boring old dh_make
<SpamapS> smoser: but pkgme strives to do more for you. :)
<SpamapS> smoser: now that I think about it, you are a terrible guinea pig.. so just do dh_make
<SpamapS> ;)
<smoser> i'm not asking how to get a package made.
<smoser> i'm asking how you'd recommend doing a python and non-python package as easy as possible.
<smoser> kirkland put together some initial packaging.
<uvirtbot> New bug: #766833 in postfix (main) "package postfix 2.7.0-1ubuntu0.1 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 75" [Undecided,New] https://launchpad.net/bugs/766833
<koolhead11> hi all
<koolhead11> why the /etc/lsb-release does not say natty beta2 instead DISTRIB_DESCRIPTION="Ubuntu Natty (development branch)"
<fishor> hallo all, i home this is correct place about apparmor
<fishor> i get warnings in dmesg about evince. "apparmor="DENIED" operation="open" parent=1 profile="/usr/bin/evince" name="/dev/.udev/data/b8:13" pid=3292 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0"
<fishor> my question is, do apparmor rule should be corrected, or evince has nofing lost in /dev/.udev ?
<fishor> the file it ask is information about the block dive  it opens file from
<SpamapS> smoser: well I'm sure you're asleep by now.. but I have a mixed package, gearman-interface, that builds python and ruby.. I just cd into each dir and run 'dh_python2' or 'dh_ruby' .. seems to work.
<smoser> SpamapS, stupidly, i'm not asleep
<smoser> but this seems to do the rigth thing for debian/rules
<smoser> %:
<smoser>                     dh $@ --with-python2
<twb> +1
<twb> Actually I think it's --with python2
<SpamapS> smoser: oh, so you just have a python package and that sit?
 * SpamapS is always overcomplicating things
<SpamapS> speaking of sleep
<smoser> twb, you're right.
<twb> Yay me
<smoser> SpamapS, no. there are some scripts and other stuff. one python "module"
<twb> SpamapS: yes, debian-python are throwing out the two old, competing ways for it to work
<SpamapS> smoser: ah, well in that case just use regular debhelper stuff on those
<SpamapS> twb: indeed I'm converting mine to dh_python2 now
 * SpamapS is reminded he has to package ruby-echoe to finish that work. :-P
<twb> Of course that wil lpiss off backporters...
<SpamapS> ok sleep
<SpamapS> twb: dh_python2 will just need to be backported. ;)
 * SpamapS goes <poof>
<twb> It's part of the base python package
<twb> goiod luck with that
<mynameistux> I have debian server installed on sda1, and an LVM using sda2, and sdb. If I install ubuntu server on sda1, will I be able to use the same LVM without making it again?
<mynameistux> like, can i just run vgscan, or lvscan and have it show up?
<_ruben> mynameistux: should be doable, you'll likely have to import it or something, forgot what exactly
<_ruben> been there, done that, was a bit of a struggle ;)
<_ruben> but once i had the proper commands, it worked just fine :)
<mynameistux> I'd really like it if I could find out exactly what I have to do
<mynameistux> it's not like I have irreplacable photos and stuff, I just want to loose all my data
<_ruben> mynameistux: i guess you *dont* want to loose all your data ? :)
<mynameistux> hehe, yeah I'd like to keep it
<mynameistux> like, it's a bunch of TV shows and movies that I don't particularly want to loose
<_ruben> from what i recall is that without doing anything the vgs/lvs/etc are marked as "foreign" and you need to tell lvm otherwise, it should be hidden somehwere in those manpages :)
<_ruben> http://c-mills.ctru.auckland.ac.nz/lvm_import.html .. i dont recall the export/import part, but the vgchange part does look very familiar
<_ruben> first hit on google for import foreign lvm ;)
<mynameistux> aah, that looks good
<mynameistux> ok, LETS DO THIS
 * mynameistux installs ubuntu server
<mynameistux> when I'm setting up the partitions during install, can I set set it up then?
<mynameistux> or best to do it after install?
<_ruben> mynameistux: well, if the installer sees the vgs and stuff like that, you might as well assign mountpoints to the lvs, be sure to not format 'em though ;)
<uvirtbot> New bug: #766975 in dovecot (main) "dovecot-postfix changes the SSL, IMAP, POP and maildir settings in dovecot" [Undecided,New] https://launchpad.net/bugs/766975
<sarthor> Hi, i am setting vpn server on ubuntu machine, i am not able to connect the  client xp and ubuntu both to the server, logs are here, http://pastebin.ubuntu.com/596358/ ,I followed this  http://www.ewdisonthen.com/how-to-setup-pptp-vpn-server-on-linux-tutorial-07577.php , any help ?
<adac> Hi guys. I can login via phppgadmin but not on command line. When I try: "psql -U openerp -W" I get: "psql: FATAL:  Ident authentication failed for user "openerp"" any ideas?
<hallyn> jbernard: any objection to my pushing http://people.canonical.com/~sergeh/cgroup_0.37.1-1ubuntu1.tgz
<m_tadeu> I'm using ssh to connect to my server. why after a few minutes without typing anything, ssh client just locks and I can't do anything, except close the console and connect again?
<xampart> after latest update&&safe-upgrade i have duplicate login-message as follows: http://pastebin.com/zteL4tKf
<kirkland> smoser: initial packaging for ... ?
<RoAkSoAx> morning all
<RoyK> afternoon :)
 * hallyn gnashes his teeth at the popup windows
<RoAkSoAx> TREllis: there's lots of stuff that currently don't work with koan :). So don't get dissappointed and just keep filling bugs
<TREllis> RoAkSoAx: heh
<TREllis> RoAkSoAx: that's what I'm doing... tbh most are just RH-isms
<TREllis> RoAkSoAx: we'll get there :)
<RoAkSoAx> TREllis: yeah. At least we can now deploy Ubuntu VM's with koan (and even with No questions Ask presseed :) )
<TREllis> RoAkSoAx: indeed :) cobbler makes that so simple and now koan has your patches it's all good
<RoAkSoAx> TREllis: yeah next steps are to hopefully fix the rest :)
<uvirtbot> New bug: #759711 in samba "smbd crashed with SIGABRT in raise()" [Medium,Confirmed] https://launchpad.net/bugs/759711
<RoyK> LOL! I blogged about very good support from my ISP, and silently, they have quadrupled my datarate :D
<uvirtbot> New bug: #759579 in php5 (main) "php5-fpm crashed with SIGSEGV in _efree@plt()" [Low,Incomplete] https://launchpad.net/bugs/759579
<hallyn> zul: jbernard and i (wiht review help from SpamapS ) have been working on libcgroup fix for several bugs . But my upload rights for libcgroup don't seem to be working.  Can I get you to sponsor for me/us?
<zul> hallyn: sure
<hallyn> zul: http://people.canonical.com/~sergeh/cgroup_0.37.1-1ubuntu1-src.tar.gz
<hallyn> zul: thanks
<zul> hallyn: 404
<hallyn> hrmph
<hallyn> zul: d'oh.  serge, not sergeh
<hallyn> http://people.canonical.com/~serge/cgroup_0.37.1-1ubuntu1-src.tar.gz
<hallyn> zul: ok, i want to review a kernel patch, then i'mb ack to trying to install openstack.  My last attempt actually failed, somewhere in the instructions a step had to be missing.  Will start over and report back something more useful
<zul> ok lemme know if you need help
<uvirtbot> New bug: #759657 in net-snmp (main) "snmpd assert failure: *** glibc detected *** /usr/sbin/snmpd: double free or corruption (!prev): 0x09ae1910 ***" [Medium,Incomplete] https://launchpad.net/bugs/759657
<Error404NotFound> I have installed psad on server and i get all sorts of emails regarding IPs attempting scans, but when i do iptables -nvL | grep "IP_HERE" i don't see anything
<alanr> Hi I have question: is there some way I can see current disk activity on my server
<cole> alanr: the package sysstat comes with a tool called iostat
<alanr> yeah that sounds good
<alanr> will it show a realtime thing like top or mtr
<zul> hallyn: done
<SpamapS> alanr: there's iotop too
<alanr> cool
<cole> iotop is good but it has a ton of info! if you're looking for basic disk activity i find the iostat output is very efficient
<SpamapS> cole: I find iostat's info to be almost totally worthless in actually solving problems. :-/
<SpamapS> like.. big surprise, the disks are really damn busy. :)
<SpamapS> I want to know what process is slamming them, and not just "disk wait" but are they reads, writes, etc.
<cole> spamaps: fair enough but i didn't know alanr was triaging anything
<alanr> yeah thats great thanks
<alanr> just to check kps 1300 means its going at 13 mb per sec
<alanr> ?
<nealmcb> Howdy, alanr!
<alanr> im not - im just seeing how fast my backups are going
<alanr> backups to a usb drive
<TheEvilPhoenix> alanr:  no
<TheEvilPhoenix> alanr:  1300 KB == 1.3MB give or take some number of kilobites that's a multiple of 24
<uvirtbot> New bug: #767352 in vsftpd (main) "Virtual Users rules with @ in the username" [Undecided,New] https://launchpad.net/bugs/767352
<uvirtbot> New bug: #381991 in clamav (main) "clamscan crashed with signal 7 in memcpy()" [Medium,Triaged] https://launchpad.net/bugs/381991
<uvirtbot> New bug: #645097 in bacula (main) "bat crashed with SIGSEGV in e_msg()" [Medium,Triaged] https://launchpad.net/bugs/645097
<smoser> SpamapS, why would i see:
<smoser>  mountall: Event failed
<smoser> i see it "normally" on ec2, but on lxc it seems like it might be something
<thielmann_> I moved my system from Ubuntu 8.04 to Ubuntu 10.04 (on a different system). Now every website hosted on my system has a strange character at the very end of the site (shown as a black squared question mark, see http://goo.gl/Dzws for example). I  can't seem to figure out if it's the file format, mysql, apache or something else. I tried everything I can think of. Any ideas?
<thielmann_> It seems all files delivered are in latin1, while they should be utf-8.
<patdk-wk> heh?
<patdk-wk> what strange little thing?
<ChmEarl> thielmann_, I don't see it
<thielmann_> patdk-wk: At the end of the site. Check http://straightbourbon.de/ as another example.
<thielmann_> It's a "ï¿½" when copied here.
<ChmEarl> thielmann_, when I `Get /` I only see text without any control chars
<patdk-wk>  Iunderstand the whole, end of site (bottom of page right?)
<patdk-wk> I see now odd things
<patdk-wk> that second page does though
<patdk-wk> but not that first site
<ChmEarl> yes junk after </html>
<patdk-wk> how is that page generated?
<patdk-wk> just a .html file?
<thielmann_> It's on every site (maybe not on the first, since it's cached and I'm logged in uncached).
<thielmann_> patdk-wk: No, it's MODx (PHP+MySQL).
<thielmann_> But I do have the same problems on sites without MySQL.
<thielmann_> So it seems to be a filesystem or apache error.
<thielmann_> Here's another example: refa-berlin.de
<patdk-wk> how did you upgrade mysql?
<patdk-wk> though, I can't believe that would do something after the html tag
<thielmann_> I didn't. I mysqldumped and reimported to the new system.
<patdk-wk> that would be an upgrade, wouldn't it?
<thielmann_> Well, yes :-). From 8.04 to 10.04
<patdk-wk> dunno
<patdk-wk> and can't believe it's a mysql issue, to put it in that location
<thielmann_> Tried already adding a default charset to apache, but it doesn't solve the problem. Maybe I fucked up the files? But how?
<patdk-wk> charset won't matter
<patdk-wk> cause it's not a charset issue
<patdk-wk> most likely your php app isn't php 5.3 friendly
<uvirtbot> New bug: #767450 in ntp (main) "package ntp 1:4.2.6.p2+dfsg-1ubuntu5 failed to install/upgrade: error al escribir en `<salida estÃ¡ndar>': No existe el fichero o el directorio" [Undecided,New] https://launchpad.net/bugs/767450
<thielmann_> patdk-wk: You seem to be right. Static files seem to be unaffected, but as soon as I start to create a new php file (even with a simple "echo") it starts adding trash. Might be related to apache/fcgid communication.
<kirkland> jamespage: howdy, around?
<jamespage> kirkland: yep
<kirkland> jamespage: i'm reviewing jonas packaging for iamfuzz
<kirkland> jamespage: what is the debian/base directory?
<kirkland> jamespage: there's like 79 files in there, a lot of xml and config stuff
<jamespage> kirkland: its a base configuration for jonas - I considered two approaches when I did this packaging
<jamespage> 1) generate it as part of the packaging process and include in debian overaly
<jamespage> 2) generate it as part of the install
<jamespage> however its interactive so only option was 1)
<kirkland> jamespage: hmm, okay
<kirkland> jamespage: so there's no way around this, really
 * jamespage goes to remind himself how this works exactly
<jamespage> kirkland: I think so; basically the base directory contains all of the stuff the is r/w for the jonas user.
<jamespage> kirkland: the upstream distribution does not include this - it gets generated
<kirkland> jamespage: so you generate it one time, put in debian/base
<jamespage> kirkland: and the distro is really all the stuff that you don't want the jonas user to change.
<kirkland> jamespage: rather than every time at build?
<jamespage> kirkland: hmm
<jamespage> kirkland: thinking about I've had to regenerate that directory for each new release; some of the files changed
<jamespage> kirkland: wanted to make it part of the build process - however its interactive :-(
<jamespage> it could be improved with a specific target in debian/rules to make it more repeatable
<jamespage> kirkland: and some better README in the package
<kirkland> jamespage: okay, thanks
<jamespage> kirkland: I suspect most installs don't try to maintain the separation between r/w and r/o permissions on the files
<kirkland> right
<jamespage> (I never did with JBoss installs....)
<jamespage> so just run of the directory structure provided in the upstream distribution
<kirkland> jamespage: thanks for the info!
<koolhead17> hi all
<koolhead17> i asked it some time back and will ask again.
<koolhead17> why /etc/lsb-release does not mention like natty beta2 (clear state of the dustro)
<koolhead17> *distro
<Pici> koolhead17: Because the release beta number is nothing more than the state of the archives at a point in time, its an arbitrary milestone.
<koolhead17> Pici: i got your point. but there are many people who are working and testing there development to sync with the final release, so they really monitor the state of release closely and for them its mention helps a lot
<koolhead17> i suppose Centos does that
<Pici> koolhead17: The problem is that the moment you upgrade once after installing 'Beta 2' you're no longer on 'Beta 2'.
<koolhead17> Pici: i mentioned development purpose. So for them its just a development box. once final release comes they announce its launch for now say natty
<koolhead17> one has to test his apps again and again so its becomes easier if we have complete information of the distributions current state
<koolhead17> its for the good of the software and distribution both at same time. :)
<Pici> koolhead17: It gets complicated when you start adding PPAs that could provide updates to any package though,
<koolhead17> Pici: my request was limited to a developer who uses barebone available software repository to test his application so that he gets the testing iteration as many times he can even moments before the stable release is announced. :)
<thielmann_> If I rsync --preserve files from a system with locale "C" to a system with "UTF-8" via ssh, do I need to convert the files? They seem to be fine, but I'm trying to debug a problem with weird characters caused by apache2 or fcgid.
<jMCg> Hey folks
<jMCg> I put two lines in /etc/ufw/before* - and reseted the firewall. I put some stuff in /etc/ufw/sysctl.conf and rebooted, but none of this is having any effect.
<jMCg> Is there someonething specific I'm overlooking here?
<rynop> Im using apt-get install to install libqt4-dev on a ubuntu 10.10 64bit instance in Amazon EC2. Getting a dpkg error "No space left on device".  A df shows I have free space - anyone know what could b wrong?
<jMCg> rynop: did you run out of fds?
<rynop> jMCg, what is fds? error makes me think it was out of space on root file system: "unable to create `/usr/include/qt4/Qt/qnetworkconfigmanager.h.dpkg-new' (while processing `./usr/include/qt4/Qt/qnetworkconfigmanager.h'): No space left on device"
<jMCg> rynop: wrong question. Are you new to this?
<jMCg> rynop: fd is http://en.wikipedia.org/wiki/File_descriptor
<rynop> yea pretty new
<jMCg> rynop: which FS?
<rynop> ext4, root FS is /dev/sda1. not sure if that was the a to ur q
<jMCg> s/fds/inodes/
 * jMCg 's brain is currently in post-food lethargy
<jMCg> rynop: man tune2fs will tell you that tune2fs -l /dev/yourpartition will tell you how many inodes you have and how many are free
<rynop> jMCg, so ur askign did i run out of inodes? dont know how to tell.
<rynop> k looing
<rynop> Inode count: 524288, Free inodes: 460
<jMCg> ah.. df -i also provides insight. Good to know.
<jMCg> http://www.fedoraforum.org/forum/showthread.php?t=246302
<rynop> jMCg, cool thx for link.  What would cause  my inode count to get so low? or is that too long of an explanation.
<jMCg> rynop: something is creating lots of directories/files
<jMCg> Seen that happen with mod_cache for instance: http://blag.esotericsystems.at/2010/02/introducing-more-caching/
<UppityTeapot> My server's motherboard has just been changed - beyond my control - and I've now seemingly got two network interfaces, which is confusing Ubuntu no end. How do I remove the old one?
<rynop> jMCg, i see. I'm storing sessions on a tmpfs ramdrive for my webapp. Writes to tmpfs dont count against inode count on root fs woudl it?
<jMCg> UppityTeapot: are they different vendors?
<UppityTeapot> Yes.
<UppityTeapot> The old one was a Winfast, the new one is an Asus, I believe.
<jMCg> UppityTeapot: blacklist the module.
<UppityTeapot> okay, how would I do that?
<jMCg> Or maybe it would suffice to regenerate the initrd Â¯\(Â°_o)/Â¯
<UppityTeapot> That sounds easier. Again, pardon my ignorance, how do you do that?
<jMCg> Which still doesn't answer my question: Why does ufw refuse my before.rules and my syscftl.conf settings?
<CrunchyChewie> any idea why bash is not sourcing my .bashrc file
<jMCg> UppityTeapot: google suggests update-initrd
<jMCg> CrunchyChewie: What permissions does it have?
<jMCg> I'm a retard.
<jMCg> reset == disables firewall to installation defaults.
<CrunchyChewie> jMCg: 644
<jMCg> http://www.linuxforums.org/forum/ubuntu-linux/119346-bashrc-not-getting-read-login.html
<CrunchyChewie> jMCg: even doing source .bashrc manually doesnt do anything
<UppityTeapot>  okay, this is strange
<jMCg> CrunchyChewie: #bash has more insight on bash strangness.
<UppityTeapot> ifconfig is reporting no eth0, but a brvir0 that isn't connecting to anything.
<CrunchyChewie> jMCg: will do, thanks for the headsup
<jMCg> UppityTeapot: no it's not. You can have a bridge with no physical interfaces.
<UppityTeapot> virbr0, even
<UppityTeapot> well why do I suddenly have a bridge.
<thielmann_> In case someone reads the irc log and is searching for an answer to my problem described above: remove libapache2-mod-php5filter. :-)
<jMCg> thielmann_: cool, thanks.
<patdk-nb> theielmann, so you where double parsing php?
<thielmann_> patdk-nb: I wasn't even aware I installed php5-filter.  I'm not sure if it got double parsed, but it might be the case, since serving sites is much faster now.  I just searched for all apache related packages installed.
<RoAkSoAx> smoser: Finally had the time to work on  publish-image \again and I've changed the approach though I think can be improved even more: http://paste.ubuntu.com/596710/
<rynop> jMCg, I use capistrano to deploy my webapp - had lots of old releases out there which were TONS of files - which caused high inode usage. Thanks so much for helping me track that down.
<rynop> woulda taken forever for me to track that down on my own
<jiboumans> SpamapS: ping?
<jMCg> rynop: you're very welcome.
#ubuntu-server 2011-04-21
<SpamapS> jiboumans: pong.. sorry been afk for a bit
<SpamapS> smoser: re your "event failed" question.. it means that there was an error starting something that one of the events mountall kicked off
<SpamapS> smoser: IIRC mountall doesn't do much in lxc
 * ScottK looks in his spamfolder to see if SpamapS' posts to the opendkim mailing list got misplaced.
<ScottK> !backports
<ubottu> If new updated Ubuntu packages are built for an application, then they may go into Ubuntu Backports. See https://help.ubuntu.com/community/UbuntuBackports - See also !packaging
<smoser> SpamapS's mails always go to my spamfolder
<smoser> but that might be because of an explicit rule i have
<MTecknology> so... system load >50, is that a lot?.........
<twb> MTecknology: an ideal system will have a load average of one times the number of CPUs/cores
<MTecknology> twb: that had two cores..
<MTecknology> the system was chugging; it's our web gateway and filters everything that goes through the proxy
<MTecknology> it was...... fun?
<SpamapS> ScottK: I keep getting side tracked trying to reproduce it another way. ;)
<twb> MTecknology: maybe you should fix that, then
<SpamapS> ScottK: the original poster says 10% .. I've tried at least 100 times and not reproduced. :-/
<MTecknology> i 'think' we took care of it for the moment
<MTecknology> lotta work to do though..
 * SpamapS fades back into the darkness
<zul> smoser: efficency at its best right?
<princej88> Hi, I am having some trouble trying to port forward my home ubuntu server for free through dyndns.com. can anyone please help?
<qman__> well, for one, dyndns doesn't forward ports, it points DNS to your dynamic IP automatically
<qman__> port forwarding is done on your internet facing device, usually a consumer router
<princej88> I can't use dyndns so that i can access my home ubuntu server from anywhere?
<qman__> you can, but that's not port forwarding, and it's only part of the process
<qman__> dyndns makes a name always point to you
<qman__> letting traffic in to your server is port forwarding, and is done on your router
<princej88> okay i believe i have done this
<princej88> i have a netgear router and it has an option for this
<princej88> so i have selected this option and put iin my host name and username and password
<princej88> and i have installed ddclient on my server as well. entering in my username and password for dyndns.com etc
<qman__> that's probably a bad idea, you should only use one or the other
<princej88> okay so you think i should uninstall ddclient on the server
<princej88> since my router has an option for this
<qman__> up to you, whichever device you trust more
<princej88> i trust the router more i think, so i am going to uninstall ddclient and see if that will do anything
<qman__> you can test by going to a site such as whatismyip.com and running 'dig mydomain.dyndns.com' on your server
<qman__> if they return the same IP, it is getting set correctly
<princej88> okay thanks. let me try this
<princej88> okay, they are both giving me the same ip address
<qman__> so the name points to you, next step is to forward ports to your server in your router
<qman__> for that, depends on what you want to do with the server
<HazRPG> hey guys \o
<princej88> okay, what i would like to do is be able to ssh into the server
<princej88> from an outside internet connection
<qman__> then you need to forward port 22 tcp to your server's internal IP address
<qman__> said IP address should be static or at least reserved in DHCP on the router
<princej88> okay, i see an option static routes on my router
<qman__> no
<qman__> your server's networking configuration
<qman__> should have a static IP set
<qman__> in the router, you want port forwarding
<princej88> okay let me look.
<qman__> and you forward 22 tcp to that IP address
<qman__> otherwise, that IP could change periodically, and when it does, your port forward will no longer work
<princej88> oh okay. let me see if i can find this option
<qman__> see `man interfaces` for details
<princej88> okay, i have found an option labled port forwarding/ port triggering
<qman__> as a side note, allowing SSH from the internet is high profile, make sure you have very strong passwords on all your users, or upgrade to key authentication, etc
<princej88> under that i can add a new custom servive and there is a dropdown list with service names such as age-of-empire, net meeting, news, ftp
<princej88> does that seem like the right place?
<princej88> i see a tcp/udp option
<qman__> probably, every manufacturer does it different
<princej88> there is a field for starting port and ending port..what exactly would i be putting here
<qman__> you want port 22 tcp
<qman__> as for what your specific router wants to do that, I don't know, you'll have to consult the router's manual
<princej88> okay
<m_tadeu> princej88: most probably you'll have to put 22 in start and 22 at the end to set the proper interval
<princej88> okay. let me try that m_tadeu
<HazRPG> hmm, I seem to be having a bit of trouble with radvd & IPv6 over IPv4 :/
<HazRPG> everyone is getting IPv6 addresses fine, and the server can ping6, but all the clients can't at all
<HazRPG> this did work at one point :(
<princej88> wow, i have gotten this working. thanks so much for the help guys
<m_tadeu> princej88: welcome
<HazRPG> anyone able to lend a helping hand trying to work out whats up?
<qman__> sorry, I don't know anything about ipv6
<HazRPG> hmm
<qman__> a bit contradictory since networking and security is my forte, but I just disable it, never needed it
<qman__> I'm sure I'll take the time to figure it out eventually
<HazRPG> qman__: ah, well maybe you can help me with another thing then instead, if you don't mind that is :)
<qman__> as long as it's quick, need to hit the sack soon
<HazRPG> I'd like to secure my sshd down, and well I've already got one in place on my vps but would be interesting to know if its actually good enough or not
<qman__> best option is key authentication
<qman__> and I use limiting in the firewall, it's built into ufw if you use that
<qman__> if you use straight iptables, look up -m recent
<qman__> slows brute force attempts rendering them ineffectual
<HazRPG> I'm pretty new to running/managing a linux server really
<qman__> well, keys of a decent length are far stronger than passwords
<qman__> you just need to make sure you don't lose them
<HazRPG> so far i've got key authentication I think
<qman__> but the most important thing, by far, is to make sure you don't have any accounts with weak passwords allowed to log in
<HazRPG> i'll see if i can pull it up
<qman__> easiest way to prevent that is use keys and disable password authentication in sshd
<HazRPG> authorized_keys
<HazRPG> thats the folder i've used
<qman__> it's a file, actually
<qman__> and it stores public keys that are allowed to authenticate as that user
<HazRPG> ah sorry i meant file inside of .ssh ;)
<qman__> if key authentication is working (sshd doesn't ask for a password), disable password authentication in sshd
<qman__> and restart sshd
<qman__> by doing that you eliminate the most common attack vectors
<qman__> and you only have to worry about losing your keys, or bugs in the software
<HazRPG> the ssh key always asks for its password the first time i use it when i boot up, guessing thats normal though?
<qman__> well, if you protected your key with a passphrase, yes
<qman__> but that's different from sshd asking for your password
<HazRPG> but thats the keychain inside of ubuntu, not the actual terminal
<qman__> yes
<HazRPG> yeah :)
<qman__> bugs do happen though, nothing is foolproof
<qman__> see the whole debian ssh key generation fiasco
<HazRPG> right, so if I just disable password... it'll reject all, except key holds, am I right in thinking that?
<qman__> yes
<HazRPG> yeah I have read about stuff like that
<qman__> best protection against that is keeping your software up to date
<HazRPG> I usually try to keep on top of updates daily, or is that the wrong way to go about things?
<qman__> daily is a bit much, I set mine weekly
<qman__> but it depends on your needs
<HazRPG> its just a habit
<HazRPG> if I'm logged into the server for irssi, and notice in byobu that there's updates I go check to see what they are and update
<qman__> best part about open source, when a serious bug in popular software arises, it's usually fixed the same day
<qman__> and the patches roll out the next
<HazRPG> yeah I have noticed, which I think is awesome :)
<HazRPG> I've just migrated my home server to a ubuntu-server... just got so fed up of seeing so many hacking attempts in logs
<qman__> none of that waiting around for several weeks|months|years you get with proprietary software
<HazRPG> agreed, there was a bug in windows server that someone kept trying to pin me down with, in the end i just put up some serious firewall rules in place
<HazRPG> also, updating apache in windows seems to be harder to do than linux... other reason for the switch over
<qman__> apache on windows is not a good idea security wise anyway
<HazRPG> much thanks for the advice btw
<qman__> it's fine for in-house things, but not serving the internet, too many unknowns
<HazRPG> really need to chrunch down whats up with my ipv6 now :/
<HazRPG> I had ubuntu-server in a VM for the last 5 months while I get to grips with operating with it, also started tinkering with IPv6... and it worked fine in that VM
<HazRPG> serving all computers on the network, but now that i've moved everything onto a pure ubuntu-server based system... it just doesn't seem to be having any of it
<HazRPG> and i can't see for the life of me why
<HazRPG> even the VM (which I kept a backup of) doesn't seem to want to do it anymore either - which doesn't make sense
<HazRPG> proper "pull your hair out" scenario lol
<qman__> I've had plenty of those
<qman__> at least this stuff is all documented
<kellnola> every day :)
<HazRPG> I've noticed configuring apache seems to be very different to the one I had on windows :/
<kellnola> it's more organized and easy
<qman__> at work I deal mostly with windows SBS on overloaded servers, with dozens of proprietary applications
<HazRPG> seems to have been moved to several files instead of the one file
<qman__> all poorly documented, if at all
<qman__> that's the debian way
<kellnola> HazRPG, it's far better that way
<qman__> and I agree, it's far better
<kellnola> I HATE having one huge config file, the debian way makes it way easier to script things
<HazRPG> don't get me wrong, it does seem better... but its going to take me a fair bit of reading to figure out what needs to go where and why
<qman__> read up on a2ensite/a2dissite, a2enmod/a2dismod
<qman__> it makes things really easy
<HazRPG> will do
<kellnola> actually all Linux's save for a few weird holdouts that no one uses anymore do it this way now
<HazRPG> I can't believe I managed to get sage on the test for H.E. (IPv6), and yet I can't figure out whats wrong with this thing
<HazRPG> kellnola: it does make more sense to have individual files to sort through things then to have it all clumped to one file
<kellnola> it makes mass virtual hosting comprehensible
<kellnola> for one
<HazRPG> makes managing it a lot easier too
<HazRPG> kellnola: see, I /sort of/ do that... I have several domains hosted on my own server
<kellnola> but debian does that with almost all the major server programs
<HazRPG> going to ask alis to see if there's an ipv6 channel
<HazRPG> seems there is #ipv6 \o/
<patdk-nb> hmm?
<patdk-nb> ipv6 issues?
<ScottK> SpamapS: Then that's a worthy thing to post.
<koolhead11> hi all
<xampart> after latest update&&safe-upgrade i have duplicate login-message as follows: http://pastebin.com/zteL4tKf
<unforgiven512> Can somebody help me get apache working correctly? I set up my vhosts, set DocumentRoot to /home/unforgiven512/public_html/site.com
<unforgiven512> then I did sudo chown -R unforgiven512:www-data ~/public_html/
<unforgiven512> and sudo chmod -R 0750 ~/public_html?
<unforgiven512> and I'm still getting a 403
<xampart> well ok. i found this: https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/659738
<uvirtbot> Launchpad bug 659738 in sysvinit "Duplicate welcome message in motd after upgrade 10.04>10.10" [Medium,Fix released]
<xampart> though i didn't upgrade from 10.04 -> 10.10.
<xampart> how can i trace what package update && upgrade did?
<joschi> xampart: /var/log/apt/history.log
<joschi> xampart: if you've been using aptitude probably /var/log/aptitude too
<xampart> joschi: ok. so how would i go finding which update (propably initscripts) caused the creation of /etc/motd.tail -file?
<xampart> ok. the culprit is more likely sysvinit-utils
<joschi> xampart: if the file is part of a package and is not created ad hoc, try dpkg -S
<pfalcon> Hi guys! Is this a place to ask regarding EC2 ubuntu server support?
<koolhead11> pfalcon, explain server support
<pfalcon> koolhead11: well, I'm from linaro team, we use ec2 for continuous build integration, and this night we had failures like:
<pfalcon> Err http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ maverick/main policykit-1-gnome amd64 0.96-2ubuntu4
<pfalcon>   403  Forbidden [IP: 10.202.26.15 80]
<pfalcon> it is cleared by now,
<pfalcon> but I wanted to make sure that it's known issue and/or fixed
<raphink> pfalcon, that looks like an httpd configuration issue on the ec2 apt mirrors
<raphink> pfalcon, so it's not a problem on your machine
<pfalcon> raphink: sure, it is not ;-) I exactly wanted to bring that possible misconfig on the server to the attention, if this is right place
<raphink> ah, right
<raphink> I don't know who manages these repositories
<pfalcon> ok, just hope it's something like random software upgrade or so
<unforgiven512> Anyone around?
<unforgiven512> On Ubuntu Server 10.04, is the proper method of starting a service "sudo /etc/init.d/mysql start" or "sudo service mysql start" ?
<unforgiven512> Also, mysql is not autostarting at boot time, and I can not figure out why.
<raphink> unforgiven512, most init.d scripts are wrappers to service now
<raphink> the proper method is server start
<daxroc> Morning all
<raphink> service start
<raphink> sorry
<raphink> hi daxroc
<daxroc> How do I completly remove a package and it's binarys
<unforgiven512> Alright, thanks.
<raphink> apt-get remove --purge
<unforgiven512> Now, may I ask, why am I having issues getting it to automatically run at boot?
<unforgiven512> And, if I do "sudo service mysql start"
<unforgiven512> then "sudo service --status-all"
<unforgiven512> mysql still has a [?] instead of [+] (or [-] for that matter)
<raphink> we have issues with the mysql upstart conf here too
<raphink> in lucid
<unforgiven512> hmm
<raphink> we've often replaced it with a traditional init script
<unforgiven512> It's frustrating D=
<raphink> upstart can be very frustrating indeed
<unforgiven512> Should I do sudo dpkg-reconfigure mysql-server ?
<raphink> I don't think it will solve the issue
<unforgiven512> Hmm
<unforgiven512> I have two interfaces with the address "127.0.0.1" for some odd reason
<unforgiven512> And, having MySQL bind to 127.0.0.1, could that be creating the issue?
<unforgiven512> lo, and venet0
<joschi> unforgiven512: openvz/virtuozzo virtualization. venet0 shouldn't have 127.0.0.1 assigned, IMHO
<unforgiven512> venet0 is 127.0.0.1, venet0:0 is (my actual IP)
<unforgiven512> the only interface that should be assigned 127.0.0.1 is lo, correct?
<elijahsh> hi! I'm trying to enable sound on ubuntu server 10.10 with internal audio from D510MO board. But lspci don't show any audio devices. How to enables sound?
<HazRPG> probably wrong place to ask this, but worth a shot... having trouble with ubuntu-server 10.04.2 running minecraft server 1.5_02
<HazRPG> (vanilla minecraft server)
<HazRPG> its fine for walking around, but the minute you try to do anything, it kicks them out throwing some java exception stuff
<twb> Maybe it wants OracleTM Java?
<jMCg> HazRPG: usually, when you say "exception", but don't provide the exception and the stack trace you're just wasting bandwidth.
<jMCg> "Server logs error"
<jMCg> "stuff doesn't work"
<jMCg> "nobody cares"
<HazRPG> yeah
<HazRPG> its fine, think I got it working
<HazRPG> seems it was a client-side issue more than server side
<jMCg> Yeah. 's all well. But: *what* issue?
<e-DIO-t> Hi. Ubuntu Server 10.04.1 Alternate over IBM xSeries 226 with HWRaid. Any idea about how to work around so it would boot even if I don't use "Boot from first Hard Drive" from live-cd ?
<xampart> e-DIO-t: what do you mean?
<RoyK> e-DIO-t: remove the CD
<e-DIO-t> xampart: i mean -> if i try to boot from first hard disk [from boot options] it simply "stops" on a flashing cursor. If i boot from CD and then i give the install option "boot from first hard disk", linux boots
<xampart> we had a firmware issue on our ibm-machine
<xampart> had to update-initramfs after installation. aic94xx-seq.fw was the file, iirc
<e-DIO-t> ty, i'll give a try
<xampart> you should check the logs first oc
<melter> does canonical have a long-term commitment to ubuntu server?
<RoAkSoAx> morning all
<pmatulis> melter: there is the LTS release
<pmatulis> !LTS | melter
<ubottu> melter: LTS means Long Term Support. LTS versions of Ubuntu will be supported for 3 years on the desktop, and 5 years on the server. The current LTS version of Ubuntu is !Lucid (Lucid Lynx 10.04)
<melter> pmatulis: i'm concerned about future releases, specifically after reading http://www.zdnet.com/blog/open-source/ubuntu-linux-1104s-target-audience-casual-windows-users/8723
<melter> i do software development on the desktop and deploy on server, and running different distributions causes problems with different software packages, versions, etc.
<melter> i'm just 1 developer on a small, non-profit project. i used red hat til they started to charge, switched to gentoo until it collapsed, switched to ubuntu, and now i'm worried all over again
<jamespage> Daviey: around?
<Daviey> jamespage, o/
<jamespage> Daviey: time for a quick euca query?
<Daviey> jamespage, always for you!
<jamespage> ta - so I'm looking at a 11.04 upgrade bug report - bug 766983
<uvirtbot> Launchpad bug 766983 in eucalyptus "package eucalyptus-java-common 2.0.1 bzr1256-0ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Incomplete] https://launchpad.net/bugs/766983
 * Daviey reads
<jamespage> Its a maverick->natty upgrade - however it looks like the code in the postinst script is running; I think that it should only do that for upgrade pre maverick.
<jamespage> however it all looks a little odd
<Daviey> jamespage, oh golly
<Daviey> not seen that one before
<jamespage> like there was a previous upgrade that failed or something
<Daviey> jamespage, maverick -> natty, that should not happen
<jamespage> Daviey: yeah - thats what I thought.
<Daviey> lucid to maverick (or *direct* to natty)
<jamespage> if a lucid->maverick upgrade failed previously would you see this type of behaviour?
<Daviey> jamespage, he would have seen that behaviour since he done it
<Daviey> jamespage, https://launchpadlibrarian.net/69995794/DpkgTerminalLog.txt <-- machine looks *really* dirty
<jamespage> oh yes - I'm not that worried by this report as a result :-)
 * jamespage thinks it may have already been broken pre-upgrade
<Daviey> jamespage, My hunch is that it is upgrade from lucid directly to natty...
<Daviey> jamespage, really, not much that can be done without reproducing it on a clean machine.  If it was my machine, i'd force the postinst to exit 0.. backup the db, see if euca works and/or run the db upgrade script myself
<Daviey> Hmm
<Daviey> This machine seems to be a walrus controller only
<jamespage> Yeah - its all a bit weird and its also a generic kernel which would indicate that its a desktop install, not a server
<Daviey> jamespage, hmm... he doesn't seem to have euca'-common installed
 * Daviey checks stuff
<jamespage> Daviey: don't do to much now; I'm going to see if the reporting can tell us a bit more; upgrade paths, was it working pre-upgrade etc..
<Daviey> jamespage, find out if he has euca'-common installed aswell please?
<Daviey> (he should have)
<jamespage> Daviey: ack
<Daviey> jamespage, infact, a full package list would help :)
<Daviey> and a pony.
<HazRPG> jMCg: Client side issue, as in the minecraft client... I deleted it, downloaded it again from minecraft.net and it worked like a charm... problem wasn't in the server, the problem must have been in a bad update of the minecraft client.
<HazRPG> Sorry, been trying to get apache to work properly
<HazRPG> finally got that sorted out too
<HazRPG> I put in some custom log file to point to /var/log/apache/<website>/access.log (etc)
<HazRPG> but forgot to make the <website> folder
<HazRPG> and mysql working like a charm first time round :)
<HazRPG> now to just migrate all my windows stuff over to my ubuntu box :D
<HazRPG> finally glad to be rid of windows
<mdlueck> Is there anyway to see the entire kernel build number of a package visible in Aptitude? The screen shows me 2.6.32-31. and chops the remainder of the build number.
<mdlueck> Without actually downloading / installing said kernel package.
<mdlueck> By viewing the change log for the package I was able to see that it is indeed 2.6.32-31.61 build. That is way tooooo hard in Aptitude.
<Pici> mdlueck: Both apt-cache show and apt-cache policy tell me that.
<mdlueck> Pici: But Aptitude truncates the number and makes it very hard to be SURE which version you are selected upon.
<jamespage> hggdh: around?
<koolhead11> hey kim0 :D
<kim0> koolhead11: hey
<koolhead11> kim0, wassup :)
<kim0> hehe going good .. how about you
<koolhead11> am awesome
<kim0> koolhead11: that's the way we like it ;)
<koolhead11> kim0, pm ?
<kim0> yeah sure
<uvirtbot> New bug: #766242 in cloud-init "lp:ubuntu/cloud-init is not buildable by bzr-builder" [Undecided,New] https://launchpad.net/bugs/766242
<azeryu> hello there
<azeryu> who know about nagios ?
<CrunchyChewie> quick: Fail2Ban or DenyHosts ?
<jpds> azeryu: Yes, what's the question?
<azeryu> i just followed this tutorial on installing nagios
<jpds> CrunchyChewie: Whichever you prefer.
<azeryu> http://kedar.nitty-witty.com/blog/10-steps-mysql-monitoring-nagios-installation-configuration
<azeryu> i got apache with vhost
<azeryu> when i compile nagios package
<jpds> Why are you compiling nagios, when there's a prefectly good package in the archive?
<azeryu> once after the compile on the tutorial they ask to point to localhost/nagios
<azeryu> without saying where is the webroot folder
<jpds> azeryu: Try using a guide for Ubuntu (and not RPM-based): https://help.ubuntu.com/10.04/serverguide/C/nagios.html
<azeryu> how to uncompile ?
<RoyK> azeryu: rm -rf /usr/local/nagios
<RoyK> it won't "uncompile", but it'll remove the old stuff
<azeryu> but on /etc
<azeryu> i got lots of config
<azeryu> i want to remove it too ?
<azeryu> there is no way to uncompile ?
<RoyK> azeryu: did you compile it with standard settings?
<RoyK> as in just a ./configure && make all install ?
<azeryu> http://kedar.nitty-witty.com/blog/10-steps-mysql-monitoring-nagios-installation-configuration
<RoyK> if so, there shouldn't be anything under /etc
<azeryu> i just followed that tutorial
<azeryu> yes
<RoyK> shouldn't be anything under install, then
<azeryu> but there are things under /etc
<azeryu> i got two folder
<RoyK> the nagios bits are under /usr/local/nagios/etc
<azeryu> on /etc
<RoyK> there might be apache bits there, but that's different
<azeryu>  /etc/nagios3 and /etc/nagios-plugin
<jpds> azeryu: Use something like https://help.ubuntu.com/10.04/serverguide/C/etckeeper.html in future.
<RoyK> if it's a dedicated nagios server, and you worry about how to clean up, just reinstall the box
 * RoyK has left nagios for icinga - nagios development halted some 4-5 years back and all focus is now on nagios IV, which is commercial, and thus not very interesting
<azeryu> icinga
<RoyK> stupid name, but better code
<RoyK> a fork
<azeryu> icinga
<azeryu> icinga is better than nagios  ?
<RoyK> it's a nagios fork, and I find it better
<RoyK> looks a lot better too :)
<ap0c> icinga ?
<RoyK> and with the same interfaces, so plugins works
<ap0c> RoyK: i haven't used the default css in nagios for years now
<RoyK> ap0c: http://tinyurl.com/3oaactz
<ap0c> ha
<RoyK> there is CSS in Nagios?
<ap0c> lmgtfy
<azeryu> #icinga
<RoyK> aye
<RoAkSoAx> smoser: Finally had the time to work on  publish-image \again and I've changed the approach though I think can be improved even more: http://paste.ubuntu.com/596710/
 * RoAkSoAx off to lunch
<jMCg> Do you guys recommend linux-image-virtual or linux-image-server as kernel for a KVM guest (which acts as a server..)?
<queso> If I have enabled the root account by giving it a password, and I now want to disable it again, should I use passwd -l or passwd -d ?
<kirkland> RoAkSoAx: remind me where/how we the list of ubuntu releases for testdrive?
<jMCg> queso: passwd -l locks it. That's bad, because it would probably prevent all the cronjobs from working which are run under root.
<queso> jMCg: ha, good point.  so passwd -d will bring it back to the way it was?
<RoyK> you can't go back to what it was
<jMCg> hrm...
<RoyK> unless you have a backup of /etc/passwd
<jMCg> queso: okay. I'm talking out of my ass.
<jMCg> queso: that's true for Solaris, but my default Ubuntu install looks like this: galic@knock ~ % sudo getent shadow root
<jMCg> root:!:15050:0:99999:7:::
<jMCg> queso: so -l is fine then.
<queso> Okay, let me ask again. After enabling root by giving it a password, what is the appropriate way to disable it?
<queso> passwd -l
<Delemas> jMCg, linux-image-virtual is better suited to a KVM guest...
<kirkland> RoAkSoAx: also, i doesn't look to me like powerwake-now is working
<jMCg> Delemas: is there somewhere a sane listing of difference between the kernel flavours?
<Delemas> Sure diff the config files...
<jMCg> Delemas: please re-read my question: I said "sane" :)
<Delemas> heh you don't get any more sane what of getting differences in configuration than looking at the files that describe that configuration...
<jMCg> You might be right. I'll think about this on my ride home. Right now I'm just really happy the whole thing survived a reboot and works as I want it to work.
<uvirtbot> New bug: #768506 in samba (main) "CIFS VFS Server is slowing down shutdown" [Undecided,New] https://launchpad.net/bugs/768506
<RoAkSoAx> kirkland> RoAkSoAx: remind me where/how we the list of ubuntu releases for testdrive? -> huh?
<RoAkSoAx> kirkland: is there an specific test case for powerwake-now?
<RoAkSoAx> so that I can reproduce
<RoAkSoAx> (sorry was having lunch and not having a car means a lot of walking ) :)
<deadsmith> Does anyone know about grub2 on UEFI XServe machines?  For example, is 10.10 Server running a version that should boot on the machine?
<queso> How do I re-generate the MOTD?
<genii-around> Interesting. Searching for /var/run/motd on packages.ubuntu.com produces no package
<RoyK> it's not installed
<RoyK> it's generated over time
<queso> RoyK: So how do I regenerate it? :)
<RoyK> it's generated/updated once someone logs in
<queso> oh, then I must have broke something 'cause the motd is messed up
<RoyK> oh
<RoyK> motd
<queso> I installed etckeeper, maybe that has something to do with it.
<RoyK> sorry
<RoyK> no, motd is generated by the scripts in /etc/update-motd.d/
<RoyK> I was thinking of something else
<RoyK> wtmp things
<queso> for some reason it's displaying the current motd, then after that an old motd..
<queso> every time I log in
<RoyK> which distro version?
<queso> lucid server
<RoyK> funny - works well for me
<queso> hmm, there's a /etc/motd.tail  that has the old motd info.  when I delete it then it's good.  dunno where that came from.
<Delemas> queso, I saw that today too...
<Delemas> Someone else already started a bug report.
<RoyK> queso: I guess you upgraded to lucid
<RoyK> queso: I've seen the .tail file hanging off after upgrades, without me making it in the first place
<Delemas> RoyK, This wasn't the case here. All my 10.04 servers (fresh installs) today ended up with a static version of /etc/motd in /etc/motd.tail from two days ago.
<RoAkSoAx> smoser: where you able to check the diff for publish-build?
<smoser> RoAkSoAx, sorry. completely forgot
<smoser> link again?
 * RoAkSoAx looks
<RoAkSoAx> smoser:   http://paste.ubuntu.com/597150/
<RoAkSoAx> SpamapS:ping?
<goddard> i got something really odd going on.  When I login to my ubuntu server it displays the system information like normal but it has two sets of system information  and the second set is different from the first...whats going on? any ideas?
<giovani> goddard: is the timestamp on both printouts the same?
<goddard> no
<goddard> one is a day before
<goddard> what does that mean?
<goddard> I have two servers and the other server doesn't display information for two days
<goddard> giovani any idea
#ubuntu-server 2011-04-22
<SpamapS> RoAkSoAx: pong, sorry you caught me while I was lunching. Whats up?
<goddard> giovani is that a normal thing?
<RoAkSoAx> SpamapS: o/ I just needed someone to sponsor and upload and you are the only one remaining at this time
<RoAkSoAx> SpamapS: bug #768598 if you could please! Thanks!! :)
<uvirtbot> Launchpad bug 768598 in powernap "PowerNap does not take recover action in PowerSave mode after powernap-now" [Critical,Confirmed] https://launchpad.net/bugs/768598
<uvirtbot> New bug: #768707 in cyrus-sasl2-heimdal (universe) "cyrus-sasl2-heimdal uninstallable and ftbfs" [Undecided,Confirmed] https://launchpad.net/bugs/768707
<CrunchyChewie> anyone familiar with Fail2Ban?
<CrunchyChewie> I want to configure it to use exim4 as the mta as well as to secure exim4
<CrunchyChewie> and the documentation seems a bit sparse
<smoser> RoAkSoAx, sorry, just now reading
<smoser> around ?
<smoser> publish_image_array=( "${publish_image_array[@]}" "${publish_image}" ) == publish_image_array[${#publish_image_array[@]}]="${publish_image}"
<smoser> there are 2 dimensional arrays in bash now (i think) at least there are associative, so you wouldn't really have to stuff all into a ',' based delim and thn explode it
<smoser> RoAkSoAx, it looks reasonable.
<smoser> the only other main comment i would have is to trap sigchld and then kill the other pids and exit.
<kindofabuzz> just did a fresh install of 10.04, did all upgrades. when I ssh into the server the welcome message still says "100 packages can be updated. 56 updates are security updates." another apt-get dist-upgrade gives 0 to be upgraded
<RoAkSoAx> smoser: sorry went for dinner... and ok. Will look into the 2 domensional arrayts and traping sigchild and kill the pids
<uvirtbot> New bug: #768753 in samba (main) "package samba (not installed) failed to install/upgrade: arquivo tar do sistema de arquivos corrompido - arquivo de pacote corrompido" [Undecided,New] https://launchpad.net/bugs/768753
<smoser> RoAkSoAx, you might be better off using some comand that does that sort of thing.
<smoser> ie, dsh, or gnu-parralel
<smoser> you feed them a group of commands to run and let them run them.
<smoser> comma delimitng and splitting is probably fine.
<RoAkSoAx> ok cool yeah i wanna look into gnu parallel too
<goddard> i got something really odd going on.  When I login to my ubuntu server it displays the system information like normal but it has two sets of system information  and the second set is different from the first...whats going on? any ideas?
<kindofabuzz> just did a fresh install of 10.04, did all upgrades. when I ssh into the server the welcome message still says "100 packages can be updated. 56 updates are security updates." another apt-get dist-upgrade gives 0 to be upgraded
<goddard> so do aptitude update
<goddard> aptitude safe-upgrade
<kindofabuzz> goddard: that did nothing
<kindofabuzz> well it found no upgrades
<hylinux> hi, guys. one question for uec, what's difference between warlus and EBS?
<hylinux> the warlus is just for image store?
<hylinux> and ebs for user space storge?
<hylinux> thanks so much
<goddard> kindofabuzz odd always works for me
<goddard> kindofabuzz i would reboot and try again
<goddard> any idea when ubuntu is going to update its virus protection?
<kindofabuzz> goddard: there are no updates at all. done them all. rebooted several times. still it shows that there updates on the little welcome screen when ssh'ing in
<goddard> kindofabuzz yeah odd man I am getting two displays of information when I ssh in
<goddard> one from yesterday and today
<goddard> i dont know why either
<kindofabuzz> goddard: yep, two messages here two. the first doesn't say anything about the updates but second does. something is broken
<kindofabuzz> too*
<goddard> ive been hanging around here all day hoping some one knows more about it
<goddard> i have two servers and it only happens on one
<goddard> on top of that i am getting some one trying to repeatedly login to random mail accounts on my server that dont exist
<kindofabuzz> i'm researching all this now
<kindofabuzz> it's actually printing it 4 times for me
<kindofabuzz> goddard: found a fix. just delete or mv your /etc/motd.tail
<goddard> kindofabuzz wow thats odd let me know what you figure ut
<goddard> so its a bug?
<kindofabuzz> i guess. just started after recent updates
<kindofabuzz> goddard: http://ubuntuforums.org/showthread.php?t=1734201
<kindofabuzz> is where i found an answer
<goddard> well atleast the resource usage is lower :D
<goddard> kindofabuzz good man thanks for the info
<kindofabuzz> goddard: np
<foo> I just created a user, gave them a home directory, and I'm mainly giving them SFTP access. I noticed they can still view directories outside of their home via SFTP, any way to prevent this?
<kthomas_vh_> y
<foo> kthomas_vh_: that fo rme?
<foo> actually, is there a way to just read a log of the files they'd open?
<foo> that'd be fine
<kthomas_vh_> y again
<kthomas_vh_> wait,  are you the foo I know :) ?
 * foo runs and hides
<foo> nevermind :)
<kthomas_vh_> well,  if you're the foo I know,  you deserve better answers :)
<foo> kthomas_vh_: OHHH. ;) Actually, it's all good - I got it sorted. :)
<kthomas_vh_> k,  good
<foo> and yeah, it's good ol' foo, the only and only. /me does a dance
 * kthomas_vh_ looks for bar
<foo> separated at birth :/
<kthomas_vh_> :/
<uvirtbot> New bug: #768846 in autofs5 (main) "autofs does not mount /net/host" [Undecided,New] https://launchpad.net/bugs/768846
<eichi> hello, I have much problems with crontab cronjobs <10h and <10m. means. every time of day with only one digit (doesnt matter of I use 01 01 or 1 1) doenst work. someone has any idea? (other time like 10 15 * * * work without problems)
<Blizzkid> Hi guys, I've created a udev-rule which calls a script under a certain condition in 50-udev.rules. This works fine. When I copy that same rule to 55-rd1000.rules, it's executed twice. What could be causing this?
<Blizzkid> the rule is http://pastebin.com/At1P8KHa
<RoAkSoAx> morning all
<RoAkSoAx> Daviey: ping
<RoyK> hi
 * RoyK curses 
<RoyK> insane packet loss from a netbook with 11.04 ... not a server question, really, but ever tried to ask on #ubuntu?
<hggdh> jamespage: blueprint for Jenkins opened
<www2> hi all i want to set a sudo login with the root password for securty
<andygraybeal> what virtual network interface is best? e1000, virtio ?
<smoser> virtio should be better than e1000
<bau-> hi all, where can i get a ath.cx domain, or another free domain?
<andygraybeal> smoser, thank you
<b0gatyr> trying to edit file /etc/clamav/freshclam.conf with vim as sudo but it tells me "warning: Changing a Read Only File" what can be wrong?
<bau-> b0gatyr, not sure but it could be means the hdd is full
<orudie> how to find out which version of postfix I have installed ?
<patdk-wk> postconf version
<patdk-wk> postconf mail_version
<JanC> bau-: for dynamic address hosts, see dyndns & such?
<morb> Quick question; does anyone know why the -server kernel does *not* include r8168.ko (Realtek GigE LKM) when the .config *does* have it set to build...
<pangrazi> I am having a problem with 10.04-LTS and multiple NICs using the same MAC
<ScottK> Aren't MAC addresses supposed to be unique?
<cloakable> Yes
<cloakable> It's how ARP works, iirc.
<morb> ja
<david5345> I need to recompile asterisk into a deb for 8.04 and it has to have all the same options as the ubuntu repository asterisk ( dependencies, paths etc... )
<pangrazi> exactly
<pangrazi> and the macs show up as unique in Free BSD and the UDEV rules
<pangrazi> but when I do an ifconfig i get the same mac for all 9 interfaces
<morb> huh. no ifrename or macchange funk involved?
<pangrazi> I have 4 broadcom nics on board, 4 intel e1000 on a pci-x card and 2 10GE on a myricom card
<david5345> how might I do this ?
<pangrazi> nope
<morb> this is pretty much a fresh install?
<pangrazi> clean install from scratch, added some packages and that is it
 * morb interest piqued
<pangrazi> all packages are up to date as of 10 minutes ago
<morb> and tcpdump or monitoring externanlly confirms they're all using the same mac?
<pangrazi> yes
<koolhead17> hi alll
<pangrazi> my cisco switches are freaking out seeing mac-address flapping
<morb> no doubt
<pangrazi> i removed the myricom card and rebooted to no change
<morb> have you tried manually unloading/loading lkms?
<pangrazi> no, i have not tried that
<morb> rmmod, modprobe/insmod
<morb> just for yucks
<pangrazi> ill try that right now
<pangrazi> i did reboot the server and do a cold boot as well
<pangrazi> it is very strange that dmsg shows with the correct mac as well
<morb> hm
<pangrazi> well i just did the standard remove the nic you are using trick
<pangrazi> excellent
<pangrazi> i did have to install some unusual packages for the new version of Snort
<pangrazi> this is supposed to be an IPS when complete
<pangrazi> anyone have any suggestions other than a rebuild?
<pangrazi> this isn't in production so I can do pretty much anything I want to it
<pangrazi> and even if i do an ifconfig to force the change nothing happens
<pangrazi> ifconfig still reports the same MAC
<azeryu> hello ther
<donvito-> System information disabled due to load higher than 1
<donvito-> why i get this message?
<azeryu> on my ubuntu pc i try to enable mod_rewrite
<azeryu> i can't there is an error
<azeryu> what to do ?
<azeryu> for you the message is self explanary donvito
<azeryu> " load high "
<donvito-> what i need to do?
<azeryu> you need to increase your sysconfig
<azeryu> or kill process
<azeryu> that's just an indication to manage well your system, that's not a big issue
<morb> donvito-: nothing, it's just the motd displayed upon login. it does not want to add excess load to the system, so it's being nice and letting other processes take priority.
<pangrazi> morb: i rmmod bnx2 and modprob bnx2 and now the broadcom nics have the right mac addresses
<morb> pangrazi: hah! so something in the init chain is causing them to be reassigned, I'd take it to the mailing list because tbqh I've never heard of this occurring before, and it's not normal. (I've run several 4+ nic boxes before)
<azeryu> well for my problem i try to setup an virtual host when i try to do sudo mod_rewrite aktivieren i got this error :  sudo: mod_rewrite: command not found
<pangrazi> awesome
<morb> azeryu: mod_rewrite is a module for most httpds.
<azeryu> ok what i have to do ?
<morb> it's something you alter inside the scope of your httpd's configuration
<cortex_sk> azeryu: sudo a2enmod
<azeryu> instead of mod_rewrite aktivieren
<azeryu> not working
<azeryu>  sudo a2enmod aktivieren
<azeryu> ERROR: Module aktivieren does not exist!
<cortex_sk> azeryu: sudo a2enmod rewrite
<azeryu> enabled
<azeryu> if i try mod_rewrite aktivieren
<pangrazi> i guess i get to go step by step through my init to find out which one is hosing my nics
<azeryu> sudo: mod_rewrite: command not found
<azeryu> this is what i got
<cortex_sk> azeryu: did you change something in your apache config files?
<azeryu> nothing
<azeryu> what option to check ?
<shauno> why are you trying to run mod_rewrite from the command line?
<azeryu> i just following a tutorial
<uvirtbot> New bug: #769064 in autofs5 (main) "[Maverick] autofs5 leaves too many orphaned mount points in /proc/mounts and reboots takes forever" [Undecided,New] https://launchpad.net/bugs/769064
<Admin__> hi
<Admin__> could you help me please how to install openmsn in ubuntu server
<TheEvilPhoenix> Admin__:  uh... does that require a GUI interface?
<Admin__> hi are there someone
<mrroth> hi, silly question
<mrroth> but how do I manage a bunch of ssh server
<mrroth> a bunch of linux servers
<mrroth> and unix, from my bash prompt
<mrroth> like shorts, or simple ways to remote in to them
<sarthor> Hi, i am getting some mac address and ip address incomple, while that ip address are not present, you friends can check my arp , /etc/netwrok/interfaces/, dhcp.conf here,    http://pastebin.ubuntu.com/597518/
<Admin__> hi could you help me plea someone know to install nogios or openmsn in ubuntu server
<mrroth> what the best way to manage a whole bunch of unix / linux server from the terminal (like ssh session and such)
<mrroth> short cuts
<pangrazi> morb: as a hack i put the rmmod and modprob commands into rc.local
<pangrazi> such a hack but it is working for now
<g0bl1n> any hint for this ? Can SSH to an AWS Ubuntu instance but can't SCP. Get a permission denied. Using scp -i /path/to/ssh_key -r local_folder user@server:/remote_path
<deadsmith> ltipath
<deadsmith> hey all...
<deadsmith> Anyone have experience with a Promise vtrak running on 10.10?
 * Daviey checks in
<RoAkSoAx> /win 17
<RoAkSoAx> lol
<deadsmith> or multipath setup in general?
<morb> pangrazi: at least you can continue working on other stuff until you find a sound solution / real fix! =)
<mrroth> what permession do I set on a hidden folder with bookmarks I don't want anyone to see, but to still allow me to excute them via script
<malev> hi there! I'm installing a FTP server with vsftp and I'd like to: when some one logs in I'd like to be placed in /sites dir is this possible?
<mrroth> do I need to do chmod 400 /dir/
<lenios_> malev, you're probably looking for chroot
<lenios_> http://www.howtoforge.com/forums/showthread.php?t=60
<malev> lenios_, thanks!!
<malev> lenios_, something like that, but I want chroot to be a common dir to all the users
<lenios_> change home dir of users then, or search an option for this kind of chroot for vsftpd
<JasonMSP> I'm trying to get a deeper understanding of symbolic links.  I have one setup for a webadmin program that links from the public_html folder to a share folder.  Permissions right now are rwx across the board.  Does this need to be the case?
<hazmat> anyone understand where core files go in ubuntu-server? i see cat /proc/sys/kernel/core_pattern -> |/usr/share/apport/apport %p %s %c
<hazmat> but its not clear to me what apport is doing with the core
<CppIsWeird> im following this tutorial http://www.monkeedev.co.uk/blog/2009/03/06/setting-up-openvpn-in-debianubuntu/ when it gets to where it says "Just edit this with your network settings and execute it. You will also need to set it to create the bridge at boot time:"
<CppIsWeird> does it want me to name the script bridge, move it to /etc/init.d, then run the command
<CppIsWeird> update-rc.d bridge defaults
<CppIsWeird> ?
<b0gatyr> CppIsWeird: all is saying is to edit the script with your network settings then execute it and add the script to start at boot time with update-rc.d bridge defaults
<CppIsWeird> k. i did something like that... :P
<ejv> hi, im rsyncing (on the same server) a 43G directory with thousands of small files from one array to another, and im getting an error "ERROR: out of memory in map_ptr [sender]", there's *plenty* of available RAM, how do I fix this?
#ubuntu-server 2011-04-23
<econ> Can anyone help me get my usb wifi up and running? Everything I've found uses the iwconfig or iwlist commands, which don't come installed. I can't install them because I can't get connected to the internet. Thanks.
<jMCg> econ: why do you have an usb wifi in your server?
<econ> its just a pc that i'm trying to set up as a samba file server for my house. pretty much I want to learn how to do some server type stuff but don't have a server.
<jMCg> econ: you'll need wpasupplicant, which from what I remember is pain to configure without the fancy GUI stuff.
<jMCg> Says the guy whoi is entirely GUI-capped.
<econ> Ok, I'll check it out. Thanks
<jMCg> IIRC, there's some CLI client, but that's quite.. shit.
<jMCg> /sbin/wpa_cli
<uvirtbot> New bug: #769191 in krb5 (main) "Incorrect configuration at installation" [Undecided,New] https://launchpad.net/bugs/769191
<HazRPG> right, I seem to be having more trouble doing this than I should... and I was wondering if any of you guys could help me out a little bit
<HazRPG> I'm trying to run a minecraft server on my ubuntu server
<HazRPG> now since its java, I have to run this inside of a screen to get this to work
<HazRPG> I've got a user pointed straight towards doing just this job, and I've locked out the password
<jMCg> Or you could.. use upstart, which will take care of restarting it when it dies!
<HazRPG> now my problem is, that user can't issue a screen, esp since I can only really use him as "sudo su - user"
<HazRPG> jMCg: ah, not worried about that... its mainly me that uses it, but however I would like it to do a gmap render and also some backups
<HazRPG> while announcing to the user such tasks
<qman__> IIRC, in order to launch screen, it must be run by a user who has a password
<qman__> you can work around this problem by launching screen as another user
<qman__> and run sudo -u username $command
<qman__> inside of that screen
<qman__> not having a password means no interactive logon
<HazRPG> yeah
<HazRPG> see the reason I did this was because I just wanted it to be self contained
<HazRPG> but not being able to start this as service is a pain
<qman__> well, like I said, you could just launch screen as a different user and then run the command inside it
<qman__> so, instead of 'sudo -u username screen $command', 'screen sudo -u username $command'
<qman__> you could even run that screen as root if you're so inclined
<qman__> the server is still running as the other user
<HazRPG> running minecraft as root doesn't sound like a good plan though lol
<qman__> you're not
<qman__> you're running screen as root
<qman__> you're still running minecraft as your limited user
<HazRPG> right
<qman__> don't know what it is with game server programmers, but they just refuse to write them as daemons for some reason
<qman__> srcds and unreal are the same way, interactive consoles
<morb> sudo su -c command interactiveuser
<morb> heh
<morb> versus screen
<morb> or sudo -u
<morb> shrug
<qman__> that doesn't work
<morb> writeawrapperscript(tm)
<qman__> the server doesn't run if it doesn't have an interactive console
<qman__> it just hangs or quits
<qman__> hence screen
<HazRPG> this whole thing has melted my mind
<morb> OH
<HazRPG> been trying to get this sorted since this afternoon >_<
<morb> OIC
<morb> okay so smp requires interactive console
<qman__> yeah, it's pretty stupid on the programmer's part, but nothing we can do about that
<morb> I ran it inside a screen window in the past and never thought anything of it
<morb> hm
<qman__> I did this exact thing with srds
<qman__> srcds*
<morb> I'm sure it could be tricked otherwise, but there's nothing wrong with wrapping it inside screen or other form of multiplexer
<qman__> just a script that runs a screen as me, and the server inside the screen as the dedicated user
<qman__> it's not that hard
<HazRPG> how would I script this to fit on the cron job for rendering then?
<qman__> that, I couldn't tell you
<qman__> I don't know how to interact with screens in an automated manner
<qman__> it's probably documented if it's possible
<morb> you want to periodically type text on console?
<morb> e.g. pipe commands via cronjob?
<HazRPG> ah see I've got the code, the problem is though I need it to run... actually wait, if I have one for minecraft and one for the map render, and then just sudo -u those, it should work... technically
<HazRPG> however isn't this just bad practice doing it this way?
<qman__> it's the best way as things stand
<qman__> the problem is bad programming
<morb> I've never set up a renderer beyond that livemap deal before bukkit became main
<qman__> it's the best workaround I've found
<qman__> security wise it's not too bad, no worse than just running it normally
<qman__> and it's contained
<qman__> the mess never leaves screen
<HazRPG> well yeah, but surely if they got into that screen, and say they closed the server and typed "exit" they'll be brought back to my user...
<qman__> no
<morb> screen -dmS sessionname command
<qman__> screen will exit and they will be kicked off
<morb> btw
<qman__> because if you do it right, screen is not launched from an interactive shell
<morb> would be a way to manipulate that from scripts
<qman__> it's launched as an upstart job or rc.local or whathaveyou
<morb> or cron
<qman__> but here's the key
<qman__> if you run screen as root, e.g. from rc.local, they have to break root to get into your screen in the first place
<qman__> which basically means they'd own you either way
<HazRPG> right
<qman__> if you launch the server directly from screen, and screen directly from a shell script, and not an interactive shell, there is no exiting to an interactive shell
<qman__> it just dies off
<HazRPG> so, erm... not to feel any more stupid than I already do, if I did go down the rc.local / whatever route, I'd have to issue root to do the cron then?
<qman__> yes
<qman__> unless you double sudo
<qman__> root runs screen as a third user
<qman__> then screen runs the command as your minecraft user
<qman__> said third user needs a password though
<qman__> well, the way things are set up by default anyway
<qman__> root has some magic going on, he's allowed to log in interactively without a password
<qman__> nobody else is
<HazRPG> right, would you mind helping me through this?
<qman__> I can give you the scripts I made for srcds
<HazRPG> because I think that's 3 methods you've mentioned, and I'm not sure which is best really (even though all are workarounds anyway)
<qman__> I did a sysvinit script and a second script
<HazRPG> sure
<qman__> eh, looks like I made a real hash of it
<qman__> http://pastebin.com/uP1zxNpp
<qman__> but really, you should be able to just 'screen sudo -u username $command' inside a start script
<qman__> seriously though, I was in exactly your position when I made this
<qman__> the stupid thing refused to run
<qman__> this does work, though, all else failing
<HazRPG> right well here's what I did for my cron: http://paste.ubuntu.com/597660/
<HazRPG> I don't think that would work in this sense though would it :(
<HazRPG> only just finally merged my windows box to a ubuntu-server box, and didn't realise how much hassle this could be lol
<qman__> heh
<qman__> could be worse, some game servers require X
<qman__> and there was one person asking how to start up one in wine headless
<qman__> that's a whole mess I want none of ;)
<HazRPG> heh same!
<HazRPG> I thought java was bad enough!
<HazRPG> so erm, hang on who would I be using to do the crontab with?
<qman__> I was running a minecraft server for a while until that hardware crapped out
<qman__> I use /etc/cron.d and friends
<qman__> and it would probably be the same user that screen is run by
<qman__> I was just running mine manually though
<HazRPG> ah so /etc/init.d/ and /etc/cron.d/ would be essentially the two I'm using
<qman__> makes you appreciate a properly written daemon
<qman__>  /etc/init.d for sysvinit scripts, if you're using that
<qman__> it's technically deprecated in ubuntu but they still work
<qman__> and I don't see it going away any time soon
<qman__> lots of stuff needs to be converted to upstart first
<qman__> I wrote that before upstart existed
<HazRPG> see I've done nothing as far as upstart is concerned
<qman__> I'm not a fan
<HazRPG> in fact I've done nothing with sysvinit either, other than using them
<qman__> too much work and it's still not all that great
<HazRPG> so this is all new (and news) to me
<HazRPG> sounds like unity :/
<HazRPG> but that's a rant for a totally different channel lol
<qman__> I'd either stick with sysv or go all-in with systemd
<qman__> upstart is kind of in the middle
<qman__> but yeah, just my opinino
<Datz> Sc
<HazRPG> right, lets see if I can do an /etc/init.d/ script :P
<HazRPG> hmm just found this: http://www.minecraftwiki.net/wiki/Server_startup_script
<HazRPG> how I'd make a cron for that, is beyond me though
<HazRPG> the only bit I don't get really is the "Default-Start" and "Default-Stop" stuff
<goddard> automatic backups ... how do i do it?
<qman__> goddard, cron + tar
<HazRPG> I really need to change my bios settings on my server T_T
<HazRPG> reboot takes forever due to all the bios check crud
<HazRPG> in fact I think most of it is netboot and cdrom stuff
<goddard> qman__ know of any scripts?
<patdk-nb> automatic backups of what?
<HazRPG> too vague
<patdk-nb> of what would you like automatic backup of with your server?
<goddard> i want to backup everything that would be important for a web server
<goddard> apache configuration php mysql web data
<patdk-nb> sounds like atleast 3 things then
<patdk-nb> mysql, /etc and /var/www
<goddard> yep
<goddard> wait not etc...well maybe
<patdk-nb> if you want to save your apache/php/... settings
<patdk-nb> so many admins have issues and wipe out stuff in etc by accident
<goddard> each version of ubuntu uses the same version of those software in the repositories so as long as i can get that version of ubuntu i shouldnt have to save the binaries
<goddard> ?
<patdk-nb> basically saving /etc does that also, cause it saves apt settings for package sources
<goddard> isnt that pretty large?
<patdk-nb> for like if you some ppa's or something
<patdk-nb> sure, mine is like 20megs or so
<goddard> 20megs thats nothing :D
<patdk-nb> back it up offsite each night
<goddard> yeah thats what i wanna setup
<patdk-nb> I'm actually doing mysqldumps and backing up etc
<patdk-nb> then backing up those backups
<patdk-nb> so mysqldump and etc both are 22megs combined for me
<goddard> pretty lite
<patdk-nb> I'm also backing up /usr/local, cause I put my custom stuff there
<patdk-nb> 210megs
<patdk-nb> well, I don't run any mysql websites on that :) so it's small
<patdk-nb> the mysql website I do handle has 8gigs of data
<patdk-nb> but in mysqldump | gz is about 1gig
<qman__>  /etc is not binaries
<qman__> it is configuration files only
<qman__> binaries go in /bin, /sbin, /usr/bin, /usr/sbin, etc
<patdk-nb> qman, yep, and apt config helps get all the extra binaries :)
<qman__> etc as in etc... not /etc
<goddard> :D
<goddard> thanks for clearing that up
<patdk-nb> my /etc compresses to 1.4megs
<qman__> yep
<qman__> mostly text, compresses well
<patdk-nb> same with mysql if you dump it
<qman__> there are complete backup systems, but unless you have some infrastructure going on, it's not really worth it
<qman__> a three to five line bash script will do
<qman__> drop it in cron.d
<goddard> alriht good to know just add that to the list of 30 thngs i gotta do :D
<patdk-nb> don't worry
<patdk-nb> after your first big dataloss
<patdk-nb> you will make a good backup solution
<qman__> heh
<qman__> my solution at home is to just keep a copy of everything important on several computers
<qman__> can't really afford a backup system
<qman__> but yeah
<patdk-nb> my home is generally my backup :)
<patdk-nb> nightly rsync to home
<qman__> production servers, gotta have it
<patdk-nb> then backup system does incrementals of that rsync
<HazRPG> qman__: oh btw, thanks for your help earlier :)
<qman__> ironically, my file server, where I store most backups, has been the least reliable system
<goddard> i actually had a horrible setup using Dreamweaver and a production  and test server
<qman__> single disk budget systems outlasting my raid 5
<patdk-nb> backup drive consists of 8 1tb re4 drives, raid6 of 6 drives, and 2 spare
<qman__> running raid 6 with hot spare now
<goddard> didnt have a backup and had to some how fix it
<goddard> it was amazing i was able to fix it
<goddard> extremely lucky
<qman__> I lost three disks in one day on my last array
<goddard> ouch
<patdk-nb> ya, I had a raid50, 6 drives, with spare
<patdk-nb> lose 4 drives
<qman__> it's only paranoid until it happens to you
<patdk-nb> spare was probably lost before it was needed
<patdk-nb> hmm, something isn't right here
<patdk-nb> oh :) wasn't comparing the correct paths :)
<patdk-nb> was wondering why mail on one was 700megs and the other was 8gigs
<qman__> they don't make hard drives like they used to
<qman__> the system drive on that file server is a 4GB Quantum Fireball, still running strong
<patdk-nb> na, they are using ecc correction for more than failsafe
<patdk-nb> they depend on it
<qman__> and it'll probably outlast the second array
<patdk-nb> why I'm alittle paranoid about these 4k sector drives
<patdk-nb> besides the fact mine have only lasted 2 months before needing replacement
<HazRPG> score!
<HazRPG> managed to get the cron to work :D
<HazRPG> and now I have a cool script to go with my minecraft server too
<goddard> haha minecraft :D
<HazRPG> this is done a lot better than I was originally going to do before I asked for help
<HazRPG> again much thanks :)
<qman__> glad it's working out
<darkmarble> can't seem to get wget to log onto a site with the whole --save-cookie and --post-data scheme... any ideas?
<patdk-nb> darkmarble, if it's a ms .net thing, you have to save and pass the forms cookie stuff, it's lots of fun :)
<darkmarble> tried using --load-cookie on the 2nd wget run, no dice :(
<darkmarble> even went through the --save-session-cookies bit, tried a lot of approaches so now I'm just at a loss as to what to do
<AphisOne> Is there a best practice or common way of handling CVE compliance with Ubuntu Server?
<AphisOne> I'm looking more or less for some documentation that I can reference.
<HazRPG> qman__: managed to get it to run as a screen by minecraft (user), which means that I could just put the cron as that user too and execute other things that minecraft (user) owns.
<patdk-nb> darkmarble, ya, cookies are cookies, but did you save and resubmit all the form variables?
<qman__> nice
<HazRPG> qman__: considering pigmap (the thing I use to render maps) is owned by minecraft, it means it can run this flawlessly and I don't need to change my apache permissions or do other fancy tricks to get that working
<HazRPG> just-worksâ¢
<darkmarble> patdk-nb: well considering it's a short form, i just used --post-data='username=user&password=pass'  not the right approach?
<HazRPG> also means if I want to do more work inside that screen, I can
<centHOGG> hi, any tips on CLI lm-sensors config, I have it working but can it be more selective?
<centHOGG> <ubuntuNAS
<trimeta> Something's gone wrong with my install of Landscape...I've got three copies of its output in /etc/motd, and it seems each time it's automatically running, if the result differs from the previous time it just prepends to /etc/motd rather than replacing it.
<trimeta> Or at the very least, there's an old copy of the text that's still there and won't go away.
<uvirtbot> New bug: #769354 in elinks (universe) "elinks accepts self-signed ssl certificates without warning" [Undecided,New] https://launchpad.net/bugs/769354
<pehden> mysql server wont start after moron installed module in drupal
<pehden> Urgent matter
<kthomas_vh_> #drupal-consultants :) ?
<pehden> ill clear that data base if i have to
<pehden> it just has to start
<pehden> i have several other databases
<kthomas_vh_> you'd probably do better to check your logs for the error
<pehden> hmm
<kthomas_vh_> installing a drupal module does not normally stop mysql from starting up :P
<pehden> thats what i thought but from what it sounded like was thats when it happened
<pehden> where is the log for mysql
<pehden> my list doesnt show that one
<kthomas_vh_> google?
<pehden> ok found the log but it looks empty
<pehden> /var/log/mysql.err and /mysql.log
<kthomas_vh_> so maybe change your logging level,  and/or read up on logging options?
<pehden> is there a way to start it with only selective databases
<pehden> mysqld_safe --skip-grant-tables
<pehden> like that
<kthomas_vh_> try it and see?
<pehden> it starts but none of the sites connect
<kthomas_vh_> because you don't have any table grants,  no doubt :)
<goddard> how do i know what libraries i can use if my project isn't open source? im not lawyer
<pehden> wth steven
<goddard> how do i get one of those
<pehden> goddard you can use open source libraries and put them in a closed source prodject
<goddard> wont it be illegal?
<pehden> look up GNU license
<reisi> hmm actually goddard pehden: you cannot link to gpl library (put them in a ...), but to pretty much any other license you can, usually reading the license faq is enough
<reisi> you cannot link to gpl [library] from closed source application, that would be a violation of the license ...
<Shapeshifter> Hi. How do I add another daemon to be automatically started upon booting?
<joyce> I am on 10.04, but my kernel is still 2.6.18. How can I upgrade my kernel?
<pehden> hmm fixed issue
<pehden> some how the log folder filled the hardrive to max removed all that then reinstalled mysql no purge and it worked
<aliverius> i need mono-1 but it is not available :(
<storrgie> Does anyone know of a guide to help me understand how to block websites if I'm running a linux machine as a gateway?
<Zeu5> hi there, my motd keeps showing 43 packages can be updated.
<Zeu5> 22 updates are security updates.
<Zeu5> but i have already done sudo apt-get update, sudo apt-get upgrade and sudo apt-get dist-upgrade and then restarted my instance
<Zeu5> please advise abt my motd thank you
<ArisVer> nfs4 server, how do i, create a partition and export a partition on my disk?
<cerneula> hello everyone, I have a server with ubuntu 9.04. The problem I have is that I can log in via ssh, but not from TTY1. I have tried changing console, but it does not work. I have looked into /etc/securetty and the consoles are allowed to be logged in from. Also I have had a look to /etc/pam.d/login file, but I don't understand it very well. I have been looking for an answer on the internet, but no lock so far. Anybody has
<cerneula> it says 267 people in this room, but I can't see a single line, why?
<oCean> cerneula: it's quiet, people are just idling
<cerneula> thanks
<cerneula>  I have a server with ubuntu 9.04. The problem I have is that I can log in via ssh, but not from TTY1. I have tried changing console, but it does not work. I have looked into /etc/securetty and the consoles are allowed to be logged in from. Also I have had a look to /etc/pam.d/login file, but I don't understand it very well. I have been looking for an answer on the internet, but no lock so far. Anybody has any idea? Many
<oCean> cerneula: anything useful in /var/log/auth.log?
<ArisVer> Hi, i get a 403 error for my localhost page. How do i fix this?
<qman__> ArisVer, chmod o+r /path/to/website
<RoyK> +x too
<ArisVer> I get a, no such file or directory.
<ArisVer> wait
<ArisVer> Nothing happened , still get 403.
<ArisVer> I get a, no such file or directory. (this is okay now, it was typing mistake).
<ArisVer> chmod did nothing. I had permission access from before.
<ArisVer> When i click the html file it shows on my browser. But trying to 127.0.0.1 gives me a 403 Forbidden, you don't have permission to access / on this server.
<cerneula> hello everyone!  I have a server with ubuntu 9.04. The problem I have is that I can log in via ssh, but not from TTY1. I have tried changing console, but it does not work. I have looked into /etc/securetty and the consoles are allowed to be logged in from. Also I have had a look to /etc/pam.d/login file, but I don't understand it very well. I have been looking for an answer on the internet, but no luck so far. Anybody ha
<cerneula> sorry, it had expired, here is the new link
<cerneula> http://pastebin.com/ytH6nqw2
<uvirtbot> New bug: #769514 in postfix (main) "Mail not sent unless relayhost has a port number" [Undecided,New] https://launchpad.net/bugs/769514
<kellnola> ArisVer, apparmor, perhaps?
<kellnola> or perhaps the server is not listening on localhost?
<kellnola> wait no it isn't that
<ArisVer> kellnola ,  what is apparmor?
<ArisVer> kellnola, i found out, my knowledge is very limited for that.
<Zeu5> hi there,
<Zeu5> ever since i updated my ubuntu server instance and restarted it, my apache is no longer working
<Zeu5> please advise.
<kellnola> ArisVer, better get used to it :). It has tripped me up a few times. If you get mystifying permissions problems, I'd look there. It logs to syslog or audit.log depending on your config, you can turn it off with /etc/init.d/apparmor teardown
<kellnola> Zeu5, look in your apache logs
<kellnola> Zeu5, try to start it manually
<Zeu5> kellnola: which  folder is that?
<kellnola> Zeu5, /var/log/apache
<Zeu5> kellnola: i tried sudo sudo /etc/init.d/apache2 start but still get same rror message
<kellnola> Zeu5, try sudo /usr/sbin/apache2 -X
<Zeu5> kellnola:  okie i am in as root
<Zeu5> i can view a lot of files in side /var/log/apache2
<kellnola> Zeu5, error.log is the one your're looking for
<kellnola> Zeu5, try the command I printed there
<kellnola> Zeu5, and see what it says
<Zeu5> the command gave me this
<Zeu5> apache2: bad user name ${APACHE_RUN_USER}
<kellnola> Zeu5, sorry, sudo su www-data -c /usr/sbin/apache2 -X
<Zeu5> kellnola: i did a sudo -i
<Zeu5> so i am now root
<Zeu5> shd i still use the command in full that u gave me?
<kellnola> yes
<kellnola> doesn't matter
<TheEvilPhoenix> i think we need to find what's binding to port 80 already, Zeu5.
<TheEvilPhoenix> *reads the info from #httpd*
<Zeu5> guys, i accidentally rm my error.log
<TheEvilPhoenix> Zeu5:  you're in trouble then
<kellnola> Zeu5, just run the command and apache will log to STDOUT
<TheEvilPhoenix> in any case, i iforget the command(s) to list what's listening on what ports
<Zeu5> the command did not work
<TheEvilPhoenix> i could use that myself
<TheEvilPhoenix> :p
<Zeu5> su: invalid option -- 'X'
<Zeu5> Usage: su [options] [LOGIN]
<TheEvilPhoenix> kellnola:  any idea what command you can use to show what's listening on what port(s)?
<ArisVer> kellnola, i edit the file and saw 'to really tear down all profiles run the init script with the teardown option'. Is this a command line?
<kellnola> TheEvilPhoenix, sudo lsof -i | grep LISTEN
<kellnola> ArisVer, yes, that's how you turn it off. (for troubleshooting)
<Zeu5> TheEvilPhoenix: kellnola this is mine http://bin.cakephp.org/view/1367000440
<kellnola> Zeu5, the -X is an argument to apache2, not su
<Zeu5> no port 80 as far as i can see
<TheEvilPhoenix> strange, I can't find port 80 being bound to on mine either :P
<kellnola> Zeu5, and no "*:www"
<kellnola> ?
<TheEvilPhoenix> well that's odd...
<Zeu5> kellnola: i dun understand
<kellnola> it's something else then
<TheEvilPhoenix> kellnola:  nothing's bound to port 80
<Zeu5> can you give me the command that you want me to run again?
<TheEvilPhoenix> kellnola:  might be a new bug in Ubuntu systems
<Zeu5> guys?
<TheEvilPhoenix> kellnola:  Zeu5 and I are in the same boat, something's blocking binding to port 80
<kellnola> hold on Im tripped up by the ubuntu way here ... let me look at it a minute
<TheEvilPhoenix> not sure what
<kellnola> TheEvilPhoenix, where do you see that? in the error log?
<TheEvilPhoenix> kellnola:  in the output from `s service apache2 start`
<TheEvilPhoenix> where that first "s" is an alias for sudo
<kellnola> ok try sudo lsof -i
<TheEvilPhoenix> sec
<kellnola> pipe to egrep "(www|80)"
<TheEvilPhoenix> oop
<TheEvilPhoenix> wait a sec
 * TheEvilPhoenix thinks there was some random glitch in his system
<Zeu5> kellnola: what command would you like me to try?
<kellnola> might be something established and not listening
<TheEvilPhoenix> ended up having to drop into a root prompt
<kellnola> Zeu5, hold on
<Zeu5> kellnola: thanks
<TheEvilPhoenix> kellnola:  i ended up dropping myself into a root prompt where I had to do 'service apache2 stop; service apache2 start'
<TheEvilPhoenix> it loaded correctly
<TheEvilPhoenix> lemme test this again
<TheEvilPhoenix> Zeu5:  you wouldn't happen to not be prepending "sudo" to the /etc/init.d/apache2 start command would ya?
<Zeu5> i am now root
<Zeu5> sudo -i
<TheEvilPhoenix> Zeu5:  run this, with the semicolon: service apache2 stop; service apache2 start
<Zeu5> /etc/init.d/apache2 start i get the could not bind to address error
<TheEvilPhoenix> did you stop it first?
<Zeu5> yesi stopped it
<TheEvilPhoenix> then in your system, your system must have something else binding to it
<Zeu5> TheEvilPhoenix: okie so what do i do  next?
<TheEvilPhoenix> sec,  need to configure something on my root prompt
<Zeu5> okie thanks for helping
<Zeu5> i really appreciate this
<kellnola> wait are you using ubuntu or zentyal or something?
<TheEvilPhoenix> kellnola:  you realize this is the ubuntu channel right?  Zeu5 already stated its an ubuntu system
<Zeu5> ubuntu 10.04 server
<kellnola> have to make sure. Zentyal IS ubuntu, but it puts its paws into everything
<TheEvilPhoenix> Zeu5:  as root: netstat -nutap | grep :80
<TheEvilPhoenix> Zeu5:  pastebin the output
<Zeu5> i have never heard of Zentyal
<TheEvilPhoenix> if you can :P
<kellnola> Zeu5, it's a popular ubuntu knockoff
<TheEvilPhoenix> heh
<TheEvilPhoenix> knockoffs are crap
<kellnola> for servers
<Zeu5> http://bin.cakephp.org/view/1367000440
<Zeu5> my paste
<TheEvilPhoenix> oh lookie:
<TheEvilPhoenix> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      443/apache2
<kellnola> Zeu5, you have to make sure all those apache procs are killed
<kellnola> there are several in SYN_RECV
<Zeu5> kellnola: advice on this
<TheEvilPhoenix> Zeu5:  killall -9 apache2
<TheEvilPhoenix> as root
<kellnola> that will do it
<Zeu5> TheEvilPhoenix: thanks
<TheEvilPhoenix> mhm
<Zeu5> now netstat -nutap | grep :80 shows nothing
<TheEvilPhoenix> Zeu5:  after the killall, do 'service apache2 restart'
<TheEvilPhoenix> good
<kellnola> ok good. try to start apache
<TheEvilPhoenix> do service apache2 restart
<Zeu5> can someone explain to me? i am writing all this into my google docs to teach myself
<kellnola> you had an apache process in SYN_RECV (waiting for the initial TCP handshake reply) and not letting go of it will kill -TERM (what the init script does)
<Zeu5> kellnola: i see
<Zeu5> so netstat -nutap |grep :80 means?
<TheEvilPhoenix> netstat is a program
<TheEvilPhoenix> netstat -nutap is as follows:
<jMCg> Zeu5: man netstat, man grep...
<kellnola> list everything without any name resolution piped to grep for port 80
<TheEvilPhoenix> indeed
<TheEvilPhoenix> i.e.
<kellnola> lsof will show that as well. I like lsof better myself
<TheEvilPhoenix> *shrugs*
<kellnola> netstat is ancient
<Zeu5> i see
<TheEvilPhoenix> lsof wasnt workin for me :P
<jMCg> -a everything, -n nameresolution, -t tcp, -p program, -uI have no idea.
<kellnola> prob we were grepping for the wrong thing
<Zeu5> great
<Zeu5> everything now is working
<Zeu5> thanks guys
<Zeu5> thank you kellnola and TheEvilPhoenix
<kellnola> Zeu5, ps ax would also have shown you running apache procs
<Zeu5> its okay
<Zeu5> i have saved the netstat command and the killall
<Zeu5> into my google docs with some comments
<Zeu5> it sucks to be a ubuntu noob like me :(
<jMCg> s/ubuntu/Unix/
<TheEvilPhoenix> jMCg:  -u is udp for netstat
<kellnola> jMCg, :). I am somewhat a noob to the ubuntu way of doing tings on server, but not to linux.
<kellnola> Zeu5, I might suggest learning the core admin commands
<kellnola> very well
<jMCg> TheEvilPhoenix: I have consulted netstat(8) since and found that out myself!
<TheEvilPhoenix> ;P
 * TheEvilPhoenix goes back to fiddling with iptables rules
<Zeu5> kellnola: where is this core admin commands?
<kellnola> Zeu5, well there are a few dozen indispensable ones
<Zeu5> is there a webpage dedicated to it?
<kellnola> and you need to know how to at least pipe to other commands to sort and limit to what you want
<Zeu5> i need something really noob-friendly the apache2 manual for eg, i find it hard to digest
<kellnola> Zeu5, tackle learning unix first
<kellnola> then the apache manual will make sense
<Zeu5> kellnola: well, i am now using ubuntu for all my working purposes on my laptop so as to familiarise myself with ubuntu
<jMCg> Zeu5: the "apache2" or, as I prefer to call it Apache HTTP Server manual is easy, once you understand how it works.
<Zeu5> however, the moment i find myself not using those sudo /etc/watever restart
<jMCg> http://blag.esotericsystems.at/2011/02/systematic-high-intensity-training-202/ <<<
<Zeu5> for a while, i forget all abt them
<kellnola> Zeu5, well, ubuntu tries to make everything easy, but on the server all bets are off, you need unix skills
<jMCg> I really like: http://www.freebsd.org/doc/en/books/handbook/basics.html -- but I don't know of an equivalent for Linux.
<Zeu5> thanks jMCg
<Zeu5> kellnola: any books or ebooks u recommend fro server admin?
<kellnola> jMCg, do they even use GNU utils in BSD?
<Zeu5> i am using ubuntu server
<jMCg> kellnola: who cares? They are POSIXy enough.
<kellnola> I guess. The switches are different, no biggie to me, but to a newbie that can be confusing
<jMCg> If you can do ps -e -orss on GNU, you can do that on BSD as well -- that is: You managed to read the man page and know roughly what you're looking for.
<jMCg> Yes, unfortunately, some switches are a little different. :-/
<jMCg> I linked that in my article: ï»¿ï»¿ï»¿ï»¿ï»¿http://people.freebsd.org/~schweikh/posix-utilities.html
<kellnola> Solaris admins also bring their habits to linux
<Zeu5> kellnola: so.. books?
<jMCg> Most importantly: killall doesn't do the same on Solaris as it does on Linux :)
<kellnola> NOPE
<jMCg> And memory works differently. Entirely differently.
<jMCg> Zeu5: I've had a couple of recommendations back in the day, but never really read any of them.
<Zeu5> kellnola: okay. but any case, thank you very myuch
<Zeu5> jMCg: the books must be really noob friendly
<kellnola> the sysadmin guide that is installable via apt is pretty good
<Zeu5> jMCg: i am a very very slow learner
<kellnola> O'Reilly internet core protocols and bind books are great
<Zeu5> kellnola: i got anaccount in oreilly i go check out
<maswan> jMCg: that's why it is a good habit to use pkill instead of killall
<Zeu5> thanks
<kellnola> Zeu5, I hate to reccomend, the the "for dummies" series is actually good for people just starting out from scratch
<Zeu5> kellnola: well personally i dun ve very good opinions of the for dummies
<Zeu5> but i guess i am really left with no choice
<jMCg> maswan: I don't use pkill.
<jMCg> s/pkill/killall/
<kellnola> I remember unix being quite bewildering when I first started way back when
<kellnola> it's too bad open solaris didn't take off. I really like solaris
<jMCg> kellnola: Open Solaris did take off, and then it was shot down.
<kellnola> corrected. I know. A solaris with debian style package management would be wonderful. that is solaris' only weak point
<kellnola> as it stands it's relegated to the commercial nix world
<jMCg> nexenta?
<kellnola> what's that?
<jMCg> A Solaris with debian style package management
<jMCg> http://www.nexenta.org/
<kellnola> oh hell yes
<maswan> kellnola: there are some other annoying weak points too, like the tcp stack
<kellnola> maswan, I find the most annoying thing about solaris isn't the OS, but the admin and dev "culture", which seems to be stuck in 1992
<kellnola> maswan, but as for the TCP stack, what do you mean specifically?
<maswan> kellnola: maybe so, I don't have that much contact with that, we were starting to move towards solaris+zfs for storage serves, before oracle ruined it
<maswan> kellnola: no tcp window size autotuning
<kellnola> fuck oracle
<kellnola> oracle will ruin everything
<kellnola> I think they're poised to gobble up red hat now
<maswan> now we're back to requiring lucid in our procurements :)
<kellnola> linux might not be the most ingenious unix, but the engineering in the deb based distros is clearly above everyone else
<kellnola> they are so meticulous
<kellnola> in my last nix job, it was RHEL and solaris only
<kellnola> and I HATE RHEL
<maswan> I'm not very fond of rhel derivatives either, but luckily i don't have to deal with them much
<kellnola> had about 300 RHEL desktops to manage
<maswan> quite a bit of that comes from the very careful debian packaging policy
<kellnola> maswan, it does. Debian devs are great engineers. It truly is an admins dream
<kellnola> but working in the commercial unix world, I found that commercial nix app developers are even worse than windows developers
<kellnola> maswan, actually I find it has mostly to do with lack of hierarchical management that makes debian so good. They have to hammer out the decisions with input from all, rather than be subject to the whims of a manager
<maswan> kellnola: yeah, it does have downsides though, like release schedule
<kellnola> maswan, I don't really care about that myself. I prefer a slow release policy, though it's painful on desktops
<maswan> kellnola: it sucks for servers when the drivers are only in newer kernels, with enough changes to make backporting painful
<kellnola> I installed debian 6.0 the other day and the installer is very newbie desktop friendly. Though it will not keep up with ubuntu. HOWEVER, if I were managing linux desktops, or if I were a linux developer, I would target debian or Ubuntu LTS, they are both very stable and easy to support. RHEL, which has captured that market, is NOT
<kellnola> maswan, that happens with RHEL all the time. With DELL servers too, and they are supposed to have this great relationship with Red Hat
<kellnola> Ubuntu is a little more realistic than debian about that ... LTS does have point releases that have newer drivers
<kellnola> I can't count the numer of times I had to create a new kickstart because RHEL 4.x would not work with some new Dell server (ethernet, mainly), so had to do it over
<uvirtbot> New bug: #769580 in php5 (main) "PHP script executed twice on each request" [Undecided,New] https://launchpad.net/bugs/769580
<roche> Hello I am trying to install mysql-cluster from ubuntu package repository but apt-get return an error saying mysql-cluster client is trying to overwrite "/usr/bin/mysql" that is include in mysql-client package
<roche> I tried to remove mysql-client but is a dependency of mysql-cluster-client
<roche> Can you help me to overcome these problem?
<rynop> I put a file in /etc/profile.d to add something to the path system wide. How do I get all users on the system to pick up the change w/o having to reboot system? (forcing individual users to re source is ok)
<dassouki> is there a dropbox type app that i can install on my server?
<dassouki> or what would you recommend as a source code repos, but for engineering / cad projects?
<webactivex> hi guys, I need some help with SMTP, for some reason I am not able to connect to my newly setup server with thunderbird. The weird thing is that I can recieve mail, but I cannot send it. Any help in diagnosing this would be greatly appriciated. I am using postfix.
<guntbert> webactivex: do you have experience running mail servers?
<webactivex> no this is my first time
<webactivex> I have a book on post fix I have been trying to go through
<webactivex> postfix the definitive guide
<guntbert> webactivex: then PLEASE: don't run a mail server connected to the internet, try it first in a protected network (at home, behind a firewall,...)
<webactivex> guntbert: that is really not a option at this time
<webactivex> these are not play servers these are work servers
<guntbert> webactivex: care to tell me why?
<webactivex> its something that has to be setup
<webactivex> I have the DNS pointing correctly I am pretty sude
<webactivex> sure, with the MX records all setup
<guntbert> webactivex: thats what I was hinting at: someone without experience is bound to make serious mistakes
<webactivex> probably, but that doesn't change the situation
<guntbert> and I'm not talking about DNS records
<webactivex> are you able to help diagnosing?
<guntbert> webactivex: are you able to connect from terminal?
<webactivex> yes
<webactivex> I am getting a relay access denied
<guntbert> then where is the problem?
<webactivex> on RCPT TO:
<webactivex> I am trying to hook up thunderbird and its not working
<guntbert> forget thunderbird for the time being, the real error is in the config of postfix, you didn't set the "trusted" range correctly, but be warned, if you set it too broad your server will become an "open mail relay" and soon will not be able to connect anywhere
<webactivex> alright, do you have something I can search on to read up on this? or some sort of command?
<guntbert> webactivex: why must you run your own mail server? they are normally run by professionals who hopefully know what they are doing (open mail relays are responsible for propagating spam)
<kthomas> installed 10.10,  every time I hit 'd' in a window,  the window minimized.  (gnome-desktop)
<webactivex> *sigh*\
<webactivex> guntbert: I wouldn't have bought a book on postfix if I wasn't expecting to do it myself
<guntbert> webactivex: yes, yes, we all started there - with a mail server behind a firewall, with room to play and make errors (and no spam at all) - so what is the actual goal in running your own smtp server?
<webactivex> to send mail through me@mydomain.com
<webactivex> and like I said, I can recieve just fine... I cannot send
<webactivex> I am a programmer by trade dude, so I am no fool... I just need the correct documentation.
<guntbert> sorry, that doesn't make any sense - you said "production system" (or so) - what is the reason your company has decided to do it that way?
<guntbert> and don't "dude" me please
<webactivex> its a vps where a bunch of stuff is running
<webactivex> pretty much the story
<guntbert> webactivex: so no real reason at all -  why do you need your own mail server? you still didn't answer that question
<webactivex> me@mydomain.com.. I told u
<guntbert> ok, you wanna be cagey - fine with me, bedtime anyway here - have a nice time (and please heed my warnings about open mail relays)
<webactivex> I am not being cagey, its just that I have already settled on what I want to do.. so may I ask you why you would question my reasoning for wanting me@mydomain.com.. something that almost every company n existance has.. Do you not feel that is a bit presumptuousÂ  to assume I would also not want such a thing. If the answer is obvious, why ask the question.
<webactivex> to steer me away from a direction that I have already bought a book for seems I dunno...
<webactivex> I am looking for ways of figuring out my problem.. not hearing what I do not know and what could go wrong
<webactivex> I am sorry if how I say it is offensive, but that is the fact of the matter, plain and simple
<webactivex> Thank you though for letting me know what could go wrong, but thus far nothing has been provided to help me in the senario which I have specifically asked about
<alan23424> can you connect with thunderbird and pull down your existing mail?
<webactivex> alan23424: yes
<alan23424> And you want to use your server as an outbound relay?
<webactivex> right now I am using gmail.com as a outbound relay
<webactivex> since it is setup through there
<webactivex> I would like to change that over to SMTP
<alan23424> alright
<alan23424> but why not config your mail agent just to send relay ourbound through your isp upstream smtp server
<webactivex> would it work on a vps
<alan23424> if your hosting company provide a mail relay. mine does
<webactivex> When you send mail asÂ julieprokes28@designsweetener.com, the mail can either be sent through Gmail or through designsweetener.com SMTP servers.
<webactivex> that is the message that I am getting
<alan23424> but normally if i am connecting to my server from home, my client would just use smtp.$isp.co.uk for outbound mails
<alan23424> why is it so important to relay outbound back through the server
<alan23424> if you log in and send a mail from the command line, does that work and send out?
<webactivex> so when the config is setup to run gmail SMTP, the
<webactivex> Sender:Â dsjulieprokes@gmail.com I do not want that.. I want Sender: julie@designsweetener.com
<webactivex> that is my primary reason for this
<alan23424> got it
<webactivex> gmail just happens to be my mail client
<webactivex> like thunderbird
<webactivex> if you can make that happen, then that is all I care about
<alan23424> from where you are sending the email, ie in the office or at home, use outbound smtp server that your isp provides, not gmail.
<alan23424> and dont worry about relaying back through your mail server
<alan23424> it will work
<webactivex> I am fine with using someone elses SMTP server
<webactivex> I would like to run my own really
<webactivex> because it is something I would like to know
<webactivex> but right now we cannot send email in the right format... and that is a problem.. which is the reason for my slight tude
<alan23424> for instance I use thunderbird connecting to my server 07x.org to log into and get mail, and I send outbound with thunderbird through smtp.myisp.co.uk. emails look like they came from me@07x.org
<alan23424> just dont use gmailk
<alan23424> in your office your isp will have smtp settings and they will allow you to send from whatever address you want
<alan23424> gmail wont
<webactivex> gmail can do SMTP, lol.. I just need to have it route somewhere!
<webactivex> lol
<webactivex> you can do custom smtp on gmail
<alan23424> if you want gmail headers on your emails
<webactivex> gmail only puts those headers on, because they are routing it through their servers.. I would expect that would not be the case if I was simply pushing it off to another SMTP server
<webactivex> let me look at my VPS quick
<webactivex> I use swvps
<alan23424> then route it through your isp upstream smtp. it doesn't go through your vps, and don't route through gmail simples
<alan23424> i say this because your server is not on same site as you
<alan23424> if it was i would say use that as outbound
<webactivex> you are talking like comcast?>
<alan23424> smtp.comcast.net
<alan23424> and yeah
<webactivex> alright... so how does this make the sender change to Sender: julie@designsweetener.com
<webactivex> lets say I use smtp.comcast.net
<alan23424> "for instance I use thunderbird connecting to my server 07x.org to log into and get mail, and I send outbound with thunderbird through smtp.myisp.co.uk. emails look like they came from me@07x.org"
<alan23424> just try it
<webactivex> ok
<webactivex> thanks, I will
<alan23424> whatever email address is in the 'email address' field in Account Settings in thunderbird, that's the address that stuff will look like in came from
<alan23424> quick and easy
<Delerium_> Hi guys, is there anyone who can test my website if available from the outside world (www.elezium.com)
<alan23424> it is
<Delerium_> alan23424, Thanks very much .. that's 2 wire modem/route is a pain in the ...
<alan23424> lol
<alan23424> the one my isp sent me ended up in the bin
<Delerium_> alan23424, I surely will ... I plug in an old DSL modem and use my time capsule as my router / port forwarding
<uvirtbot> New bug: #769649 in samba (main) "package smbclient 2:3.4.7~dfsg-1ubuntu3.6 failed to install/upgrade: ile tar rovinato - l'archivio del pacchetto Ã¨ danneggiato" [Undecided,New] https://launchpad.net/bugs/769649
<alan23424> same
<Delerium_> alan23424, that dumb 2wire didnd't see my VM guest, and I could not specify any IP.. .crap
<alan23424> i use an ancient netgear one, just becuase static dhcp and dmz is so easy
<Delerium_> yep, old speedstream here... so far so good .. I did a speed test and it's all good .. Thanks for the test alan23424
#ubuntu-server 2011-04-24
<david234_> any one here use checkinstall ?
<david234_> I am install a .deb that calls the mkdir command, is there an easy way to make all the mkdir commands, "mkdir -p" commands ?
<thebigt> im having problems getting my install cd to boot. im useing a cd that i know is good, did my bios and unpluged the other cd rom .any thing else i can try?
<thebigt> anyone here
<MK``> Hi I was wondering if I could get some information: What packages does Ubuntu Server include compared to the Desktop edition? Is it just minus the games, office stuff, and GNOME?
<thebigt> i think there is some server specific pacages too but dont quote me
<thebigt> also i got it figured it out im just a idiot that tried to put a dvd into cdrom
<MK``> Haha I have a CD-ROM drive
<MK``> it's in my tower but it's not even plugged into the mobo
<MK``> anyway I looked up my question and found an FAQ on the site:
<MK``> *The first difference is in the CD contents. The "Server" CD avoids including what Ubuntu considers desktop packages (packages like X, Gnome or KDE), but does include server related packages (Apache2, Bind9 and so on). Using a Desktop CD with a minimal installation and installing, for example, apache2 from the network, one can obtain the exact same result that can be obtained by inserting the Server CD and installing apache2
<MK``>  from the CD-ROM. *The Ubuntu Server Edition installation process is slightly different from the Desktop Edition. Since by default Ubuntu Server doesn't have a GUI, the process is menu driven, very similar to the Alternate CD installation process. * Ubuntu server installs a server-optimized kernel by default.
<thebigt> i thougt about ripping mine out of the damn thing after i figured it out
<MK``> heh; so I guess the major difference is the kernel.
<thebigt> im not too sure i haven gotten too in to it yet im just getting 2nd server going
<MK``> Seems the kernel changes between generic and server are pretty tiny heh
<MK``> just small optimizations
<thebigt> it seem to run nice i stream music off a10+ year old computer no problem
<MK``> i/o scheduling type seems to be the biggest change
<MK``> server prioritizes read requests over write requests
<MK``> desktop treats them equally
<CrazyGir> hello! am I correct in believing ubuntu-server is missing common packages like man pages? (man-db)
<CrazyGir> while I have grub, I am also missing /etc/default/grub, which seems odd
<MK``> I can't help here :) sounds strange it'd be missing the manuals though
<pmatulis> CrazyGir: how (and what release) did you install?
<CrazyGir> this is a  10.10 kvm vm, installed with vm-builder, from the officil mirrors, including main and I believe universe.
<CrazyGir> MK``: I was able to iinstall them with apt, but yea.. I'm curious what else it is missing
<CrazyGir> as well as what may have been needed to have been done differently during install or somethin
<CrazyGir> pmatulis: ^
<pmatulis> CrazyGir: right, you used vmbuilder (jeos).  that will not give you a lot of packages (such as 'man')
<pmatulis> !jeos | CrazyGir
<ubottu> CrazyGir: JeOS (pronounced "Juice") is Just enough Operating System.  It is an efficient variant of the Ubuntu Server operating system, configured specifically for virtual appliances. See http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos for more information.
<CrazyGir> pmatulis: interesting, would this be due to my using the server release, where as one of my co-admins used the generic release?
<CrazyGir> pmatulis: unfortunately, that link just redirects you to a page with _far_ less informaiton
<CrazyGir> is there a way to get a specific list of what packages are missing?
<CrazyGir> and any insight into why grub doesn't have /etc/default/grub?
<DrkMachine> hello
<DrkMachine> I am having an issue with seeing my Samba shares over openvpn on ubuntu server 10.10.
<DrkMachine> wow another dead end.
<eichi> hello. how can I test, of my server reaches its dns server? ping does not work
<eichi> ping: sendmsg: Operation not permitted
<cortex_sk> eichi: dig
<cortex_sk> or traceroute?
<eichi> cortex_sk: ;; connection timed out; no servers could be reached
<cortex_sk> eichi: try dig google.com @8.8.8.8
<eichi> same :(
<eichi> think, its a firewall problem
<eichi> but dns is allowed input and output
<Liberty> is there any good reason for me to upgrade from 10.4 to 11.4 ?
<Liberty> hmmm....
<Liberty> hello
 * Liberty is trying to understand a good upgrade path fr his server
<Liberty> should I upgrade from 10.4 to 11.4?
<RoyK> Liberty: for servers, staying at LTS releases is usually the best, unless you need some new software in the newer versions
<RoyK> if you want to upgrade 10.04, that should be upgraded to either 10.10 or to the next LTS release, 12.04, when that arrives
<Liberty> kewl .. thats what I have been wondering ..   I dread the idea of reconguring.. and it seems servrs doesn't change so much between releases
<RoyK> Liberty: some things always change, but LTS releases are generally safe
<Liberty> yeah I am at 10.4 on the desktop, but I might regret not updating those till LTS, but the server works hate to mess with it
<RoyK> I generally keep servers untouched unless there's a good reason for upgrading
<RoyK> a new LTS release isn't necessarily a good reason alone
<kellnola> samba 4 would be a good reason to upgrade to 12.04 (if indeed it makes it in)
<kellnola> but unless there's something very pressing I would not upgrade a server until around EOL time
<nixoninnes> Hey. Im having some problems with my java vm, it keeps randomly crashing . I've tried both sun & openJDK, both behave the same
<nixoninnes> Hey everyone. Im having some problems with my Java VM (64bit).; it's very unstable, and keeps crashing.  I've tried both openJDK and sun, but both behave the same way. Im running an AMD core &  ATI drivers for mobo utilities. I've read that there are some problems with Java and some ATI drivers, however I thought this was only graphics related and my server doesnt use a GUI. Does anyone have any idea what could be causing the VM to implod
<nixoninnes> e?
<nixoninnes> Sorry, just to add to that; it's typically libjvm which is the "problematic frame"
<lenios_> is there something in the logs?
<lenios_> crash report or something
<nixoninnes> Yeah, i'll paste the head of it:
<nixoninnes> #
<nixoninnes> # A fatal error has been detected by the Java Runtime Environment:
<nixoninnes> #
<nixoninnes> #  SIGBUS (0x7) at pc=0x00007f0448cdcd65, pid=1748, tid=139656217216768
<nixoninnes> #
<nixoninnes> # JRE version: 6.0_24-b07
<nixoninnes> # Java VM: Java HotSpot(TM) 64-Bit Server VM (19.1-b02 mixed mode linux-amd64 compressed oops)
<nixoninnes> # Problematic frame:
<nixoninnes> # V  [libjvm.so+0x18cd65]
<nixoninnes> #
<nixoninnes> # If you would like to submit a bug report, please visit:
<nixoninnes> #   http://java.sun.com/webapps/bugreport/crash.jsp
<nixoninnes> the full paste is here http://pastebin.com/dQ7LzgLq
<guntbert> !pastebin | nixoninnes
<ubottu> nixoninnes: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<nixoninnes> Sorry; http://paste.ubuntu.com/598419/
<RoyK> 22:14 < nixoninnes> #   http://java.sun.com/webapps/bugreport/crash.jsp
<nixoninnes> Yeah, I've submitted a bug report; but was just checking with you guys whether you'd seen anything similar for a quicker fix
<anonissimus> I added a virtual host to apache but it does not seem to work, I followed https://help.ubuntu.com/10.10/serverguide/C/httpd.html but blog.domain.tld does not show even though it points to /var/www/blog
<anonissimus> if I check apache2ctl -S it reports it right
<RoyK> does it show up in `ps axf`?
<RoyK> I've seen apache turn zombie for some time after a reload
<RoyK> doesn't last long, though
<anonissimus> seems to be fine, though I don't know what that should return
<anonissimus> the main instance works
<anonissimus> domain.tld shows the main page
<anonissimus> RoyK: any other ideas?
<RoyK> sorry, no
<anonissimus> no probs, this has been a bitch so far, first followed the apache instructions, then followed the ubuntu instructions
<anonissimus> now lost with only the main domain working
<anonissimus> anyone around to help me with this apache virtual host issue?
#ubuntu-server 2012-04-16
<uvirtbot> New bug: #982704 in samba (main) "package samba-common-bin 2:3.6.3-2ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/982704
<ChmEarl> lsb-release for precise still says devel branch?
<uvirtbot> New bug: #982739 in ubuntu (main) "package winbind 2:3.6.3-2ubuntu2 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/982739
<ruben23> guys i have an directory with files agc now some updated came to some files on another server ubuntu..how do i copy only the updated one on teh same folder..? just add the update not copy whole again
<ruben23> same direcotry name agc but the pther one si more updated
<twb> ruben23: I didn't understand your question.
<twb> ruben23: but I guess you want rsync, or something else that uses the rsync algorithm (e.g. unison).
<uvirtbot> New bug: #982787 in glance "glance-registry start report error" [Undecided,Invalid] https://launchpad.net/bugs/982787
<lynxman> morning o/
<koolhead17> hi lynxman
<lynxman> koolhead17: hello!
<koolhead17> lynxman, how are things? are u attending ODS
<lynxman> koolhead17: won't be at ODS this time :)
<koolhead17> lynxman, always next time. :) But you will be at UDS siir!!
<uvirtbot> New bug: #982917 in postfix (main) "package postfix 2.9.1-2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 75" [Undecided,New] https://launchpad.net/bugs/982917
<uvirtbot> New bug: #982984 in unixodbc (main) "package unixodbc 2.2.14p2-5ubuntu3 failed to install/upgrade: ErrorMessage: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/982984
<Atlantic777> Hey, any problems with installing ubuntu server from flash prepared with unetbootin?
<Atlantic777> I always get error msg that there's no a valid ubuntu cd-rom.
<PedroGomes> Hi, did anyone here tried to install 2 different versions of Ubuntu in the same disc trough PXE/preseed?
<PedroGomes> I'm tired of searching/trying preseed templates with no success
<hallyn> stgraber: now, bc lxc is seeded it's subject to final freeze right?  we have to wait for q for patches even though it's in universe?
<stgraber> hallyn: it's affected by final freeze yes, doesn't meant we won't let it in though. If we (as in ubuntu-release / edubuntu-dev) consider the changes as being low-risk and useful to have in the released media, your package may well be accepted
<hallyn> stgraber: hm, ok.  the ubuntu-cloud change seems worth trying.
<WuxiIxuw> Hello
<WuxiIxuw> Please I'd like to know how exactly to secure the VPS using ubuntu 10.04 LTS
<WuxiIxuw> please where can I find a guide in the website
<WuxiIxuw> it is a vps server
<hallyn> hm, redefining a defined domain with 'virsh define' doesn't raise an error.  did it use to?
<hallyn> and now it does.  maybe it's in my head
<hallyn> oh, I think it acts differently if you specify a uuid
<barduck> does anyone have any pointers about moving a software RAID array + LVM to a new Ubuntu install (OS on separate disk) ?
<konradb> hi is it possible to restore /usr/share/locale? :x
<henkjan> bah, missing iso-8859-1 locales on new server installs :(
 * ogra_ doesnt think ubuntu ever used iso-8859-1
<henkjan> but they could be generated
<ogra_> sure, just generate them with locale-gen
<henkjan> http://manpages.ubuntu.com/manpages/intrepid/man3/setlocale.3.html
<henkjan> Linux  (that  is, glibc) supports the portable locales "C" and "POSIX". In the good old days there used to be support for the European  Latin-1 "ISO-8859-1"  locale  (e.g.,  in  libc-4.5.21 and libc-4.6.27), and the Russian  "KOI-8"  (more   precisely,   "koi-8r")   locale   (e.g.,   in libc-4.6.27),     so    that    having    an    environment    variable
<henkjan>  LC_CTYPE=IS-8859-1  sufficed  to  make  ispIrint(3)  return  the  right answer.   These  days non-English speaking Europeans have to work a bit harder, and must install actual locale files.
<ogra_> no
<ogra_> locale-gen de_DE.iso-8859-1
<ogra_> that will generate german locales
<ogra_> with the awful iso set
<ogra_> any reason to live in teh past and not use utf-8 ?
<henkjan> customer scripts interfacing with an oracle-db
<henkjan> and data in that locale
<ogra_> and oracle is 20 years behind still ?
<ogra_> oh my
<henkjan> history data i suppose
<hallyn> lifeless: hey, just curious, were you just playing with lxc-execute, or do you plan to use it?
<hallyn> because lxc-execute doesn't quite do what i think most ppl think it does, and it's fragile, so i like to advise against it when i can :)
<hallyn> ust yours
<hallyn> (prepend j, append to a sentence i pasted in another chan :)
<desperado> hey
<desperado> is anybody available to give some help
<desperado> ?
<desperado> I`m trying to setup a new ubuntu server which my run a virtualized windowsXP
<desperado> using KVM with LVM
<desperado> but I got some issues on windows installer
<desperado> also, is there a good idea to virtualize another ubuntu with services (LAMP/ samba)?
<lifeless> hallyn: I have/had a crazy idea about distributed builds that needs to run stuff on an isolated fs but can share most everything else
<jcastro> robbiew: can you accept this bp: https://blueprints.launchpad.net/ubuntu/+spec/ubuntu-servercloud-q-mysql-utilities
<jcastro> I'd like to get all the mysql content on the schedule asap and not moving around
<robbiew> jcastro: I could...but arosales should ;)
<jcastro> robbiew: oh, I see
<jcastro> arosales: ^^^
<robbiew> jcastro: unless he doesn't have the power to
<robbiew> (and he should)
<jcastro> he should
<robbiew> arosales: to accept, click on the link under "Sprints" next to uds-q
<robbiew> jcastro: screw it...I'll do it
<jcastro> I can wait!
<robbiew> jcastro: meh...done
<jcastro> heh
<robbiew> jcastro: I need to properly walk arosales through the blueprint stuff anyway...but that can wait next week
 * jcastro nods.
 * robbiew is hell bent on dumping that joy on arosales and Daviey ;)
<jcastro> we just need to doublecheck that all MySQL important things are on Tuesday
<jcastro> that's like the magic day everyone will be there
<robbiew> that's also the Ubuntu Cloud day...ugh
 * robbiew is glad he leaves Tuesday night
 * desperado is desperated
<desperado> jcastro robbiew do any of you know something about virtualization on ubuntu server?
<jcastro> I know we have it
<desperado> yeah, but I got some issues and doubts =/
<resno> can anyone recommend some monitoring tools?
<jcastro> desperado: a good portion of the team is travelling, and everyone will be gone to UDS soon so you might want to punt to the mailing list.
<patdk-wk> resno, mirroring what?
<resno> i want to keep an eye on the servers cpu and stuff
<patdk-wk> oh, monitoring, heh, read fail :)
<resno> monitorx was one i heard about... maybe monit and munin
<resno> patdk-wk: :-)
<robbiew> desperado: hallyn is your man ;)
<resno> patdk-wk: i mispelled first
<desperado> alright
<patdk-wk> I personally use munin
<robbiew> desperado: smoser is good too, but he's in and out b/c he's at OpenStack Dev Summit
<resno> patdk-wk: i just found it worked the cpu a bit more then i liked
<robbiew> desperado: oh, and kirkland...but he's got his hands full with a baby :)
<patdk-wk> resno, than configure it differently :)
<resno> heh
<patdk-wk> I'm monitoring 20-50 items per server, and 50 servers
<patdk-wk> not even using 10% cpu
<resno> patdk-wk: ive got limited cpu power...
<patdk-wk> if you have limited cpu, you can't monitor
<desperado> robbiew: my boss asked me to set up a ubuntu server and virtualize a windows XP within it
<patdk-wk> if it's a single server only your monitoring, use sar?
<desperado> this ubuntu server should run LAMP and SMB
<patdk-wk> still find it funny if your munin install is using >100mhz cpu
<resno> sar?
<desperado> is it a good idea to virtualize another ubuntu server to run these services?
<robbiew> https://help.ubuntu.com/community/WindowsXPUnderQemuHowTo
<resno> patdk-wk: no, its not that limited... but there are times were it gets under load and theres a wait
<desperado> I`m running oneiric ocelot
<robbiew> jcastro: will probably kill me for not having an askubuntu.com link
<jcastro> :)
<robbiew> desperado: it all depends on the configuration and capacity of the server, tbh
<desperado> it`s a i5-2400 with 16gb ddr3 and 2x 2tb
<desperado> raid1
<desperado> a nice machine
<hallyn> desperado: from what i see looking at the backlog, i don't see any problems, 'Just do it'
<robbiew> yep
<robbiew> what hallyn says
<desperado> I just tried installing windows xp through vnc this morning
<hallyn> desperado: and see https://help.ubuntu.com/11.10/serverguide/C/virtualization.html
<desperado> but it came up with a setup error I never saw before
<desperado> I found several tutorials on how doing it
<desperado> but none seemed to work properly
<desperado> (or maybe it`s just me being too dumb to follow some setps)
<hallyn> desperado: fwiw I don't use windows anywhere for anything, but ocne in awhile I do install it just to test, and haven't had trouble.
<hallyn> desperado: please do open a bug, that's probalby the best way to get the info needed to figure it out
<desperado> I made a windows sp2 bootable iso
<hallyn> uh, hm :)  maybe ahs3 can help you :)
<hallyn> he does funky stuff with windows like that sometimes :)
<desperado> it started the vm, booted up and installed windows via dos. when it rebooted to config, an error dialog showed up
<hallyn> desperado: and if you open a bug, you can paste a screenshot/picture of the error dialog :)
<desperado> first I had trouble connecting to it through vnc to set up windows installer
<desperado> then i installed kde and connected to it locally
<hallyn> ok, so the server is remote and doesn't have x?  (i.e. you couldn't do it logged in locally over SDL)?
<ahs3> desperado: yeah, a bug would be good -- i install a couple of versions of Windows via virt-manager all the time.  the only bugs i find that way are in Windows
<desperado> yeah, it`s a ubuntu server text-only
<hallyn> desperado: do you know how to file a bug?
<desperado> nope
<desperado> i think the response time will be too high for me
<desperado> It is supposed to be already done
<ahs3> which windows are you installing?  win7?  win2008r2?
<desperado> I`m struggling with it since friday
<desperado> winXP
 * arosales reading backscroll for mysql server blueprint util
<desperado> is there any way to give you access to connect and check it?
<ahs3> hrm.  haven't tried that one in a long time.  who produces the error?  windows?
<desperado> yea, windows show up an error dialog
<desperado> sorry, I didn`t take note
<desperado> :/
<arosales> robbiew: thanks for approving the MySQL util blueprint
<desperado> but it`s a weird error, I never saw it
<ahs3> ah, okay.  was it a message about it not shutting down correctly?  so it has to come back up in safe mode?
<hallyn> desperado: did you delete it?  can you just restart it and see if you get the error again?
<desperado> oh... I already started a fresh ubuntu install
<desperado> X/
<desperado> starting over again
<desperado> since friday I installed several packages
<desperado> and I decided to fresh install it rather than cleaning up
<desperado> since nothing was done yet
<ahs3> there are some cases in other versions of Windows where Windows itself crashes (good ol' BSOD) on shutdown so you get errors on start-up.
<arosales> jcastro: any other actions needed for the MySQL blueprints?
<ahs3> but, i've only seen those happen with the paravirtual drivers, not win-native drivers
<desperado> ahs3: that was not the case, it installed successfully and rebooted normally
<jcastro> arosales: I think just doublechecking them on the schedule next week or so should work?
<desperado> then, during configuration process it showed up an error dialog
<ahs3> desperado: k.  so something entirely different.  good; that rules out that path
<jcastro> arosales: the Oracle folks are new to UDS, maybe doublechecking they understand when the sessions are as a precaution?
<desperado> ahs3: I`ll start it all over again right now
<desperado> which tutorial should I follow?
<arosales> jcastro: will it be showing up here: http://summit.ubuntu.com/uds-q/track/cloudserver/
<desperado> I`ll do it using KVM and LVM
<arosales> shortly?
<desperado> ahs3:
<jcastro> arosales: the scheduler can be dumb sometimes, I check each day individually: http://summit.ubuntu.com/uds-q/2012-05-08/
<arosales> jcastro: ah ok. I'll follow up with the Oracle folks to confirm they are aware of the time slots.  Thanks for the help on the scheduling.
<hallyn> Daviey: roaxsoax: re bug 981728, does orchestra auto-install dnsmasq?
<uvirtbot> Launchpad bug 981728 in libvirt "internal error Network 'default' is not active" [Medium,Confirmed] https://launchpad.net/bugs/981728
<wlan2> ohaio minna~
<wlan2> I did something very unuseful...
<wlan2> I installed webmin
<wlan2> Webmin broke something at my apache configuration but I do not know what
<wlan2> what can I do?
<patdk-wk> don't use webmin?
<wlan2> Yes, but I need a way to repair what webmin did
<wlan2> even if webmin is uninstalled, apache2 configuration will continue broken
<wlan2> I had it configured with virtual servers
<wlan2> But wembin did something ugly causing all requests going to default and default-ssl
<guntbert> wlan2: if I remember correctly webmin keeps rather good logs about what it does, try to find them
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<guntbert> RoyK: yes, we know that - he tries to recover from webminitis :-)
<RoyK> best way is to restore from backup ...
<RoyK> less hassle
<RoyK> and I guess best answer to that is "what backup?"
<wlan2> Last backup dates from 2011
<wlan2> Well
<wlan2> Itv seems I'ts gonna be
<RoyK> why oh why don't we have more developers focusing on btrfs?
<resno> i use samba for streaming and it recently keeps causing issues with the cline
<wlan2> An awful lot of nano to do
 * RoyK is extremely happy with snapshots in zfs
<resno> not you aagain :) RoyK
<RoyK> oh yeah ;)
<halvors> Hi
<koolhead17> hi
<halvors> I'm currently running ubuntu server with webmin.
<halvors> I think that's not recommended.
<halvors> So is there any simular solutions for hosting simple domains?
<halvors> And using virtualmin too.
<guntbert> !webmin | halvors
<ubottu> halvors: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<halvors> guntbert: I know.
<halvors> guntbert: I was asking that it's something similar with support for ubuntu i may use instead?
<guntbert> halvors: sorry, I didn't *really* read your question
<halvors> guntbert: Ok ;)
<wlan2> Â¿openpanel?
<guntbert> halvors: some will tell you about ebox - I tried it once and dropped it almost immediately
<resno> is nfs faster then samba for streaming video, etc?
<wlan2> resno, if you really want streaming, why not http?
<resno> wlan2: streaming to a client... xbmc
<halvors> Anything that actually is in ubuntu ppa?
<wlan2> can someone remember me how to purge the configuration and set it to default?
<locuse> hi.  i need to deploy -- well actually, rebuild -- a xen server. i've been on opensuse, but can no longer deal with the lack of support.  sooooo,  seriously considering ubuntu-server.  iiuc, precise will (?) ship with xen-tools 4.2.1, which led me to suspect/hope xen itself will be v 4.2.1.  but, poking around on packages.ubuntu.com, i'm finding only xen 4.1.x listed for precise.
<locuse> can anyone clarify what version of xen will actually 'officially' ship with precise?
<hallyn> locuse: zul or smb most likely can answer that
<locuse> hallyn: thx.  as they've been pinged now,  i'll wait a bit ...
<hallyn> locuse: unfortunately zul is at openstack summit, so it might take a bit for him to see it, but yup
<adac> how to install sun-java6-jdk in 10.04 LTS ?
<Patrickdk> adac: http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jdk-6u30-oth-JPR
<adac> Patrickdk, they do not even have a .deb
<adac> :(
<Patrickdk> they have a .bin :)
<Patrickdk> adac, ask oracle to not buy sun? several years ago
<adac> Oracle is evil
<Nafallo> but they make good hats.
<Nafallo> oh. no. that wasn't them, was it...
<adac> they even support CISPA
<adac> Nafallo, hehe
<uvirtbot> New bug: #974938 in libnss-ldap (main) "Process "gsettings" prevents logging in" [Low,New] https://launchpad.net/bugs/974938
<robbiew> SpamapS: I'm thinking we might need a btrfs session for 12.10, in regards to our desire to use/push ceph more...thoughts?
<jamiemill> Hi. Having trouble with a monit setup. When I try to terminate my processes, they are stuck in a 'stop pending' state. Here is config - any idea why? https://gist.github.com/b9fc0d12986eeed18a87
<SpamapS> robbiew: So, I think we should have a btrfs session and gather everybody interested to talk about it. Seems like it is mostly kernel team's domain, but we want to be consumers..
<SpamapS> robbiew: It should be worth noting that CEPH works fine on XFS, and Sage seemed to suggest that in the 12.04 kernel, it would be better to use XFS than BTRFS
<robbiew> SpamapS: I'd say foundations
<SpamapS> robbiew: I suppose.. filesystems are always tricky in that regard. :)
<robbiew> ;)
<robbiew> SpamapS: do we support XFS on ubuntu?
<hallyn> robbiew: fwiw i until a few weeks ago i used xfs exclusively on my laptop, worked great.  (ext4 failed me in lucid..natty)
<SpamapS> robbiew: I believe we do yes
<robbiew> okay
<robbiew> doesn't matter for 12.10 though, right?
<robbiew> I mean, the ceph folks preach btrfs all the time, no?
<locuse> if i deploy a 'prerelease' precise-server install now, will it have access to precise repos now, and (eventually) migrate smoothly to the full version?
<locuse> asking as, iiuc, 12LTS release is 'soon'.  or, it it recommended to deploy a full release now (11.10, or 10LTS) and do a version upgrade at 12LTS release?
<Nafallo> locuse: I'd do the latest daily...
<Nafallo> locuse: it will say it's a development system for a week or two still, but who cares...
<locuse> Nafallo: so the 12-prelease route ... are all the 12 repos accessible?  in opensuse-land, that's not always the case for a prerelease ...
<Nafallo> locuse: AFAIK, yes
<Nafallo> locuse: (I've already upgraded half of my servers)
<Nafallo> that said, I'm not completely sure which repos you're speaking of.
<locuse> Nafallo: great, thx!  well, good question -- just talking about access to any upgrades on the path to full release.  again, in *suse, it's been -- if you install the prerelease, it's from .iso only, and the path to next prelease is, again, .iso only.
<locuse> oh, and does the ubuntu-server installer support mdadm-RAID (0,1,10) creation from within the graphical installer?  or do i need to drop to a shell somehow?
<Nafallo> tui installer, but yes. it does.
<locuse> Nafallo: great, thx.  help's appreciated.
<jkyle> locuse: are you doing hands off installs? e.g. pxe boots and such?
<roasted> HELLO
<roasted> Got a server here running DHCP with 2 NICs for LTSP usage, but 1 NIC fails to hand out DHCP while the other NIC works great.
<roasted> etc default dhcp3-server has eth0 and eth1 listed so both should be fine.
<roasted> the scope for both are identical with the exception of the 3rd octet (10.52.17.1 vs 10.52.18.1)
<roasted> any idea why dhcp could work on one NIC but not the other? I'm downright baffled.
<locuse> jkyle: no, not as yet.
<locuse> jkyle: atm, migrating a xen host from opensuse -> ubuntu-server, with raid boot, root& data arrays.  trying to 1st recover hosed arrays, and 2nd migrate as much server config as is possible.
<locuse> very hands on ...
<jkyle> locuse: ah, we use post-flight scripts on automated installs for advanced partitioning. . . much easier than mucking with teh debian-installer
<locuse> jkyle: sure.  did the same in suse-land.  xen guests are, of course, trivial.  the smoke-pouring-from-the-server complicated my life a bit ..
<jkyle> partman is like some kind of black magic if you're dealing with more than one disk or raids
<locuse> jkyle: generally i prefer to get to the shell -- cfdisk/sfdisk & mdadm go a long way ... though i'd be much happier if btrfs were production ready.
<locuse> even opensuse's graphical installer -- which is generally quite nice -- is a waste-of-bits when it comes to advanced raid config
#ubuntu-server 2012-04-17
<jkyle> my preseed late_command is throwing this error on a package install
<jkyle> (Can't locate Debconf/FrontEnd/Newt.pm
<jkyle> The same script can be run either in the Installer shell on an alternate virtual console or in userland without error
<tnachen> hi all, I wonder how do you look for bugs to be SRUed?
<tnachen> on launchpad
<Gallomimia> scuse me how do i get php installed on ubuntu server? not using it with apache
<Bluemalkin> hi - does anyone have some tips on using rsyslog/relp for custom logs?
<Gallomimia> oh. apt-get install php5
<Gallomimia> the number tripped me up
<hallyn> Ursinha: (see tnachen's question) do you know of a good query for finding fix released bugs (say in libvirt) which are still open for older releases?
<Ursinha> hallyn, well, let me think a bit
<Ursinha> (where think means open ipython and poke launchpad :))
<hallyn> Ursinha: thanks :)  (no hurry, I'm pretty sure)
<Ursinha> hallyn, :)
<rainmakr> \quit
<Paladine> can full disk encryption be applied to a running server or does it have to be done during disk setup/partioning?
<SpamapS> Paladine: if you have spare space, you can use LVM to migrate to full disk encryption.. but its non-trivial.
<SpamapS> Paladine: probably simpler to do a full backup, reinstall w/ full disk encryption, then restore.
<Paladine> yeah that was my thoughts, I think i will wait til next LTS when I do a hardware upgrade
<Paladine> given this is a production server
<Paladine> it is more a "nice to have" feature atm than an essential one
<SpamapS> next LTS .. meaning... next week? ;)
<Paladine> is it next week?
<SpamapS> aye
<SpamapS> 'tis
<Paladine> well i won't be installing it next week hehe
<SpamapS> yeah wait for .1
<SpamapS> :)
<Paladine> will have to wait until June
<SpamapS> Though, give it a test run on release day, and report some bugs, so June will go more smoothly :)
<Paladine> I would if I had the time, that is why it will have to wait until June
<Paladine> 10.4 has been good to me so far
<Paladine> it can wait a couple more months
<Paladine> thanks for the advice though, much appreciated, I know it is late
<Karmen> Does a Intel SE7501BR2 Dual CPU Socket 604 Motherboard Server Board work with Ubuntu Server?
<Karmen> It is an olderboard I just purchased.
<lynxman> morning o/
<azertyu> hi
<azertyu> there
<azertyu> anyone ?
<azertyu> i get block on ubuntu grub menu
<azertyu> what i have tod o ?
<uvirtbot> New bug: #983816 in multipath-tools (main) "package kpartx 0.4.9-3ubuntu5 failed to install/upgrade: ErrorMessage: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/983816
<cornfeed> hello & good morning... I am having some troubles re-installing samba 4... would someone mind taking a look?  http://dpaste.org/gPuVo/
<uvirtbot> New bug: #983907 in postfix (main) "package postfix 2.9.1-4 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 75" [Undecided,New] https://launchpad.net/bugs/983907
<Atlantic777> I have a init script in /etc/init/ for redmine and I can use it as "service redmine start" but how to add it to startup with update-rc.d? update-rc.d looks in /etc/init.d/ and there is different kind of scripts.
<uvirtbot> New bug: #983918 in samba (main) "smbd crashed with SIGABRT in push_ucs2_talloc()" [Undecided,New] https://launchpad.net/bugs/983918
<pythonirc101> after a few hours (or days sometimes), my ubuntu box changes the file system to read only. Can anyone please help. I tried doing touch /forcechk ; reboot...but it still does the same thing over time.
<pythonirc101> pangolin: any ideas?
<rbasak> pythonirc101: sounds like a corrupt filesystem, or faulty hardware causing a corrupt filesystem. You should be able to check the cause by examining the bottom of "dmesg" output. If this is the case then I'd boot a recovery image and do a full fsck by hand.
<claude2_> anyone know if theres a fix/workaround for this? https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/789174
<uvirtbot> Launchpad bug 789174 in rsyslog "rsyslog fails to create tcp socket." [Undecided,Confirmed]
<Kiall> Anyone familiar with ebtables? Wanting to block certain ARP packets from passing out one side of a bridge, I believe ebtables can do this?
<gary_poster> hallyn, hi.  we are running with lxc 0.7.5-3ubuntu52 on ec2, which should have the fix for bug 974584 AFAIK (from 0.7.5-3ubuntu51).  We're making lucid containers on precise.  We still see the semaphore problem until we manually make the change you described in https://bugs.launchpad.net/launchpad/+bug/974584/comments/6 .  Is this unexpected/buggy, or according to plan?  (If we have to add the manual change from now
<gary_poster>  on, that's ok, but I'd like to verify that this is the intent.)
<uvirtbot> Launchpad bug 974584 in sysvinit "Semaphores cannot be created in lxc container" [Undecided,Confirmed] https://launchpad.net/bugs/974584
<uvirtbot> Launchpad bug 974584 in sysvinit "Semaphores cannot be created in lxc container" [Undecided,Confirmed]
<hallyn> gary_poster: it's expected
<hallyn> gary_poster: in lucid it'll have to be fixed with lxcguest
<gary_poster> hallyn, oh ok cool
<hallyn> gary_poster: since lxcguest isn't in the archive there, I just need to fix it in the version in ppa:ubuntu-virt/ppa, but haven't had time
<hallyn> oneiric will require sru
<gary_poster> ack, thanks hallyn
<hallyn> gary_poster: if it's urgent, please yell at me and I'll fix the lucid one
<gary_poster> hallyn, we'll add our own automation for the workaround, it's ok
<hallyn> gary_poster: I don't see a knob to mark that bug as affecting lxc in lucid and oneiric
<hallyn> gary_poster: cool, thanks
<hallyn> jamespage: btw, i now do have a complete pyunit based lxc testsuite.  pls lemme know when you have a minute to show me what i should do with xunit so i can hand it to you :)
<jamespage> hallyn, sure - can we do that next week?  ODS'ing ATM
<hallyn> jamespage: that'd be great, thanks
<koolhead17> hallyn, hey there
<hallyn> koolhead17: hey
<koolhead17> hallyn, are we having libvirt the 0.9-11-rc2 with precise?
<hallyn> no
<hallyn> we'll merge with debian in a few weeks, soon as q opens.  but p is frozen
<hallyn> the version in the archive now is, as far as i'm concerned, final
<koolhead17> 0.8.3 is still buggy
<hallyn> 0.8.3?
<koolhead17> am asking the guy to join us
<koolhead17> and tell u issiue he had
<koolhead17> gimme a sex
<koolhead17> sec
<koolhead17> lool
<hallyn> we're on 0.9.8-2ubuntu17
<koolhead17> ooh cool then. should not be an issue
<hallyn> if there is an urgent bug, pls open a critical bug :)  certainly there are issues (some still upstream and definately in 0.9.11)
<koolhead17> yes. thanks :)
<hallyn> my kingdom for someone with the time and inclination to fix up the races with qemu hooks
<koolhead17> hmm.
 * koolhead17 wants to use openstack with lxc on precise
<hallyn> pretty sure zul has made sure openstack+lxc on precise rocks
<koolhead17> cool
<Razique> Hello :)
<koolhead17> hallyn, Razique is our friend here
<koolhead17> :P
<Razique> hello hallyn :)
<hallyn> Razique: hi.  I"m afraid I'm running around like a headless chicken, but I'll respond as I can (just will seem unpersonable some of the time).  what's up?
<Razique> I'm fine thanks :)
<miceiken> is there any tool i can run to verify that my drives are intact?
<patdk-wk> miceiken, fsck?
<resno> RoyK: ping
<RoyK> resno: pong
<resno> RoyK: buying the sas board... you need other parts dont you?
<RoyK> what sas board?
<RoyK> how many ports/drives?
<RoyK> hotplug?
<resno> RoyK: the lsi 9211-8i
<RoyK> you'll need gaffer tape
<RoyK> just in case
<resno> do i only need the lsi 9211-8i controller card or another thing?
<RoyK> resno: given you have room for the drives, all I can think if, is a mini-SAS-to-4-sata-plugs-cable
<RoyK> preferably two of those
<resno> RoyK: ah, thats what i was missing. i only see 2 connectors on the card, so i wasnt sure how the connecting worked
<RoyK> :)
<resno> i knew it could do more... but its not magic
<resno> RoyK: can you recommend another sas card, thats "affordable" this for my own home useage
<RoyK> resno: AOC-SAT2-MV8 is a good board, but with good-old 32bit/33MHz PCI, it'll probably be too slow for large drives
<resno> RoyK: large drive being 2TB?
<RoyK> yes
<RoyK> LSI 3081 is a good board too
<RoyK> only 3Gbps (not 6 like the LSI 9xxx boards), but still, that's quite sufficient for spinning drives
<resno> RoyK: can i assume all lsi boards are good?
<RoyK> and seems you can get that for sub $100 on ebay
<RoyK> resno: AFAIK, yes, although on some platforms (solaris), the mpt driver used for the 3Gbps boards, sucks rather badly
<resno> i wont be gong solaris so, no wories there
<RoyK> I don't think there's a problem with the linux driver for those boards
<RoyK> and for <$100, it's dead cheap
<resno> yea. i agree
<resno> RoyK: i appreciate your continued help..
<resno> now to get a bigger case and more drives lol
 * RoyK is in a brilliant mood, just signed for a new job at hioa.no
<resno> that in norway?
<RoyK> most of .no is in norway ;)
<resno> ah, i didnt even think that... i saw oslo and guessed
<RoyK> hehe
<andol> RoyK: congrats
<RoyK> thanks :)
<ironm> hello. Please allow me one question. is it possible to install PVMs from local iso image (ubuntu-server) on XCP 1.5 host? The "Other install media" template is for HVM and works as expected however the network performance is quite low :(
<ironm> thank you in advance for any hints.
<dkn> is there an easy way to forward localhost mail using an outside smtp.example.com server? i don't need incoming capabilities, i'd just like my root and user emails to forward to my real email account
<mull> jamespage, do you still maintain a hudson / jenkins PPA somewhere ?  The ones I was able to find seem rather inactive.
 * mull now sees that that might be a stupid question
<hlan> I really really really need to upgrade the kernel... 3.0 keeps crashing on me
<hlan> I use BTRFS and other candy
<hallyn> http://iso.qa.ubuntu.com/qatracker/milestones/204/builds/15536/testcases    <-  server qa test cases, fwiw
<hallyn> (looking good so far)
<hlan> great
<hlan> are there some official precise prerelease EC2 AMI?
<hlan> I really need to upgrade ASAP to get a newer kernel
<hallyn> hlan: ubuntu-cloudimg-query precise
<hallyn> ami-b5ea34dc
<hallyn> should be the latest one
<hlan> great... our production is crashing once a day
<hallyn> yikes
<hallyn> same way every day?
<hlan> I'm on Oneiric now
<hallyn> oh
<hlan> I'm using lxc and btrfs so I guess one of them is causing it
<hlan> probably btrfs
<hallyn> yeah, btrfs promises so much, but...
 * RoyK mumbles something about ZFS
<hlan> and can't get any crash logs, EC2 really sucks for debugging kernel crashes... no output at all
<hlan> I switched from ZFS to BTRFS because ZFS on linux was horrible. ZFS crashed every day as well and finally had to switch because it crashed consistently on boot
<hlan> BTRFS is at least better because it's much simpler to work with subvolumes and it doesn't hog memory
<jcastro> matsubara: That Michael Hughes guy on the maas-devel list tested like 3 of the PPAs, he should be your new best friend!
<RoyK> hlan: zfs-fuse isn't good, but btrfs isn't ready and probably won't be in a year - or three?
<RoyK> hlan: zfs on solaris/fbsd is *very* stable
<hlan> RoyK: btrfs should not be that unstable... it was considered as the official file system by some distro
<RoyK> hlan: which distro?
<hlan> the main concern is the lack of diskcheck
<hlan> which exists now
<hlan> the main problem is that btrfs that is bundled with Oneiric is from like 2010...
<hlan> RoyK: don't remember
<RoyK> hlan: but which distro? or is that your average {{citation needed}} ?
<hlan> RoyK: "Fedora17 to seriously consider Btrfs as default file system"
<hlan> RoyK: I need linux for other reasons so solaris is not an option.
<matsubara> jcastro, will take a look. thanks for the pointer and for getting me lots of new BFF
<RoyK> hlan: so do I ... but I use solaris for storage
<hlan> IT might not even be btrfs causing the crash... wish I could get some damn error dumps :/
<hlan> EC2 FTL....
<RoyK> heh
<RoyK> I wonder when that fsck tool will appear
<RoyK> it's been at least three years since I read it was almost finished
<jcastro> matsubara: how has the testing been so far?
<jcastro> matsubara: this will continue to be tough, the kind of people we need to test maas probably won't be paying too much attention until 12.04.1
<matsubara> jcastro, we got some feedback. I still need to go through them and improve the docs. I've busy working on the Lexington lab
 * jcastro nods
<hlan> Is precise on the 3.3 kernel?
<Nafallo> no. 3.2.0
<hlan> Nafallo: what does this mean then? http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.3.2-precise/
<ogra_> it means what the url says :)
<ogra_> its a nightly mainline 3.3.2 build
<hlan> ogra_: of the kernel?
<hlan> why is it labeled "precise"? is it just for testing?
<jcastro> yes
<jcastro> so basically if you report a kernel bug they ask you to try it on those to see if it's still present in a newer upstream version.
<cjohnston> robbiew: ping
<robbiew> cjohnston: pong
<cjohnston> robbiew: For some reason (a decision above me) the decision was made ro rename Server & Cloud to Cloud & Server.. With that the track slug is now cloudserver...
<cjohnston> robbiew: BPs are being filed under servercloud, so not being imported correctly into Summit
<robbiew> uh...
<robbiew> WHO made that call?
<robbiew> cjohnston: who told you to change this?
<cjohnston> Bug #959212
<uvirtbot> Launchpad bug 959212 in uds-project "Amend Hardware track lead on UDS-Q schedule" [Undecided,Fix released] https://launchpad.net/bugs/959212
<robbiew> grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
<cjohnston> robbiew: would you like me to send out an email about the change or....?
<robbiew> no
<robbiew> cjohnston: do you have to change the slug?
<robbiew> is the title on the web page somehow connected to what gets pulled from LP?
<cjohnston> I could change it back to servercloud.... then it would just be backwards from the "name" of the track
<jamespage> mull: its in the archive for oneiric and precise - but you can get backports from ppa:hudson-ubuntu/backports
<robbiew> that's fine
<robbiew> I've already sent multiple emails out telling people to use servercloud-q-
<cjohnston> robbiew: the way it works is in the Summit admin, the track name and track slug are defined.. then when Summit imports from LP it checks the slugs against the name of the meeting (community-, servercloud-, etc) to assign a track
<robbiew> right
<cjohnston> ok... I will switch it back
<robbiew> thanks
<cjohnston> np
<cjohnston> sorry for the confusion.. :-/
<Blah1> any preseed experts in here?  For the life of me I can't get 'disable_dhcp boolean true'  to work.  No matter whether i pass it as kernel param or in the preseed file, it always tries to do dhcp and will only use the static ip *IF* the dhcp server lease fails.   If I have an existing dhcp service on the network, it will always try to grab that dhcp lease instead of using the static ip i've preseeded it for.   (ftr this is a
<Blah1>  local preseed file on the custom cd i created)
<robbiew> cjohnston: no worries....we've got too many cooks in the kitchen this time around
<cjohnston> yup..
<robbiew> cjohnston: thanks for letting me know...as apparently others didn't feel the need to
<cjohnston> trust me.. I agree.. I have Linaro cooks too
<cjohnston> :-)
<robbiew> "lucky" you
<cjohnston> heheh
<cjohnston> They are taking me to Connect in Hong Kong... I guess that's lucky
<SpamapS> anybody have experience getting rsyslog to log both remotely and locally?
<cjohnston> robbiew: done
<robbiew> cjohnston: thanks!
<cjohnston> np
<robbiew> SpamapS: run it twice :P
<Blah1> anyone else preseed expert?
<jsmith-argotec> I'm getting an error when trying to add a user using smbldap-useradd if I include a mail address...
<jsmith-argotec> without the mail address it works fine
<jsmith-argotec> this is the error: failed to add entry: objectClass: value #0 invalid per syntax at /usr/sbin/smbldap-useradd line 629, <DATA> line 466
<tyler_d> hello all, I am trying to mount an ssd (kingston), I can see it in dmesg(but only 1 line) hep me please
<iToast> hey
<iToast> i cant speak in ubuntu e-e
<iToast> Also.
<iToast> Can I cluster my ubuntu servers togeather with windows..
<iToast> I wan't to throw togeather a bunch of ubuntu machines in a cluster to assist in video rendering..
<jkyle> I'm not getting a boot menu with 11.04. where could I set the timeout to higher? or force a menu?
<Patrickdk> did you use the left shift key?
<Patrickdk> edit the timeouts in /etc/default/grub
<jkyle> cool, hidden_timeout was set. commented it
<Blah1> anyone else preseed expert?
<sako> hey guys how do i check what is set to startup at boot?
<sako> which of my services are set to startup*
<JanC> sako: if you have a recent Ubuntu system, that's somewhat difficult to predict, as services are supposed to start only when they are supposed to start...
<sako> ya
<hlan> anyone here familiar with crashes on amazon ec2? I never get any debug output when my instances stop responding... :/
#ubuntu-server 2012-04-18
<SpamapS> hlan: euca-get-console-output can be helpful
<SpamapS> hlan: or ec2-get-console-output if you prefer :)
<hlan> SpamapS: is this the same as "Get system log" in the ec2 gui?
<SpamapS> hlan: probably, I've never used the gui
<hlan> I just installed the daily precise ami I found here http://uec-images.ubuntu.com/precise/current/
<hlan> as I probably need to update the kernel ASAP.
<Laice> hey there
<hlan> I see some weird daemons running... "whoopsie"
<Laice> got an issue with 3 dedicateds when we set a keepalive on the ssh connection is constantly refused
<Laice> ending up in us having to reimage the servers Â¬.Â¬
<hlan> the biggest problem is that dnsmasq is running for some reason and it's preventing me from booting my DNS server
<hlan> how can I remove dnsmasq... apt-get tells me that dnsmasq isn't even installed??
<hlan> and I can't find anything in init.d
<blendedbychris> i had a do-package-upgrade going and i got disconnected from sshâ¦ can i resume the upgrade somehow (or the ssh session) ?
<blendedbychris> release-upgrade*
<Laice> i'm having problems with ssh aswell
<greppy> blendedbychris: I know it won't help this time, but you may want to look at using screen or tmux in the future...
<DiabolicalGamer> I'm attempting to setup a MaaS server on Ubuntu 12.04, but my nodes keep hanging at "init: cloud-init-nonet main process (256) killed by TERM signal"
<DiabolicalGamer> Can anyone help?
<bigjools> I can try
<DiabolicalGamer> Thanks :-)
<bigjools> having said that I am more familiar with the webapp side of things than cloud-init
<bigjools> smoser, any idea? ^
<DiabolicalGamer> hmm, if I could login to the nodes themselves or access their logs that would really help
<uvirtbot> New bug: #984499 in net-snmp (main) "snmpd fails to upgrade on do-release-upgrade -d from oneiric to precise" [Undecided,New] https://launchpad.net/bugs/984499
<hlan> after upgrading to precise htop shows weird Ã¢Ã¢ characters in the process list... weird
<hlan> perhaps some unicode support or something that messes with the layout?
<DiabolicalGamer> I think I may have found the problem...
<DiabolicalGamer> http://pastebin.com/JPw9F5FN
<DiabolicalGamer> My apache error log is full of these and they appear whenever the cloud-init-nonet runs
<DiabolicalGamer> any ideas?
<hlan> crap, just tested upgrading to ubuntu precise to fix my ec2 kernel crash, just had the exact same behavior :/
<hlan> so I just ruled out upgrading from 3.0 to 3.2
<hlan> and the system log is dead silent as usual...
<bigjools> DiabolicalGamer: ah I know
<bigjools> DiabolicalGamer: the clock is wrong on the node
<DiabolicalGamer> lol
<DiabolicalGamer> is that all?
<bigjools> well either the node or the maas server
<DiabolicalGamer> *facepalm*
<bigjools> yeah, it breaks OAuth if they are too different
<DiabolicalGamer> it must be the nodes then because I configured the system clock when I installed ubuntu on the cloud controller
<DiabolicalGamer> is there a way to force the nodes to run ntp-update?
<DiabolicalGamer> *ntpdate
<DiabolicalGamer> OMG it worked!
<DiabolicalGamer> Thanks bigjools
<bigjools> DiabolicalGamer: yay!
<bigjools> we know this is a bug, just need to work out a good way of fixing it
<DiabolicalGamer> That error should be much more noisy.
<DiabolicalGamer> like "Hey guy you forgot to set your clock!"
<DiabolicalGamer> lol
<bigjools> it should not be noisy at all, it should work
<DiabolicalGamer> I had to set my clock to a weird time to get it working
<bigjools> weird as in "eleventy past fiveses" ?
<DiabolicalGamer> I think it has to do with timezones or something
<DiabolicalGamer> I just did the math and changed it to what "should" work and it did
<Laice> *punches sshd_config in the face*
<blendedbychris> testing?
<blendedbychris> Hey all.. I just upgraded to ubuntu precise and my interfaces are not coming up for some reasonâ¦ any help?
<blendedbychris> They are still configured from my lucid install
<Laice> you updated to 12.04 beta?
<blendedbychris> yes
<Laice> what's in the interfaces file
<blendedbychris> eh crap uhm
<Laice> "/etc/network/interfaces
<Laice> ignore the "
<blendedbychris> gotta type this out really stupid pptp is all forwarded
<blendedbychris> auto eth0
<blendedbychris> iface eth0 inet static
<blendedbychris> pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full autoneg on
<Laice> use paste.ubuntu.com mate
<blendedbychris> address 10.16.26.135
<blendedbychris> can't :(
<Laice> :'(
<blendedbychris> I promise I would
<blendedbychris> I'd have to disconnect from my kvm
<blendedbychris> netmask 255.255.255.192
<Laice> is 10.16.26.135 an internal?
<blendedbychris> up route add -net 10.0.0.0/8 gw 10.16.26.129
<blendedbychris> yes
<blendedbychris> really just worred about that atm
<Laice> i can't see an external ip
<Laice> that why you can't connect?
<blendedbychris> i'm just worried about the internal atmâ¦ ifconfig has neither interface listed just lo
<Laice> hmm
<blendedbychris> maybe a driver issue?
<blendedbychris> or pre-up ?
<Laice> does iftop bring any interfaces up
<blendedbychris> oh yaâ¦ there's no such thing as /usr/sbin/ethtool
<Laice> was this a dist-upgrade from your provider or using one of their images?
<Laice> sorry brb one sec
<blendedbychris> well provider to precise
<blendedbychris> i'm going to comment out the pre-p crap
<blendedbychris> ya that fixes it
<blendedbychris> any idea if that's necessary?
<Laice> pass varies by provider
<Laice> tbh on the dist upgrade
<Laice> it should have asked you about changes to the interfaces file
<Laice> showing you what lines it wanted to add and which lines it wanted to remove.
<blendedbychris> well I'm sure there were no changes
<Laice> *sets up 4th dedicated server in 24 hours*
<Laice> well technically 7th if you include the 3 i bricked Â¬.Â¬
<blendedbychris> but /usr/sbin changed to /sbin
<Laice> on my fresh 11.10 installs i have one in both /sbin and /usr/sbin
<hlan> I don't have any "/proc/sys/fs/inode-max", why is that? :/
<Laice> nor do it
<Laice> i*
<Laice> 3 terminals open one on each desktop pasting the same line into every one.  Joy. lol.
<blendedbychris> is there an easy way to create an image of a server?
<Laice> clonezilla
<blendedbychris> Laice: does that work for ext4?
<blendedbychris> or a better question why would i use that vs dd
<blendedbychris> bleh
<Laice> pass
<blendedbychris> huh?
<Laice> i'm passing the question :P might say on clonezilla.org
<blendedbychris> i don't even know how to get started using clonezilla heh
<blendedbychris> especially in a hosted environment
<Laice> if all else should fail PUSH ALL OF THE BUTTONS.  something will happen eventually
<blendedbychris> he
<Laice> the faster you push the buttons the better the server admin you are :p
<Laice> plus it makes you look more clever.  Mostly as they can't see you're flailing around xD
<blendedbychris> bleh this isn't worth the effort
<Laice> how much do you pay for your vps?
<blendedbychris> i wanted to clone a clean precise install so i didn't have to go through that networking crapola
<blendedbychris> oh we use softlayer and get ripped of royally for our vps
<Laice> get a kimsufi dedicated
<Laice> cheap as hell
<blendedbychris> not my decision
<Laice> is in europe anyway
<Laice> heh
<Laice> money speaks louder than words :P
<blendedbychris> i use linode for my nonwork stuff
<blendedbychris> the big factor though for work is we need some sort of mass storage
<blendedbychris> and most vps providers don't really offer that
<Laice> it amazes me that people go for a VPS when dedicateds work out to be better value and in many cases cheaper.
<blendedbychris> yea when you start adding more storage dedicated is cheaper
<Laice> 20$ per month gets me 5TB bandwith a 4 core 1.8ghz atom and 2gb ram.  perfect for small hostings
<Laice> which is why we have a cluser of them :P
<blendedbychris> atom wtf?
<Laice> cluster*
<Laice> better than someone screwing your vps's cpu
<blendedbychris> linode is the same but you share 8cpu 4cores
<Laice> euch
<Laice> it's the "share" bit i hate
<blendedbychris> lmfa my news just had a image they showed online that had a watermark "Web Viewing Only"
<blendedbychris> er
<blendedbychris> on tv rather
<Laice> *picards*
<blendedbychris> Laice: do you know of a quick way to copy a server to another?
<blendedbychris> same hardware and drives
<Laice> clonezilla.
<blendedbychris> would i boot the livecd on a new server?
<blendedbychris> the*
<Laice> does support ext4 looking at this http://clonezilla.org/
<Laice> looks like you can save the image to another partition
<blendedbychris> my issue is i use the whole drive though?
<blendedbychris> bleh
<blendedbychris> too much of a hassel
<Laice> no pain no gain
<Laice> or in this case, no pain in reimaging :P
<Laice> i swear i'm gonna make a script for configuring the server automatically once it's reimaged
<blendedbychris> the stupd little 1gb storage they give you for this kind of crap isn't even working
<Laice> lol made me laugh they offer you at ovh for $1 per month a technitian will walk into the data cente and plug a usb stick in.
<blendedbychris> bargain
<Laice> probably would get annoyed about me ringing up and saying "uh, could you plug it into this server now please, now this one, now this one...."
<blendedbychris> retards just jumped into the pool outsideâ¦. it's like 60degs
<blendedbychris> "ohhh it's so cold"
<the1_> anyone here knows how to assign variables in #cloud-config user-data so I use the values multiple times?
<twb> blendedbychris: 60 is warm unless you're a silly yankee imperialist
<twb> Or I guess a scientist...
<Laice> what's that in real money (*C)
<DiabolicalGamer> Okay another road block here... MaaS is working, but now JuJu is complaining.
<blendedbychris> or live in texas
<DiabolicalGamer> http://pastebin.com/wTWBAXeS
<DiabolicalGamer> Any help would be greatly appreciated.
<twb> This whole cloud thing is actually secrets just a game to make up as many acronyms as possible, isn't it
<twb> s/secrets/secretly/
<DiabolicalGamer> I was beginning to wonder that myself
<DiabolicalGamer> http://pastebin.com/LqkjUzvR
<DiabolicalGamer> So it seems like juju is breaking the maas api
<DiabolicalGamer> Any ideas?
<blendedbychris> http://www.youtube.com/watch?feature=player_embedded&v=DbkvYMIjIu4
<bigjools> DiabolicalGamer: looking for you now
<DiabolicalGamer> thanks
<bigjools> DiabolicalGamer: is this the first time you ran bootstrap?
<DiabolicalGamer> yes
<bigjools> which version of juju are you using?
<bigjools> if it's the latest from the ppa that's ok
<DiabolicalGamer> latest ppa
<bigjools> the whole maas server log would be useful too
<DiabolicalGamer> the /var/log/maas/maas.log?
<bigjools> DiabolicalGamer: yes
<DiabolicalGamer> bigjools: Here -> http://pastebin.com/i9VPmJAn
<bigjools> DiabolicalGamer: you have done something weird with your database
<DiabolicalGamer> It's a fresh install
<bigjools> you added some nodes?
<DiabolicalGamer> Yes
<DiabolicalGamer> Two
<bigjools> what status are they
<bigjools> ?
<DiabolicalGamer> Ready
<bigjools> ok so you commissioned them already?
<DiabolicalGamer> Yes
<bigjools> can you try destroying the juju env and bootstrap again
<bigjools> this is obviously a bug but I want to try and work out where the problem is before you delete the evidence :)
<DiabolicalGamer> hmm I'm not sure what you mean by destroying juju
<DiabolicalGamer> do u mean purging?
<bigjools> juju destroy-environment
<DiabolicalGamer> oh lol
<bigjools> something is out of sync between juju and maas
<bigjools> so let's start from scratch
<DiabolicalGamer> okay done
<bigjools> and bootstrap again
<DiabolicalGamer> hmm same error
<bigjools> ok
<DiabolicalGamer> 2012-04-17 20:59:48,751 INFO Bootstrapping environment 'maas' (origin: ppa type: maas)... Unexpected Error interacting with provider: 500 INTERNAL SERVER ERROR 2012-04-17 20:59:49,100 ERROR Unexpected Error interacting with provider: 500 INTERNAL SERVER ERROR
<bigjools> not sure if this works on the packaged version, but try "maas dbshell"
<bigjools> should get a psql prompt
<DiabolicalGamer> lol sudo thinks maas is a user not a command
<bigjools> it is :)
<DiabolicalGamer> I know, but it's asking for the password linked to the maas account rather than mine when I sudo
<DiabolicalGamer> I don't know it's password
<bigjools> it doesn't have one IIRC
<bigjools> sudo -u maas maas dbshell ?
<DiabolicalGamer> psql: fe_sendauth: no password supplied
<DiabolicalGamer> won't let me in
<DiabolicalGamer> even if I sudo su -
<bigjools> darn it, ok sorry I'm not too familiar with what happened in the packaging, I only worked in the dev environment.  Ummm let me think
<bigjools> try adding a PGUSER=maas
 * bigjools clutching at straws
<DiabolicalGamer> hmm no go
<DiabolicalGamer> even used passwd to assign maas a password
<DiabolicalGamer> still nothing
<bigjools> yeah it's the DB password
<roaksoax> DiabolicalGamer: did you upgrade or where did you see that issue?
<bigjools> roaksoax, my man!
<roaksoax> DiabolicalGamer: the password one? what versions of maas are you using?
<roaksoax> bigjools: lol
<DiabolicalGamer> one sec
<bigjools> roaksoax: trying to get a psql prompt on his maas db
<bigjools> so I can see what state the nodes are in etc
<fjlacoste> DiabolicalGamer: do you have a ssh key created?
<DiabolicalGamer> yes
<bigjools> fjlacoste: he's not getting that far
<fjlacoste> DiabolicalGamer: the pastebin you provided is cropped
<DiabolicalGamer> following: https://help.ubuntu.com/community/UbuntuCloudInfrastructure
<bigjools> something is blowing up with bootstrap
<fjlacoste> DiabolicalGamer: can you paste them again with full line length?
<fjlacoste> (without the $ add the end)
<bigjools> and from the logs, some of the nodes are already allocated but in status READY
<bigjools> fjlacoste: http://pastebin.com/i9VPmJAn
<DiabolicalGamer> sure moving the log from linux to windows must've messed it up
<bigjools> the full one you did is fine
<roaksoax> sudo maas dbshell needs a password
<fjlacoste> bigjools: that error is a red herring
<fjlacoste> it's because public-keys raise a 404
<roaksoax> you'll find the DB pass in /etc/maas/maas_local_settings.py
<fjlacoste> which is expected behavior
<bigjools> fjlacoste: not convinced about that
<fjlacoste> bigjools: i am *sure* about this
<DiabolicalGamer> I didn't have my ssh key set at first, then I set it.
<fjlacoste> i have seen that error several times
<bigjools> fjlacoste: ok :)
<fjlacoste> and it's benign
<fjlacoste> simply add ssh keys to your account and it will disappear
<fjlacoste> but it's not the root cause
<bigjools> weird
<bigjools> wtf is causing that
<bigjools> the maas api doesn't care about ssh keys
<DiabolicalGamer> I already have an ssh key added...
<bigjools> maas api for juju I mean
<DiabolicalGamer> okay I got into the postgre shell
<fjlacoste> ah, i know what it is
<fjlacoste> that's because the owner isn't created
<bigjools> fjlacoste: I think commissioning left the user allocated on the node
<fjlacoste> yeah
<fjlacoste> we fixed that
<bigjools> we did
<bigjools> but which version is he using? :)
<roaksoax> but that's not in archives
<fjlacoste> DiabolicalGamer: are you running the latest package from testing?
<fjlacoste> DiabolicalGamer: but do not upgrade to the testing ppa for now
<fjlacoste> the new maas-provision package is broken
<fjlacoste> on upgrade
<DiabolicalGamer> No all stable
<fjlacoste> yeah
<fjlacoste> so that one has that bug
<bigjools> yeah
<fjlacoste> you can workaround by resetting the owner
<fjlacoste> in the DB
<fjlacoste> or you can wait a few minutes
<fjlacoste> for roaksoax to upload a fixed maas-provision package
<fjlacoste> and then update to the testing ppa
<fjlacoste> let me know if you want the DB surgery workaround
<fjlacoste> it's actually documented in the bug
<fjlacoste> let me paste you the bug number
<bigjools> DiabolicalGamer: in the dbshell, update massserver_node set owner=null;
<DiabolicalGamer> can I manually download the necessary deb package?
<fjlacoste> DiabolicalGamer: no, because it depends on maas-provisioning
<fjlacoste> DiabolicalGamer: https://bugs.launchpad.net/maas/+bug/981068
<uvirtbot> Launchpad bug 981068 in maas "AssertionError when attempting to acquire a node after commissioning" [Critical,Fix released]
<DiabolicalGamer> bigjools: are you sure that's right?
<DiabolicalGamer> massserver_node or maasserver_node
<DiabolicalGamer> it through an error
<bigjools> oops
<bigjools> DiabolicalGamer: in the dbshell, update maasserver_node set owner=null;
<bigjools> :)
<DiabolicalGamer> okay that worked lol
<DiabolicalGamer> so should that fix it or do I need to change anything else?
<bigjools> bootstrap again
<DiabolicalGamer> still no go
<DiabolicalGamer> same error when bootstrapping
<bigjools> destroy again
<bigjools> and restart maas
 * bigjools has to run out in a couple of mins
<DiabolicalGamer> rebooting...
<bigjools> if that doesn't work, delete the nodes, re-commission, apply the sql above and then bootstrap
<DiabolicalGamer> the command for the dbshell isn't working anymore
<bigjools> what does it say?>
<bigjools> and I have to go now unfortunately, I'll be back in an hour
<DiabolicalGamer> ERROR:  column "owner" of relation "maasserver_node" does not exist LINE 1: update maasserver_node set owner=null;
<fjlacoste> DiabolicalGamer: the bug as a better workaround
<fjlacoste> DiabolicalGamer: and an updated maas-provision is building in the testing ppa
<DiabolicalGamer> cool, glad to hear it :-)
<DiabolicalGamer> can you link me to the testing ppa?
<blendedbychris> is it possible to clone packages on another server?
<blendedbychris> build a cluster of servers with the same software
<SpamapS> blendedbychris: yes but what you really want is config management
<SpamapS> blendedbychris: not just packages.. config files.. everything
<SpamapS> blendedbychris: for that, there's juju, puppet, chef, cfengine. :) juju is more than config management.. but its hard to explain :)
<twb> And does juju require an interpreter be installed on every node? :-/
<twb> grumble puppet grumble
<SpamapS> twb: juju uses an agent
<SpamapS> currently written in python, though its being rewritten in go
<twb> Haha
<twb> bandwagons are go
<SpamapS> go executables are standalone, so no interpreter then :)
<SpamapS> twb: I haven't really seen anybody on the "go" bandwagon other than us juju interested people. :-P
<twb> Oh, wow, I didn't know Pike and Thompson were co-authors.  They should advertise it as P&T Go, not Google Go
<lifeless> sako: aka plan 10.
<lifeless> bah
<lifeless> twb: ^
<lifeless> sako: sorry.
<blendedbychris> SpamapS: i have been using csync for configuration management
<blendedbychris> think it's worth the effort for two servers?
<blendedbychris> (if you've already halfway configured the otehr
<twb> Though I won't be really happy until scheme (with opt-in mutable cons cells) takes over the world...
<twb> lifeless: neither of them are listed first on wikipedia though
<fjlacoste> DiabolicalGamer: you can upgrade to the testing ppa
<blendedbychris> anyone here use lsynd?
<blendedbychris> I have no idea how to configure the keypair
<koolhead17> hi all
<blendedbychris> is there a csync2 alternativeâ¦ i fricking hate setting up inet.d an djunk
<blendedbychris> and*
<blendedbychris> there should be a tool as easy as lsyncd
<twb> blendedbychris: I didn't understand a word of that.
<blendedbychris> csync2 configuration involves installing something for xinet.d and configuring private/public keys beyond what's already root.
<blendedbychris> just looking for an alternative
<blendedbychris> puppet seems to be a popular one
<blendedbychris> it doesn't run as a daemon i think is why i find it so difficult to install
<sbeattie> blendedbychris: you're looking for configuration synchronization?
<blendedbychris> yes
<blendedbychris> just something that will copy config and restart the appropriate service
<jeeves_moss> is there a way of removing 2 drives from a pool without replacing them?  I have 2 IDE and 4 SATA drives.  The IDEs are throwing errors, and I suspect slowing down the pool
<sbeattie> bcfg2, puppet, and cfengine are the traditional approaches to that, but all may be a bit more complex than you're looking for
<twb> puppet has a daemon (puppetmaster) that serves configuration management to its slaves (puppet), which are IIRC invoked by cron
<andol> twb: Well, the intended approach for Puppet is to also run the client/slave as a daemon, and then have it configured to do its thing with regular time intervals, but it is also possible to run the puppet client standalone from cron.
<twb> One popular way of running puppet is entirely by hand -- you write the "manifest" with an editor, copy it to the host in question, and run puppet directly on it
<andol> Yeah, that second approach fits nicely with having the manifests in a git repo, on a nfs share, or so.
<twb> haha, my recorded bitching about puppet, was with you
<twb> http://paste.debian.net/163630/
<twb> blendedbychris: how many boxes do you have?
<blendedbychris> 2 haha
<twb> blendedbychris: it is definitely not worth the effort
<twb> blendedbychris: do it by hand
<twb> (FSVO it = configuration management)
<blendedbychris> i've done csync2 before with two nodes
<blendedbychris> it was helpful
<twb> IMO you need >16 hosts before it's worth caring
<blendedbychris> i don't get why they intend it to be so damn "secure"
<twb> blendedbychris: because it amounts to a privileged RPC
<blendedbychris> my thoughts are â¦ shared root keys with lsyncd is just as insecure
<blendedbychris> or rather privs
<twb> I am not familiar with lsyncd, but obviously in assymetric cryptography, it is a failure /a priori/ to share/reuse private keys between principals.
<blendedbychris> no idea what that means
<blendedbychris> all i had to do is ssh-keygen and ssh-copy-id on root to get it going
<twb> blendedbychris: you don't know what you're doing, and if you try to deploy ANY kind of configuration management, you are going to hurt yourself and probably others.
<blendedbychris> indeed
<andol> twb: Well, at least we ended up agreeing on something :)
<blendedbychris> glad we are all learning here
<jeeves_moss> is there a way to remove a disk from a ZFS pool?
<twb> jeeves_moss: NFI, have you asked #opensolaris or #solaris?
<twb> Hell there might even be a #zfs
<jeeves_moss> twb, not yet, but I bet no one is there tonight
<jeeves_moss> twb, thanks.  I've asked in all 3 channels
<linocisco> hi all, I want to setup VPN with the existing ipstar dish in each remote office sites like a star topology. Can accomplish using ubuntu server?
<TylerWhitney> two USB hard drives on a home Ubuntu server, 1TB and 2TB; I need to have the full 3TB... plan on using them as just a means to do an identical mirror of just ONE USB3 drive connected to a different computer in the home, over the network. Trying to decide on the level of RAID I setup using mdadm (linux raid) ... I'm going between RAID0 (obviously no redundancy, but better IO and performance
<TylerWhitney> maybe) vs. non-raid JBOD (straight concatenation, again no redundancy, but if one fails I don't lose all) ......... thoughts?
<twb> So wait, you actually have one each of 1TB, 2TB and 3TB, and you want to RAID0 the first two, and then mirror that with the 3TB?
<TylerWhitney> sort of yeah, lol
<TylerWhitney> nvm, just realize raid0 would not give full 3tb, dumb question: so if I do go about my actions it would be jbod I need to go with
<twb> Is the 3TB disk already provisioned?
<TylerWhitney> twb: but yes, you are correct in that I have one of each drive
<twb> Obviously the best choice would be to simply buy a second 3TB and raid1 it; 3TBs are around AU$220 at present.
<TylerWhitney> yes, and full of data; I want some sort of backup/redundant solution to it... preferably using the two disks (1TB and 2TB) I already have hanging out
<twb> If you're *booting* off the 3TB it is non-trivial to RAID it and still continue booting
<TylerWhitney> no booting, simply just a USB "data" drive
<twb> If it's just (say) /home, then you can do it with not too much hassle
<TylerWhitney> yes, I completely agree with you, the "best" choice, lol
<twb> if it's in a USB enclosure, you should take it out and connect it over SATA before RAIDing it
<TylerWhitney> twb: thats a great point, I was considering asking that!
<twb> RAID over USB is significantly more flaky -- apart from anything else, you cannot use SMART to check HDD health
<TylerWhitney> currently, the two drives are connected to the server via USB and a JBOD (using mdadm) is setup and thye are formatting as ext3
<TylerWhitney> but I think I will probably take them out and go straight SATA
<TylerWhitney> definitely faster speeds
<TylerWhitney> Im sort of just playing around until I get around to purchasing another 3TB to mirror to
<twb> What you want to do is hook up all three over SATA, then mdadm --create -n2 -l0 /dev/md0 /dev/2tb /dev/1tb
<twb> Then mdadm --create -l1 <create degraded> /dev/md1 /dev/md0
<TylerWhitney> well currently, the 3TB is connected via USB3 to a windows box and is my main data store...
<twb> Then you provision the fs on top of md1 (the degraded RAID1), then you add the original 3T as a node to md1
<TylerWhitney> nested raid then?
<twb> Yes, you are doing half RAID10 and half RAID1
<TylerWhitney> I see
<twb> (RAID1 (RAID0 1t 2t) 3t)
<twb> If you see what I mean
<TylerWhitney> indeed
<TylerWhitney> well first step take these bad boys out of USB enclosures
<twb> But if this is for work, you really should just tell them to drop $200 for hardware, because it will be cheaper and require less downtime and be more reliable
<TylerWhitney> no definitely not for work
<TylerWhitney> just me playing around with redundancy at home
<TylerWhitney> hence me being cheap
<TylerWhitney> thanks for the wisdom twb
<TylerWhitney> Im going to play and try a few things... I like the nested RAID (RAID1 (RAID0 1t 2t) 3t) very cool idea
<RoyK> TylerWhitney: might be better to use mirrors at the bottom, so multiple mirrors are striped etc
<blendedbychris> how can i figure out what mta is installed on a system?
<WuxiIxuw> Please any one here tried vps  from rocketvps.com ? any feed back please?
<cornfeed> good morning
<railsraider> hi i want to compleytly remove all iptables and install arno-firewall
<railsraider> iptables -F doesn't work as arno fails to load the config
<railsraider> how do i completely remove flush reset the iptables
<al-maisan> Is there a way to add a rule to the default security group from CloudInit for an aws ec2 instance?
<WuxiIxuw> please i'd like to secure the vps using ubuntu 10.4 lts ... where exactly i can found what can ido from a to z ?
<resno> WuxiIxuw: install fail2ban
<resno> and really depends on how far you want to go... the choice is to secure it vs make it easy to access for you and users
<WuxiIxuw> resno: what else?
<resno> i asked a question
<resno> whats more improtant security or accessiblity?
<cldwalker> hi all, anyone know a way to skip the configuration dialog when installing postfix? DEBIAN_FRONTEND=interactive and -y aren't working
<Jeeves_> Well, interactive is wrong
<Jeeves_> noninteractive might work better
<esuave> anyone ever have problems with SNMPD and a trap divide error from the kernel?
<cldwalker> Jeeves_: my bad, I meant noninteractive which doesn't work
<Jeeves_> cldwalker: Oh, ok.
<mamuskus> Hi !
<lamont> cldwalker: remind me which question in the postfix config I hate?
<cldwalker> lamont: all of them? i'm trying to automate installing a package that depends on postfix but I'm not using any postfix functionality
<macnix> after adding a new apt source and run apt-get update, the new packages are not picked up in the context of the same shell script
<macnix> if I run the same shell script again, all works fine
<macnix> what am I missing here?
<lamont> cldwalker: ISTR that all but one question is preseedable (and maybe I fixed that?).  the questions it asks are questions that must be answered
<Pici> macnix: I don't think we can really troubleshoot without seeing the script.
<macnix> Pici: got it, the problem was a previously create conf while which the package prompted about the action
<macnix> created*
<macnix> created conf file*
<ironm> hello. may I ask what virtualization would you recommend for precise? KVM, row Xen or XCP? Thank you in advance for any hints.
<ironm> another question. I have tested shortly virt-manager to manage KVM VMs. Is there a better choice?
<failover> ironm, if simplicity counts, stick with KVM, it's easier to install and use...
<ironm> failover, I have tested XCP (XenServer) before. It looks to be much more complicated to manage it.
<ironm> failover, would you recommend virt-manager? .. or ist there a better tool?
<ironm> thanks a lot for your hint failover  :)
<failover> ironm, virt-manager sound's ok, a lot of people use stuff like proxmox too
<ironm> I have to check it proxmox is a commercial tool or GPL based one
<uvirtbot> New bug: #961344 in maas (main) "[MIR] maas" [High,Fix released] https://launchpad.net/bugs/961344
<Jak2000> hi all
<Jak2000> how to stop the firewall?
<patdk-wk> flush all the iptables rule lists :)
<Jak2000> service iptables stop
<Jak2000> wont work :(
<patdk-wk> I don't remember saying that
<patdk-wk> http://www.adminsehow.com/2009/08/how-to-clear-all-iptables-rules/
<patdk-wk> yay for google :)
<EvilResistance> i thought iptables wasnt a service?
<patdk-wk> it's not :)
<EvilResistance> Jak2000, sudo iptables -F  <-- flushes the firewall
<EvilResistance> it'll clear out any rules and default to ACCEPT on everything i tihink
<EvilResistance> (I think...)
<patdk-wk> EvilResistance, only the normal ones, not nat or mangle or raw tables
<EvilResistance> of course  :P
<patdk-wk> it's always mangle that I need cleaned :)
<EvilResistance> patdk-wk, can't save an iptables.flushed.rules in /etc/, and do iptables-restore M /etc/iptables.fulshed.rules ?
<EvilResistance> :P
<Jak2000> but i not want flush the oiptables
<Jak2000> i only want stop the iptables
<patdk-wk> you can't *stop* iptables
<patdk-wk> as iptables isn't a daemon
<EvilResistance> ^
<patdk-wk> therefor it doesn't *run*
<EvilResistance> yep
<patdk-wk> if you really want to stop it. unload all kernel modules related to it
<patdk-wk> OR turn off your computer
<EvilResistance> otherwise, flush the iptables rules
<Jak2000> :(
<EvilResistance> (which we've said to do)
<Pici> by default there aren't any rules.
<Jak2000> i opened a port:
<EvilResistance> indeed
<Jak2000> iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
<EvilResistance> Jak2000, if you're behind a router, you need to forward your ports at the router too
<EvilResistance> or behind a corporate firewall, same deal
<EvilResistance> (if you're trying to get connections from the external network aka the internet)
<Pici> mysql shouldn't require any extra steps network-wise.
<EvilResistance> except removing the line that binds it to localhost
<EvilResistance> (last i checked that's still the default setup)
<EvilResistance> or the line that skips networking (which means its only bound to 127.0.0.1:port
<EvilResistance> )
<EvilResistance> s/bound/listening on/
<EvilResistance> Jak2000, are you trying to get MySQL to listen to requests from outside your system?
<Jak2000> EvilResistance yes :)
<EvilResistance> Jak2000, i dont have my linux nearby, but ideally you need to do two things: (1) set bind-address=[IP] and (2) comment out the skip-networking lines in the configs for mysql
<EvilResistance> then service mysql restart
<EvilResistance> (remember to edit the config with superuser/sudo and to use sudo with service mysql restart)
<EvilResistance> where [IP] in (1) is your server/system's IP address
<Jak2000> EvilResistance ok thx
<EvilResistance> and leave the iptables rule you added
<EvilResistance> (and remember: default mysql server setups don't bind to an internet-listening area, it by default only listens locally (127.0.0.1)
<Jak2000> EvilResistance: set bind-address  is on my.cnf right?
<EvilResistance> mhm
<EvilResistance> same with comment out skip-networking
 * EvilResistance forgot the name of the conf file, hence why he said "I'm not near my linux machine"
<Jak2000> ok
<Jak2000> EvilResistance: how to remove these iptables rule: iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
<EvilResistance> no need
<EvilResistance> otherwise, if you really want to purge that rule, you have to figure out whether you have other rules
<EvilResistance> if you have other rules, you have to know which # rule that rule is in the table
<Jak2000> ok
<EvilResistance> and the iptables -D INPUT # or w/e it is
<Jak2000> done i can connectfrom out of the server :)
<EvilResistance> to wipe all iptables rules, iptables -F
<Jak2000> thx
<uvirtbot> New bug: #985099 in openssh (main) "ssh long waiting time (delay) on 12.04  (not on 11.04)" [Undecided,New] https://launchpad.net/bugs/985099
<blendedbychris> any stunnel users around?
<blendedbychris> trying to troubleshoot why the thing isn't doing anything and it doesn't spit anything in the log
<uvirtbot> New bug: #944179 in samba (main) "smbd crashed with SIGABRT in rep_strlcpy()" [Medium,Incomplete] https://launchpad.net/bugs/944179
<Unkn0wn> apache: sh: id: not found
<Unkn0wn> What could be causing this behavior?
<Unkn0wn> it is in the apache error log
<axisys> why would eth0:1 not come up? I had to up it manually and then it gives odd error message
<axisys> details: http://dpaste.com/733885/
<utlemming> [NOTICE] New S3-Backed EC2 mirrors are being activated. Please see https://lists.ubuntu.com/archives/ubuntu-cloud/2012-April/000752.html for more information
<uvirtbot> New bug: #985249 in txzookeeper (universe) "[FFE] Latest juju version includes critical features" [Undecided,New] https://launchpad.net/bugs/985249
<DiabolicalGamer> Hello Everyone
<DiabolicalGamer> I'm still trying to get MaaS to work, but I'm not sure I added the correct testing ppa.
<DiabolicalGamer> Is this the correct one? -> https://launchpad.net/~maas-maintainers/+archive/testing
<DiabolicalGamer> Also the delete option for a node is blurred out because it claims they are busy.
<DiabolicalGamer> I managed to force a delete by modifying the url, however this was severely bugged and led to duplicate mac address entries.
<hallyn> Ursinha: looking at bug 984381, i marked it as affecting oneiric, but lp won't give me a row where i can set it confirmed for oneiric.  ?
<uvirtbot> Launchpad bug 984381 in php5 "PHP 5.3.6-13ubuntu3.6 with Suhosin-Patch crashes when using SPLFixedArray built-in class" [High,Fix released] https://launchpad.net/bugs/984381
<Ursinha> hallyn, let me see
<Ursinha> hallyn, check now
<Ursinha> hallyn, the nomination needed approval
<Ursinha> I approved that and you might be able to see it now
<hallyn> thanks, Ursinha.  I've seen that before, never understood it.
<hallyn> What's the point?
<Ursinha> that is because anyone can nominate a bug to a release, but that's not necessarily true
<Ursinha> so a person that has appropriated permissions can evaluate if a task for a given series is worth having
<Ursinha> anyone can indicate a problem happens in a release, but only a few can confirm that
<Ursinha> that's so we won't have unmanageable loads of past releases bugs that will never be looked at/aren't valid to be backported/aren't bugs
<Ursinha> hallyn, but I guess you should be able to approve that?
<Ursinha> hallyn, bdmurray knows it better
<uvirtbot> New bug: #981845 in maas "Ephemeral image doesn't include version of cloud-init supporting MAAS" [Low,New] https://launchpad.net/bugs/981845
<hallyn> Ursinha: ok, thanks.  (yes, I was figuring that bugsquad members would have the perms, but maybe it has to do with per-package upload rights)
<bdmurray> hallyn: can you upload php5?
<hallyn> i'd have to check
<hallyn> (and don't have the archive acl tools handy)
<hallyn> i would think i would through the server set, which i have upload rights to
<bdmurray> for nominations and release targettin the way it works is bug control can nominate
<hallyn> but i'm not coredev and never asked for (or wanted) php5 rights explicitly
<bdmurray> then uploaders or some other team can approve
<bdmurray> anyway afaict you can't upload php5
<hallyn> bdmurray: just checked, php5 does not appear to be in server set, so that all makes sense
<hallyn> (I would think it *should* be, but...)
<hallyn> thanks both, good night
<DiabolicalGamer> anyone from the MaaS server team here?
<DiabolicalGamer> Anyone know where the password for the MaaS api is?
<bigjools> DiabolicalGamer: there's no password, you set up an oauth key
<DiabolicalGamer> I think my configuration got reset because it's throwing an auth error
<bigjools> check the same key is still in use
<JRWR> I wanted some advice on a file system to use on across 5-10 servers that have a shared block device (iSCSI), GlusterFS and LusterFS seem to be it, but they dont say anything about shared block device support
#ubuntu-server 2012-04-19
<uvirtbot> New bug: #985341 in rrdtool (main) "segfault when starting rrdcached" [Undecided,New] https://launchpad.net/bugs/985341
<linocisco> hi all
<linocisco> hi all
<linocisco> http://forum.zentyal.org/index.php/topic,10254.msg42643.html#msg42643
<linocisco> i want to know how to share my office LAN network in main office to all remote offices
<uvirtbot> New bug: #985390 in samba (main) "smbd crashed with SIGABRT in rep_strlcpy() (dup-of: 944179)" [Undecided,New] https://launchpad.net/bugs/985390
<Gallomimia> linocisco: i should think that a single vpn "server" running in your main office with a 10.45.x ip and tunneling out  network packets on behalf of each branch office should work. the trick is getting the server to connect each of those networks via a vpn, and having all the routing tables work properly. routing always tripped me up with vpns and that's why i can't figure them out. so who knows if this will work or not.
<roaksoax> spurkis: ping
<roaksoax> ups
<roaksoax> wrong person
<roaksoax> SpamapS: ping
<linocisco> Gallomimia, thanks for your tips. but I still dont get it how to configure though you told me idea. I also need step by step guide. I m a newbie
<Gallomimia> linocisco: i would love to hear if you figure this stuff out. i need to know these things too. let me know via email at gmail
<linocisco> Gallomimia, I am now just thinking to install ubuntu on a system unit with two network cards. one will be 10.45.x.x ip and the other will be 172.21.x.x. just routing server.
<linocisco> Gallomimia, it that be ok?
<Gallomimia> i think it should be possible with just one network card, but that might make configuration and routing tables easier
<Gallomimia> i am a bumbling idiot when it comes to network setups like that. but i really want to learn
<Gallomimia> do please let me know how it goes. i will sleep soon hopefully. also i didn't see the attachment you have on the forums. (there's no link to get it?)
<ViBoS> hi
<ViBoS> I have install moblock and torrentflux then i have open the port with ufw but i still can't join the peer :(
<SpamapS> roaksoax: pong, wassup?
<spurkis> random pings is th worst
<ViBoS> Anyone wants to see my iptables in pv ?
<SpamapS> linocisco: so all you really need to do is make your VPN server's default gateway the other side of the tunnel that is created, and add a route to your usual gateway for the tunnel's real internet endpoint.
<roaksoax> SpampS da
<roaksoax> we were wondering whether
<SpamapS> you could ever be as awesome as me? Sorry no, I'm one of a kind
<SpamapS> ;)
<roaksoax> juju was upload to archives or not (the latest)
<SpamapS> <-- poor self image
<SpamapS> roaksoax: in fact, it was!
<SpamapS> but it FTBFS .. lets see
<roaksoax> k thanks
<SpamapS> some test failed
<linocisco> SpamapS, can you see my attachment?
<SpamapS> retrying.. I think that is one of the ones that occasionally fails
<SpamapS> should be identical packages between the PPA and precise
 * SpamapS debdiffs
<linocisco> SpamapS, I dont really quite understand what you mean. I am now gonna have lunch sooon. will let me talk to you after that.
<SpamapS> roaksoax: built. should be in the archive within the hour
<SpamapS> linocisco: I will need to go to sleep soon
<linocisco> SpamapS, hi sleeping?
<linocisco> http://forum.zentyal.org/index.php/topic,10254.msg42643.html#msg42643
<linocisco> i want to know how to share my office LAN network in main office to all remote offices
<greppy> linocisco: openvpn should be able to do that, the howtos on their website should cover setup.
<linocisco> greppy, do I need to check on openvpn website or ubuntu website? All I want to know is to how many phyisical server and how many network cards on each and what packages should be installed first
<greppy> linocisco: http://openvpn.net/
<greppy> linocisco: and you only "need" a single network connection in each system.
<linocisco> greppy, to route between 10.45.x.x network and 172.x.x.x network in main office. should not I need a server with two NICs in main office?
<_ruben> heh, bugger .. was wonder why the upgrade on my local repo mirror was taking so long, seems it's downloading from archive.ubuntu.com instead of localhost :p
<_ruben> bah .. Exception during pm.DoInstall():  E:Could not perform immediate configuration on 'perl-modules'. Please see man 5 apt.conf under APT::Immediate-Configure for details. (2)
<Unkn0wn> Is someone up in here?
<smw> no
<linocisco> http://forum.zentyal.org/index.php/topic,10254.msg42643.html#msg42643
<linocisco> how can I share main office network to each remote offices?
<Unkn0wn> smw: Bind9 is perfectly resolving all my subdomains, except the hostname (www.domain.com works, domain.com not)
<twb> Unkn0wn: what is your domain?
<Unkn0wn> twb: figured it out allready!
<Unkn0wn> Needed to have mydomain.com IN A <IP>
<twb> Missing an @ IN A in your zonefile?
<Unkn0wn> twb: that was it
<RoyK> anyone here knowledgeable with gddrescue? This looks rather slow, even for a drive attached on USB http://paste.ubuntu.com/936584/
<Unkn0wn> twb: can you check this config file for me?
<Unkn0wn> twb: http://pastebin.com/M2zLnUix
<Unkn0wn> named.conf.local:20: unknown option 'zone'
<Unkn0wn> named.conf.local:56: unexpected token near end of file
<Unkn0wn> Whatever is wrong, it is driving me nuts.
<Unkn0wn> It looks fine to me.
<twb> Sorry I am not familiar with named conf format
<twb> But you are missing a closing brace on line 13
<twb> Indeed on most of those
<twb> I don't know why you bother to lock down AXFR, though, it is just security-through-obscurity.
<twb> Here is an example in nsd.conf format: http://paste.debian.net/163782/
<RoyK> Unkn0wn: you're missing end brackets
<RoyK> zone "blah.tld" { conf; conf; }
<RoyK> zone "blah.tld" { conf; conf; }'
<RoyK> zone "blah.tld" { conf; conf; };
<RoyK> sorry
<RoyK> last one
<Unkn0wn> That did it!
<RoyK> ;)
<railsraider_> anyone knows if i can remove completely net filter nf_conntrack  on a dedicated HAproxy?
<huats_> Hi !
<RoyK> ho!
<RoyK> railsraider: rmmod?
<railsraider> RoyK: yes i know how to remove it , my question is do i need it?
<huats_> I am wondering on oneiric there was file named /etc/kvm/utils/kvm and it seems gone on precise, any reason ? (I am just curious)
<Error404NotFound> Does this make sense: Multiple Disks, LVM, XFS, GlusterFS to export them to client. This way when we need to increase space, we stop GFS, add more disks, increase lv, resize xfs and start gfs back.
<cornfeed> good morning, any one around?
<RoyK> railsraider: probably not
<cornfeed> I am having the most curious problem....I have been locked out of the only account on the system
<RoyK> hi all. when plugging in a drive, kernel tells me '[596815.800238] sd 9:0:0:0: [sdb] Write Protect is off' <-- is there a way to tell the kernel I want that device to be read only?
<cornfeed> I beleive that is a physical setting
<cornfeed> you just need to mount it with the option "ro"
<uvirtbot> New bug: #985489 in nova (main) "nova-compute stops processing compute.$HOSTNAME occasionally" [Undecided,New] https://launchpad.net/bugs/985489
<RoyK> the daily wtf - just opened this USB disk to find the SATA disk inside, and finds it's a, what, USB disk?!? USB connector soldered on the controller
<hlan> RoyK: common Chinese scam
<greppy> RoyK: have a pic?
<hlan> RoyK: if you're referring to this: http://blog.jitbit.com/2011/04/chinese-magic-drive.html
<hlan> I love the heavy metal thingies they added so the drives get a plausible weight
<koolhead17> hlan, interesting :P
<koolhead17> i remember buying similar 8 GB usb drive which originally had only 2GB space
<RoyK> greppy, hlan: http://karlsbakk.net/bilder/WD10TMVW/
<hlan> RoyK: ah that was not what I thought you talked about
<hlan> looks weird to have a usb exit directly on the controller card..
<RoyK> hlan: my thoughts exactly
<Unkn0wn> apache: sh: id: command not found
<Unkn0wn> what could be causing this?
<cornfeed> I am having an impossible time logging into my new server
<uvirtbot> New bug: #898045 in eucalyptus (universe) "Walrus List bucket is not sorted as per S3 API guidelines" [Undecided,New] https://launchpad.net/bugs/898045
<dackyshawn> i have ubuntu currently set up acting as my router at home... all my DHCP clients receive IPs from this ubuntu server.  The server has two nics, one for WAN and one for LAN... I want to sign up for a VPN service. I've been scoping out Mullvad, and it seems pretty decent and provides and openvpn config... My question is:  How can I route all my client PCs over the tunnel so that every computer is "hidden".  I dont want to i
<dackyshawn> it is ubuntu server btw
<dackyshawn> i assume it's possible but dont even know where to start :-(
<resno> dackyshawn: you set up mullvad on each machine
<resno> if the server doesnt do it, you set it machine up to use it
<dackyshawn> i was trying to avoid having the client on each machine
<dackyshawn> i've seen it done before where people route everything over the tunnel
<dackyshawn> also mullvad has a limit to how many machines can connect to their tunnel at once
<resno> well, if the server does it, you can
<resno> i dont know any other way
<resno> each client, or the server
<dkn> don't you just have to make the vpn connection the default gateway instead of the WAN?
<gary_poster> hallyn, did I see you say somewhere that you had a pyunit test suite for lxc waiting in the wings?  If so, should we try to fit the lxc-ip work into that?
<hallyn> gary_poster: I'm on holiday today, and leaving soon, but yup, it's at lp:~serge-hallyn/+junk/lxc-test, look at lxctest.py (ignore the lxc-test.sh which is the original bash version)
<gary_poster> cool thanks hallyn.  have a great holiday
<hallyn> thanks o
<resno> dkn: wouldnt that require setting the server up to handle it?
<hallyn> heh, guess my client script filters out \
<gary_poster> heh
<dkn> either way ya,
<dkn> http://blog.peter-b.org/2010/12/16/link-two-private-networks-using-a-vpn-on-ubuntu-linux-machines-each-behind-nat/
<Unkn0wn> I have suphp configured.
<Unkn0wn> Now when I try to make a mysql-connection, www-data is used instead of the specified username
<uvirtbot> New bug: #985708 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/985708
<cornfeed> anyone around feel like tackling an odd problem with me? I just need some people to toss ideas around with. I am an avid linux user and I am trying to setup my first ubuntu server. I have set up numerous centos, arch, and gentoo servers, but this one has me stumped
<rbasak> !ask | cornfeed
<ubottu> cornfeed: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<uvirtbot> New bug: #985727 in krb5 (main) "krb5-admin-server falsely claiming clock skew errors" [Undecided,New] https://launchpad.net/bugs/985727
<uvirtbot> New bug: #985741 in multipath-tools (main) "multipath can't show device on which is setup lvm" [Undecided,New] https://launchpad.net/bugs/985741
<blendedbychris> hey all
<blendedbychris> is there a decent way to install newer versions of software like haproxy from a repo
<blendedbychris> https://launchpad.net/~mojocode/+archive/ppa
<hlan> anyone know of a good command line tool to stress test HTTP?
<Pici> hlan: httperf?
<hlan> Pici: thanks, I found "siege" though, gonna test it as well
<sveinse> Hi, I'm admining a Natty server which we use for build server. The build is running a chrooted system installation. However, one of these scripts run mount against a loopback. Which fails on the server (loop: can't delete device /dev/loop0: No such device or address). This seems to work on Natty desktop, so I am wondering if this could be a server restriction. Anyone with knowledge of this?
<kirkland> utlemming: ping
<utlemming> kirkland: howdy
<kirkland> utlemming: howdy!
<Unkn0wn> My dovecot is suffering from a strange issue
<Unkn0wn> It says unknown section type
<jbicha> hallyn: any ideas why qemu-kvm-spice doesn't seem to be available for install on i386?
<jbicha> or why there are no debs in http://archive.ubuntu.com/ubuntu/pool/universe/q/qemu-kvm-spice/
<jbicha> oh that's obsolete, it's now qemu-linaro and I see that binary is only built for amd64
<jbicha> but should it be amd64 only?
<cmars232> hi there... is it possible to install tomcat6 and/or jenkins on openjdk (or anything besides gcj, really)?
<cmars232> ^using the packages.. this is on precise
<uvirtbot> cmars232: Error: "using" is not a valid command.
<cmars232> using the packages that is... on precise
<NCommander> Needed tomcat6 guru to tell me if the failures I'm seeing are a problem
<hallyn> jbicha: sorry, out today and afk.  spice is 64-bit only.  will be online tomorrow
<jbicha> hallyn: the spice source package is built for both i386 and amd64
<lickalott> gents, had anyone been able to chmod a file or folder after it's been ftp'd while you're still ftp'd?
<jbicha> hallyn: maybe that changed with version 10.0? http://anonscm.debian.org/gitweb/?p=collab-maint/spice.git;a=blob;f=NEWS
<lickalott> so no one??
<znow> I am trying to do ssh git@github.com - but it comes with "PTY allocation request failed on channel 0" <- never seen this before or never occured for me either - neither am I able to deploy my project to my server - what can I do?
<Monotoko> Suppose I have a server that handles example.com and all of the web hosting/DNS etc side, then I add an A record for "mail" to point to another server, then an MX record to the zone to point to mail.example.com... and finally add example@example.com to the mail server... it should recieve all mail sent to that address, yes?
<Monotoko> (I only did it twenty mins ago... so I'm wondering if I've done it correctly and just need to wait)
<Monotoko> (the new server that is)
<DiabolicalGamer> Anyone know why "juju status" hangs forever?
<DiabolicalGamer> I managed to bootstrap, ubuntu installed on a node, I can ping it, but juju status doesn't work.
<hallyn> jbicha: that's the spice client which can be 32-bit.  spice server (which is what runs in qemu) is 64-bit only last i knew, at least per http://spice-space.org/faq.html
<hallyn> and http://lists.freedesktop.org/archives/spice-devel/2010-November/001738.html
<hallyn> (running out again)
<jbicha> look at the Nov 15 2011 entry at http://koji.fedoraproject.org/koji/buildinfo?buildID=314185
<jbicha> oh and 1.0~rc4+dfsg-1 at http://packages.debian.org/changelogs/pool/main/q/qemu/current/changelog
<DiabolicalGamer> Anyone know why "juju -v status" would throw this error? -> http://pastebin.com/w7NcmtXX
<DiabolicalGamer> Anyone know why "juju -v status" would throw this error? -> http://pastebin.com/w7NcmtXX
#ubuntu-server 2012-04-20
<JohnA> Does anybody have a recommendation as to a DMS? Most docs would be scanned document images. we want to move a large collection of client records online and provide some sort of search capability. Linux based a must. Webdav compatibility/capability would be desirable. Remote access also a must.
<uvirtbot> New bug: #986011 in clamav (main) "Package amavisd-new" [Undecided,New] https://launchpad.net/bugs/986011
<dog545> does anyone know any good weather terminal apps?
<dog545> I am new to using irc, is there a rule i missed?
<dog545> is anyone around?
<uvirtbot> New bug: #986034 in samba (main) "package winbind 2:3.6.3-2ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/986034
<blendedbychris> http://pastie.textmate.org/private/wl6gh6on5zz00n9b4hhkq
<blendedbychris> what's that mean?
<blendedbychris> trying to create a csr
<blendedbychris> :(
<linocisco> hi all
<linocisco> anyone here?
<linocisco> anyone from germany?
<linocisco> what divided east and west germany? how to call that poland area?
<_ruben> go do your homework yourself
<twb> Pretty sure a wall divided the
<twb> Pretty sure a wall divided them
<koolhead17> twb, :P
<twb> blendedbychris: IME gnutls program is MUCH easier to use than openssl's
<blendedbychris> meh i dont know what it was but it works now
<twb> blendedbychris: it has args like this: certtool --generate-privkey --outfile /etc/ssl/private/fred.pem
<twb> blendedbychris: whereas in ssl that is some bullshit like ssl rsa gen > foo.pem; <plus something to remove the private key>
<blendedbychris> wait what?
<blendedbychris> remove the private key?
<blendedbychris> an pem should have a private key included
<twb> Sorry
<twb> remove the passphrase
<twb> I'm a bit drunk
<blendedbychris> you don't have to remove the passphrase?
<twb> certtool doesn't add a passphrase unless you tell it to
<blendedbychris> neither does openssl...
<twb> Well none of the docs I could find seemed to know that
<twb> certtool was straightforward and obvious for the four or five typical workflows that I actually care about
<twb> And they were spelled out at length in info
<blendedbychris> openssl genrsa -out /etc/csync2_ssl_key.pem 2048 just craps out a key afaik
<blendedbychris> should be called .key
<twb> if you say so
<blendedbychris> (just ran it
<twb> The extension is irrelevant
<blendedbychris> well yaâ¦
<blendedbychris> when i see pem i always think a key  + a public but i'm probably mistaken
<blendedbychris> if you do genrsa des -out â¦ it will try to encrpyt it with a passphrase
<blendedbychris> -des rather
<twb> pem is just the format
<twb> like uuencode or base 64
<blendedbychris> hrm
<twb> gpg --export --armour fred@example.net is also PEM format afaik
<blendedbychris> i always see folk doing -des3 -out â¦ and then rerunning it through the thing to remove the passphrase
<twb> Yeah it is stupid cargo-cult shit
<twb> But you look at the list of subcommands and it's a bit overwhelming because there's no ordering
<twb> http://paste.debian.net/163925/
<twb> But whatever, I've made my salespitch
<blendedbychris> heh i actually don't understand enough about the crap to consider your option viableâ¦ i just fumble my way through
<blendedbychris> and forget it about every 365 days
<twb> I strongly recommend reading the gnutls info page
<twb> http://paste.debian.net/163926/ also here are my notes on SSL/x509 theory
<twb> "info gnutls | less" if you don't like the default info reader
<twb> I should probably rewrite those notes, since I understand x509 a little better now
<andrewhiggs> Hello everyone.
<nibalizer> hello
<uvirtbot> New bug: #986085 in mysql-5.1 (main) "package mysql-server-5.1 5.1.61-0ubuntu0.11.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 100" [Undecided,New] https://launchpad.net/bugs/986085
<andrewhiggs> Anyone here using tomcat?
<twb> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<andrewhiggs> My apologies.
<twb> No problem
<andrewhiggs> I am struggling to get tomcat (6.0.35) to work well on an Ubuntu Server currently testing on 12.04 but got same result on 11.04 and 11.10). The same application is running on a hosted solution with much better performance. I notice that the CPU does not appear to be being used (top shows %us to range between 5 and 15%) as much as the hosted solution (top show %us to be between 80 and 90%). How do I go about trouble shooting why the cpu is not being us
<twb> NFI, sorry
<andrewhiggs> Thanks twb ;)
<andrewhiggs> How can I get Ubuntu to allow certain processes to use more resources than others? In this case I need tomcat and its database connections to be allowed more processing power.
<Jeeves_> man nice
<Jeeves_> But that's really just prioritizing
<andrewhiggs> Thanks Jeeves_. I tried that but the %us still does not go above 15%. It usually hovers around 10%.
<patdk-lap> andrewhiggs, and you have idle% >0?
<andrewhiggs> Yip. That is normally around 80 - 90%.
<patdk-lap> then the program is to blame
<patdk-lap> it's has the option of using more, but isn't
<patdk-lap> or you have more than one cpu, and it's single threaded
<andrewhiggs> But the program run properly on another system?
<andrewhiggs> If I have a processor with two cores and one is being used by the tomcat process almost fully would top show %us as 50%?
<patdk-lap> yep
<patdk-lap> assuming two cores and no hyperthreading
<andrewhiggs> I have not done anything with hyperthreading. Would this be something likely to be set by default?
<patdk-lap> depends on if your cpu support it, but normally enabled if it does
<patdk-lap> just cat /proc/cpuinfo to see how many cpu's it sees
<patdk-lap> processor: xx
<andrewhiggs> It does see both. Both are running at 2.4Ghz.
<Jeeves_> andrewhiggs: You can press '1' in top to see all cpus individually
<Jeeves_> Also, look at iowaiy
<Jeeves_> iowait
<Jeeves_> if that's high
<Jeeves_> Your processes are just waiting for your disks
<andrewhiggs> %wa is usually quite low. I have only seen it spike once or twice.
<andrewhiggs> top
<andrewhiggs> Sorry. :-)
<andrewhiggs> If I press 1 as suggested I see that both processors seem to be being used roughly half half.
<andrewhiggs> Cpu0 is usually just a few percentage points above cpu1. Which I would think is normal.
<_ruben> perhaps it just doesn't have any more work to do :)
<andrewhiggs> But the tomcat application runs very slowly. The %us on another server is 80 - 90%. :-)
<patdk-lap> nothing is worse than locking issues
<andrewhiggs> How do you think I can try to trouble shhot why this process is not using more resources than it does?
<Madkiss> hi there!
<Madkiss> Whats the default iscsi target in Ubuntu 12.04?
<Madkiss> I understand it is tgt?
<rye> hello, i have recently updated to the latest packages (on 18th of april), before that I was running for quite a long time with the packages of 2 weeks old. Now my test vms with windows7 are extremely slow w/o the changes to the underlying hardware.
<rye> no dmesg messages, no syslog messages to pinpoint what's happening. I see elevated disk usage at times but it does not look like it was too different earlier
<koolhead17> Madkiss, hey
<Madkiss> hello koolhead17
<koolhead17> Madkiss, trying to figure out what am doing wrong to get vnc running and other distro instances tested
<jca1981> hi does anyone know an easy distribution to set up a small ftp server with web interface?
<koolhead17> !ftp
<ubottu> FTP clients: Nautilus (Places -> Connect to server), gFTP, FileZilla (for !GNOME); Konqueror, Kasablanca, KFTPGrabber (for !KDE); FireFTP (for Firefox); ftp, lftp (for !cli) - See also !FTPd
<koolhead17> !ftpserver
<_ruben> !ftpd
<ubottu> FTP servers: ftpd, proftpd, pure-ftpd, twoftpd, vsftpd, MuddleFTPd, wzdftpd - Graphical front-ends: PureAdmin, GProftpd (for GNOME), KcmPureftpd (for !KDE) - See also !FTP
<uvirtbot> New bug: #986159 in squid3 (main) "squid3 open file descriptors limit is set incorrectly" [Undecided,New] https://launchpad.net/bugs/986159
<uvirtbot> New bug: #975450 in txlongpoll "bind all services not required by the nodes to the loopback interface or add ingress firewall rules for these services" [Undecided,Confirmed] https://launchpad.net/bugs/975450
<rbasak> Any comments on the impact of bug 986159? The default number of file descriptors is 1024, is it? Would this bug cause issues in production?
<uvirtbot> Launchpad bug 986159 in squid3 "squid3 open file descriptors limit is set incorrectly" [Undecided,New] https://launchpad.net/bugs/986159
<rbasak> hallyn: ^^, can I get your opinion on this? Is this important for precise? Everyone else is at ODS it seem!
<rbasak> seems!
<hallyn> checking
<RoyK> ods?
<hallyn> opentack devel conf
<RoyK> c
<RoyK> k
<hallyn> rbasak: ah, the bug makes sense.
<hallyn> rbasak: i'd say, dput the fix and ask on #ubuntu-release what they think
<rbasak> hallyn: I can't upload
<hallyn> cause I have no idea (a) how important squid is to us or (b) how important the fd limit is to squid
<rbasak> yeah that's what I'm thinking, too
<hallyn> oh.  not sure i can either come to think of it :)
<rbasak> I can ask in #ubuntu-release though
<hallyn> i'll go peek in too
<rbasak> Hmm
<rbasak> Looks like squid got demoted to universe in precise
<hallyn> rbasak: actually the ulimit part may be important
<rbasak> ah it's squid3 and that is in main
<hallyn> eh i guess not :)
<hallyn> rbasak: well, tbh, i think that bug would be fine to SRU
<rbasak> yes
<hallyn> rbasak: it's not something that prevents it from rnning out of the box
<rbasak> no
<thebwt> over ldap authentication, is there a way to keep a workstation user with root access from 'su'ing into any other user account and bypassing authentication?
<rbasak> thebwt: no. Root access is root access. Root can bypass anything.
<rbasak> thebwt: note that root on one system isn't necessarily root on another, though.
<thebwt> right, the issue is that a user could then su to other users and manipulate their home directories
<thebwt> not so much root access
<rbasak> Don't give the user root then.
<thebwt> what about a machine booted into single user mode?
<rbasak> Or put the home directories on a different machine
<thebwt> they are mounted over nfs
<rbasak> NFS trusts what the machine claims in general.
<rbasak> The latest NFS stuff might fix that though, but I'm not up to date with it.
<thebwt> so then on an ldap authentication with nfs mounts for the home dir. A standard machine booted in 'single' mode can create a massive breach in the network? That seems a bit silly, surely other people have run into the problem before.
<dork> anyone experienced w/ mdadm/software raid and has had arrays assemble with strange hardware addresses like md127 and have it in auto-read-only?
<uvirtbot> New bug: #986314 in squid3 (main) "squid3 missing pie and bind-now hardening options" [Undecided,New] https://launchpad.net/bugs/986314
<ZenMaster> Hi. :)
<Pici> hi
<MrWobz> Hello I have a problem, hdparm -tT displays BOTH drives as running reaaaally slow, Ive switched raid controllers and now I dont know what to do
<ZenMaster> I need local name resolution, so that my users can connect to corporate intranet site.
<ZenMaster> dnsmasq the way to go?
<koolhead11> Daviey, are you really around? :P
<MrWobz> Hello I have a problem, hdparm -tT displays BOTH drives as running reaaaally slow, Ive switched raid controllers and now I dont know what to do, Its 3.0.0-12-server #20-Ubuntu SMP, I dont have the problem with 10.X though
<Pici> MrWobz: You may want to try asking in ##linux as well, since I've noticed you're not getting (m)any answers here.
<MrWobz> roger, its just I dont know whats different in terms of hdd management kernel level from 11.x and 10.x
<Pici> MrWobz: 11.10 was the first release to use linux 3.0, prior releases were 2.6
<MrWobz> It could mean in 3.0 a driver was dropped somewhere
<Pici> Its possible, but I'd be surprised if it wasn't noticed.
<raubvogel> On op-panel, where are the passwords for voicemail defined? Are they the ones in /etc/asterisk/voicemail.conf?
<Pici> raubvogel: You may want to ask in #asterisk
<uvirtbot> New bug: #986385 in lxc (universe) "lxc.mount.entry fails into mnt/subdir" [Medium,Confirmed] https://launchpad.net/bugs/986385
<^Mike> I created a directory in /var/run to hold some sockets and pidfiles for several daemons. After rebooting, the directory is gone - why?
<maxb> Because /var/run is a tmpfs; a ramdisk
<SpamapS> ^Mike: its guaranteed to be *empty* at boot time :)
<uvirtbot> SpamapS: Error: "Mike:" is not a valid command.
 * ^Mike patpat uvirtbot
<^Mike> SpamapS: thanks, I'll have my scripts create the directory if it doesn't exist then :\
<pacsman> Hello, asking for who to choose between ubuntu-server or debian 6
<^Mike> pardon? O.o
<pacsman> jveu installer un OS sur un server proliant, ki serait le mieu, ubuntu-server ou debian 6
<^Mike> it's fairly likely that the people in here are going to prefer ubuntu :)
<pacsman> just askin :P
<SpamapS> pacsman: ubuntu server has versions too. :)
<SpamapS> pacsman: maybe people like ubuntu 10.04 > debian 6 > ubuntu 8.04
<pacsman> k ty
#ubuntu-server 2012-04-21
<EvilResistance> is there any way to automatically enforce specific ownership permissions for files in a given directory upon creation?
<EvilResistance> say, user:www-data for a public_html folder
<SpamapS> EvilResistance: suid/sgid bits, yes
<SpamapS> EvilResistance: chmod g+s will enforce group, u+s will enforce user
<banseljaj> Hello
<banseljaj> I need help setting up a DHCP seerver
<banseljaj> I have installed a DHCP server on my laptop
<banseljaj> How do i check if my wlan card has host mode?
<banseljaj> And how do i set up a small DHCP based, adhoc WLAN server
<seekwill> I'm not sure if that's possible
<banseljaj> I may not have been clear
<banseljaj> may i explain my network?
<seekwill> wlan = wireless?
<banseljaj> seekwill: yes
<banseljaj> Look, I have a laptop, that can become a wireless hotspot
<banseljaj> Also, I have a server, installed as a virtual machine, inside that laptop
<banseljaj> I have installed DNS and DHCP servers
<banseljaj> I have 6 students, all with laptops.
<banseljaj> I want them to connect to my laptop's access point
<banseljaj> and through that accesspoint, DNS server, I want ti r=to access the virtual machine server
<banseljaj> Complicated, I know
<banseljaj> seekwill: ^
<seekwill> Oh, you have built-in 4G? No idea
<banseljaj> I am not sure if its $G
<banseljaj> 4G
<seekwill> Oh 3G...
<banseljaj> Yeah.
<seekwill> Regardless, I've never had any experience with those
<seekwill> Sorry :(
<banseljaj> :(
<banseljaj> okay, here's an easier question
<seekwill> 42
<banseljaj> How do i configure my DNS server and DHCP server to hand out static IP to the virtual machine inside it?
<banseljaj> For all intents and purposes, I think it can be treated as a seperate computer with a NAT
<airtonix> what hypervisor are you using ?
<banseljaj> hypervisor?
<tdhz77> quick question about smb.conf?
<arbir> is there a page where i can see a list of packages for 12.04 ?
<airtonix> anyone got a working Marvell 88SE6145 SATA II PCI-E controller with ubuntu 11.10 or 12.04
<uvirtbot> New bug: #984210 in maas (main) "postinst tries to restart cobbler using /etc/init.d/cobbler and that doesn't exist anymore" [Undecided,Fix released] https://launchpad.net/bugs/984210
<RoyK> [ 3476.111492] zfs-fuse: sending ioctl 2285 to a partition!
<RoyK> any idea what that might mean?
<Patrickdk> http://groups.google.com/group/zfs-fuse/browse_thread/thread/a3be60a69ab7c8ce?pli=1
<uvirtbot> New bug: #986649 in puppet (main) "puppet agent can't obtain catalogs" [Undecided,New] https://launchpad.net/bugs/986649
<arbir> Helloâ¦ will apache 2.4 and php 5.4 make it to his release ?
<qman__> arbir, while I'm not authoritative on it in any way, if it's not in the beta, it's probably not going to be in release
<arbir> qman__: i have been searching at packages.ubuntu.com, but could not find it.
<arbir> so i thought, i might be on the wrong track
<qman__> just searched, looks like apache is 2.2.22 in precise  http://packages.ubuntu.com/search?keywords=apache&searchon=names&suite=precise&section=all
<arbir> qman__: yeah, 2.2.22 is there, not the new apache 2.4
<qman__> and php is 5.3.10
<qman__> http://packages.ubuntu.com/search?keywords=libapache2-mod-php&searchon=names&suite=precise&section=all
<arbir> qman__: ditto, yeah, not 5.4 â¦ both apache and php have been out for a while
<arbir> i was hoping :-(
<arbir> especially that, apache 2.4 is supposed to be as fast as nginx and no longer the old elephant.
<qman__> rule of thumb, stuff usually has to be out a year or more to make it, especially with an LTS release
<qman__> I see a lot of people complain but I've never had performance issues with apache
<qman__> yes, it's not as light as some alternatives, but it's not exactly slow
<FunnyLookinHat> I noticed that /etc/resolv.conf will be overwritten - is there a proper place to put my nameservers ?
<kklimonda> FunnyLookinHat: afair edit /etc/network/interfaces and add dns-nameservers x.x.x.x y.y.y.y
<FunnyLookinHat> kklimonda, ah ok - I didn't know you could do that in /etc/network/interfaces
<FunnyLookinHat>  kklimonda That worked - thanks!
<undecim> why would my scripts in /etc/cron.hourly not be running?
<undecim> the line in /etc/crontab seems to be fine.... 17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
<seekwill>  Is cron running?
<undecim> yes
<seekwill> Why do you think cron.hourly isn't running?
<undecim> Because none of my scripts are having any affect...
<undecim> I check them... make sure they're executable, have the proper #! line, etc... come back in an hour, and e.g. the permissions in /opt/craftbukkit still aren't fixed (like my script is supposed to do), but I can fix it by running the script manually
<undecim> Same with my script to update my dynamic DNS
<undecim> I checked the timeout with dig to make sure that wasn't just caching, too
<undecim> watched it count down to 0, and still no change
<undecim> Run the script manually, let it reach 0 again, and it changes
<seekwill> Try a small test script
<seekwill> My guess is your script uses some environment variables not set when cron runs it
<blendedbychris> how do i force ntpd to check the stupid date and set it?
<undecim> My permissions script shouldn't rely on environment variables... just "chown -R craftbukkit:craftbukkit /opt/craftbukkit"
<undecim> Is all that's there
<seekwill> undecim: Try /bin/chown ?
<undecim> seekwill: It seems like run-parts is causing the issue. I made a test script with absolute paths to commands, and running the line in /etc/crontab " run-parts --report /etc/cron.hourly" as root does nothing.
<seekwill> Sorry, I don't know. I usually just throw things in /etc/cron.d
<undecim> Guess I'll do the same.
<seekwill> All that stuff is too fancy for me :)
<undecim> lol
<undecim> Well it seemed to me to be a convenient setup... just put your script there and let it do its thing.... but it doesn't work
<EvilResistance> is there a method to force persistently a specific ownership setting on a file/folder?
<EvilResistance> say, user:www-data on a public_html folder
<undecim> EvilResistance: I'm just using a cron job
<EvilResistance> undecim:  how often are you running it?
<undecim> EvilResistance: Hourly
 * EvilResistance is using a cron job now as well, but wants to know if there's an easier persistent setup
<EvilResistance> ah, i've got mine running every 5 minutes
<seekwill> How does it change?
<EvilResistance> but meh
<undecim> If you need real-time permission setting, I've heard lsync can do that
<undecim> Never used it myself though
<EvilResistance> problem is because its FTP
<EvilResistance> if a new file is uploaded, by default it has a different permission setup than i want it
<EvilResistance> s/FTP/SFTP/
<EvilResistance> so i at least need to set a persistent group setting
<EvilResistance> (www-data)
<seekwill> oh
<EvilResistance> by default it gets user:user or w/e it is
<EvilResistance> so i need it to be at least persistently user:www-data
<undecim> EvilResistance: Looks like with Lsyncd, you can just set 'onCreate = chown user:www-data ^targetPathname" ' to get what you want
<seekwill> I didn't know people still used FTP :)
<EvilResistance> seekwill:  SFTP (ssh tunnelled FTP)
<seekwill> I would think the FTP server would be able to do something like that
<undecim> seekwill: SFTP is a file transfer built into SSHd
<seekwill> Sure
<maxb> SFTP isn't really the same as ssh-tunnelled-FTP
<seekwill> scp or https! :)
<undecim> EvilResistance: You'll have to compile Lsyncd yourself, but it will do what you want http://code.google.com/p/lsyncd/downloads/list
<undecim> Or so it says... Like I said, I've never used it myself, but it seems fairly straightfoward to set up
<undecim> Come to think of it, I should set this up on our public share
<EvilResistance> maxb:  *shrugs*
<EvilResistance> regardless
<qman__> blendedbychris, you can't, at least not directly
<EvilResistance> i'll take a look at lsyncd later, for now i'll stick with the cronscript :P
<qman__> solution is to stop ntpd, set manually or use ntpdate-debian to update to a known good time server, then start ntpd again with good time servers configured
<qman__> EvilResistance, look into the sticky bit
<qman__> it doesn't enforce, per say, but it does change the default creation behavior
<qman__> which may or may not do what you want
<qman__> actually nevermind, I mixed it up with something else
<qman__> maybe it's a mount option, I don't remember
<undecim> qman__: I was about to ask, lol...
<qman__> in any case, there's a way to make it so that files are created with parent directory's group-owner instead of user's default group-owner
<qman__> quick google says setgid bit
<undecim> qman__: I think that you're thinking of the mask mount options, which don't enforce permissions or change the default, but just ignore them completely... I think with a default of "allow". It's also filesystem specific
<qman__> undecim, this is what I'm talking about: http://www.linuxquestions.org/questions/linux-newbie-8/inherit-permissions-of-the-parent-directory-in-newly-created-file-754097/
<qman__> like I said, it doesn't enforce the permissions, it just changes the default creation behavior, which I think is all he wants in this case
<qman__> so that newly uploaded files will have the correct group-owner and be usable by the web server
<undecim> oic
<undecim> Much more elegant that what I suggested
<qman__> I use this and a daily cron script on one of my samba shares
<qman__> it's not a real enforcement, just mostly functional
<qman__> I also use the sticky bit so users can't delete other users' files, which is probably why I mixed them up
<philipballew> has anybody used naigos before?
<qman__> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<qman__> philipballew, thousands of people, if not more, have used nagios before
<philipballew> qman__, sorry. What advantages does it give me or what is the ease of use it provides?
<qman__> philipballew, nagios is pretty simplistic in its design, its main benefit is in its modular design
<qman__> you can define checks to do literally anything, and report back into the main system
<qman__> it has a web interface and can email alerts
<qman__> it's popular and has been around a while, so there's a lot of existing plugins you can use
<philipballew> I was goin to follow this guide? http://www.debian-administration.org/articles/299
<qman__> looks good, not sure if there are any changes for ubuntu
<qman__> that's a good website
<qman__> check the server guide first, I think there's a section on it
<qman__> yeah: https://help.ubuntu.com/10.04/serverguide/C/nagios.html
 * philipballew hugs and high fives qman__ 
<qman__> it doesn't say so at the top, in that example server01 is the monitoring server and server02 is just another server being monitored
<philipballew> I can get notification emailed to me, can that just come to my ubuntu/gmail or would that need to go to my own domain email?
<qman__> can go to anywhere your server is able to mail to
<qman__> if you have an internet-configured mail server on your network, you can just configure it as a satellite system and it will be able to send to any email on the net
<qman__> with your mail server as the smart host
<qman__> if not, there are ways to configure postfix to use a gmail account or similar to send mail to the internet
<philipballew> this could be fun!
<qman__> I set mine up with a gmail account before I had a static IP
<qman__> that was with 8.04 though, been a while
<philipballew> qman__, Im to cheap for a static :)
<philipballew> or poor
<philipballew> 8.04 server was nice
<qman__> yes it was, miss the days before all this plymouth nonsense
<qman__> but you take the bad with the good, high resolution consoles that actually work are nice
<philipballew> qman__, yeah, I personally like to see whats happening with my kernel
<qman__> yep, and my fsck
<philipballew> but its good for your joe plumber user qman__
#ubuntu-server 2012-04-22
<ruben23>  hi guys i have a NAS server who have nfs enable on it i already added the nfs...directory..how do i mount it on my other local server..? any idea please
<cloakable> ruben23: install nfs-common, then use mount -t nfs <server>:<remote directory> <local directory>
<ruben23> cloakable: how to ake it permanent.?
<ruben23> make*
<Spanky> fstab
<koolhead11> hi all
<airtonix> i'm looking for a way to force my marvel sata controller to use the ahci driver instead of the pata driver
<airtonix> i need some help getting this sata card using ahci instead of pata_marvel : http://dpaste.com/735484/
<airtonix> http://dpaste.com/735485/
<barduck> hi. If I install 12.04 server beta now, will it update itself to the released version once it comes out ?
<mdeslaur> barduck: yes
<barduck> mdeslaur: thanks. is beta 2 stable enough for home file server usage ?
<mdeslaur> barduck: install beta 2, and then install all updates, and you'll pretty much get what will be released in a few days, save for a few last minute fixes
<mdeslaur> barduck: yes, it's really stable
<barduck> mdeslaur: great. thanks
<barduck> does anyone have any pointers for moving a md software RAID 5  + LVM setup to the newly installed ubuntu server? will it be auto detected or do I need to take any special steps before/after the move ?
<RoyK> barduck: it'll be autodetected
<mand0> i am running kernel 3.1 but i still get updates for 2.6.38-14. What's the deal with that?
<RoyK> mand0: probably a bug - file it ;)
<barduck> RoyK: ok, I will try to just plug it then. thanks
<patdk-lap> a bug?
<patdk-lap> most likely you never uninstalled the 2.6 virtual package
<patdk-lap> so it's still installing the new ones
<jacobw> does anyone have experience of using linux containers in production?
<jacobw> in particular, i can't find any documentation on migrating frozen containers between hosts
<RoyK> patdk-lap: yeah, probably that
 * RoyK is tired
<mand0> thanks guys
<alphaone> i have tried alot of times with various options like  wget -E -H -k -K -p  or -r  but i cant get this site full download. http://mazharkaleem.wordpress.com . i need the full size .jpg . any help ?
<ruben23> guys any help when i try to mount nfs on my nfs client from a local NFS server..i get this error---> http://pastebin.com/kaJhPeZs
<Patrickdk> ruben failed to install nfs?
<ruben23>  Patrickdk: nfs is already installed
<Patrickdk> on the client?
<ruben23>  Patrickdk: what shoudl be installed any idea..?
<Patrickdk> the nfs client packages
<Patrickdk> failure to read the manual? https://help.ubuntu.com/community/SettingUpNFSHowTo#NFS_Client
<ruben23> Patrickdk i made it but now got new error-----> mount.nfs: access denied by server while mounting 172.16.0.205:/volume1/MP3recordings<-----how do i enter credentials.. to let me access it..?
<Patrickdk> credentials? nfs doesn't use credentials
<Patrickdk> fix your nfs server
<ruben23> Patrickdk: why access denied..?
<RoyK> patdk-lap: nfs can use credentials fine with kerberos
<Patrickdk> royk, yes, but you still don't specify them
<RoyK> no...
<blendedbychris> Anyone around see issues with running lsyncd as a two way sync?
<blendedbychris> http://code.google.com/p/lsyncd/
<uvirtbot> New bug: #986938 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.9 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/986938
<ruben23> guys help im stock with this error:--> root@opendialdvo:/mnt# mount -t nfs 172.16.0.205:/volume1/MP3recordings /mnt/mp3recordings  <------------> mount.nfs: access denied by server while mounting 172.16.0.205:/volume1/MP3recordings
<uvirtbot> New bug: #986956 in lxc (universe) "lxc-execute does not work with commands that require input from terminal" [Undecided,New] https://launchpad.net/bugs/986956
<uvirtbot> New bug: #986973 in facter (main) "Facter bug causes puppet to become a zombie" [Undecided,New] https://launchpad.net/bugs/986973
<xsl> is it ok to use loopback device alias to have several ips to use in LXC ?
#ubuntu-server 2013-04-15
<damit> okay I installed xen and I want to figure out how to install ubuntu server on the system as a virtual machine is there a guide for this?
<Sharetel> Hi, can someone please let me know the command to check the package version in apt-get prior to its installation?
<acidflash> join #c
<acidflash> whoops,
<acidflash> sorry
<Walther> Reliable way to list all disk drives connected, even ones not mounted, not formatted, not having a partition table on?
<Walther> fdisk -l returns nothing
<Jeeves_> ls -al /sys/block ?
<joshu> do I need to setup split-dns if I'm configuring a backup mx postfix server behind NAT?
<Lionhearted> I am using virtual mashine on windows 7, running ubuntu server latest version and i need to configure simple DNS and DHCP server, and can someone point me to some good tutorial (for noobs) THANKS
<Joel_re> hey does ufw persist iptables rules, or is that upto the admin?
<rbasak> Walther: I usually use "cat /proc/partitions". Also lsblk is nice.
<RoyK> Joel_re: ufw rules survive a reboot, yes
<smb> Daviey, Do you know whether there is someone special on the SRU team for Xen?
<Joel_re> RoyK: ok, which file does ufw write to when rules are added using the ufw command?
<RoyK> don't remember
<Joel_re> hrm /etc/ufw/*.rules <- those are edited by users not ufw .. is that correct?
<jdstrand> Joel_re: /lib/ufw/*rules
<Joel_re> jdstrand: thank you sir
<jdstrand> Joel_re: /etc/ufw/*rules is for admins, yes
<Joel_re> ok
<jdstrand> (fyi, man ufw-framework tells you where everything is and how it works together)
<Joel_re> ah ok
<matzie> hello, I'm looking for a PPA of libvirt that I can use in quantal with more recent versions than 0.9.13.
<RoyK> matzie: raring isn't far ahead, so it should be safe-ish to upgrade to the prerelease. I've been using that for a couple of months for a raidtest vm
<matzie> I'm considering that, thanks.
<RoyK> matzie: release date April 25th
<matzie> cool
<RoyK> so do-release-upgrade -d ;)
<matzie> heh, neat - started an extra failsafe sshd on a new port.  impressed.
<RoyK> I've never had to use that
<RoyK> but it's neat :)
<patdk-wk_> I had to use it once
<RoyK> ok
<patdk-wk_> but that was back in feisty or so
<RoyK> patdk-wk_: a wee while ago ;)
<kirkland> roaksoax: ping
<roaksoax> kirkland: pong
<Daviey> smb: hey, infinity is probably the best person for xen sru.
<smb> Daviey, that  probably is true
<Sabbathlives> Could someone help me? I am currently learning Ubuntu server. I have made a users. I created folders in the admins root directory not knowing where else to place them for easy sharing. Now i am trying to access these folders but don't know how using the command line
<Sabbathlives> Correction: I'm trying to access them from another user.
<sarnold> Sabbathlives: placing shared data in /root is not ideal -- typically, a user's home directory would have the data, if one user could be said to be the 'owner' of the data -- if not, then a dedicated directory in /home or /srv might be better. (it's not exactly something that's well-described...)
<sarnold> Sabbathlives: check out the filesystem heirarchy standard (FHS) -- it's _not_ a standard, and not even all that common among distros :) -- but it will give you a good idea of what sorts of files go where
<Sabbathlives> Sarnold: So it be better to place these folders in the system directory?
<sarnold> Sabbathlives: I'd probably put them in /home/data or /home/shared or something like that instead.
<Sabbathlives> Sarnold: How do i navigate to the /home/shared directory using command line?
<sarnold> Sabbathlives: cd /home/shared
<Sabbathlives> Sarnold: Thanx, shared folder doesn't exist but i was able to access the home folder
<sarnold> Sabbathlives: then you'll want to 'sudo mkdir /home/shared' to create the directory; you'll need to decide who gets to work with the directory, with what permissions. that can be annoying.
<Sabbathlives> Sarnold: thanx, i ended up just throwing them into the /home for now. The folders i moved already have access permission attached to them using ACL.
<sarnold> Sabbathlives: probably the easiest thing to do is to make sure your filesystem mounts with 'bsdgroups' option, add your users to  a group, set the group owner of that directory to the group, and then set the setgid bit. It's a bit complicated, sadly, but that will let everyone in the group access the directory without needing sudo...
<sarnold> Sabbathlives: aha :)
<Sabbathlives> sarnold: Thank you, so much for the help
<sarnold> Sabbathlives: have fun :)
<ruben231> hi guys i ahve a apache2 web server but when i do this none returns ---> netstat -tulpn | grep :8  ---> just blank
<RoyK> ruben231: check the apache logs
<thesheff17> anyone have experience with lxc containers inside amazon cloud...anytime I run lxc-shutdown -n severName it just shut downs the whole server
<benedict_> hi, i bought a computer and a 3 TB hdd in order to back up a 320 GB hdd. what would you suggest for partiitoning, filesystem, etc.?
<benedict_> i have some folders of important data which i want to be backed up but a good part of it not required to be backed up
<benedict_> do you think that a cron, that updates 320GB->3TB is enough?
<sarnold> benedict_: you may need gparted to partition. I still like ext3, I
<sarnold> benedict_: .. I'll let others test ext4 a bit more first..
<benedict_> sarnold: ok - i'm not going for any edge technology anyway :P
<sarnold> benedict_: rsnapshot may be useful to you.. I like it, anyway. :)
<benedict_> i was thinking that RAID would be a bit over the top
<benedict_> also the point is that i am not the one to maintain this system - so i would not go too high in terms of complexity
<sarnold> raid is nice but no backup solution..
<benedict_> mirroring?
<benedict_> ok, i see what you want to point out
<markthomas> Mirroring and RAID help prevent data loss from drive failure, but not user error.  +1 for rsnapshot.
<benedict_> markthomas: what portects against bit-flipping?
<benedict_> e.g. if the active hdd flips a bit by accident
<markthomas> benedict_: that's a problem for RAID, not rsnapshot.  The latter is file-level backup.
<sarnold> most drives spend roughly 540 bits to store 512 bits of data -- by the time you get an error that can't be recovered, I'd be surprised if it is just a bit flipped rather than the entire sector reports unreadable..
<benedict_> ok
<benedict_> markthomas: but in case the bit flips - rsnapshot would take over that change
<markthomas> Which is why it stores whatever combination of hourly, daily, monthly, etc. backups you specify.
<sarnold> you could always store checksums or detached gpg sigs or something to keep track of your data integrity..
<benedict_> not that i reject rsnapshot - i will try it for sure... just trying to find things i have not considered yet
<benedict_> ok
<RoyK> rdiff?
<markthomas> versioned backups are always a good layer to have in your D.R.
 * RoyK uses bacula and crashplan
<benedict_> markthomas: D.R. ?
<benedict_> thanks for your suggestions - have a good day/night
<DuelE> Hey guys. I've put in a bit of study today on IPTABLES and have gotten a simple set of rules running smoothly. But, if anyone can provide me with links to examples of an advanced implementation that uses two nics (one internet one lan obviously) I would greatly appricate it.. or please direct me to a different channel if I am asking this in the wrong place
#ubuntu-server 2013-04-16
<GTAXL> How can I change the default umask for a directory?
<markthomas> I don't believe you can set umask on a per-directory basis.
<GTAXL> markthomas, I have a web dir that SPGrab uploads snapshots to, by default it doesn't allow others to read, resulting in forbidden when someone tries to access my screenshots, so I have to go in and change the permissions on the newly uploaded pics
<markthomas> Not familiar with spbrab.  But umask is per-process, not per dir.  You probably need to chmod in the process or some such.
<GTAXL> maybe setfacl?
<markthomas> I've never worked much with ACLs.
<markthomas> Yeah.  That I couldn't tell you.
<GTAXL> SPGrab works fine on my CentOS machine, really wanting it on my Ubuntu one
<GTAXL> I tried recursive permissions, don't work
<markthomas> What file ownership are the files getting when they're uploaded?
<GTAXL> -rw-rw----
<markthomas> And the ownership?
<markthomas> What are the owner and group?
<GTAXL> the user I upload via FTP as
<GTAXL> SPGrab is used to take snapshots of your desktop, upload via ftp to a web dir, and share a link
<markthomas> Hmm...
<GTAXL> I just want others to have read access on new created files in /var/www/screenshots/
<GTAXL> :P
<markthomas> So, you need to set the umask not for a specific directory, but as part of the FTP process.  Is this process the only thing using the ftpd on that box?
<GTAXL> no
<markthomas> Hmm...
<markthomas> Do they need access immediately after upload?
<markthomas> i.e. can there be a couple minute delay?
<GTAXL> Sorry about that, my ssh tunnel died. :S
<markthomas> :)
<markthomas> I'm at the end of my workday, and I'll need to run.  If a couple minute delay after upload is acceptable, try throwing a chmod into your cron.
<markthomas> s/cron/crontab/
<markthomas> It's a workaround, but it may do while you look into using ACLs.
<GTAXL> hmm
<markthomas> No, it's not attractive.
<GTAXL> I've heard of sticky permissions, not sure if that's it
<markthomas> It's not.
<digitalcha0s> trying to remove the default login on ubuntu server 12.10 -> any hints for me?
<digitalcha0s> i know issue and issue.net and the other one
<digitalcha0s> motd
<digitalcha0s> seems like i change it and then resets?
<digitalcha0s> gay
<digitalcha0s> i figured it out
<glitchy351> Hello! I am new to This IRC channel. I was wondering if someone knows much about load balancing webservers in ubuntu 12.10 ?
<aldwinaldwin> Question:  i've installed exim4 with a relay,  and have set the MAILTO= in crontab.  Via 'dpkg-reconfigure exim4-config' i was able to masquerade the domain. The only thing I can't figure out, is to change  the  username 'root' in the From-Address to another username.   So, how to change  root(at)domainname.com  to   user(at)domainname.com ?
<RoyK> hm... scripting in bash, I want to run this nagios check seven times and then return the largest exit code of all those tests combined (0-3). any idea of how to do that most easily?
<Tzunamii> RoyK: Start Nagios from a script and put each exit status into an array. That's the start
<Tzunamii> RoyK: After that you can sort the array and display the X number of top results
<andol> RoyK: Alternative approachy, which may or may not apply, take a look at the check_multi plugin?
<billy_ran_away> Hi, I've got a 5 1TB disk RAID 5 array and I'd like to migrate to 3 3TB disk arrayâ¦ what's the best way to do this?
<billy_ran_away> I've got enough SATA slots to where I can run the old array in degraded state and run the new array in a degraded state as well.
<billy_ran_away> Is this the recommended procedure? Run both in degraded, copy all the data over, then, remove the old disks and reboot with all the three new disks in?
<davegarath> billy_ran_away: if you place a 3T disk into a raid with 1T disk and rebiuld it you will lost 2T because raid will cuts it on 1T
<mardraum> billy_ran_away: I probably would not do it like that, I would use two machines in your situation, or another controller added in
<billy_ran_away> Can't I run both in degraded state?
<mardraum> davegarath: I don't think he wants to do that, he's just running out of sata ports?
<mardraum> billy_ran_away: you probably can. like I said, I wouldn't do it like that. what happens if you have disk failure in that state?
<mardraum> depends how important your data is, I assume your backups are all current :D
<billy_ran_away> Then I insert my 5th drive back in and order another 1TB drive
<mardraum> I don't think you are listening to me. good luck.
<Ralf22> Hey. When I install 13.04 beta now, will I be up to date when the final version is released?
<Nafallo> yes
<Ralf22> thanks Nafallo
<Nafallo> yw
<billy_ran_away> Why is mdadm -C /dev/md0 -l 5 -n 3 /dev/sd[hg]1 missing not making a 6TB array when I'm using 3TB disks?
<billy_ran_away> Why is neither cfdisk nor fdisk making the right size partitions on this 3Tb drive?
<mardraum> maybe your hardware can't handle the sector size change?
<billy_ran_away> mdadm -C /dev/md0 -l 5 -N media -R -n 3 /dev/sdd1 /dev/sdc1 missing
<billy_ran_away> mdadm: cannot open /dev/sdd1: Device or resource busy
<billy_ran_away> WTF? I just rebooted...
<zastaph> if I upload my files by ftp how do I make sure they get www-data:www-data 775 like my other files in /home/zastaph/web ?
<zastaph> setgid and umask? and what user should I use for ftp
<roaksoax> kirkland: howdy!! did you upload testdrive 3.18 to the ubuntu archive or only ppa?
<hallyn> ppetraki: hey - what would you say would be the most appropriate way to determine (from C) whether a blockdev is an lvm2 LV?  The functions in /usr/include/lvm2app.h ?
<ppetraki> hallyn, /me looking
<hallyn> thx!
<ppetraki> hallyn, just posting publicly now :)
<ppetraki> <ppetraki> the chessy way out to test for the negative, INQUIRY
<ppetraki>  block devices don't respond to SCSI cmds
<ppetraki>  all this code assumes you're trying to manage LVM
<ppetraki>  so you pick a VG, and use that handle to get a list of LVs
<ppetraki>  which is a royal pain in the ass
<ppetraki>  shortcut, just interrogate device mapper
<hallyn> ppetraki: what i'm doing is a generic blockdev layer in lxc,
<hallyn> which should take the 'source path', the blockdev in lvm case, and decide 'yes, i can handle this'
<hallyn> (so then it knows how to do snapshots)
<ppetraki> yeah, anything with a linear driver in DM table is either an LV or MP path
<ppetraki> well, an LV
<hallyn> ppetraki: in the current script-based clone, i just do lvdisplay $dev
<ppetraki> hallyn, you could also use the sg api and just pound all the devices with inquiry, not difficult, http://pastebin.ubuntu.com/5713668/
<hallyn> suppose i could go see how that command works
<ppetraki> hallyn, it tried to fail back, SCSI and ATA passthrough, both failed.
<ppetraki> hallyn, as if you concat a bunch of devices, which ones ID do you return?
<hallyn> you're talking mp?
<ppetraki> hallyn, that's LVM
<hallyn> concat devices?
<ppetraki> hallyn, likely true of MP but I don't have system access to confirm
<ppetraki> hallyn, sysfs is also useful, as block devices don't have make and model attrs, nor are they attached to the sd driver in sysfs device model
<hallyn> ok, so your comment was about sg...  i demand the actual lvm device, not one of the backing physical devices, so hopefu
<hallyn> oh yeah, lemme check sys
<ppetraki> hallyn, http://pastebin.ubuntu.com/5713690/
<hallyn> so i see:
<hallyn> cat /sys/dev/block/252:9/dm/uuid
<hallyn> LVM-B78EDPMWoBOMaP0szouAOQ6QDLsHCszyqKBLlxvtB41UudUh3CJyIFO0cDM35Df6
<hallyn> I wonder if LVM- is predictable?
<ppetraki> hallyn, you can do set exclusion at that point
<hallyn> dm is not necessarily lvm right
<ppetraki> hallyn, actually, yes :)
<ppetraki> hallyn, http://pastebin.ubuntu.com/5713696/
<ppetraki> hallyn, fixed?
<hallyn> ppetraki: sweet, thanks :)
<ppetraki> hallyn, UUID_PREFIX is hardcoded, so I think you're good, unless some uses udev to rename it
<ppetraki> hallyn, at a minimum you've covered the common case
<hallyn> if they want to mess with udev like that, they can get what's coming :)
<ppetraki> hallyn, agreed :)
<hallyn> ppetraki: thanks!   ttyl
<ppetraki> hallyn, anytime!
<ddsss> is keyring and seahorse installed by default in ubuntu?
<Jaith> I just did apt-get update/upgrade on my server running Ubuntu 12.04 LTS and noticed that PHP is ancient (5.3.10).  The latest version of php is 5.4.14.  The latest release of php 5.3 is 5.3.24.  Why on earth has canonical (or someone) not provided more up-to-date packages for PHP?  This is kind of ridiculous.
<sarnold> Jaith: see https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions and http://www.debian.org/security/faq#oldversion
<sarnold> Jaith: see also http://people.canonical.com/~ubuntu-security/cve/pkg/php5.html
<RoyK> sarnold++
<sarnold> hey RoyK :)
<RoyK> sarnold: ;)
<Jaith> sarnold: thx
<Jaith> oops..
<disturbed> hello
<disturbed> i'm having issues with automatically start tightvncserver at boot, any volunteers to help out?
<disturbed> not... all... at... once... plz :)
<bean> disturbed: chillax.
<bean> disturbed: how did you install it
<disturbed> sudo apt-get install tightvncserver
<bean> okay, and how do you currently start the server
<disturbed> tightvncserver -geometry 1980x1020 :0
<disturbed> that works...
<disturbed> then i made a /etc/init.d/tightvncserver, chmod +x
<bean> okay
<bean> and that script works to start it?
<bean> this post seems to explain it pretty well
<bean> http://askubuntu.com/questions/120973/how-do-i-start-vnc-server-on-boot
<disturbed> if i execute: sudo /etc/init.d/tightvncserver it works
<disturbed> but it doesn't do that at boot
<bean> right
<bean> you have to update it to run at boot
<bean> update-rc.d tightvncserver defaults
<bean> should do it
<disturbed> can i do: update-rc.d tightvncserver -geometry 1980x1020 :0 ?
<bean> no
<bean> literally
<bean> update-rc.d tightvncserver defaults
<bean> :|
<disturbed> ok brb
<disturbed> right, now i also see it in chkconfig, so looks good, tnx, => rebooting
<disturbed> still not rebooted...
<bean> heh
<disturbed> btw i saw that link before and already tried rc.local and @reboot crontab thingy
<bean> did you try the accepted answer
<bean> lol
<disturbed> @reboot seemed the easiest one :)
<disturbed> right, rebooting :)
<bean> @reboot likely won't work like you think it does, but alright :)
<disturbed_> no luck: ps -ef|grep vnc => nothing
<bean> ok
<bean> a vnc server is hard to get to work at boot, since it requires the display and stuff to already be working
<bean> not really a server if it has a GUI imo
<bean> ...
<disturbed_> :)
<disturbed_> well, i would have been happy with mint linux
<disturbed_> except that it could not boot without a monitor connected to it
<disturbed_> not a nas when it needs a monitor constantly
<RoyK> perhaps #ltsp
<disturbed_> i'll try webmin and see how far i get :)
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<disturbed_> *$!# :)
<RoyK> disturbed_: better use the commandline - it doesn't take to long to learn the basics
<RoyK> and it helps a good while in the long term
<disturbed_> where's my xanax
<RoyK> (by actually understanding what you're doing instead of just clicking some fancy GUI)
<RoyK> benzodiazepines aren't good for you, disturbed_ - beleive me
<disturbed_> should be a nas, so samba, daatp, owncloud, plexserver, ...
<RoyK> well, buy one
<RoyK> get a nas box
<RoyK> doesn't cost that much
<disturbed_> see, i'm not doing basics :)
<RoyK> disturbed_: it's rather easy to learn ;)
<disturbed_> i'd like to have a small server that can do samba, bittorrent, itunes server, ...
<RoyK> yeah, it's easy
<RoyK> easy peasy
<RoyK> just learn the basics
<disturbed_> but, since it's in the fitness room, i also sometimes want to connect a monitor and play music on that
<RoyK> don't be so bloody lazy
<disturbed_> without having to use my playstation 3 for the dlna
<disturbed_> don't see how i'm gonna play my music on my nas, in text mode :)
<RoyK> over the net - sure
<RoyK> but then - use a laptop or something if you don't want to learn too much
<RoyK> setup a homeserver and samba and you're all set
<disturbed_> think you're missing the point
<RoyK> probably more hassle with a webbased admin interface than with something on the commandline
<disturbed_> i want it to server a nas and media server
<RoyK> ps3mediaserver?
<RoyK> xbmc?
<RoyK> xbmc works well
<disturbed_> openmediavault, nas4free, ...
<RoyK> well, learn it, please
<RoyK> don't just ask
<RoyK> or join the channels where those products are supported
<RoyK> ubuntu server can give you storage on raid and support for a bunch of applications
<RoyK> but this channel isn't for end users for media server setup
<disturbed_> nvm
<RoyK> heh
<RoyK> (idiots)
<disturbed> single, doesn't surprise me
#ubuntu-server 2013-04-17
<pcarrier> hey! do you have some up-to-date documentation about how the official AMIs are produced, or even better, how to tune the process to produce custom AMIs? I'm assuming lp:~ubuntu-on-ec2/vmbuilder/automated-ec2-builds is still used, but I'd like to be sure.
<sarnold> pcarrier: this looks related: https://help.ubuntu.com/community/UEC/Images#Building_Your_Own_Ubuntu_Cloud_Guest_images
<sarnold> pcarrier: (I started from http://cloud-images.ubuntu.com/ and followed likely-looking links..)
<pcarrier> sarnold: ok, so you expect that to be up-to-date, thanks
<pcarrier> I mean, everything but one sentence refers to 11.10 or older
<sarnold> pcarrier: I hope so :) it at least knows about precise..
<pcarrier> sarnold: well, it does indeed barely pass that criteria
<sarnold> hehe
<pcarrier> sarnold: but you see my point.
<sarnold> yes.
<pcarrier> sarnold: I'd rather hear "here's how we baked our latest batch of images, hoy hoy! enjoy while it's hot!"
<pcarrier> not sure what I was going for with this quote.
<sarnold> pcarrier: hehe, it make sense anyway :)
<ia0001> hello
<ia0001> anyone know why im unable to view flash videos on ubuntu 12.04 LTS
<ia0001> i updated all the flash stuff
<sarnold> ia0001: servers don't typically have a graphical web browser installed, nor the flash player.. but if you've chosen to install those components, you'll also need to install the flashplugin-installer package
<ia0001> ok i  installed that
<ia0001> and its not working
<jgdovin> hi all
<jgdovin> so, while trying to fix my screen not being able to allocate ptys i screwed up /dev/pts perms
<jgdovin> and now regular users get "must be connected to a terminal" when trying to run screen inside an ssh session thats already established
<jgdovin> any help would be loved :)
<sarnold> jgdovin: here's hoping this is useful to you :) http://paste.ubuntu.com/5714797/
<sarnold> devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
<ai9371> someone please help flash player is not working
<ai9371> on ubuntu 12.04 LTS server
<ai9371> could it because somewhting to do with 32bit system.. it works fine on my ubuntu 12.04 desktop
<billy_ran_away> Ugh, can someone please tell how in the hell I start a RAID array in degraded mode?
<billy_ran_away> State : active, degraded, Not Started
<billy_ran_away> http://cl.ly/OKh1
<scjr> Hey I'm having some linux-general-pae depependancy problems (stemming from not having enough space to configure a new kernel I think) anyone know any easy fixes? - http://pastebin.com/1mdfP10j
<patdk-lap> did you run, apt-get update?
<Shadow__X> hello I am running ubuntu 12.04.2 in a virtual machine on esxi. I have not been able to get cpu frequtils to work under ubuntu. this is what cpu freq lists http://pastebin.com/7nvmm0Wi also the cpu is an amd fx 8320
<[LE]> I'm trying to setup an openvpn server on a VPS running Ubuntu 12.10, and I'm able to connect to the server from my windows machines. But cant seem to figure out the routing part with iptables
<[LE]> this is the only entry I have in the firewall: "iptables -A FORWARD -i tun0 -o venet0:0 -j ACCEPT
<[LE]> "
<Syria> Hello, I have a remote VPS, I usually create an ssh tunnel and browse internet using it with command "ssh -D 'port' user@host" my question is can I apply these settings system wide? I am talking about the socks proxy and port settings.
<Shadow__X> Syria: you can put it in to your browser
<Shadow__X> Syria: i know that OS X makes system wide proxys very easy but iirc windows wasnt as easy for system wide
<Syria> Shadow__X: Some applications doesn't allow you to use any proxies.
<Shadow__X> then you might want to try openvpn or another type of vpn
<Syria> Shadow__X:  Someone told me that I can do it from the terminal, iptables thing!
<Shadow__X> probably but i am not entirely sure how
<Shadow__X> a vpn would be a good idea though
<Shadow__X> that would allow you to secure all of your traffic
<Syria> Shadow__X:  Is it easy to configure my server and change it into a VPN server?
<Shadow__X> Syria: this seems pretty complete https://help.ubuntu.com/community/OpenVPN
<Syria> Shadow__X:  Thank you
<Shadow__X> Syria: so it would depend on how comfortable you would be following that
<Syria> Shadow__X:  I will read it now,
<Shadow__X> since it is a vps i would take a snapshot before you do anyting
<Shadow__X> if you can take snapshots that is
<Syria> snapshot of what? Are you talking about a backup?
<Shadow__X> snapshot of the server
<Shadow__X> and yes a backup
<Syria> Shadow__X:  Thnx again, I will start working on it now.
<Shadow__X> Syria: make a backup before you do anything
<Shadow__X> and if your vps gives you access to snapshots make one of those as well
<Kekke>  Hello everyone, I have an ubuntu server running LAMP, in apaches /var/www I have sub directories with users, i.e. /var/www/kekke/www/, this www folder is owned by the user Kekke with the group sftpuser, my group sftpuser gives the users access to the folder through sftp (their home dir is set to /var/www/user/www/). But when I install joomla to the www folder, I get all files/folders as unwritable, if I manually change them to 77
<Kekke> if I however change the user owning the /user/www folder to www-data I get the correct permissions, but that makes my user unable to sftp to their dir, what do I need to achieve correct permissions on every new user I add?
<shmoon> hello friends
<shmoon> in the chroot tutorial i read to do this /proc /var/chroot/hardy/proc none rbind 0 0 - is it really good to do this, is it safe? can affect environment outside chroot
<andol> shmoon: Whatever that is a good idea really depends on the purpose of the chroot.
<shmoon> andol: just want to execute few binaries, but still in general, if something wrong happens there it'll affect the /proc outside, so it shouldnt be a good thing to do
<shmoon> the tutorial also mentions to do a mount on /dev
<shmoon> https://wiki.ubuntu.com/DebootstrapChroot - i am a beginner trying to understand
<andol> shmoon: Well, if you are worried about something being on purpose malicious I wouldn't mount /proc in the chroot. On the other hand, most regular userspace programs won't accidently fail in a fashion which will cause problems with procs.
<andol> shmoon: Yet, to be on the safe side and not having to worry, how about instead going for a virtual test machine?
<catphish> i notice that some libraries have moved from /usr/lib to /usr/lib/x86_64-linux-gnu, is there a good way to determine the actual location of an installed library?
<catphish> (programatically)
<shmoon> andol: no idea how to set thyose up, chroot seemed easy
<catphish> actually my question is unnecessary, libraries can always be specified by relative path
<Deleteyrself> shut up and listen some http://anonpt.caster.fm/
<vrturbo> whats the best was to test hard disk perfomance from the cli
<patdk-wk> vrturbo, define hard disk performance
<vrturbo> read , write speed
<patdk-wk> well, that was a given
<patdk-wk> bandwidth or latency performance?
<vrturbo> i've got an ssd but I think Im hitting buffer issues
<patdk-wk> buffer issues? buffers are bad
<vrturbo> 838860800 bytes (839 MB) copied, 0.555752 s, 1.5 GB/s
<vrturbo> that can't be right ?
<patdk-wk> dunno
<patdk-wk> I can't see the command you used to produce that output
<vrturbo> if I test with 8gig I get a more believable output
<vrturbo> 8388608000 bytes (8.4 GB) copied, 29.5639 s, 284 MB/s
<patdk-wk> you should always test with 10x your ram, and/or use direct
<patdk-wk> you should also not use /dev/zero, but random
<vrturbo> I  have 24 gig on this server
<vrturbo> oh wait 8 gig on this one
<vrturbo> never tested ssd before, it's a new server so hasn't been put to work yet
<patdk-wk> testing an ssd is the same as testing a normal disk
<patdk-wk> the only difference I know of, is, they started adding compression into ssd's
<patdk-wk> so using /dev/zero will give you higher than normal results
<patdk-wk> I have no idea why they haven't done that with normal disks, but it might be half pointless maybe
<vrturbo> lets try 10 gig test and doing a sync this time
<vrturbo> 10485760000 bytes (10 GB) copied, 38.6364 s, 271 MB/s
<vrturbo> just a single sata drive
<CalebRipley> Hello, i have trouble with samba since yesterday. All of my maschines are unable to loggin on my PDC. I know that it is unlikely but is it possible that the patch from yesterday caused that?
<imjustmatthew_> CalebRipley: I applied the patch and didn't have nay problems so far, but I have a pretty simple setup (Samba as PDC against local users only, no OpenLDAP or MIT Kerbeos)
<CalebRipley> I am not quite sure, the patch cve-2013-0454.patch looked pretty harmless but all machines are unable to login since then.
<uvirtbot> CalebRipley: The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by lever
<CalebRipley> I am just using the default passwd backend
<feisar> hi, I have a script which adds some routing rules, it works fine when run manually but not when called from /etc/rc.local (this is a clean 12.04 install) why might that be?
<greppy> feisar: are you giving the full path to the commands?
<feisar> greppy: I'm giving the full path to a script which has the commands in (/usr/local/bin/routing)
<feisar> ah but that doesn't have the full paths to the commands in...
<feisar> ok I'm rebooting the machine...
<pdkl> why is my syslog empty?
<feisar> greppy: yes, I think that's sorted it, thank you : )
<feisar> greppy: (there was also somthing else wrong too when I checked the script so I'm not sure if I needed the full paths, but I'll leave them in)
<greppy> feisar: you either need the full paths, or you need to specify a PATH variable in the script.
<izanagisan> good afternoon to all
<ThatOneRoadie> Long time no see :{
<ThatOneRoadie> :P*
<keithzg_> Hmphh, trying to do some OpenCL stuff on some remote machines, but even "sudo DISPLAY=:0 fglrxinfo" and I get "error: unable to open display (null)". And any opencl program I run at best segfaults :P
<keithzg_> Hmm,  lspci -nnk | grep VGA -A3 seems to show that I'm using the "radeon" kernel module, even though /etc/modprobe.d/fglrx.conf is explicitly blacklisting it.
<fluvvell> are there any new "worthwhile" front ends for administering samba with ldap and the like? I'd like to give administration of usernames and passwords to a cabable staff member via a web interface if poss.
<Mark2> Evening all. It's my first time installing ubuntu server onto an old pc for a home server and minecraft server for a few friends. I have a question - should I choose the 32 or 64 bit version of Ubuntu server? The pc has a pentium 4 2.4 Ghz CPU but I don't know if it has a "Prescott"core or whether it supports 64 bit processing. Any advice would be much appreciated!
<Mark2> Anyone able to help?
<sarnold> Mark2: 32 bit is likely to work everywhere, but 64 bit gives applications larger address spaces, which might be nice for minecraft, I thought I heard that thing sucks down whatever memory you give it..
<genii-around> Mark2: If you boot to a livecd, you can do : sudo lshw -C cpu  | grep width     and it will tell you there
<Mark2> Thanks guys. sarnold, would it not matter running applications with larger address spaces if the CPU can't handle 64 bit?
<sarnold> Mark2: well, if the cpu won't do it, then it just won't go. :)
<sarnold> Mark2: (honestly, I've never tried, I do'nt know how far into boot you'd make it, but less than a second sounds right :)
<sarnold> Mark2: my comments about the address space were about the relative problems you'd have running 32 bits on a cpu capable of 64 bits -- it's not -so- bad, especially if you've only got 4 gigs of ram or less anyway :)
<Mark2> Well I'm planning to put 4gig of Ram in the machine. It currently has a paultry 1GB...
<genii-around> If it's a 32bit cpu, then you'll need the PAE kernel for it to see all 4
<sarnold> do recent releases even have non-pae 32 bit kernels?
<genii-around> sarnold: Lubuntu minimal does ;)
<sarnold> genii-around: hunh :)
<Mark2> I thought 32 bit systems could use up to 4GB natively.... I don't know lots about this as you can probably tell!
<sarnold> genii-around: PAE page tables can't possibly add more than .. 16 bytes? .. to the pagetables in the kernels. that seems like an odd tradeoff to me.
<sarnold> yeah, I thought a non-pae kernel ought to do 4 gigs just fine, but that's a spec I've never personally tried. :)
<genii-around> Non-PAE ends up seeing somewhere in the area of 3.2G
<sarnold> wow. I thoght that was just a windows problem. :)
<sarnold> I mean, you'd only ever be able to give an -application- around 3 gigs, but I thought the computer as a whole could use all four.
<Mark2> Just another quick question - would the 64bit version of ubuntu just refuse to run on a 32 bit machine? Basically, can I screw things up by trying to install the 64 bit version?
<genii-around> Mark2: At any rate, I think the default 32bit kernel has PAE enabled by default now
<genii-around> Mark2: Yes, the 64 bit version would just chink out and not install
<genii-around> *chunk
<Mark2> genii - thanks for the advice!
<sarnold> Mark2: the worst is you would waste a cd or dvd burning something that won't boo
<Patrickdk> what is the usespace limit for 32bit? 1gig? 2gig or 3gig?
<Patrickdk> forget what ubuntu compiles the kernel mode for that
<Patrickdk> that is always what I normally cared about
<Patrickdk> why I would use 64bit even with 3gigs of ram
<sarnold> Patrickdk: afaik, 3204 M
<Patrickdk> plus I have some systems that only let you use 2.4gigs of ram, when you have 4gigs cause of bios stuff
 * Patrickdk notes dell
<sarnold> Patrickdk: though with standard library and executable layout, it'd probably run out of malloc space around 2.5 to 2.7 gigs in
<Mark2> I think I just got an answer to my question: "This kernel requires an x86-64 CPU, but only detected an i686 CPU. Unable to boot - please use a kernel appropriate for your CPU"
<genii-around> 32bit it is
<sarnold> hehe, there you go :) 32 bits.
<Mark2> *sigh* time to re-download the OS in 32 bit...
<Mark2> thanks again for your help! I'll keep an eye out for the PAE thing in case the memory isn't recognised too.
<sarnold> cool :) once it is installed, apt-cache search pae will hopefully make it more clear..
<Patrickdk> mark2, normally pae works fine, but rarely, a pae kernel won't boot on 32bit cpu
<sarnold> Patrickdk: no kidding?
<Patrickdk> yep
<Patrickdk> I have one next to me :)
<Patrickdk> it won't use more than 3gigs of ram, even if installed it won't see it
<sarnold> Patrickdk: is it labeled "iNTEL inside! 386/25 SX!" ? :)
<Patrickdk> and it won't boot a pae kernel, or 64bit, even with a 64bit cpu
 * Patrickdk blames the bios/mb
<sarnold> that seems likely
<sarnold> what is it? old pentium celeron or something?
<Patrickdk> has an intel d 940 in it
<Patrickdk> sl95w
<sarnold> wow, dual core 4 megs cache 64 bit 3.2 ghz.. I'd expect that to be tolerable. go figure. :)
<Patrickdk> no 64bit, no pae, it won't boot
<Patrickdk> works on normal 32bit kernel just fine
<sarnold> vt-x!
<Patrickdk> but only sees 3gigs of ram, doesn't even see the last gig in the bios to count
<sarnold> no vt-d though
<sarnold> haha, awesome
<Patrickdk> msi 945 neo5
<sarnold> it even has an execute disable bit! I would expect to even benefit from the pae kernels. man.
<Patrickdk> also has 6 bad caps
<Patrickdk> but it's been sitting on the shelf for a few years now
<sarnold> as a warning to the others?
<Patrickdk> as a, I can't believe this crap, I will overcome it sometime
<genii-around> Sounds like a BIOS problem
<cuken> Is ZFS on linux to a stable enough point to run as the main file system using samba as a nas solution off of ubuntu-server?
<blkperl> cuken: they said the latest release is production ready
<blkperl> cuken: have backups though
<cuken> Thanks blkperl, my google fu has been pretty hit or miss on the actual setup on a new server, do you know of any decent guides/resources for getting that running from scratch
<blkperl> cuken: sorry nope. all you need to do though is add the PPA
<blkperl> cuken: let me know your how it goes, I'm curious how other people are using it/bugs they've faced
<cuken> i will report back with failure reports
<izanagisan> quick question: has anyone tried to install Ubuntu Server (12.04) in an IBM x3650 Server? Should I expect compatibility?
<jonzobrist> izanagisan, I run Ubuntu 12.04 (and 10.04 LTS) on IBM x3550's (about 50 of them) and have never had any problems
<izanagisan> jonzobrist: that's really nice to know
<jonzobrist> IBM has huge investments in Linux, and I would expect everything they make hardware wise to run Linux well
<izanagisan> by the way, as a complete server and IBM noob, do you happen to know where can I find abundant and clear documentation on their servers?. I also have 1 x3650 M3 in which I want to set up RAID and install Ubuntu Server, but I've been really bad at finding instructions to set the system up
<sarnold> izanagisan: have you found this yet? nothing specific to your hardware, but hopefully useful nonetheless: https://help.ubuntu.com/12.04/serverguide/
<izanagisan> sarnold: hadn't seen that guide. Seems quite conprehensive. Thank you very much
#ubuntu-server 2013-04-18
<Odd0002> is it possible to create a live ubuntu server USB drive, like you can with the desktop edition (with persistence)?  I tried with unetbootin and it only allowed me to install or check media
<sarnold> Odd0002: it is my assumption that if you have a second usb drive or have partitioned your drive to leave some free space after the OS, you could easily mount it and have some persistence..
<sarnold> (it may not be the magical experience that it is on the desktop live image with persistance, but you ought to be able to store data on it persistently.)
<Odd0002> but you can't actually start up the server edition
<Odd0002> only the installer or an ash shell
<Odd0002> from busybox
<sarnold> oh :/
<Odd0002> that's why I'm asking
<petey> CRAP!
<petey> i just ran a bunch of commands I shouldn't have ran - had them copied and pasted
<petey> is there a way to undo that
<sarnold> depends on the commands, but in general, no.
<petey> i had some rewritecond pasted in...
<petey> hmm can i edit /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f
<sarnold> with the literal name '$f' in those directories? or all files in those directories? or some files in those directories?
<petey> thats the folder that went through
<petey>   https://gist.github.com/anonymous/dcf9ecd7ef3ae2f53264
<petey> take a look, that's what i ran
<petey> no thats the error that showed up, sorry
<petey> https://gist.github.com/anonymous/240f0ef7e18a563f8e1f - these are the commands that ran
<sarnold> did any of those actually -do- anything when run?
<petey> looks like a bunch of errors
<petey> i was only worried about the one that said 'done'
<sarnold> probably the only lines that didn't error were the blank line and the # END line :)
<petey> lol alright thanks
<petey> sorry its been a long day
<petey> i would figure i would check to see if i didnt mess anything up
<sarnold> always a good idea
<shauno> if you want to be sure, tail /var/log/auth.log - you used sudo, so if any of that was actually executed, sudo would have logged the commands
<sarnold> I've made that similar mistake, pasting a giant pile of unrelated things, and _hoping_ that none of the starts of the lines were anything in the PATH... :)
<sarnold> shauno: yay good idea :)
<shauno> it doesn't look like it should have, but it's kinda comforting seeing for sure
<petey> i didnt use sudo
<petey> but i will tail definitely
<petey> thanks alot
<shauno> the actual command inside the loop uses "sudo ln -s ..."
<petey> shit yes you're right
<petey> i dont think it ran anything to be honest
<petey> just some wordpress stuff i was doing
<petey> wait crap it may have..
<petey>  /uploads ; USER=root ; COMMAND=/usr/bin/nano /etc/modsecurity/optional_rules/
<qman__> no
<qman__> petey, it has to have been a valid command on one line
<qman__> even if that had run, all you would have done is set a couple of variables
<petey> i see
<qman__> assuming "/uploads" is not a valid executable on your system
<petey> nope
<petey> its just a folder
<petey> wordpress install
<sarnold> petey: woot. looks like you got lucky tonight and nothing happened :)
<petey> lol yay sarnould
<petey> thanks
<cuken> I have a zfs pool running on samba, but on my windows box I can see the root of the share, when I click on it I get a network resource not found error
<Iapetus> hello!
<Iapetus> so my server can't be accessed by the outside world anymore. can anyone point me in the right direction?
<Iapetus> I do not have a FWDN
<Iapetus> FQDN
<Iapetus> but I do have gin and tonic, which makes it better
<Iapetus> oh and crackers
<Iapetus> This must be a common question I take it..
<greppy> Iapetus: do you have a public IP address on the server?
<Iapetus> no
<Iapetus> yes
<Iapetus> and  no
<greppy> how is your network connection setup?
<Iapetus> It's a cable modem connected to two computers via a router
<greppy> so do you have the router configured to port forward to your server?
<Iapetus> yup
<greppy> What is the public IP?
<Iapetus> are you referring to http://www.whatismyip.com/ or how I locally connect to it?
<greppy> the actual public IP :)
<greppy> so probably what shows up on whatismyip.com
<Iapetus> it probably won't give you shit but: 71.10.98.41
<greppy> hopefully you are using RFC1918 space behind the router.
<greppy> crap
<Iapetus> ?
<greppy> I have an ethical dilemma...
<Iapetus> I feel like I should just get passout drunk and not care about anything
<Iapetus> life sucks anyway
<Iapetus> no search away on it if you like, you won't find anything
<Iapetus> o7
<Iapetus> go on then
<Iapetus> have at 'er
<Iapetus> she'll like it
<greppy> Iapetus: did you see my private messages to you?
<columb> Hey there. How do I reserve memory/cpu for Ubuntu? I'm aware of freeze on overload. Remoted didecated server on 11.10.
<ak5> I need to have php msqli extension but when I try to install php5-mysql it pulls mysql-common - which I don't need or want
<Bongone> hi guys.. Ive got exim and cyrus imap on my server. Is there any way that I can check the incoming emails of a user?
<greppy> Bongone: check them for what?
<Bongone> greppy: I want to see if there are incoming emails
<greppy> check the log files
<Bongone> greppy: I want to check how many emails are there. Because the users when they try to pull emails dont receive any
<greppy> check the mailq
<greppy> I don't know if exim has the mailq command, but you can also look in /var/log/mail.log and see if mail is being delivered.
<TJ-> What process creates (and doesn't delete) files in /var/tmp/guest.*/ on each boot? It's related to libguest but I've been unable to discover what is creating the directories and using the space
<tom20sec> test
<linuxcadette> Hello! Im trying to change the PS1-variable to display current shell+ current directory. PS1='$(0) $(pwd)' doesnt seem to work with printing current shell. ideas?
<caraconan> Hi there. Any quick way to disable apparmor to allow this? http://pastebin.com/VCmVVivf
<caraconan> I just want to test VirtFS
<bambanx> guys i am here https://www.digitalocean.com/community/articles/how-to-install-iredmail-on-ubuntu-12-10-x64 , in the part of https://secure.instantssl.com/products/SSLIdASignup1a and in the select box  Select the server software used to generate the CSR: ?
<bambanx> what i should choose?
<jdstrand> hmm, caraconan didn't wait too long...
<strocknar_> I'm wanting to use mod_sftp in proftpd. however, the server I am using is on 10.04. Aside from upgrading to the latest and greatest, is there anything else I can do to use this mod?
<strocknar_> I tried snatching the .deb from debian sid for proftpd-basic, but it requires libraries of a higher version than what is available in ubunto 10.04
<RoyK> strocknar_: what does that do that sftp in sshd can't?
<strocknar_> easy chroot
<RoyK> ok
<RoyK> rssh should do that, though
<strocknar_> right now I use sshd's sftp server
<strocknar_> but am wanting something a bit easier to manage
<RoyK> tried using rssh?
<strocknar_> nope. but I will now :D
<RoyK> won't work if the clients need shell access, though
<strocknar_> is the website for that really 'pizzashack.org'!?
<RoyK> apparently ;)
<RoyK> "home of pizzacode" :D
<RoyK> rssh should be available from the repos, though
<strocknar_> RoyK: I may fall back to taht if I can't get proftpd to compile from source
<strocknar_> thanks for the input
<strocknar_> looks like a good tool to have in the belt
<billy_ran_away> Is it safe to mount and use a RAID array that is recovering?
<billy_ran_away> I did last night and suddenly one of the drives was found to be faulty and was removed.
<ak5> hi guyes
<ak5> will I have difficulties if I use `usermod -l ubuntu somethingelse` as ubuntu on a single user system?
<scofflaw> cd
<TheLordOfTime> what's the default "PermitRootLogin" setting for openssh-server
<TheLordOfTime> ?
<dir> no
<TheLordOfTime> that's what i thought
<TheLordOfTime> but i couldnt find that in the package's files :P:
<TheLordOfTime> hence my asking :)
<TheLordOfTime> thanks
<dir> np
<keldwud> hello
<keldwud> noob here with an issue that may or may not be of interest to https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/
<keldwud> not sure how to properly search or verify or file if it is needed
<keldwud> anybody want to guide me through the process or to a resource that can instruct me how to do so?
<Quest> If I have a asterisk server having centos or ubuntu or so  and hardware core2duo and I make the harddisk image by ddrescue or clonezilla or somehting. and past that image to a P4 Ht technology computer for example (different hardware). will the paste work? will I have any driver issues or something else? (please inform for assuming console based soervers and also for GUI servers)?
<keldwud> I'm somewhat sure that my nrpe issue is isolated to ubuntu server 12.04 and/or 12.10
<Quest> it seems that its too dificult to have a contigency plan. (what if the server crashes or get burned. we need prompt premade backup)
<RoyK> kermit: why use nrpe when ssh checks are so much easier to manage?
<kermit> RoyK: i've never used nagios
<RoyK> I have, for 10 years or so
<Froberg> Hi all. I'm setting up my first ubuntu server with 4 X 3TB drives. I'm reading the documentation but something has me stumped.. (https://help.ubuntu.com/12.04/serverguide/advanced-installation.html)
<Froberg> It says I need to create a swap area on each disk. Surely this cannot be accurate? From what I've learned having a large swap area is not generally a good idea.
<Froberg> But from the documentation, it appears to be the case. Would someone help clear things up for me before I proceed and potentially will have to re-do everything at a later date? :)
<sarnold> Froberg: I don't think swap space is mandatory
<markthomas> Froberg: how are you configuring the storage in your system?  Software RAID, hardware RAID, or none of the above?
<sarnold> Froberg: nearly everyone likes having swap though, and spreading it across drives makes sense.
<Froberg> I'm using Software RAID - was planning on RAID 5.
<sarnold> Froberg: but it makes sense to me to have some place to shove data that is rarely used and doesn't need to live in RAM all the time, if the memory could be more profitably used for something else
<Froberg> The guideline says twice the swap area of available memory. Would that mean that in my case, with 2GB of memory, that I should create a 1024MB SWAP area on each drive, then?
<markthomas> Froberg: if you have swap partitions that are not RAIDed, and the drive with the swap goes down, you may (will?) need to reboot the box.
<Froberg> Or should I do a 4096 on each drive instead?
<sarnold> Froberg: I'd want 2-4 gigabytes of swap space after raid has been taken into account..
<Froberg> Aye, I have allocated 4096 to the first drive already.
<markthomas> Froberg: I second sarnold's recommendation.
<Froberg> But I got confused about the documentation and the statement that I had to repeat steps for all drives.
<Froberg> So you're saying I should keep the 4GB Swap on Drive #1 and repeat for the remaining three?`
<sarnold> I'm no good at the raid math :/ would that give you 8 gigs of swap or 12 gigs of swap once it is raided together?
<markthomas> 8gb, I believe.  That's a lot of swap for that much RAM.
<Froberg> Well
<Froberg> 4 x 3TB = 9TB usable space
<Froberg> When Raid 5 is used, I mean.
<Froberg> so by my math I'd end up at 12GB of Sweap
<Froberg> *swap, sorry
<sarnold> yeah, that's a lot of swap..
<sarnold> which might be nice if you ever move the array toa nother machine with 32 gigs ram :)
<sarnold> but with two gigs of ram, either way that's a lot of swap.
<Froberg> http://askubuntu.com/questions/44217/frustrated-with-ubuntu-and-softwareraid-5 been reading that now
<Froberg> I must admit that not a whole lot of what he's saying makes that much sense to me
<scar> how can i get an ubuntu server to use htaccess
<sarnold> Froberg: will you be installing your OS to this array or is this solely for your data?
<Froberg> I will be installing the OS to it as well.
<Froberg> I was hoping to avoid having to rebuild my server if the OS Drive failed.
<sarnold> makes sense.. then heed the warning about /boot being mirrored, not raid5..
<Froberg> hm
<Froberg> So we're talking multiple raid implementations? =)
<sarnold> could be :/
<sarnold> .. and stepping firmly outside of my experience
<Froberg> To be fair.. it seems needlessly complicated.
<Froberg> I don't this usage scenario is entirely unique
<Froberg> :S
<sarnold> I think folks with raid setups tend to do something like simple mirror or 0+1 (or 1+0..) for OS, and maybe raid 5 or raid 6 for their data drives..
<Froberg> hm
<Froberg> with four available drives using two of them on mirroring would defeat the purpose
<sarnold> indeed
<Froberg> unless multiple raid levels can be in effect on the same drive
<Froberg> but.. I lack experience on the subject
<sarnold> Froberg: yeah, same here. I -expect- it is possible but might complicate repairs well beyond reasonable.
<Froberg> without Ubuntu Server being backed up though.. I'm really going to be up "shit creek" without a paddle if anything goes wrong with the system drive.
<markthomas> Just catching up, here. Sorry, I thought you said 3 drives.  If you have 4, then yes, it would be 12GB swap, which is crazyâ¦but that's IF you don't put the SWAP on a RAID as well.
<Froberg> According to the guide the swap is being set up in a raid
<Froberg> https://help.ubuntu.com/12.04/serverguide/advanced-installation.html
<Froberg> Next, select the Size of the partition. This partition will be the swap partition, and a general rule for swap size is twice that of RAM. Enter the partition size, then choose Primary, then Beginning.  Select the "Use as:" line at the top. By default this is "Ext4 journaling file system", change that to "physical volume for RAID" then "Done setting up partition".
<Froberg> I take that to mean that the swap area will indeed be part of the raid array
<markthomas> Ultimately, a RAID-1 is sufficient for SWAP in most cases.
<Froberg> well sure.. but I want Raid5 for the extra space it grants over Raid1
<Froberg> you suggesting I raid1 system on all drives
<Froberg> then when the system is installed, I Raid5 the remaining free space?
<sarnold> Froberg: is there no chance of getting two new drives for the OS that you could mirror?
<Froberg> All drives are entirely new.
<Froberg> I just got them today.
<Froberg> They're being installed in a HP MediaSmart EX490 server where I've upgraded the CPU.
<Froberg> It has four drive bays (hot swap) and nothing else.
<Froberg> If it were a matter of adding more disks that would be fine, if it were an option but it's not.
<sarnold> aww, nuts.
<sarnold> I'd seriously look into 0+1 or 1+0 or whichever works better. :)
<Froberg> That would leave me with 6 TB of space
<Froberg> whereas Raid 5 only removes the space from one drive.
<Froberg> Yielding, unless my math is off, 9TB of usable storage.
<sarnold> true enough, but unless you want to boot off a USB stick....
<sarnold> actually, how do you feel about booting off USB? :)
 * sarnold runs
<Froberg> not terribly comfortable, to be honest.
<Froberg> The server is headless, so I've had to buy a debug cable and attach it to the motherboard for a VGA connection
<Froberg> The cable will not fit inside the case, as such, it'll have to go.
<sarnold> oof
<Froberg> I would like to eliminate the chances of something going wrong that will require me to dismantle the entire server and re-attach it.
<sarnold> :D
<Froberg> Booting from a USB seems like a risky thing to do, in this scenario.
<sarnold> yeah, agreed there. but it does let you use your huge data drives for data with the raid5 without overly complicating repair..
<Froberg> well
<Froberg> if I can raid 1 a small system partition on all drives
<Froberg> and then raid 5 the remainder when the system is booted
<Froberg> I don't see any reason why that shouldn't be rock-solid.
<Froberg> barring dual drive failure
<sarnold> hrm, that sounds worth trying
<Froberg> righto
<Froberg> markthomas - what size to I partition these mythical raid1 partions in, then? :P
<stressedfred> Just checked my web server logs, i have like over 10 different chinese ips that connected to port 22. What should I do?
<Froberg> run!
<markthomas> Froberg: what are you doing with this server?
<Froberg> Samba File Share and Plex Media Server
<Froberg> rtorrent as well
<markthomas> stressedfred: fail2ban or denyhosts
<markthomas> Froberg: and how much RAM did you say you have?
<stressedfred> markthomas: I already have fail2ban installed.
<Froberg> markthomas 2GB
<markthomas> stressedfred: then if it's doing its job, those IPs should already be in /etc/hosts.deny
<bean> stressedfred: them connecting isn't a big deal.
<Froberg> Looking for a second hand 4GB DDR2 module somewhere.. prices went up after ddr3 as usual ;)(
<sarnold> stressedfred: make sure you do not allow password authentication over ssh, consider using hosts.allow or iptables to limit connection attempts to 'known good' IP ranges that you and your users use (not always feasible..) -- consider using ufw limit ssh/tcp    to rate-limit incoming connection attempts from specific ips
<markthomas> Froberg: No more than 4GB, IMO.  If you start paging, you need more RAM.  2GB is a little lite.
<markthomas> stressedfred:  good practice to turn off password auth, but not always feasible.
<stressedfred> Fuck.
<IdleOne> !language | stressedfred
<ubottu> stressedfred: Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<stressedfred> Got IPs from North Korea, Ukraine, and Russia too
<stressedfred> Jesus christ.
<Froberg> markthomas so do I make a 1GB Swap on each drive, or a 4GB swap on each drive? :)
<Froberg> raid 1 over four drives should still only yield 1 GB of swap, so I think 4?
<markthomas> Froberg: correct.
<markthomas> Froberg: overkill, in this case, but with the drive configuration you haveâ¦  Alternately, if you really want to RAID-5 your swap, do 1.5GB Each.  I can't guarantee how well the latter will work.
<Froberg> I'm indifferent either way.
<Froberg> As long as the primary storage space is in Raid5 to optimize the available space.
<Froberg> I will be making backup to external drives so 100% reliability is not absolutely critical
<Froberg> Still, being able to survive one drive failure would be nice indeed.
<markthomas> Froberg: if the swap is mirrored, you should be able to stay online if a drive fails.
<Froberg> what do you know.. random google searching turned this up: http://www.mediasmartserver.net/2011/06/07/guide-how-to-set-up-ubuntu-and-raid5-on-the-mediasmart-server/
<markthomas> I love the optimism: "This exercise also likely dedicates too much space for swap, but in the grand scheme of things this should not make much of a difference."
<Froberg> he's not terribly good at documenting his steps, either :p
<Froberg> he is also, apparently, letting it configure everything automatically
<Froberg> which isn't exactly what the official documentation recommends
<Froberg> I guess one could try his method and see if it even works
<Froberg> it's not like I have fear of data loss at this point ;)
<Froberg> Just tried to see what it looked like.. swap at 2.1 GB, 3.0TB Ext4 and 1.0 MB biosgrub
<Froberg> never seen biosgrub before
<markthomas> Grub2 has a couple different ways to boot, now: UEFI and BIOS.  I guess we know which is being used here.
<Froberg> aye
<Froberg> Raid 5 array with 4 drive is set up
<Froberg> Ubuntu server is installing..
<Froberg> swap area landed at six gigs
<Froberg> no hot spare ;)
<Froberg> so far my first Ubuntu Server experience has not been as terrifying as I'd suspected.
<Froberg> largely due to you markthomas and sarnold - so cheers guys. :)
<markthomas> :)
<Froberg> accidentally only chose samba package to install
<Froberg> now I have to add openssh manually
<Froberg> oh well, learning experiences!
<Froberg> :D
<izanagisan> I'm setting up a RAID 1 in 2 1TB drives and leaving a third 1TB drive as Hot Spare. Am I being silly for not setting up RAID 5 on all 3 instead?
<Froberg> well I just did ten minutes of reading on the subject
<Froberg> so clearly I'm already an expert
<Froberg> :P
<Froberg> But the idea behind hot swap is nice, but it's also dangerous imo
<izanagisan> hahaha, same here man, read the IBM documentation on RAIDs. Fascinating topic
<Froberg> if a degradation of your array is detected, the hot spare will kick in and the array will rebuild
<Froberg> WITHOUT user interaction
<Froberg> this stresses the reamining drives and can potentially cause a cascading failure on the other drives
<Froberg> leaving your with a dead array
<Froberg> meanwhile if you don't have a hot spare, you'll at least have a shot at backup before rebuilding
<Froberg> that's why I chose against a hot spare, at least.
<izanagisan> I think I'm gonna try all possible configurations and run tests
<izanagisan> but yah I'll proly stay with RAID 5 on all 3 drives
<Froberg> what the hell
<Froberg> now it asks me where to put the grub boot loader
<Froberg> am I expected to remember all the drive names? :D
<izanagisan> how many virtual drives did you create?
<Froberg> 4 ext4 and 4 swap
<Froberg> resulting in one ext4 raid 5 and 1 swap raid5
<markthomas> Put the grub bootloader on the first drive (/dev/sda, usually)
<Froberg> here goes nothing
<izanagisan> allright, it seems like very soon I'll run though the exact same issues than you. Starting my first UbuntuServer installation on an actual server, with hardware RAID
<Froberg> a list would be nice to have :P
<Froberg> izanagisan I'm happy to make all your mistakes for you! :)=
<markthomas> izanagisan: hardware RAID will be somewhat different.  The drive configuration will be done before install.
<izanagisan> was done already. A first test with 1 virtual drive, 2 phisical drives RAID 1
<Froberg> ... install finished.. rebooting
<Froberg> hold on to your socks
<izanagisan> so, that'll make the UbuntuServer install process easier, right?. the RAID config will be transparent?
<izanagisan> I'll only see one drive?
<markthomas> Froberg: the scenario they're describing is unlikely, unless you keep your drives well outside their expected lifespan.  But it's not unheard of.  Bottom line: back up your stuff.
<markthomas> izanagisan: you should.  Hardware RAID is typically done by the BIOS (some SATA Fakeraid of old would still show multiple drives.  Had to do some tweaking then.  It's been awhile).
<Froberg> well markthomas in a scenario like mine.. I've bought all four drives at the same time. Same manufacturer and type. (WD Red 3TB).
<Froberg> It's not entirely unlikely that they will fail within a short period of each other.
<Froberg> But hey, a five year warranty is hard to beat.
<markthomas> Right.  If you're concerned, I'd stress them and burn them in BEFORE going into prod.
<Froberg> it's not like my NAS and media server is a critical application.
<Froberg> As long as I continue to keep religious backups, I should be fine.
<markthomas> What are you backing up with?
<Froberg> markthomas the system is booted and is just slowing a blinking cursor, should I be worried or leave it alone?
<markthomas> Froberg: leave it for a moment and see what happens.
<Froberg> backing up to external drives which are then stored at a secondary location
<Froberg> define "moment" :p
<markthomas> If it's still not working, it might be time to boot to a rescue CD and try to mount the volume and look at the logs.
<markthomas> Did you see any output from the OS at all prior to the black screen?
<Froberg> No
<markthomas> Okay.  Use the rescue boot.
<Froberg> assuming this is on the boootable usb
<Froberg> w00t
<Froberg> second boot worked
<Froberg> I have terminal!
<Froberg> system load 1.26, 94 processes, 2% memory usage
<Froberg> fairly decent!
<izanagisan> dum question but have to ask: when one sets up RAID from the Ubuntu installation, it means there will be a software RAID, controlled by the OS, using the CPU?
<markthomas> Right.
<izanagisan> and that's prone to failure in case of electric failure?
<Froberg> I certainly hope not..
<markthomas> izanagisan: unless your hardware raid controller has battery backup, there's no difference in risk :)
<markthomas> Froberg: try to mount the RAID array you created.
<izanagisan> it does, I'm installing on an IBM x3650 M3 with a 5015 RAID card with battery cache
<Froberg> .. isn't it mounted when the system can boot from it?
<markthomas> If you booted from the rescue CD, then no.
<markthomas> And in any case: not exactly.
<Froberg> I didn't
<Froberg> It booted all on it's own!
<Froberg> After being rebooted
<Froberg> ^,^
<markthomas> Cool!  Thenâ¦never mind.
<uvirtbot> Froberg: Error: ",^" is not a valid command.
<markthomas> Do a df -h just to verify things look right.
<Froberg> uvirtbot it's a smiley.
<uvirtbot> Froberg: Error: "it's" is not a valid command.
<Froberg> stupid bot
<Froberg> it says dev/md0 8.2 T, 1.2G used, 7.8T Available
<markthomas> There you go.
<Froberg> gravy
<markthomas> Incidentally, check out LVM sometime.  With that much space to play with, it may give you some flexibility in space allocation.
<Froberg> LVM?
<markthomas> But in any event, it's time to start doing stuff.  Oh, and that system load will drop to zero once the RAID sync is done.
<markthomas> Logical Volume Manager.
<Froberg> cool
<Froberg> I've never done manual stuff on ubuntu before
<Froberg> only done some sharing from ubuntu desktop
<Froberg> assuming I should apt-get updates or something first :P
<Froberg> and install the ssh server
<markthomas> To patch, apt-get update && apt-get upgrade
<markthomas> Also, I often use aptitude in place of apt-get.  Syntax is very similar (aptitude incorporates some functions of apt-cache as well), but it does a slightly better job with dependencies.
<markthomas> Just put it on your things-to-look-into list right under LVM. :)
<Froberg> I shall pretend to know what that means and return to google!
<Froberg> ;-)
<markthomas> In the meantime, yes, do the patching and reboot.
<Froberg> just installed ssh server
<markthomas> Good.
<Froberg> the real fun will be adding a static ip to the damn thing
<markthomas> Easy peasy.
<markthomas> You know how to use vi?
<Froberg> I have no idea about anything at all
<markthomas> or nano, or pico, orâ¦okay.
<Froberg> I was even considering adding a GUI to the server to help me out a bit. :P
<Froberg> nano is a file editor right?
<Froberg> I seem to remember that
<markthomas> yes.  Put 'vi' on that list.  Then, type sudo nano /etc/network/interfaces
<markthomas> You should see:
<markthomas> auto eth0
<markthomas> iface inet eth0 dhcp
<Froberg> aye
<Froberg> I see it
<Froberg> (now working in putty ^^)
<markthomas> Cool.  One sec.
<markthomas> http://pastebin.ubuntu.com/5719908/
<markthomas> Make it look something like that.
<markthomas> whitespace shouldn't matter.  dns-search isn't especially important, unless you have one.
<Froberg> is dns-search neces..
<Froberg> haha :)
<Froberg> seems a lot like cisco router configuration when you look at it
<markthomas> For example, if you use comcast for an ISP, you could set it to comcast.com, etc.  Or, nothing at all.
<Froberg> ahg alright :)
<izanagisan> installation went as swiftly as in a regular PC. Well, now to set a static IP and run lots of tests. I'm sort of excited to finally be running UbuntuServer on a real server and not my laptop, hehehh
<markthomas> Once you're done, use ctrl-x to save, run /etc/init.d/networking restart (ignore the warnings).
<markthomas> izanagisan: nice.
<Froberg> seems slightly weird that you have to specify network and broadcast addresses of the subnet though
<Froberg> shouldn't ubuntu be able to figure that out using the subnet mask?
<markthomas> You don't.  But I included it out of habbit.
<Froberg> Ah okay :)
<markthomas> If you ever mistype your netmask, you may be glad you did that.
<Froberg> I saved the file and chose restart
<Froberg> shouldn't that have booted me from the terminal?
<markthomas> Did you change the IP?
<Froberg> aye
<markthomas> Then verify the new ip with ifconfig
<Froberg> still running the old one
<Froberg> as I suspected
<markthomas> Any warning messages when you restarted (other than the "use upstart" messages)?
<Froberg> hm
<Froberg> don't think it actually restarted
<Froberg> froberg@slave:~$ /etc/init.d/networking restart
<Froberg> Rather than invoking init scripts through /etc/init.d, use the service(8)
<Froberg> utility, e.g. service networking restart
<markthomas> Which you can do.  Shouldn't matter in this case, but go ahead.
<Froberg> still no luck
<Froberg> at least ifconfig shows no change
<markthomas> No other messages at all?
<markthomas> Can you do an ifconfig -a and then a cat /etc/network/interfaces and post those to pastebin.ubuntu.com?
<Froberg> sure.. sec
<Froberg> I don't suppose I should delete the auto eth0 line?=
<Froberg> to make it static I mean
<markthomas> No.  If you leave that line out, the interface won't be configured.
<markthomas> It was the "dhcp" that you changed to "static" that made the difference.
<Froberg> http://pastebin.ubuntu.com/5719960/ <
<Froberg> ooops
<Froberg> that must've been it
<Froberg> think I missed that bit
<Froberg> yup
<Froberg> that'd be it
<markthomas> That'll do it.
<izanagisan> got this message
<izanagisan> * Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces
<izanagisan> then process actually froze and it's not ever ending : p
<izanagisan> doesn't happen on my laptop but just happened on the server
<markthomas> You can generally ignore that message for this, but the fact that it froze...
<markthomas> Try to kill it and run it again.
<izanagisan> ah lol
<izanagisan> no, I'm being an idiot
<Froberg> the ip changed
<Froberg> reconnect
<izanagisan> I have the server RIGHT NEXT to me, but I was SSH-ing for that command from a nearby PC
<Froberg> teehee
<Froberg> I was correct about something :D
<izanagisan> indeed, the server got the static IP I gave it
<Froberg> same for me
<Froberg> happy day! :)
<markthomas> Oh.  Nice.  Yeah, that'll do it.
<markthomas> Sorry, multitasking during that last bit.  Missed the obvious.
<Froberg> now patching and updating
<Froberg> this is excellent practice for the ubuntu course I have to take.
<Froberg> markthomas would you recommend that I install something like webmin?
<markthomas> Froberg: not for what you described.
<markthomas> If you want to manage Samba, try swat.
<Froberg> Alright :)
<Froberg> In my previous experiences with Samba I had many issues
<Froberg> hopefully now that everything is on a linux filesystem it'll be much improved
<Froberg> well a short glance at it seems much improved from file edits and mucking about with the gui - cheers :)
<Froberg> (i.e. the gnome desktop gui)=
<wxl> is there an upgrade method (not do-release-upgrade, obviously) that won't suffer the possibility of replacing systemwide settings?
<Froberg> this is juuust great.. :P Now the server is back in "I REFUSE TO BOOT" mode.
<Froberg> rebooted to finish installing updates.
<Froberg> back in the lovely blinking terminal window
<markthomas> Something odd there.  If you can get it booted, we need to check dmesg
<maxb> wxl: do-release-upgrade is the correct upgrade method
<Froberg> doesn't look like I'm in luck
<markthomas> Time to boot from the CD
<sarnold> wxl: I'm a bit scared of what you're trying to do :)
<Froberg> I thought it could be down to boot device priority
<Froberg> usb had to be set to #1 to boot the installer
<Froberg> changed to hdd0 and now nothing
<Froberg> will try usb, sec.
<Froberg> (switched to hdd only after booting failed btw)
<wxl> sarnold: at work i'm sort of inheriting some servers and truthfully, we've had a really hacky past in the it department. i'm not sure what people have changed systemwide. nothing's documented. i don't want there to be some file overwritten in the upgrade that results in some important part of our business going down due to someone's hack. just covering my rear. :)
<sarnold> wxl: you could try something gross like mount overlayfs or aufs over your /etc and throw away writes when you're done. But you'd have to be in a pretty strange situation for that to make sense. (I shouldn't even suggest it, just .. I can't help being helpful)
<sarnold> wxl: yikes indeed :)
<Froberg> markthomas booting from usb got me the "select os/memtest" menu. Before I could chose anything it booted in to OS.
<sarnold> wxl: if it were me, I'd try to clean one machine at a time; bring up a new system, fiddle configs to make it work, replace old system. rebuild it clean, take over another system's functionality...
<markthomas> There should be a "recover' option.
<Froberg> it moves past that on its own immediately, if there is one.
<Froberg> I think I know what might be at fault.
<Froberg> The MBR, I only but it on sba
<Froberg> Ã¸maybe sba is actually the damn usb stick
<Froberg> =)
<Froberg> markthomas can I just re-run the grub-install from terminal or something similar to that?
<markthomas> Heh.  sba or sda?
<wxl> thanks for the help maxb sarnold. i think i've at least put my mind at ease about what i need to do. thanks for the support!
<markthomas> Do you have desktop boot media handy?
<Froberg> ./dev/sda sorry
<sarnold> wxl: good luck :)
<Froberg> yeah I booted from usb just fine
<Froberg> it just skipped the ubuntu menu
<Froberg> guess I can unplug the hard-drives and see if that makes it behave
<markthomas> Yeah.  That's SCSI/SATA device #1.  So, it booted to a live "CD"?
<maxb> //dev/sda *can* end up being the USB stick sometimes
<markthomas> You don't want to do that.  You need to boot to a live CD.
<Froberg> I am booting on the installation USB
<Froberg> apparently
<Froberg> it won't boot without it
<markthomas> And the server booted all the way up?
<Froberg> maxb I think you're right, it was listed as HDD1 in BIOS
<Froberg> markthomas yes it's booted now, looking at the terminal login pront
<Froberg> prompt
<markthomas> If it booted all the way up, the USB shouldn't be sda.  But you can do a "mount" or "df" to confirm
<maxb> blkid is also a useful command for establishing what drives are what
<maxb> Even if they aren't mounted
<Froberg> blkid did nothing
<Froberg> Filesystem      1K-blocks    Used  Available Use% Mounted on
<Froberg> udev              1011372       4    1011368   1% /dev
<Froberg> tmpfs              408312     480     407832   1% /run
<Froberg> none                 5120       0       5120   0% /run/lock
<Froberg> none              1020772       0    1020772   0% /run/shm
<Froberg> none               102400       0     102400   0% /run/user
<Froberg> ./dev/md0       8714928900 1293988 8274427924   1% /
<Froberg> that's what df returns
<maxb> Please 'cat /proc/mdstat' for more clarity on the md volume
<Froberg> pastebinning, sec.
<Froberg> http://pastebin.ubuntu.com/5720080/
<maxb> Hm, so you have 4 hard disks, sda,b,c and e? What's sdd? Or isn't there one?
<Froberg> Only the four hard-drives
<Froberg> maybe it's the usb thumb drive
<Froberg> can I look up the partitioning table somehow?
<maxb> fdisk -l /dev/sda
<Froberg> cannot open
<maxb> Are you root?
<markthomas> Yeah, probably need sudo.
<Froberg> am now :p
<Froberg> sda is 3 TB
<Froberg> WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util fdisk doesn't support GPT. Use GNU Parted.
<maxb> 'parted /dev/sda print'
<Froberg> sdd is the thumb drive
<maxb> Could you try blkid again as root?
<Froberg> pastebinning
<Froberg> keep forgetting to sudo :p
<Froberg> http://pastebin.ubuntu.com/5720101/
<Froberg> for the blkid
<maxb> Ah, that's rather more helpful
<Froberg> I haven't seen anything thus far that explains why it won't load without the thumb drive as primary boot device
<sarnold> Froberg: when I'm going to do a bunch of commands that require root, I tend to use sudo -s to start a shell :) it saves some typing..
<Froberg> and the wonderful tips keep on flowin'
<Froberg> this might be my new favorite channel!
<Froberg> :D
<maxb> Let's see the partition tables? It'll be clearer then where the bootloader's actually supposed to be
<Froberg> ok sec :)
<maxb> Also, since this machine is using GPT, is it doing UEFI or BIOS booting?
<Froberg> http://pastebin.ubuntu.com/5720114/
<Froberg> .. honestly I've no clue.
<Froberg> or rather, it boots from what I tell it to in BIOS
<Froberg> only it didn't want to boot from the hard-drive for some reason
<Froberg> but when the usb gets to boot it seems to skip something and go ahead and boot anyway
<Froberg> it's really weird
<maxb> 23:26 < Froberg> WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util fdisk doesn't support GPT. Use GNU Parted.
<maxb> 23:27 < maxb> 'parted /dev/sda print'
<Froberg> http://pastebin.ubuntu.com/5720119/
<maxb> Do you know what that partition 1 is supposed to be for?
<Froberg> no, during partitioning it was just left empty.
<Froberg> hmm no hang on
<Froberg> actually
<Froberg> there was something
<Froberg> [22:03:24] <Froberg> Just tried to see what it looked like.. swap at 2.1 GB, 3.0TB Ext4 and 1.0 MB biosgrub
<Froberg> [22:03:31] <Froberg> never seen biosgrub before
<Froberg> that was the automatic partitioning thing
<Froberg> could that be it maxb ?
<sarnold> hrm. I've got a vague recollection of efi systems needing some sort of smallish FAT filesystem at the start of the drives.
<sarnold> does uefi? what happens if that's missing?
<Froberg> Maybe I should just start over after work tomorrow.
<Froberg> Clearly I must've FUBAR'ed something
 * Froberg pops open a beer to console his miserable self
<maxb> It makes some sense that there'd be a 'biosgrub' partition
<markthomas> Froberg: didn't you say there was a biosgrub partition?
<Froberg> yup
<Froberg> and it's still thbere
<Froberg> *there
<markthomas> Sorry, stepped away, getting caught up.
<maxb> I'm a bit surprised by some of those offsets that were printed by parted, though, and I'm worried that the partitions might not be properly sector aligned
<Froberg> they were created by using the automatic partitioning from entirely virgin drives, so that seems strange
<markthomas> maxb: how would that happen?  It's not like Froberg did anything particularly fancy during partition creation.
<Froberg> my sentiments exactly
<markthomas> Froberg, just for kicks, try running sudo update-grub (I think that's what it's called) followed by sudo grub-install /dev/sda
<Froberg> alright :)
<maxb> Hm, I think it's just parted getting its maths wrong
<Froberg> wth
<maxb> If I print my own partition table using units of sectors, and parted's default, I get 2048s == 1049kB
<Froberg> root@slave:~# sudo update-grub
<Froberg> Generating grub.cfg ...
<Froberg> Found linux image: /boot/vmlinuz-3.5.0-17-generic
<Froberg> Found initrd image: /boot/initrd.img-3.5.0-17-generic
<Froberg> Found memtest86+ image: /boot/memtest86+.bin
<Froberg> done
<Froberg> errr... that looks wrong to me :D
<Froberg> like it's on the usb or something
<maxb> Except 2048s doesn't equial 1049kB, I would say
<maxb> Froberg: Why do you think that? Is there not a /boot/vmlinuz-3.5.0-17-generic in your installed system?
<Froberg> root@slave:~# sudo grub-install /dev/sda
<Froberg> ./usr/sbin/grub-bios-setup: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
<Froberg> ./usr/sbin/grub-bios-setup: error: embedding is not possible, but this is required for RAID and LVM install.
<maxb> Ah
<maxb> So I guess the problem is that the partition 1 isn't marked appropriately so that grub understands it owns it
<Froberg> it certainly seems odd
<maxb> You might try 'parted /dev/sda set 1 boot on' and then retry the grub installation
<Froberg> alright :)
<markthomas> Crossing fingers.
<Froberg> I'm up for anything
<Froberg> http://pastebin.ubuntu.com/5720161/
<Froberg> don't think it did what it was supposed to
<maxb> Ah, it looks like it might be 'set 1 bios_grub on' actually
<Froberg> wilco
<Froberg> root@slave:~# parted /dev/sda set 1 boot_grub on
<Froberg> parted: invalid token: boot_grub
<Froberg> Flag to Invert?
<Froberg> oh
<maxb> bios_grub, not boot_grub
<Froberg> my eyes are getting tired :D
<Froberg> yeah saw that now
<Froberg> should I just run the install directly, or get the update first?
<Froberg> root@slave:~# parted /dev/sda set 1 bios_grub on
<Froberg> Information: You may need to update /etc/fstab.
<markthomas> For the /etc/fstab thing, if that biosgrub partition is empty, we may want to migrate /boot onto that.
<maxb> It would probably be sensible to do a 'parted /dev/sda set 1 boot off', since boot turned out to be the wrong flag
<Froberg> root@slave:~# grub-install /dev/sda
<Froberg> Installation finished. No error reported.
<Froberg> w00t
<maxb> Whilst I've not worked with one before, I would have said that a biosgrub partition was not the same as a /boot partition
<maxb> You'd want a /boot partition a lot bigger than 1MB
<Froberg> hm
<Froberg> boot partition was set to the entire ext4 sys
<Froberg> i.e. the 8-9TB's
<markthomas> Is it only 1M.  Missed that.  Yeah, forgot that for /boot.
<Froberg> http://www.mediasmartserver.net/2011/06/07/guide-how-to-set-up-ubuntu-and-raid5-on-the-mediasmart-server/ <<< followed that guide
<maxb> Froberg: OK, so in the interests of redundant booting if sda should ever die, you'd want to ensure all of sd{a,b,c,e} have had the 'set 1 bios_grub on' applied
<Froberg> but forgot about the part about the boot loader
<maxb> 1MB is fine for a biosgrub partition
<Froberg> maybe I should try (#18 in the list) and install the grub loader on md0
<maxb>  /boot will live on the / partition and that's fine
<markthomas> I've never tried installing grub on /dev/md0 before.
<Froberg> so just rinse and repeat grub install
<Froberg> gotcha
<Froberg> sec
<maxb> Hold off on the grub install - it won't do any harm, but we want to ensure you're set up for future grub updates to install to all four drives
<maxb> For that, do 'dpkg-reconfigure grub-pc'
<maxb> After you've gone through a couple of other questions first, you should have a screen to select which places grub should be installed to
<Froberg> oh too late
<Froberg> grub installed on 'em all now
<maxb> Well, no harm done, just redundant work
<Froberg> ok sec
<markthomas> Right.
<Froberg> err
<Froberg> gives me a window
<Froberg> .. a.. pink.. window
<maxb> I think it's supposed to be Ubuntu-purple :-)
<Froberg> oh
<Froberg> well
<Froberg> at any rate, it linux command line
<Froberg> it's currently empty
<maxb> You can just press enter leaving it unchanged
<maxb> For me, the device selection was the third such window
<Froberg> aye
<Froberg> what am I looking for?
<Froberg> the thumb drive is the only one with an asterix
<maxb> Hopefully a list containing /dev/sda, b, c and e, of which you can then select them all
<Froberg> including md0 yes
<maxb> Leave that unselected
<Froberg> and the thumb drive?
<maxb> You probably don't want to install grub on that too :-)
<Froberg> ok
<Froberg> removed the asterix from it
<Froberg> done & done
<Froberg> all four installs finished, no errors
<maxb> Oh, it might be worth coming back to this screen after you've finished getting everything working, and rebooted without the thumb drive, in case your hard disks have then decided to become a b c and d
<Froberg> alright, so removing the thumb drive, reboot, change boot device to random hdd, see if it works
<Froberg> yes?
<maxb> indeed
<Froberg> holy sweet jumpin' jesus
<Froberg> it's aliiiiive!
<sarnold> :)
<sarnold> Froberg, maxb, markthomas, nice work :)
<markthomas> Indeed.  Nice grub work, maxb
<Froberg> I did nothing! :)
<Froberg> maxb if you ever decide to visit Denmark - I'm buyin' you a pint.
<Froberg> Hell, that goes for markthomas and sarnold too! :D
<sarnold> darn, was just in denmark in november :)
<Froberg> alright I ran that configure again
<Froberg> the drives are now a,b,c and d
<Froberg> do I re-run the configuration to be sure? :)
<Froberg> sarnold did you go anywhere nice?
<markthomas> lol
<Froberg> .. American? :)
<Froberg> markthomas what, don't drink beer? ;)
<markthomas> :)
<Froberg> markthomas since maxb is celebrating with hookers and beer, probably, should I re-run the grub config?
<Froberg> now the drive letters have changed?
<markthomas> You can.  Won't hurt.
<Froberg> excellent
<Froberg> </mr burns>
<markthomas> Should be a,b,c,d now.
<markthomas> Probably doesn't matter at allâmost internal stuff is done with labels and UUID these days.  But it can't hurt.
<Froberg> rebooted again, just to tempt fate
<Froberg> and spit in the face of God
<Froberg> n'.. stuf
<Froberg> *stuff
<markthomas> Better now than when it's loaded with data.
<markthomas> Which version did you install?
<Froberg> my sentiments exactly
<markthomas> Precise or Quantal?
<Froberg> not the LTS one, because I'm an idiot
<Froberg> the 12.06 I think it was
<Froberg> latest one available at any rate
<markthomas> 12.10, if it's not 12.04 LTS.
<markthomas> Heh.  Only for another couple weeks ;)
<Froberg> lovely
<Froberg> ok.. to-do list.. figure out why samba is giving me a hard time, install plex media server, make NFS shares..
<Froberg> oh yeah
<Froberg> fun-times to be had in my immediate future
<Froberg> markthomas I apologize about offering you a pint
<Froberg> I should've offered you at least five
<Froberg> you're apparently from the UK after all.
<Froberg> ;-)
<Froberg> probably the only nation other than the fins and russians who can keep up with Danes when it comes to drinking.
<markthomas> Heh.  Once upon a time, I had some German classmates.  They didn't too badly in that area.
<Froberg> True, zeh germans do love their lager too.
<Froberg> Danes have an unfortunate worldwide record though
<Froberg> our youths drink more than the youths of any other nation
<Froberg> I blame Carlsberg.
<markthomas> Samba shouldn't be too tough unless you're trying some strict access controls.
<Froberg> wouldn't let me install that web management
<Froberg> swat
<Froberg> http://ubuntuserverguide.com/2012/10/how-to-install-and-configure-swat-samba-web-administration-tool-on-ubuntu-server-12-04.html << tried that
<Froberg> things wouldn't install
<Froberg> some were "replaced"
<Froberg> should probably try and find something for 12.10
<sarnold> Froberg: I was in copenhagen, it was nice enough, but not much opportunity to get out into the country and see uncivilized life. hehe.
<Froberg> I live just outside of Copenhagen.. my by reckoning Copenhagen is as uncivilized as they come.
<Froberg> I actively avoid going there.
<sarnold> hahaha
<Froberg> *by my
<Froberg> Christ.. too tired.
<sarnold> Froberg: btw, the samba team is running away from swat, they don't care for it and recognize that web frontends to config files isn't their strong point.. you might not want to get too cozy with swat
<Froberg> Been up for 20 hours now.
<sarnold> oh, that's trouble.
<markthomas> Heh.  I'm in Arizona, USA.  There's about a six-week time during which it's habitable here.  Outside of thatâ¦well, if they ever colonize Mercury, they'll be recruiting from my town.
<Froberg> and have to get up in like four hours
<Froberg> markthomas Hawking has given us 1000 years, it'll happen :P
<Froberg> sarnold so.. what else is there? :)
<Froberg> manual labour? ;)
<Froberg> also should I uninstall the swat package then?
<Froberg> and the xinetd
<markthomas> You can use it for now.  Since it just writes the standard config, you could remove it once you're done.  Or, spend a few hours studying config options one by one.  Either way.
<sarnold> Froberg: the swat description says something about not working with "the default package-managed configuration" -- it might be a good idea to try dpkg-reconfigure samba and see what happens..
<markthomas> You're not running a fileserver with financial data in an org of 5,000 employees.  You're just serving media for personal use.
<sarnold> Froberg: .. though mark's right, if you use it once and remove it, that's not the worst thing in the world :)
<Froberg> well
<Froberg> I have fairly basic needs
<markthomas> It shouldn't be difficult, either way.
<Froberg> Four file shares ; Data / Music / Movies / TV
<Froberg> all will be mapped network drives
<markthomas> Security=user, file create mask wide open.
<Froberg> and all but data will be accessed by the plex media server
<Froberg> well I managed to make it work on ubuntu desktop
<Froberg> server shouldn't be much different
<Froberg> ;)
<Froberg> (I know it is, but let me live a lie for a few hours!)
<sarnold> nah, server and desktop are fairly similar, it's mostly just which packages are installed that are different
<Froberg> oh
<Froberg> should do alright then
<sarnold> yup :)
<Froberg> just annoyed that I installed the useless packages now
<sarnold> apt-get purge is right there :) hehe
<Froberg> that seems very.. dangerous
<Froberg> or rather, sounds dangerous
<sarnold> it just removes the packages you specify and their configuration files, not too bad if you think through your actions first. :)
<sarnold> but 21 hours awake may not be the right time, hehe
<Froberg> You are correct Sir.
<Froberg> And with that, I will get my four hours of beauty sleep
<Froberg> not that it ever, ever works
<sarnold> good night and good luck :)
<sarnold> haha
<Froberg> after all, I have a long weekend of nothing but ubuntu ahead of me.
<Froberg> I figure I'll buy a few gallons of coca cola and eat nothing but beans all weekend.
 * sarnold steps a little further away from .dk
<Froberg> quite
<Froberg> the gas will be epic
<Froberg> with any luck I'll kill all my coworkers with a single fart on Monday.
<Froberg> I appreciate all the help, everyone, truly. :)
<Froberg> << goes to bed =)
<sarnold> 'night :)
<markthomas> night!
<izanagisan> night Froberg
<izanagisan> so, if I have a file called postgresql-8.1.13.tar.bz2, how can I install it on UbuntuServer?
<izanagisan> apt-get and point to it?
<sarnold> izanagisan: normally you'd just run 'apt-get install postgresq' and take whatever version is packaged; if you want to compile source by hand, you'll need to apt-get install build-essential   and apt-get build-dep postgresql-9.1   (yes, wrong version number, but hopefully similar build dependencies)
<izanagisan> yah, I unistalled 9.1 and want to install 8.1.13 for a test
<izanagisan> with an old database currently in production, that I want to upgrade
#ubuntu-server 2013-04-19
<izanagisan> update*
<Quest> if i have installed ubuntu-desktop . how to make ubuntu/kubuntu boot and only go to console automatically. do not load gui?
<izanagisan> sarnold: so, in theory, there's no easy way to install an old version of postgres, even if I have the .tar file?
<izanagisan> always thought it was as easy to install old versions of things in linux as it is in windoes
<sarnold> Quest: create an override file for lightdm's upstart job: http://upstart.ubuntu.com/cookbook/#override-files
<sarnold> izanagisan: if you're starting from a source package, you've got to compile it. if you just want an old binary package, you can go find those (for example, https://launchpad.net/ubuntu/+source/postgresql-8.2 )
<sarnold> izanagisan: but 8.1 looks too old, if you change that 8.2 to 8.1, you'll see what I mean..
<izanagisan> oh, ok. Must be easy to restore the 8.1 database into 8.2
<izanagisan> it's just that restoring a 8.1 database dump into 9.2 is damn near impossible
<izanagisan> sarnold: thanks a lot : )
<sarnold> heh, even the 8.1 package directory is empty: http://archive.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/
<sarnold> .. I thought it'd be there.
<izanagisan> sarnold: I checked the downloadable files, but I get .tar.gz files
<izanagisan> so, I'd also have to compile them from source, I think?
<izanagisan> as you can see, I come from UbuntuDesktop and have never compiled from source
<izanagisan> so I'm not even sure of what's going on there
<izanagisan> oh no!
<izanagisan> found the .DEB
<izanagisan> : )
<sarnold> yay!
<sarnold> where was it?
<izanagisan> I can apt-get install a .deb, right?
<izanagisan> http://launchpadlibrarian.net/12789312/postgresql-8.2_8.2.7-1_ia64.deb
<sarnold> dpkg -i ..
<izanagisan> thanks!
<izanagisan> I get expectable dependency problems. How do I download packages? with aptitude?. For instance: "Package libkrb53 is not installed"
<sarnold> izanagisan: you could try installing those with apt-get install libkrb53 or whatever you prefer.. hopefully you won't need similarly ancient versions of the other packages
<izanagisan> well, I did *apt-get -f install*
<izanagisan> and that somehow solved those issues
<izanagisan> I also had to download the postgresql-client-8.2
<izanagisan> so I did and now it would appear that I have postgresql 8.2!
<izanagisan> hate when I don't quite understand what happens but oh well, I need to run that test
<ddsss> how do you people keep your ssh keys if you have to use several desktops for example and u need to access servers from all of these desktops?
<TheLordOfTime> i give each system its own SSH key
<TheLordOfTime> and each of them is able to SSH auth to the user on the server (never root directly)
<ddsss> TheLordOfTime: do u add passphrase as well?
<TheLordOfTime> absolutely
<TheLordOfTime> usually a different one for each system, but i'm hyper paranoid
<ddsss> TheLordOfTime: how do u keep track of all of these passphrases?
 * TheLordOfTime can't tell you.
<TheLordOfTime> secret.
<ddsss> TheLordOfTime: iohhh CAMON
<TheLordOfTime> nah i kid, i keep an encrypted database with the passcodes/keys, if I forget.
<ddsss> TheLordOfTime: likee keepassx?
<TheLordOfTime> i don't like keepassx, but that's one method
<ddsss> TheLordOfTime: truecrypt? cryptfs?
 * TheLordOfTime GPG encrypts a sqliteDB with the data on it, and then encrypts the folder the GPG-encrypted sqliteDB is in.
<TheLordOfTime> as i said, i'm hyper paranoid, don't use my methods for normal use
<ddsss> TheLordOfTime: i see...
<TheLordOfTime> but generally speaking I will create an SSH key for each system.
<TheLordOfTime> and place its public key data into the authorized_hosts file on the server those systems SSH to
<TheLordOfTime> (the only system that I do NOT have a ssh key passphrase on is one which requires two-factor authentication, biometric+smartcard, to login
<TheLordOfTime> but that's an implied hyper-secure system)
<ddsss> ThatOneRoadie: dafuck who are u working for - pentagon?
<TheLordOfTime> xD
<TheLordOfTime> oh btw
<TheLordOfTime> !language
<ubottu> Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<TheLordOfTime> ^ that
<uvirtbot> TheLordOfTime: Error: "that" is not a valid command.
<TheLordOfTime> SHUT UP BOT!
 * TheLordOfTime kicks uvirtbot into /dev/null
<izanagisan> ^ dpck
<uvirtbot> izanagisan: Error: "dpck" is not a valid command.
<izanagisan> heheh
<izanagisan> ^ dpkg
<uvirtbot> izanagisan: Error: "dpkg" is not a valid command.
<ddsss> TheLordOfTime: it's almost kinda be cool to have some usb drive-based keychain or something...
<izanagisan> ah, I get it, it's not a valid command for the bot, thought it checked Ubuntu commands
<TheLordOfTime> izanagisan:  :P
<TheLordOfTime> nah.
<TheLordOfTime> it's just being stupid.
<TheLordOfTime> ddsss:  i don't work at the pentagon.  but i'm also NOT saying where I work
<TheLordOfTime> because i'm not in the mood to talk about that
<ddsss> TheLordOfTime: yep. there are many otehr 3-letter agencies.
<TheLordOfTime> having said this, you can either (1) clone your ssh keys across all your systems so they're shared, or
<TheLordOfTime> (2) create an SSH key for each system accessing the remote system, and on the remote system add each key into the authorized_keys file
<TheLordOfTime> or some weird auth system other than that one, but to answer your question... :P
<ddsss> TheLordOfTime: yeah. I guess that's what I'm gonna do.
<sarnold> the complication is that if you often ssh from one 'desktop' to another 'desktop', compromising one key probably compromises all the keys. I think it's a bit false-sense-of-safety to have multiple ssh keys for multiple client machines, if you ssh among them regularly. if you never ssh -to- a certain machine, giving it a unique key then -does- feel useful to me. (say, your phone or tablet or travel-laptop..)
<ddsss> 4/exit
<phunyguy> is it possible to create a bridge interface like br0 with no actual devices in it?
<phunyguy> like an empty bridge staged for future use?
<sarnold> phunyguy: I think either the libvirt or lxc startup scripts create an empty bridge at boot..
<ia0001> can someone please help me why flash not woring in ubuntu server>
<ia0001> im using 12.04 LTS
<ia0001> ive tries tons of methods just not working
<ia0001> manual install.. flash 11.. and the newer plug in
<ia0001> none of them work
<petey> is there a command i can run that searches for specific text in say, php files?
<sarnold> petey: grep -r "specific text" /path/to/top/directory/of/files
<petey> perfect!
<petey> thank you very much
<cuken> I'm having a problem with vsftpd, internally on an ftp conection I'm able to see the directories that I specify, if I access it from an external address, I have to force it to use active mode, and it shows no directories
<sarnold> cuken: does your ftp server have an externally routable IP address?
<andol> cuken: How does your nat/firewall handle the data channel?
<cuken> yes it does
<cuken> I have it on a dynamic dns
<cuken> accessible through a name, I'm able to make a connection
<cuken> and pass my credentials through
<cuken> :andol I changed the default port and it appears to be open
<andol> Still sounds like you have your control channel working, but the data channel being the problematic one.
<cuken> ahh, ok so I need to open the data channel as well?
<sarnold> yeah
<cuken> is it possible to have the inbound and data share the same port?
<sarnold> use sftp instead :)
<andol> Yeah, sftp alt. http/webdav is really preferable to ftp in almost any case.
<Nafallo> cuken: http://wooledge.org:8000/FtpMustDie
<Nafallo> ;-)
<cuken> sheesh, I've uncovered a movement! I'm sorry!
<Nafallo> that said, stuff like wordpress seems to like having ftp available :-P
<cuken> I just wanted easy access to a share, cant we all just get along
<sarnold> sftp is easier too! :)
<cuken> ok so use my ssh server with sftp
<andol> Exactly, nothing easy about ftp.
<cuken> Due to your wisdom oh powerful ones, ftp server is dead
<cuken> Thanks for the tip guys
<Nafallo> yw :-)
<sarnold> woo :)
 * Nafallo sings â« another one bites the dust âª
<Nafallo> hrm. that URL I posted changed location...
<Nafallo> http://mywiki.wooledge.org/FtpMustDie
<cuken_> I'm failing on this sftp setup lol
<cuken_> I'm getting a message about a non trusted key, and then after i click accept anyways, it looks like my server is blocking it
<xro> Hi, i just found a /dev/.tmp11-1 what is this? is it legitimate?
<sarnold> xro: i don't have one on my raring laptop.. check lsof to see if anything is using it?
<cuken_> Did I read correctly that the root directory of your CHRootDirectory in sftp needs to be owned by the same group as the user connecting?
<sarnold> cuken_: sshd_config says "all components of the pathname must be root-owned directories that are not writable by any other user or group" -- I'd guess that group ownership is only necessary if you want to grant read access via group permissions rather than to everyone
<cuken_> Hm. I'm not understanding that correctly then. I have a ZFS pool mounted at /storage
<cuken_> currently my regular account owns /storage, and all subfolders within it
<cuken_> I'm trying to delegate sftp access to my girlfriends account and mine so we can access it externally from our network, so I created a CHrootdirectory to be based off of storage, but external calls are getting blocked
<cuken_> did I just set it up completely wrong?
<cuken_> erm not blocked but denied by sftp
<sarnold> /storage would need to be root-owned and not writable by your user..
<cuken_> well thats not good lol
<cuken_> i have all my applications that dump data into storage running on my regular account
<sarnold> cuken_: why chroot?
<cuken_> that was the tutorial iwas reading
<cuken_> didnt know I had an option for something else
<vrturbo> hi all, I've some how managed to brick a rabbitmq install, used for openstack. Anyone know how to fix, service won't install or start  http://pastie.org/7660220 ???
<vrturbo> ive tried apt-get remove and purge follow by autoremove, still no luck
<vrturbo> ubuntu 12.04 server
<ckuerste> jamespage, I am preparing a security patch for tomcat6. I want to test it before I load it up. jdstrand said that you might had a look before at the testsuite provided and might be able to help me.
<rbasak> ckuerste: jamespage is at ODS in California at the moment. It finishes today - I think he's back early next week.
<ckuerste> okay, thanks.
<germanstudent> Hey. I'm wondering how much efford it is to set up VPSs on my own. I have a scenario where I want to run 4 VPS on one machine. Does anyone know how much work is involded setting this up and maintaing the main system afterwards? What's the best technique? KVM?
<mardraum> I guess you mean "VM"?
<germanstudent> yes -.-
<germanstudent> The question is, if this is doable with medium linux skills or how much I have to learn in order to run this host machine
<mardraum> qemu-kvm is probably best bet yes, many prefer to use it with libvirt to assist management
<mardraum> certainly doable, so long as you are not afraid to 1) google and 2) read
<germanstudent> Okay, thanks for the suggestion mardraum.
<Froberg> Probably a silly question, but here goes. I'm running Ubuntu Server 12.10 and I wish to create a few shared folders that are going to be accessed from a Windows system. I.e. I want to map the network drives. Previously I've done so with Samba, but I kind of missed having the ability to see space remaining and such. Would NFS be better in this scenario?
<mardraum> nfs client on windows? no.
<Froberg> also hi sarnold - maxb n' izanagisan :)
<maxb> afternoon :-)
<Froberg> Thank you again for the help yesterday :)
<Froberg> mardraum is there any way for a linux share to display on the remote computer what kind of space is remaining? :)
<mardraum> a linux share?
<mardraum> you mean samba?
<Froberg> Whatever gets the job done, really. I'm just wondering if I can make a network drive on my ubuntu box that I can add on Windows, and see how much space has been used out of the available space total.
<Froberg> i.e. like a normal network drive.
<Froberg> Haven't gotten that to work with Samba. It just seems silly to check the server every time I need to see free space.
<Froberg> Apologies if I'm not explaining myself properly :D
<petey_> does godaddy not support grep?
<petey_> i tried running grep on a godaddy server (which worked great on my VPS) but nothing showed up on the godaddy one
<Fieldy> is there a way to tell apt to not try to execute things in /tmp/ ? i have it mounted noexec for a reason, but if I can set that working directory to be elsewhere, I can avoid problems.
<sw0rdfish> are vservers as good as OpenVZ vps
<GrueMaster> Nothing definitive on if I can hot-add cpus in kvm on 12.04.2 server. Anyone know more on this? I have a vm with 2 current, 16 max cpus. Bumping current to 4 doesn't appear to affect the guest OS (also 12.04)
<RoyK> GrueMaster: I don't think that's currently possible. Try asking on #virt @ irc.oftc.net
<GrueMaster> k, thx.
<RoyK> http://www.linux-kvm.org/page/CPUHotPlug
<GrueMaster> Yea, I read that (and several other web pages).  Nothing definitive, everything contradictory.
<GrueMaster> "A new cpu should appear on /sys/devices/system/cpu"  -  this is the part that appears to fail for me.  virsh vcpuvount <domain> changes accordingly when I use virsh setvcpus <domain> <#> --live, but the guest doesn't get an acpi event.
<holymacaroons> What's the difference between a Cluster Instance and the Regular Ubuntu server on Amazon Web Services?
<Kenjiro> good afternoon
<RoyK>  just tested with 13.04 - no new cpu found after that command
<RoyK> (for GrueMaster)
<GrueMaster> Hmm.  Not sure if this is a bug or incomplete feature.
<RoyK> imho an incomplete feature is a bug :P
<sw0rdfish> Hey, I should be ok using an openvpn install script written for an OpenVZ vps on KVM V vps, right?
<sarnold> sw0rdfish: I'd expect the openvz-based script to create and modify network interfaces in an openvz-specific way
<sw0rdfish> hmmmmmmmmmmmmmmmmmmmmmmmmmmmm.
<Kenjiro> guys, I am kindda noob in terms of Ubuntu...
<Kenjiro> how can I download an old version of a package?
<Kenjiro> the server where we run redmine was on version 10.04. But today it got upgraded to 12.04. The upgrade went just fine, but now redmine (which is version 1.1.1 (pretty old) won't work)
<Kenjiro> one thing I noticed, reading it's documentation is that it requires rubygem-1.3.1
<Kenjiro> and now we have rubygems-1.8.5 installed
<Kenjiro> (among other dependencies)
<Kenjiro> Is the only way to do that downgrade by pointing apt-get to use 10.04 repositories?
<sarnold> Kenjiro: you may wish to read up on package pinning; you can enable multiple repositories and pin specific packages to come from different repositories. though I wonder why you cannot just use a newer redmine that works with newer software?
<Kenjiro> sarnold: my coworker was trying to make a newer install, on another server. He was having a hard time to make it work
<Kenjiro> that's the problem when something is installed and configured by some who is no longer in the company...
<Kenjiro> and worse, he hasn't documented anything he did to make the stuff work back then :(
<Kenjiro> *someone
<sarnold> Kenjiro: oh man :( my condolances :(
<Kenjiro> yeah
<Arrick> good afternoon all... I need to know how to tell if my ubuntu lts (latest stable) has a working outbound email... how would I tell that?
<RoyK> Arrick: mail someone@somewhare.com < /dev/null
<Arrick> not currently installed.
<Arrick> how do i install it?
<RoyK> then install it
<RoyK> apt-get install mail-utils iirc
<Arrick> unable to locate
<RoyK> apt-get install mailx
<Arrick> ok, it was mailutils
<Arrick> no dash
<RoyK> ok
<Arrick> thanks... its not doing anything after I set it up with all defaults...
<RoyK> install postfix
<RoyK> iirc the default is another mta
<Arrick> did that, even reconfigured it according to http://tsengf.blogspot.com/2012/01/send-email-from-command-line-in-ubuntu.html
<RoyK> does mailq show anything?
<Arrick> got it to work, had to use satellite in setup
<Arrick> thanks.
<Arrick> hrm... how do i change the name that it is sending as to noreply@ ?
<Arrick> RoyK, I see th following at a site regarding sending as a generic account...
<Arrick> >>/etc/postfix/generic echo "http@example.com   admin@example.com" >> /etc/postfix/main.cf echo "smtp_generic_maps = hash:/etc/postfix/generic"
<Arrick> postmap /etc/postfix/generic
<Arrick> service postfix restart
<Arrick> but when I run the first part, it says "no such file or folder found"
<izanagisan> hi all. Good evening-morning-night
<izanagisan> found a contradiction on IBM's official guide on RAID
<izanagisan> "A larger stripe size produces higher read performance. If your computer regularly performs random read requests, choose a smaller stripe size. The default is 64 Kbytes"
<izanagisan> what is it then? if larger stripe size produces higher read performance, then should I not choose a larger stripe size if my disc array will be used mostly for reading?
<izanagisan> (full disclosure: I'm installing RAID 5 on 3 physical drives that will hold a small-ish PostgreSQL database)
<RoyK> good localtime();
<Arrick> can anyone tell me why I am getting this from a ubuntu server with apache2?? Incorrect access detected, this server may be accessed only through "http://10.3.20.9" address, sorry.
<Arrick> Please notify server administrator.
<RoyK> izanagisan: for a small postgresql db on hardware raid, use a smallish blocksize
<RoyK> 64kB seems like a good choice
<Malinux> I have a server with a Pentium D 2.8GHz. Is it possible to set cpu-scaling on it?
<Malinux> running ubuntu 12.04
<izanagisan> RoyK: thanks a lot! testing with 8KB, will then use 64KB
<RoyK> izanagisan: I just use sw raid these days
<RoyK> easier to manage when the shit hits the fan
<RoyK> 8k blocks seems rather low
<markthomas> izanagisan: is that the same box you were installing yesterday?
<izanagisan> markthomas: indeed. Still testing
<izanagisan> yesterday I configured RAID 1 on 2 of the drives, stripe size of 128 KB
<markthomas> izanagisan: Have you checked the postgres documentation for recommendations?
<izanagisan> markthomas: searched for official stances but found only forum posts
<izanagisan> seems like the agreement is that 64 KB will be optimal for my needs
<markthomas> izanagisan: sounds like a plan.
<HSaka> Somebody here could help me with deluge on ubuntu server?
#ubuntu-server 2013-04-20
<RoyK> deluge?
<HSaka> RoyK, yeah deluge.
<HSaka> for torrent
<xvicarious> Hello, I was wondering I could get some help with some problems I'm having getting software set up on Ubuntu Server 12.04
<xvicarious> I used tasksel to attempt to install lamp-server but configuration of mysql-server failed.  This is a brand new install fresh of 12.04.  I tried it on my old install and i also ran into the same problem
<xvicarious> I've searched far and wide of the internet for solutions to this problem, all people have the same (or similar problem) but solutions that have worked for them don't seem to work for me.
<xvicarious> The MySQL admin password doesn't want to set, and the mysql service fails to start
<xvicarious> no?
<sarnold> xvicarious: ah, sorry, I kept expecting a more specific error or something :)
<xvicarious> Oh I wish you said.  Well...
<sarnold> just got distracted elsewhere while waiting, hehe :)
<xvicarious> Investigating trying to find someting specific now.
<xvicarious> Is there a pastebin sort of rule here?  Or can I post this? its like 4 lines.
<xvicarious> 6
<sarnold> about three feels like a reasonable tradeoff point.. six, please pastebin :)
<xvicarious> Okay
<xvicarious> This is when I try to finish configuring with apt-get (after using tasksel to install lamp): http://pastebin.com/NCef9gRe
<sarnold> xvicarious: check /var/log/syslog or /var/log/mysql.log or /var/log/mysql/error.log for more information..
<xvicarious> Very well.
<xvicarious> /var/log/syslog : http://pastebin.com/1xbkudy5
<sarnold> aha :)
<xvicarious> And finally /var/log/mysql/error.log : http://pastebin.com/VaevjRSh
<xvicarious> aha?
<sarnold> xvicarious: intersting, the second paste seems to show that the innodb storage engine couldn't allocate memory; if the debug logs are correct, it couldn't get 128 megs?
<xvicarious> No... I have a chunk with 128mb total memory.
<sarnold> xvicarious: you may need to fiddle with your mysql configuration to request less memory
<xvicarious> What configuration file would that be, and what would you suggest?  I have um... 4mb left apparently... So I assume it is a no-go?
<sarnold> xvicarious: hrm, /etc/mysql/my.conf looks like one starting point, though it appears to include others, so you miht have to poke around in there a little bit to find enough memory tweakable settings to turn down
<xvicarious> This seems troublesome
<sarnold> yeah. the default config obviously assumes a lot more than 128 megs of memory :)
<xvicarious> Its frustrating because my friend used to host me, but the person who ran the vps thing just up and disappeared
<sarnold> I've got some mysql tests running in a VM at the moment, it looks like 256 would go a long way towards making it usable
<xvicarious> Sadly I don't quite have the money at the moment for upgrading... I guess it isn't bad since this is a free account I have this on. Thanks for the help though.
<sarnold> xvicarious: the amazon aws t1.micro provides 600-ish megs of memory: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts_micro_instances.html
<sarnold> xvicarious: t1.micro is intended for mostly-idle machines, so it might not be a great fit for you, but it can be free, or very cheap: http://aws.amazon.com/free/faqs/
<sarnold> ahh, free for just a year. but still, not bad.. :)
<patdk-lap> heh, I often see t1.micro pause for 30seconds at a time
<sarnold> patdk-lap: ouch
<patdk-lap> ya, nothing like watching vmstat
<xvicarious> Meh, I'm at school right now.  But I'm transfering out of here to somehwere closer to home and I have a job back there.
<patdk-lap> seeing steal at 100% for 30seconds when it start responding again
<sarnold> I really only used my t1.micro as a shell for an hour here and an hour there.. nothing extensive. I've heard the CPU penalties are steep, but ... 30 seconds? ouch.
<xvicarious> So when I get back to my job I'll upgrade my chunk.
<sarnold> of course I had a few larger instances run for a few hours and the bill came to -- wait for it -- $0.43. I didn't bother expensing it. :) hehe
<xvicarious> sarnold your username is quite a reminder of a teacher I had in my senior year of high school lol.
<patdk-lap> sarnold, heh, I have run some huge ones, cost me like $10
<patdk-lap> can't remember exactly what I was testing on them
<sarnold> is he the bugger that took the 'sarnold' launchpad username? :)
<sarnold> patdk-lap: .. course a buddy left some huge hadoop machines running for a month, it was in the thousands...
<xvicarious> Gosh I don't know. He really didn't seem like the computer type.
<patdk-lap> ya, my friend loved to load up static websites on t1.micro
<patdk-lap> then he kept wondering why it would never load, and asked me to look into it :)
<sarnold> *snort*
<patdk-lap> t1.micro being cheaper than s3 webhosting :)
<ia0001> why the heck is flash not working
<ia0001> im going to go insane
<patdk-lap> why would flash ever work?
<ia0001> because its the same freking thing
<patdk-lap> they stopped making flash a long time ago
<ia0001> ubuntu-dekstop
<ia0001> yeah it stoppe being supported or something?
<ia0001> So your saying there no flash for server 12.04 LTS
<patdk-lap> I dunno it was ever supported
<ia0001> ubuntu-server
<xvicarious> If it weren't for um... A certain media... I wouldn't have flash installed. lol
<patdk-lap> but adobe stopped making flash for everything, except windows, over a year ago
<ia0001> I had ubuntu-server installed on my old computer I thought it was the same thing and I thought it worked
<patdk-lap> ia0001, a lot of the times I have flash and nvidia issues
<sarnold> ia0001: what bug number?
 * patdk-lap can't think of anything that uses flash
<sarnold> patdk-lap: at least they still provide security fixes... thank goodness
<sarnold> patdk-lap: youtubs
<ia0001> I mean theres no bug
<ia0001> I mean it just doenst work
<sarnold> ia0001: ah. you should file one :)
<ia0001> I have tried manually installing flash
<patdk-lap> sarnold, I always use mp4 on youtube, no flash needed
<xvicarious> patdk-lap certain media websites... That have media.
<sarnold> patdk-lap: oooh? :)
<xvicarious> "media"
<ia0001> how do you convert youtube to mp4?
<patdk-lap> xvicarious, screw them :)
<patdk-lap> but then, I won't do media
<patdk-lap> ia0001, you select mp4
<xvicarious> Hehe screw.
<ScottK> jamespage: FYI: http://rb.doesntexist.org/blog//posts/lack_of_cooperation_from_ubuntu/
<ScottK> rbasak: ^^^ you too.
<Humatiel> do you need to be registered to remain in this channel?
<ScottK> no
<jetole> Hey guys. I was just reading about a site and the architecture they designed. They mentioned they do 15GB of logs per hour. How does someone set up logging servers to handle that?
<jetole> I mean how do you actually aechitect logging servers for that capacity?
<jamespage> ScottK, on my list - that will be fed back to debian - in direct contact with maintainer
<ScottK> jamespage: OK.  You might comment on the blog post then.  I wanted to make sure you were aware.  That was on Planet Debian.
<qman__> jetole, by deciding how far back you need logs and installing a log server with the appropriate terabytes of disk space
<qman__> those numbers are probably also uncrompressed, log data is generally very compressible
<jetole> qman__: so what if I need log server HA. They mention using syslog-ng but just in general, what would you recommend for logging HA? Should I stick it behind a load balancer with a gfs2 / drbd or is there a better means
<jetole> I don't like drbd for a lot of things because I hate the limit on the number of nodes it can handle
<jamespage> ScottK, actually that post really annoys me - I've been discussing stuff with the MongoDB maintainer in Debian esp around the linking with openssl licensing issues which I think I now have a resolution on with upstream which both distros can benefit from
<ScottK> I thought it might.
<jamespage> jetole, syslog-ng has a mongodb module that you might find useful as a backend for log storage
<jetole> jamespage: thanks
<jamespage> jetole, might do what you want - clients can send logs direct to mongodb which can be  spanned across multiple servers.
<jetole> jamespage: ah that's cool. I hadn't looked yet but I was assuming you meant between multiple logging servers
<jetole> something else. I run cacti on a network but I am looking for a system where I can create graphs from multiple sources. Specifically we multiple haproxy load balancers and I want to collect the log data into one graph for request counting and graphing i.e. parsing the logs on lb1 and lb2 to create a single graph showing web traffic throughput
<jetole> does anything come to mind on how I should / could do this?
<jamespage> jetole, you could probably do something like that with ganglia
<jamespage> hmm - well it would show you the network traffic at least
<jetole> yeah
<jetole> I started to read about a few different graphing solutions the other night but didn't get too in depth
<jetole> maybe I'll write something since haproxy can and in my case logs to syslog which can be centralized
<jetole> Is there any common way to run a syslog server that a client can connect to so that it can view output? I'm trying to think of a multi node connect model and contemplating via ssh but seems like a bit too much
<gustav> Hi. Trying to install postgresql on 12.04. It's not starting up and it doesn't have /etc/postgresql. I installed postgresql and postgresql-contrib.
<gustav> What am I doing wrong?
<gustav> How do I start postgresql?
<gustav> Ok, nevermind.
<mindcode> hi, i wrote an smtp server in c, the server just has to revice any email sent on my domain, but there is a problem: it works fine some provider like arcor, and google. they connect to my smtp server (port 25), sending "HELO" and all the rest.. i got that email... but other servers like gmx just conencts to my server and then nothing happens... no "EHLO" or "HELO"... just nothing ... after sevral minutes i got the QUIT command from
<mindcode> the provider or i got spammed with \n charakters.. what is the problem?
<xnox> jamespage: rbasak: just posted this on debian planet http://blog.surgut.co.uk/2013/04/ftbfs-fixes-and-other-patches-available.html pointing out that _all_ debian package maintainers should check and apply ubuntu patches from debian PTS.
<Googol30> While attempting to view the contents of /etc/acpid/event using "sudo vim /etc/acpid/event", it says nothing but "Permission Denied".  Google only suggests workarounds for pipes, so I came here.
<Googol30> I've changed the file permissions, owner, and group in an attempt to view the file, but it still says "Permission Denied"
<Googol30> Additionally, in my Googling, I've come across suggestions to use "sudoedit" and "sudo -e", but both commands return "resource busy" errors.
<Googol30> Any questions, comments, ideas, suggestions?
<Googol30> Is anyone even at their computer?
<Googol30> Hello? Is anyone here?
<Googol30> Can I even get a response from ubottu?
<Googol30> If noone is going to help me here, can someone redirect me to somewhere I _can_ get help?
<guntbert> Googol30: I don't have that directory on my machines. please show us the output of sudo ls -l /etc/acpid/event
<jdrab> Googol30: btw what ubuntu release are you running?
<Googol30> jdrab: I'm running Ubuntu Server 12.04.2.
<Googol30> guntbert: And I meant "/proc/acpi/event"
<yeats> Googol30: what's your end goal?  why are you trying to view that file?
<yeats> Googol30: this thread may help: https://bbs.archlinux.org/viewtopic.php?id=13900
<guntbert> Googol30: files under /proc are no normal files. You can (sometimes) read them via   cat   or   less, but you certainly cannot edit the via vim. They are just a way to communicate with the kernel
<patdk-lap> guntbert, sometimes you can edit them with vim
<Arrick> How does one access the logs of this channel? I am looking for an answer that was given to me yesterday, so I dont have to repeat my questions...
<shauno> Arrick: http://irclogs.ubuntu.com/2013/04/19/%23ubuntu-server.html
<Arrick> I am trying to setup a webserver which has a functional outbound email... I have performed "sudo apt-get install mailutils" and also "sudo apt-get install postfix" and have those installed, but I cant for the life of me figure out why the server cant send out an email using "echo "test" | mail email@address.com(started my server build from scratch this afternoon, due to other people messing it up)
<ScottK> Arrick: The Ubuntu server guide has good instructions on setting up a mail server.  I'd recommend following that.  There's a link in the channel topic.
<Arrick> Yeah, I'm following the guide, however the system is not mailing out like it did yesterday (or at all, and I think its because of the firewall)
<Quest> is this a full poe 48 port switch or half poe (24 port). how do i know http://www.amazon.com/Cisco-SG200-50P-Ethernet-Mini-GBIC-Warranty/dp/B004GHMU6A/ref=sr_1_1?ie=UTF8&qid=1366497510&sr=8-1&keywords=cisco+sg200+48+poe   ?
<Arrick> Ok, I need the following all installed on a server; Apache 2, PHP 5.3.2 minimum, PHP modules: iconv, ctype, zip, simplexml, spl, pcre, dom, xml, json, mbstring, openssl, tokenizer, xmlrpc, soap, gd, intl, and Mysql 5.025 or higher.... What would be the easiest way to install all of these at once? (I am not normally a *nix guy, so I need some refreshing)
<Arrick> quest, here is the tigerdirect same thing, http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=7152554 and it says it is 24
<Quest> while purchase. what keywords to look while reading the box pack?
<Quest> $800 ts so costly? normal switchs cost about how much for 50 ports non-poe?
<Arrick> Quest, If you are looking at Cisco gear, your best answers will probably come from ##cisco, and you might be able to get some used gear and save some money.
<Quest> Arrick,  how much cost would be of  a dell swtich of similer specs?
<genii-around> Cisco has a refurb program as well
<Quest> genii-around,  ^?
<Arrick> I dont know Quest I tend to stick with the 2960S POE switches across the board.
<genii-around> Quest: http://www.cisco.com/web/ordering/ciscocapital/refurbished/index.html
<Arrick> (cisco)
<genii-around> Much cheaper than new
<Quest> k
<Quest> can you give a rough idea on how much will a dell or other switch would be how much cheaper?
<Arrick> about half...  but... you definately get what you pay for.
<genii-around> Whatever Cisco device you buy, if buy similar from somewhere else, it's typically half to two-thirds the price
<Quest> hm
<Arrick> hey, is php 5.3.10 higher than 5.3.2 ?
<Quest> if a cisco peo switch of 48 port is 800 dollars than a normal cisco non-poe switch should by roughly 100 dollars?
<Arrick> Im guessing yes, but I dont want to speak out of turns.
<Quest> Arrick,  yes
<Arrick> nope.... 400_
<Quest> oh
<genii-around> Quest: No, not 100... more like 400-600
<Quest> genii-around,  hm
<Arrick> actually poe - non-poe doesnt change the price but by about 100 lower for non-poe
<Quest> genii-around,  what would a 12 port poe cisco swithc cost then?
<Arrick> 4-500
<genii-around> Quest:^
<Arrick> depending on the model and sla you need
<Quest> genii-around,  if 12 port poe is cheaper. I would buy 4 such switchs and combine them
<Quest> Arrick,  you meant 400 - 500 . right?
<Arrick> why? you have 4 points of failure at that point.
<Arrick> correct.
<Quest> no
<Quest> we want 40 peoS
<Quest> for 40 cisco phones for voip
<Arrick> then just get a 48 port 2960s and be done with it
<Arrick> then you have 8 ports for scalability
<Quest> 8 port scalability?
<genii-around> You can find second-hand Catalyst on ebay/amazon for dirt cheap
<Arrick> http://www.voiplink.com/ProductDetails.asp?ProductCode=Cisco-WS-C2960-48TT-L
<Arrick> something like that
<Quest> hm
<Arrick> look for a used one
<Arrick> dont forget to buy the module you need for the uplink though.
<Quest> hm
<Arrick> I only buy new cisco, and FROM cisco or CDW-G (Government) so that my SLA is in order from the beginning.
<Quest>  $1,449.95 hm.
<genii-around> You can also buy poe injectors separate, etc
<Arrick> thats not bad, other ones cost upwards of 4500
<Quest> second hand would be of  half the price
<Arrick> and injectors are about 75-90 each (I just had to buy 2 for a site)
<Quest> Arrick,  genii-around  i hope that model is full poe. and not half poe
<Arrick> the on I just posted in full poe
<Arrick> is/in
<Quest> great
<genii-around> Oops! I forgot faceoff is just happened....!
 * genii-around runs away to watch hockey
<Arrick> of course, you also have to think of your phones.. .some of the newer ones out ther do gigabit as well, so you want the more expensive ones.
<Quest> recently our netadmin ran. we discovered that the phones connected on a del poe switch works on the cisco switch too but the phones (cisco) connected to a cisco switch do not even power ONNs if attached to the dell switch. i dont have specs atm though.
<shauno> at the other end, some are only 7W so can get away with cisco's funky 'half' poe (where they can do, eg, 48x7W or 24x14W, but not the whole 14W on all 48)
<Quest> Arrick,  i wonder why could that be. i mean where to start investigation
<Arrick> check to see if POE is turned on on the cisco switch (Its either all or nothing)... Also, are there other dell switches in the network somewhere?
<Quest> some phones run ok on that cisco switch. so poe is onn
<Arrick> some of the older switches (iirc) had a add-on power supply for poe as well.
<Arrick> you could have burned ports.
<Quest> Arrick,  only one 48 half poe dell switch , one non-poe cisco, one half poe cisco
<Quest> Arrick,  some phones are already working on those ports.
<Arrick> I have found that a dell/cisco mix or a hp/cisco mix doesnt play well.
<Quest> Arrick,  i think theres some problem with compatibilty
<Quest> hm
<Quest> some one added.
<Quest> <eirirs> Quest: there are two poe standards
<Quest> <eirirs> Quest: cisco inline power (pre-standard) , and 802.1af
<shauno> right.  newer switches will do both, older might only do pre-standard.  and just to mess it up, there's phones that'll do both, or only one.  so if you get a phone that only does standard, and a switch that only does pre-standard, it's messy
<Arrick> yep
<Arrick> it sucks to high heaven.
<Quest> hm
<Quest> Arrick,  shauno  so he must have altered/configured the phones or the swithcs     or both?
<Arrick> my department has all 7940s, 7960's and 7912s, but the rest of the network has all the new gigabit video phones with the thin client addon..
<Arrick> shauno, there is nothing like walking into a closet full of non-poe switches and seeing an umbrella of poe bricks hanging from hooks on the ceiling of the switch room.
<shauno> that bit I couldn't tell you.  I come from the other side, where we have other poe equipment on the switches.  which is where you hit cisco's 'half-poe' stuff because they use cisco's protocol to negotiate
<Arrick> yep
<Quest>  wait. i can use none-poe swithc and use power adapters for phones?
<Arrick> yes
<shauno> so you can stick 48 7W phones on a half-poe switch, but not 48 of our own devices
<Quest>  that will be cheaper for us as poe and non-poe swtichs are half in price
<Arrick> to the tune of 75-90 per phone
<shauno> 40*75 is 3000, that can eat the difference quickly
<Arrick> yep
<Arrick> even if you have 15 phones you need to inject, its more than a single 48 port poe switch thats full poe
<Arrick> however... I need to get back on task,....
<Arrick> Ok, I have installed Mysql, Apache2, and PHP5... I need to add some modules into php, how do I do that?
<Quest> Arrick,  shauno  thanks!
<Quest> reat help
<Arrick> specifically, these modules, iconv ctype zip simplexml spl pcre dom, xml, json, mbstring, openssl, tokenizer, xmlrpc, soap, gd, intl
<Quest> are power injectors cheaper than if i buy a 48 poe switch?
<Quest>  and whats a "magic jack?
#ubuntu-server 2013-04-21
<Arrick> hey guys, I am getting PHP has not been properly configured with the MySQLi extension so that it can communicate with MySQL. Please check your php.ini file or recompile PHP. MySQLi extension is not available for PHP 4.
<Arrick> when I try to run my installer for my site, but I have php5 installed, what do I need to fix?
<Arrick> 12.04 lts, apache2, php5, mysql 5.5
<Arrick> how do I setup a cron task to run a file every 15 minutes?
<Arrick> thanks for your help guys, the only thing I have left is setting cron tasks.
<Syria> Hi there, How can I know if there is any user creating ssh -D tunnels on my VPS please?
<kaelin> Hi, quick question about mod_rewrite: I would like to have visitors who just type the domain of my site get back the index.html from a CMS system (Radiant), so essentially rewriting / to /radiant/ -- can I do that? And if so how?
<qman__> kaelin, a 301 redirect is the best way to do that
<kaelin> I have tried using a .htaccess file with: Redirect 301 / /radiant/
<kaelin> Do I need some other syntax to match an empty path like that?
<qman__> kaelin, no, but it requires mod_rewrite
<qman__> you also need these on the directory:
<qman__> Options +FollowSymLinks
<qman__> RewriteEngine on
<kaelin> Can those be put in a .htaccess file? Or do they have to be in httpd.conf?
<qman__> they need to be in the main apache config; ubuntu puts that stuff in the site configuration file
<qman__>  /etc/apache2/sites-available/your-site
<qman__> also, to enable mod_rewrite, you need to run sudo a2enmod rewrite
<qman__> and then to reload apache
<kaelin> I'm pretty sure I have mod_rewrite enabled and loaded
<kaelin> Ahh I think that's got it! Thanks qman_!
<kaelin> http://intrepid-philanthropy.org
<kaelin> When I try it briefly flashes the old /index.html. Is that just cached in my browser or is that going to happen to everyone?
<Walther> I take it ubuntu server doesn't come with any de/wm by default, but any is installable?
<mardraum> yes
<Walther> I may have just solved the problem of me liking ubuntu's way of having updates compared to debians but having serious trouble with installing a wm that doesn't have a gnome-session in the back :P
<bekks> Their ways are the same.
<TuxBrother> I am trying to accomplish this
<TuxBrother> http://serverfault.com/questions/431531/tunneling-a-public-ip-to-a-remote-machine
<TuxBrother> I got connection to local machines, outside however doesn't work
<TuxBrother> IPv4 forwarding has been enabled and no firewall rules are applied at this point
<frodo_jeb> hi
<frodo_jeb> hi i planing to buy raid cart for my server and i wonder how can i be notified if a hard drive faile beside the led light. i'am using non gui linux installation i heard about mdadm
<frodo_jeb> but i don't know if it's a software raid or a hardware raid monitoring
<frodo_jeb> can any one clarify for me
<frodo_jeb> what can i do
<frodo_jeb> to monitor my hdd
<Froberg> patience.
<frodo_jeb> i'm still waiting ....
<cheese1756> Does anyone know of some good backup scripts so that I could rsync my entire server?
<qman__> cheese1756, what do you have in mind? a one-time backup, or a scheduled snapshot system?
<cheese1756> qman__, A scheduled off-site backup
<cheese1756> Snapshots would be great
<qman__> rsnapshot is pretty good for that
<qman__> it takes a little reading to get it configured the way you want but it works well
<cheese1756> qman__, I'll look into it, thanks!
<Jon_D> Hi, I have a rsync script that sends a mail at the end here http://pastebin.com/Ft5hyqcG, does it look correct? No mail received.
<mindcode> why my smtp server gets some mails from arcor, google, facbook... but not gmx? gmx just connects to my server but dont send any bit ... nothing... he connects and idles
<mindcode> after idling some minutes gmx sends some \n charatkers
<mindcode> and that is everything i get
<Techdude1011> bind9 stopped recursive queries
<mindcode> this channel sucks balls
#ubuntu-server 2014-04-14
<mwhudson> hm
<mwhudson> can i use uvt-kvm to create a vm backed onto a lvm lv?
<Miplo> Hi, do I need to permit root login on an Ubuntu server using SSH? Wouldn't the actual admin user be enough? (using sudo)
<rahuldroy> Hey Guys, I have a quick question. I am planning to make a closed-source website using MySQL as a database. Will I be legally allowed to do that?
<sheptard> are you planning on redistributing mysql?
<sheptard> or just using mysql to drive the website
<rahuldroy> just use mysql to drive the website
<sheptard> then why would they care
<rahuldroy> I don't want to do anything illegal
<sheptard> also, IANAL
<rahuldroy> haha neither
<rahuldroy> just tyring to make sense of open source licences
<rahuldroy> BSD and MIT Seems to have no restriction on commercial use
<sheptard> those licenses usually only matter if you plan to use the actual code in another product, or redistribute said product
<rahuldroy> GPL seems to though
<rahuldroy> lets say I get an GPL Software and customize the code to my needs
<rahuldroy> Do I need to make the modifications freely available??
<sheptard> only if you want to
<sheptard> assuming you aren't selling the software
<rahuldroy> thats what I though as well. Does this include saas software??
<sheptard> don't think so
<sheptard> again, IANAL
<rahuldroy> I think it would be be best if I avoid GPL code on my project completely just to be safe but I will keep using MySQL though
<EpicCyndaquil> I tried asking in #ubuntu but no one there answered, and you all are probably better with bash anyway: can anyone help me understand why this bash script doesn't work? https://3d3.ca/yLLXL.bash#VT23LM5SHgTzkCLU
<vonsyd0w> EpicCyndaquil, what about the #bash channel?
<EpicCyndaquil> ah, good idea :)
<EpicCyndaquil> shellcheck.net was enough to help me figure it out, so thanks for bringing up #bash, vonsyd0w
<vonsyd0w> no prob, my bash skills arent that great... yet
<Alina-malina> this cronjob is it recommended to use in high load mode? for example i have multiple users they add posts and the crontab removes those after 5 hours, will that be problem if there are 5000+ users?
<lordievader> Good morning.
<prgCoder> hey guys - I have a weird problem and my head already hurts...
<prgCoder> had a problems where a suse server all of a sudden started to poll the internet and started to use up a lot of bandwidth
<prgCoder> local it admin said it was only out going.....
<prgCoder> so I grapped another box, formatted the drive and install ubuntu 12 server and transaferred programs and data to it
<prgCoder> a day later the same thing started to happen - the suse server is off and the new ubuntu server is up and the local IT admin says this server is plling the internet, over and over again
<prgCoder> any ideas on what to look for and where this is coming from - I havetried wireshark and a few others but I have no clue what to look for
<lordievader> prgCoder: Investigate what is using it ;) iftop -P might come in handy there.
<prgCoder> I will give that a go when the local admin either turns it back on or can some how retard the server from using up most of the bandwidth so i can get in remotely
<prgCoder> what should i look for?
<lordievader> prgCoder: Something that uses a lot of bandwith. It will show the src ip+port and dst ip+port. From there you can make up which service/application is responsible.
<prgCoder> loadievader: thanks
<prgCoder> lordievader: thanks
<lordievader> :)
<lordievader> prgCoder: Good luck
<prgCoder> thanks
<dv81> whats the easiest tool to backup/restore an entire server's disk?
<dv81> to an offsite location
<jpds> I doubt you'll find something "easy".
<dv81> "easiest"
<jpds> dv81: Well, I can only give suggestions like bacula, rsync, obnam, ....
<dv81> *googles*
<lordievader> I find dirvish quite easy (I've come to understand that dirvish is an rsync wrapper).
<alesales> exist also a tool named relax and recover :)
<alesales> http://relax-and-recover.org/
<alesales> is like aix mksysb or OS/400 SAVSYS :)
<dv81> thanks guys
<dv81> looking for something that will image a disk, grub and all rather than just certain parts of the fs
<dv81> alesales: Rear, looks good thanks
<alesales> I never tried...I just heard about that
<alesales> I'm not working with Linux on x86 :)
<ashd> setting up ldap and samba - ubuntu 14.04 following the ubuntu docs and walkthrough. âid userâ shows uid,gid and groups.. but only main groupâ¦ ldapid shows all the groupsâ¦ is this the correct behavoir, or have i done something wrong somewhere.
<Proshot> afternoon when i login into ubuntu server via ssh i get this welcome http://pastebin.com/46THn4se i was wondering where the config is that displays this message
<jamespage> smoser, roaksoax, zul, hallyn: I've added some content to https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes for server this morning
<jamespage> I've left some placeholders for MAAS and libvirt right now - if you want to draft something appreciated :-)
<jamespage> gaughen, ^^
<Proshot> anybody any idea where i get the config files which displays that message
<gt8ost4l> anyone know how i can somehow change the mysql default name
<bekks> gt8ost4l: default name?
<gt8ost4l> yeah the name you give the mysql server the first installation
<bekks> gt8ost4l: you dont set any names for mysql servers at all during installation.
<gt8ost4l> so its just a password and thats all
<bekks> gt8ost4l: you have to enter a password for the mysql root user during installation.
<gt8ost4l> so root is just the default
<bekks> gt8ost4l: thats the default mysql username of the mysql root user, yes.
<gt8ost4l> so theres no way to change that username
<bekks> gt8ost4l: Create a new user, done.
<gt8ost4l> how do i do that
<bekks> gt8ost4l: https://dev.mysql.com/doc/refman/5.1/en/create-user.html
<rbasak> gt8ost4l: don't change the name of the root user. The maintainer scripts need root access for upgrades, etc, and so if you change the username you'll break upgrades.
<rbasak> gt8ost4l: creating another user for what you want is fine.
<zul> jamespage:  https://code.launchpad.net/~zulcss/heat/heat-mir/+merge/215494
<Havenstance2> good morning, is there a work around for the gpg not found error in 13.10?
<rbasak> What gpg not found error?
<Havenstance2> I keep getting a gpg not found error when I try to pull in a key. not sure why it just says gpg package not found
<Havenstance2> wget -q http://keys.zentyal.org/zentyal-3.4-archive.asc -O- | sudo apt-key add -
<Havenstance2> I enter that then it returns, gpg not found
<Havenstance2> the machine sitting right next to it takes the command and returns OK
<Havenstance2> only difference is one is server 13.10 amd64 the other is server 13.10 i386
<Havenstance2> and its the amd64 throwing the error
<rbasak> How did you install the broken machine?
<rbasak> The apt package depends on the gnupg package.
<rbasak> You might be able to install gnupg to fix the problem, but it sounds like you have a bigger issue there.
<rbasak> (or something wrong with your PATH or something)
<Haven|Work> rbasak, I just did a fresh install so we will find out when it finishes. I had a network failure on Friday about the time I set this machine up so its possible that it didn't pull a package it needed
<jamespage> zul, one typo but other than that +1
<zul> jamespage:  saw...thanks
<jamespage> hallyn, could you take a look at bug 1305280 - might be related to bug 1304167
<uvirtbot> Launchpad bug 1305280 in apparmor "juju command get_cgroup fails when creating new machines, local provider arm32 " [Undecided,New] https://launchpad.net/bugs/1305280
<uvirtbot> Launchpad bug 1304167 in apparmor "syntax error, trusty beta-2 cloud image" [Undecided,Confirmed] https://launchpad.net/bugs/1304167
<zul> jamespage:  im just catching up precise-icehouse this morning
<jamespage> zul, libvirt and xen?
<zul> jamespage:  yep
<jamespage> zul, I'm just sorting out the publishing issue - ceph built twice for armhf on the last version
<jamespage> hashsum mismatches all round
<zul> jamespage:  uh ok :)
<smb> zul, Still the build in P problem? Most admit I have not yet checked how well the current 4.4 does as I tried to make arm64 more real
<zul> smb:  still the P problem i have a work around for it though
<smb> zul, ok sounds good
<jamespage> zul, your patch for heat is still worng
<zul> jamespage:  arrgh
<zul> jamespage:  gimme a sec
<jamespage> zul, you might want to change the name of the patch as well
<jamespage> suder ->sudoers
<smoser> roaksoax, where are we on maas ?
<zul> jamespage:  https://bugs.launchpad.net/bugs/1307518
<uvirtbot> Launchpad bug 1307518 in glance "ERROR "CRITICAL glance [-] AttributeError: 'NoneType' object has no attribute 'drivername'" in /var/log/glance/api.log" [Undecided,New]
<smoser> :-(
<hallyn> hm.  stgraber: ^ wonder if bug 1304167 could be due to the new pivot_mount rule (i haven't dug yet)
<uvirtbot> Launchpad bug 1304167 in apparmor "syntax error, trusty beta-2 cloud image" [Undecided,Confirmed] https://launchpad.net/bugs/1304167
<jamespage> zul, eh
<jamespage> zul, I'll try to reproduce
<zul> jamespage:  ditto
<stgraber> hallyn: that sounds more like a problem with the new apparmor statements
<hallyn> oh god.  is this in cloud archives again?
<hallyn> people really need to mentin that
<jamespage> zul, I see that we are missing "schema-image.json"
<jamespage> hmm
<zul> jamespage:  arrgh so we are
<jamespage> zul, and that the perms on /var/lib/glance/images and /var/lib/glance/image-cache are wrong
<stgraber> hallyn: no, it's just the LXC upload done by the apparmor folks being wrong
<jamespage> they are not writable by the glance user
<stgraber> hallyn: LXC doesn't version depend on apparmor so it'll happily install with the wrong apparmor version
<hallyn> stgraber: feh.  (i'm still waiting for an upgrade so i can get to testing)
<stgraber> hallyn: I have a debdiff here, uploading in a minute
<jamespage> zul, ah crap - that's a regression from fixing bug 1214947
<uvirtbot> Launchpad bug 1214947 in glance "chown in postinst fails on netapp storage" [Low,Fix released] https://launchpad.net/bugs/1214947
<hallyn> stgraber: thanks
<jdstrand> stgraber: what upload? the one I did added the sed rules and was acked by stgraber
<jdstrand> err, by you
<jamespage> hmm
 * jdstrand uploaded 1.0.2-0ubuntu2
<stgraber> jdstrand: right, and we missed the fact that you need a versioned dependency on apparmor too.
<stgraber> jdstrand: so that precise -> trusty doesn't break
<jdstrand> wouldn't that have broken with the dbus rule too?
<stgraber> it probably did in some cases but since people don't care much about non-LTS releases we never heard about it
<stgraber> jdstrand: http://paste.ubuntu.com/7249946/
<jamespage> zul, this highlights a gap in testing I think
<zul> jamespage:  we seem to be missing property-protections-policies.conf.sample property-protections-roles.conf.sample as well
<zul> jamespage:  agreed
<jamespage> zul, hmm - those are just samples
<jamespage> less worried about those
<roaksoax> smoser: check the bug :)
<jdstrand> stgraber: hrmm, apparmor itself has: Breaks: ..., lxc (<< 1.0.2-0ubuntu2~), ...
<smoser> roaksoax, i thought we agreed to upload without that feature
<smoser> with the 2 bug fixes
<stgraber> jdstrand: right, so apparmor won't upgrade with an old LXC, but LXC will happily upgrade with an old apparmor
<stgraber> jdstrand: bug 1304167
<uvirtbot> Launchpad bug 1304167 in apparmor "syntax error, trusty beta-2 cloud image" [Undecided,Confirmed] https://launchpad.net/bugs/1304167
<hallyn> hm, that's not gonna help ppl upstream
<stgraber> jdstrand: that's someone getting a cloud instance of beta2, doing apt-get update && apt-get install lxc without doing a dist-upgrade
<stgraber> jdstrand: they get the new LXC but not the new apparmor and things break
<hallyn> ideally there'd be versioning built into the policy language :)
<jdstrand> why doesn't beta2 have the new apparmor?
<jdstrand> hallyn: we are getting there
<stgraber> no idea, though the problem should also happen when doing 12.04 to 14.04. apt may very happily resolve the upgrade path as lxc in a first batch and apparmor in a second one. Which will cause the exact same failure.
<stgraber> On smaller upgrades, you get a single batch so the apparmor breaks is enough to sort out the configure ordering but if they are each in their own batch, then things will break.
<stgraber> jdstrand: anyway, I think my fix should be enough for that, I'd just suggest you make sure any other affected package gets something similar or I'd expect quite a few confusing upgrade bugs to show up soon enough...
<jdstrand> I don't know how apt will sort these things, but slangasek said the Breaks was enough to dtrt for upgrades. I didn't do 12.04 to 14.04, but I did do upgrade test of lxc under that version and it all worked
<jdstrand> if apt isn't breaking isn't honoring that, that seems like a bug in apt
<jdstrand> (otherwise why even have the Breaks mechanism at all)
<jdstrand> now, I get that a cloud image with the old apparmor will happily install a new lxc
<stgraber> no, what apt is doing is perfectly correct. Your debian/control only prevents me from upgrading apparmor before lxc itself has been upgraded.
<stgraber> but I can upgrade lxc itself independently of apparmor and nothing will force me to get the right parser
<roaksoax> smoser: well... there is some discussion as to how to
<roaksoax> smoser: well... there is some discussion as to how to publish that the setting is enabled
<hallyn> jodh: ok i'll go ahead and push 'stop on [06]' for cgmanager;  if/when someone has a problem due to it, we can revisit.  ideally there would be a signal emitted right before final umounts (/var and /)
<smoser> roaksoax, 2 bugs need fixing
<smoser> independent (i thought) of feature being added
<zul> jamespage:  https://code.launchpad.net/~zulcss/glance/lp1307518/+merge/215679
<smoser> and i had hoped we'd upload with 2 bugs fixed
<jodh> hallyn: right, although upstart isn't doing the unmounting.
<roaksoax> smoser: i know
<roaksoax> smoser: feel free if you want to go ahead and upload those
<hallyn> jodh: what is?  doens't seem to be mountall...
<roaksoax> smoser: cheery pick and patch the ubuntu package
<jdstrand> stgraber: I understand that the cloud image having an old apparmor, apt-get update, apt-get install lxc doesn't work. I'm saying that a do-release-upgrade or apt-get dist-upgrade where apt breaks this into chunks that don't correctly honor the Breaks would be a bug
<jodh> hallyn: /etc/init.d/umount*sh
<jdstrand> when was the beta2 image generated?
<roaksoax> smoser: i rather make I upload than make 2 though
<stgraber> jdstrand: having apt do the upgrade in two chunks, first upgrading 200 packages including LXC, then upgrading another 300 packages including apparmor, would honor the Breaks and would make the upgrade fail.
<roaksoax> smoser: that's why I'm saying, follow the bug as the latest developments are happen there and for the looks of it, it is just deciding how to notify the user about the setting being enabled by default
<jdstrand> stgraber: who is breaking that up into chunks? the user or the upgrader?
<stgraber> jdstrand: because it'd technically never have the new apparmor installed before the new lxc, so the Breaks would be satisfied
<stgraber> jdstrand: apt does it when there are massive set of packages with complex dependencies (most pre-depends and the like). A lts-to-lts upgrade usually qualifies...
<stgraber> jdstrand: you'll often see apt do multiple configure runs during a dist-upgrade, that's the easiest sign to see it do the chunking
<hallyn> jodh: ok so we may just have to provide guidance that any upstart jobs using cgm in post-stop should do '|| true'
<stgraber> so download of everything => unpack => configure => unpack second chunk => configure second chunk => ...
<jdstrand> stgraber: ok, so I'm saying that if in its chunk calculation it allows what you are saying, its calculation is wrong. it should always put them in the same chunk
<stgraber> jdstrand: why?
<stgraber> it'll always ensure that apparmor isn't installed before the new lxc because that's what you said in your Breaks
<jdstrand> because it would break on upgrades when the Breaks is explicitly there to prevent that
<stgraber> but that's as much as it'll do for you
<stgraber> as that's as much as you asked it to do
<stgraber> it won't at all prevent lxc from going in a first chunk on its own and then apparmor in a second chunk
<stgraber> because that'd perfectly respect your Breaks
<jdstrand> "When one binary package declares that it breaks another, dpkg will refuse to allow the package which declares Breaks to be unpacked unless the broken package is deconfigured first, and it will refuse to allow the broken package to be reconfigured."
<stgraber> so? apt will respect that and things will still break
<jdstrand> the broken package is lxc
<stgraber> there's no break against installing the new lxc with the old apparmor
<jdstrand> yet, it is being configured before apparmor
<stgraber> sure because the old installed apparmor doesn't break on the new lxc
<jdstrand> (in your scenario)
<stgraber> it's just the new apparmor which breaks on the old lxc, but they can be installed 6 months appart for all apt cares
<jdstrand> I get that-- but the calculation is wrong. the intent of a massive upgrade is for everything to be upgraded
<hallyn> jdstrand: does 'we are getting there' for versoined policy language mean that we might get them during 14.10, or that we might get them during 16.04 timeframe?
<jdstrand> if apt breaks it up into a bunch of little things that get you a different upgrade, that is wrong
<stgraber> jdstrand: well, usually the point of doing things in chunk is to make the whole upgrade possible to resolve... and unless lxc has a version dependency on the new apparmor or a break against the old apparmor, apt won't necessarily put them both in the same batch
<jdstrand> hallyn: you'd have to ask jjohansen. it is recognized as a real problem. I would guess 15.04 though. we are trying to get abstract sockets and lxc finished up first
<hallyn> jdstrand: thanks
<jdstrand> they are both quite close actually, but trying to be realistic
<jdstrand> smoser: hey, who generated the beta2 cloud images?
<smoser> jdstrand, they're built in automation
<smoser> utlemming would have marked it as 'beta-2'
<jdstrand> smoser: so, looking at bug #1304167, I'm quite surprised the old apparmor is still there
<uvirtbot> Launchpad bug 1304167 in lxc "syntax error, trusty beta-2 cloud image" [High,Triaged] https://launchpad.net/bugs/1304167
<jdstrand> smoser: is there an easy way to see a package list with versions of that? is there a beta 3 already?
<jdstrand> stgraber: I maintain that is a bug in apt if it operates differently with small and massive upgrades
<jdstrand> I don't know that it actually does. I've not seen any upgrade bugs yet.
<jdstrand> I guess I can try an upgrade, but if what you say is correct, then upgrades are non-deterministic and just cause my upgrade succeeds doesn't mean yours would
<stgraber> jdstrand: well, I don't feel like arguing for hours, it's not an apt bug neither is it something new, I had to fix around 50 of those with the last lts to lts upgrade for 12.04.1. apt does respect your dependencies, however assuming that everything is processed in a single run is wrong and will lead to problems on massive upgrades.
<stgraber> jdstrand: feel free to file a bug against apt though, I'm sure mvo will be happy to discuss it though I still expect the outcome to be that packages need to clearly define what they need, which in this case wasn't the case.
 * jdstrand doesn't want to argue anymore either
<jdstrand> I find it curious that 13.04 to 13.10 didn't have the same issue with dbus policy though
<stgraber> jdstrand: well, you need to be pretty unlucky and the larger the set of package and the further they are appart the more likely it becomes. I'd expect 13.04 to 13.10 to be just a few hundred packages, that don't have a massive amount of transitions going on with complex pre-depends/breaks and such. So the upgrade may have happened in a single chunk (if it was resolvable that way) or maybe two, in which case we basically had a 50% chance of
<hallyn> smb: for bug 1218959, did you look to see what patches fedora is currently using? :)
<uvirtbot> Launchpad bug 1218959 in libvirt "KVM virbr# no longer forwards multicast traffic by default (U12.04)" [High,Confirmed] https://launchpad.net/bugs/1218959
<hallyn> anyway if that route isn't simple i'll do the darned udev rules.  i'm not sure if we should have later releases remove them then, but they should be safe
<stgraber> lts to lts tends to be more like 5-6 runs, especially if we get things like massive debhelper, upstart, libc, ... changes with strict dependencies, it's therefore much more likely to show up in lts to lts than in any other upgrade case
<stgraber> (lts to lts are also pretty much the only case where we may get to the point where apt just plain fails to resolve an update, no matter who many chunks it makes)
<smb> hallyn, No, if its not mentioned in the bug report (and I have not yet read it carefully) its always a bit hard to find. I wanted to check on the two I think may be the ones. But have not yet got there either
<hallyn> smb: ok lemme check one more time, ithought someone said the udev workaround did not work for them.  if nooe said that, we'll do the workaround
<zul> jamespage:  ok updated
<smb> hallyn, Ok, if they do work it maybe is the simpler route for older kernels. What we will do if that does not work we'll figure out when it does not work. That always works...
<jamespage> zul, +1
<zul> jamespage:  thanks
<jamespage> zul: nope -thankyou!
<hallyn> smb: ok yeah let's go with the udev rules.  ttyl
<jamespage> coreycb, your grizzly->icehouse upgrade; can you check the keystone.conf post upgrade please
<lordievader> Good afternoon.
<coreycb> jamespage, sure
<coreycb> jamespage, I had compared it vs the havana->icehouse and they were the same post upgrade
<jamespage> coreycb, ack
 * jamespage thinks again
<jamespage> coreycb, the only thing I can think is that something did not happen in the db migrations
<coreycb> jamespage, http://paste.ubuntu.com/7250219/
<jamespage> coreycb, that looks aok
<coreycb> jamespage, ok yeah I was thinking the same.  I can test vs rc2 branches if you think anything's changed.
<jamespage> coreycb, I don't think so
<jamespage> zul, we might want to considering doing that late-restart thing with debhelper dh_installinit in the packaging
<jamespage> right now if you get a kernel update, nova-compute and stuff stays down for a long time
<TazaChoncha> hello there
<Zal> Hello all. I'm having trouble running an 'apt-get upgrade' on an Ubuntu 12.04LTS EC2 instance. The process stuck at grub-pc. After aborting, the process sticks at lvm2. Now "apt-get upgrade" tells me to run "sudo dpkg --configure -a", which itself sticks again at lvm2. Any tips on getting fixing this installation?
<Zal> All I see in dpkg log is a message telling me lvm2 is half configured, when the process freezes
<hallyn> we're missing a zul
<hallyn> smb: i just uploaded a new libvirt-bin.  are you done with xen-releated libvirt uploads?
<Zal> I manually killed the dpkg and frontend processes, blacklisted lvm2 and grub-pc, after which dpkg --configure -a ran successfully. I'm still concerned about the state of my instance though, any pointers are appreciated.
<hallyn> Zal: might ask in #ubuntu-devel.  lvm upgrade error would scare me too...
<smb> hallyn, If you did a ubuntu13 for T that is fine by me. The 12 was the one I had
<hallyn> smb: yeah 13 (phew)
<hallyn> Zal: take a look at /var/log/apt/term.log for details on teh lvm failure.
<smb> hallyn, Ok, so we are good (hopefully) :)
<Zal> hallyn, thanks, I'll look there again, didn't see anything previously
<Zal> yeah, no errors there
<hallyn> Zal: my *guess* is that there is a hung udev rule which is holding a lock
<zul> jamespage:  just about to seed heat
<axisys> how to encrypt a folder in my dir? I am sharing this precise 64bit server with multiple system admins
<axisys> I like it auto decrypt when I login and only try to access the folder
<axisys> and when I get out of the folder/dir, it will go back to encrypt.. is it possible?
<axisys> I dont mind to do it manually ..
<axisys> so decrypt; access the folder; exit the folder; encrypt
<axisys> https://help.ubuntu.com/community/FolderEncryption looks interesting
<zul> jamespage/coreycb: glance rc2  has been accepted
<jamespage> zul, w00t - I think that means only swift and neutron are still in the queue right?
<kosmo> Hi I got problem with my apache server. All was right but after week serevr just crashed and I cant start it.
<jpds> Please explain what you mean by "crash".
<kosmo> I cant accces it from my local network
<bekks> Then investigate the logs.
<jpds> Any debug?
<jpds> "Crash" could mean anything from meteor strikes, cosmic rays, annexation by Russia, etc.
<kosmo> and apache status command resutlts apache server is not running lolz
<bekks> kosmo: Then check the logs.
<sarnold> oh that crazy putin, here he goes again
<jpds> sarnold: He's putin'g himself in your servers.
<bekks> Now he crashes server. Does he even pay that "peer" who always terminates connections?
<sarnold> jpds: lol
<bekks> jpds: :D
<sarnold> bekks: hahaha
<jpds> kosmo: So you can *access* the server from SSH, but not on HTTP?
<kosmo> weell the thing is error.log file is empty
<kosmo> jpds yes smbd also works gr8
<bekks> kosmo: Which ubuntu release is it?
<kosmo> 12.04 LTS
<patdk-wk> did you check dmesg?
<kosmo> you mean the msg after service apache2 start?
<RoyK> kosmo: just type 'dmesg'
<jamespage> jdstrand, around? I just got asked to look at the seed changes for bug 1266066 but need some guidance from the security team
<uvirtbot> Launchpad bug 1266066 in unbound "[MIR] strongSwan" [Undecided,Fix committed] https://launchpad.net/bugs/1266066
<jamespage> jpds, technically mterry needs to ack unbound still as well
<jpds> jamespage: All tests run as of https://launchpad.net/ubuntu/+source/unbound/1.4.22-1ubuntu4
<jdstrand> jamespage: what do you need?
<jamespage> jdstrand, just a bit confused as to what actions need to be taken - the bug report references removal of ipsec-tools - but I see racoon that still depends on that
<jamespage> jdstrand, I was just going to push strongswan into the supported-misc-servers seed
<jdstrand> racoon is superceded by strongswan, no?
<jdstrand> jpds: ^
<jdstrand> jamespage: I wonder if supported would be better (eg network-manager-strongswan)
<sarnold> racoon is built from ipsec-tools, right?
<kosmo> I got dmesg output but its big and I didnt find anythnig interesting
<jdstrand> sarnold: yes
<jamespage> sarnold, yes
<jdstrand> so yes, please unseed that :)
<jamespage> jdstrand, jpds: OK - so I'll replace racoon with strongswan in the supported-misc-servers seed
<jdstrand> jamespage: in case I wasn't clear, I was saying 'supported' instead of 'supported-misc-servers'
<jdstrand> jamespage: I'm ok with supported-misc-servers, but supported seems ok too
<jdstrand> jamespage: you're call
<jdstrand> meh
<jdstrand> your*
<jamespage> jdstrand, just going on where racoon is currently :-)
<jdstrand> that's fine
<jdstrand> jamespage: you are taking the list from comment 13?
<jdstrand> jamespage: strongswan-pt-tls-client and network-manager-strongswan were also mentioned as desired
<jamespage> jdstrand, looking now - but if I just seed strongswan it will pull source+binaries into main right?
<jdstrand> jamespage: you want to seed the binaries you want. there are a lot, jpds enumerated those we want
<jamespage> jdstrand, ack
<jdstrand> hrmm
<jdstrand> openvswitch-ipsec depends on racoon
<jamespage> jdstrand, indeed
<jamespage> jdstrand, I'm assuming the outcome of having ipsec-tools and strongswan in main is not desirable?
<jdstrand> it is undesirable
<jdstrand> it looks like debian/ovs-monitor-ipsec is the only thing that uses racoon
<jdstrand> is there an ovs-monitor-strongswan we can drop in its place?
<jdstrand> it looks like Nicira wrote debian/ovs-monitor-ipsec
<jdstrand> well, it is the only thing other than the testsuite that uses ipsec-tools
<jdstrand> (and the testsuite uses it to test ovs-monitor-ipsec)
<jamespage> jdstrand, indeed
 * jamespage continues to dig
<jdstrand> feel free to commit the change to promote strongswan. the demotion of ipsec-tools can happen separately (but before release)
<jpds> jdstrand: openvswitch-ipsec is in universe now.
<jamespage> jdstrand, not yet - it looks like upstream ovs have been discussing switch to strongswan but there is no support yet
<jamespage> jdstrand, is it?
<jamespage> jpds, erm - is it
<jpds> jamespage: Yep, cjwatson said he'd move it today.
<jdstrand> ah
<jdstrand> I was just going to suggest doing that
<jamespage> I have to admit to being uncomfortable making this change so late in  cycle
<jdstrand> which change?
<jamespage> this puts any users of the ipsec feature of openvswitch in a different support position after moving to 14.40
<jamespage> 14.04 even
<jdstrand> oh, just moving it to universe?
<jpds> Well, debian/ovs-monitor-ipsec looks like some nasty hack.
<jdstrand> I also mentioned in January that we would want to demote ipsec-tools
<jdstrand> ipsec-tools is stagnant
<jdstrand> jamespage: note, it does not change the support position over 12.04. openvswitch itself was in universe
<jamespage> jdstrand, I know
<jpds> jamespage: Ah, yes. The list in my email + strongswan-pt-tls-client (we can ignore n-m for now).
<jamespage> jdstrand, yes - but ipsec-tools and racoon where in main
<jamespage> jdstrand, I guess I'm uncomfortable as I was not aware of this plan until 10 days ago
<jdstrand> jamespage: I'm confused about the support position you are referring to. are you referring to openvswitch or ipsec-tools to strongswan migration?
<zzxc> Hey guys. I have a question. I had a script I want to run on startup for a machine that does a mount -bind. How would I get it to run on start up?
<jpds> jamespage: Anyone using them, is going to probably see their quality of life improve with something a little more... modern. ;-)
 * zzxc wonders if his conf has gone screwie or if jdstrand, jpds, and jamespage are talking using /me comments
<jdstrand> jamespage: moving to strongswan is no different than moving to another supported technology in any other software in the stack. we release note that ipsec-tools no longer receives support and users should migrate to strongswan, which works better (more featureful, active upstream, etc)
<jdstrand> jamespage: people who need ipsec-tools can use it on 12.04 for 3 more years. upgrade timelines are at their discretion
<jdstrand> jamespage: honestly, I bet people are simply installing strongswan from universe anyway-- ipsec-tools hasn't gotten a new release in 3 years
<jamespage> jdstrand, just uncomforable doing this right now - I've not had three months to thing about it
<jdstrand> jpds: perhaps you can step in here-- you are the one driving this
<sarnold> zzxc: must be your configuration, they look like normal /msg #ubuntu-server to me
<sarnold> zzxc: /etc/rc.local may be the easiest way to get your script to run; you could create an upstart job just for your script if you wanted to be fancy: http://upstart.ubuntu.com/cookbook/
<bekks> zzxc: fstab ;)
<jpds> jamespage: Well, I've been using the tool since August last year pretty much.
<zzxc> bekks: Hahaha thanks for that bekks.
<sarnold> bekks: does that work out alright for bind mounts? cool :)
<bekks> sarnold: Sure.
<zzxc> sarnold: Actually I never understood upstart jobs. Isn't it just basically just like sticking it in the init.d folder and running update-rc.d?
<jpds> jamespage: All the IPsec stuff's in the kernel; there are essentially keyring daemons with feature sets.
<zzxc> bekks: Yeah still kind of nervious about that. Espically if something happens to the prod server.
<bekks> zzxc: Then test the fstab entries before rebooting. Whats the problem with that?
<sarnold> zzxc: I found upstart's 'native' interface easier to use than the sysv compatibility things, or the old sysv-init
<jdstrand> jpds: perhaps describing more why it is desirable over ipsec-tools (perhaps with why you are pursuing it to beging with)
<zzxc> bekks: Honestly. If I leave the company I'm working for I wouldn't trust the other people to remeber to do a check on the prod machine before restarting it when they need to update it.
<zzxc> sarnold: Hmmm alright. Isn't upstart going away in the next couple of version though?
<jpds> jdstrand: That's all in the bug.
<jamespage> jdstrand, jpds: tbh I don't think this is up to me to decide - this counts as a feature for me - I've pushed it to the release team
<sarnold> zzxc: yeah, eventually. fwiw I prefer bekks's advice after hearing it :) hehe
<jdstrand> jamespage: from my perspective, the fact that strongswan has an active community upstream, within Debian and Ubuntu, has a modern feature set and is well-written are all compelling. Holding on to something that has gotten upstream attention in 3 years for a security sensitive piece of software is not desirable
<jdstrand> hasn't*
<zzxc> *sigh* alright. I've gone through enough holding my breath during the heartbleed fixes. Guess I'm going to have another everytime we update it.
<jpds> jamespage: Yeah, they pushed me towards you.
<sarnold> zzxc?
<bekks> zzxc: sudo apt-get update; sudo apt-get dist-upgrade; <- that how to install the heartbleed fixes.
<zzxc> Whats up sarnold?
<zzxc> bekks: Yeah I know. We took a slightly different route and used unattended_upgrade
<zzxc> Boss was terrified of compadibiltiy breaking.
<sarnold> zzxc: I'm just curious what you mean by "guess i'm going to have to hold my breath every time we update it" ..
<bekks> zzxc: He should have read the changelog then.
<zzxc> bekks: ? Which change log?
<bekks> zzxc: the changelogs for the bugfixes? http://www.ubuntu.com/usn/usn-2165-1/
<zzxc> bekks, Yeah of course right. No I read through that. It was more along the lines of only doing a security update rather than updating jaxb, or 3cpo, or hibernate.
<bekks> zzxc: Those applications do not need to be updated to fix the heartbleed issue.
<zzxc> Right. no I get that we could have just recompiled openssl as well with the noheartbeat flag and it would have worked as well. But I wanted to do all of the security updates. He didn't want to update anything that wasn't a secuirty fix so using unattended_upgrade was the medium for only updating the security patches, and not other updates that would have been covered in a dis-upgrade.
<bekks> you can easily cover security-only updated in dist-upgrade, too.
<sarnold> zzxc: thanks for not compiling your own, that's a path of pain and suffering. we do updates so our users don't have to do them themselves :) hehe
<sarnold> zzxc: see https://wiki.ubuntu.com/SecurityTeam/FAQ#Repositories  for a quick description of what bekks is describing
<zzxc> bekks: How so?
<zzxc> sarnold: Thanks
<bekks> zzxc: Disable all repos but the security ones, run sudo apt-get update; sudo apt-dist-upgrade; and re-enable all formerly disabled repos again.
<bekks> 1zThat takes about 5 minutes overall.
<zzxc> Mmmmm yeah, I thought of that as well. You can also change the ranking of secuirty updates to 500 and downgrade the none security updates to 50.
<bekks> Which doesnt help at that point.
<zzxc> Basically all i had to do was do sudo apt-get update && unattended-upgrade -d. which did the same thing.
<bekks> because regardingless of the ranking, non-security updated would have been pulled in.
<zzxc> bekks: No currently installed applications have a ranking of 100 (I beleive) so unless you need pull in a new version for a dependency its less desirable than an application that has already been installed.
<bekks> zzxc: That doesnt affect what I just said. :)
<zzxc> So why would the non-security be updated?
<bekks> Because of the enabled repos.
<bekks> Not because of their ranking whatsoever.
<sarnold> if all your updates are through unattended-upgrades it probably does the right thing; but when you go to run apt-get -u dist-upgrade yourself, it'll pull in all -updates and -security packages together..
<bekks> dist-upgrade literally means "get them all". No matter which ranking the updates have.
<zzxc> http://askubuntu.com/questions/194/how-can-i-install-just-security-updates-from-the-command-line the second entry was was I was talking about.
<zzxc> was what*
<zzxc> sarnold: Actually that was what I was wondering about. If I do a dis-upgrade -security does it only pull in security updates?
<bekks> There is no such parameter.
<zzxc> bekks, Ok I didn't think there was. Is there a way to tell dis-upgrade to only install the secuirty updates?
<bekks> zzxc: Disable all other repos.
<zzxc> bekks, Ok right, so short of disabling the other repos there is no way to do that?
<zzxc> sarnold: And right. But the lead developer didn't want to do a full update because he was convinced it would break something and at midnight I didn't really feel like arguing with him about it.
<sarnold> zzxc: yeah, that part makes a lot of sense :) hehe
<dv81> zzxc: it will break imo
<zzxc> Doing an unattended_upgrade to update only the secuirty patches? It wouldn't shock me honestly, but it is a feature that sets it self up like a cron job to do updates on prod machines ever so often. And honestly the system is pretty stable still and I just need it to work for about 2 or 3 more months then I can upgrade the system to the new LTS.
<zul> hallyn:  i already uploaded a fix for the libvirt cloud-archive bug
<zzxc> Or more actually build a new system and move over to that. I'm also hoping I can move the data volumes over to ext4 or s3.
<bekks> zzxc: You are on ext3 currently?
<zzxc> For the data volumes yes. A lot of the infrastructure has been here well before I got here.
<hallyn> zul: which one is that?
<bekks> zzxc: Then mount the as ext4, done.
<zzxc> bekks, wait really? I know ext3 and ext4 are pretty simalar but won't I still not have the journaling functionality of a ext4 drive?
<bekks> Guest88173: [~chatzilla@c-69-244-43-156.hsd1.az.comcast.net]  that should be enough to know you're not anonymous ;)
<bekks> zzxc: ext3 is a journalling fs, too.
<bekks> zzxc: And you can upgrade to ext4 by just mounting ext3 as ext4.
<lordievader> bekks: Really, no need for any conversion tools?
<bekks> lordievader: No need for tools whatsoever.
<zul> hallyn:  the libvirt apparmor change on precise
<lordievader> Nice :)
<hallyn> zul: ok, so you took the one i uploaded to trusty?
<zul> hallyn:  when did that happen?
<hallyn> earlier today
<zul> hallyn:  no but i will
<hallyn> cool, thx
<zzxc> bekks: Cool good to know. Thank you.
<jamespage> jpds, still around? whats the closest thing to ipsec-utils in strongwan?
<jpds> jamespage: That packages doesn't exist?
<jamespage> jpds, I have to replace ipsec-utils on the iso with something equivalent
<jpds> $ apt-cache show ipsec-utils
<jpds> N: Unable to locate package ipsec-utils
<patdk-wk> ipsec-tools you mean?
<jamespage> I do
<jamespage> jpds, ipsec-tools
<jpds> jamespage: All of that should be in strongswan-starter.
<jamespage> jpds, ok
<jamespage> jpds, just testing the seed changes now
<jamespage> jdstrand, I'll make the seed change in the ISO to demote ipsec-tools in favour of strongswan-starter
<jdstrand> jamespage: ok. I looked at openvswitch more and it shouldn't need a packaging change
<jdstrand> I thought it did, but it doesn't install raccoon or ipsec-tools during the build
<jdstrand> I'm kinda curious what the testsuite is actually testing now, but not enough to look at it :P
<jamespage> jpds, which was the additional package you wanted in the seed?
<jpds> jamespage: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1266066/comments/13
<uvirtbot> Launchpad bug 1266066 in unbound "[MIR] strongSwan" [Undecided,Fix committed]
<jpds> jamespage: +strongswan-pt-tls-client.
<jdstrand> jamespage: ok, so I should not touch serv-ship. got it
<jamespage> jpds, ok
<jdstrand> server-ship
<jamespage> jpds, how does this look> http://paste.ubuntu.com/7251357/
<jpds> jamespage: +1.
<jamespage> jpds, is strongswan-nm - that appear to pull network-manager into the misc-server seed?
<jpds> jamespage: Oh, drop that one.
<jpds> That would be for network-manager-strongswan, which I'm not too fussed about.
<jamespage> jpds, ack
<jamespage> jdstrand, jpds: seed changes pushed
<jdstrand> thanks!
<jamespage> jdstrand, np
<jpds> jamespage: Thank you!
<jdstrand> ipsec-tools demoted (openvswitch-ipsec already was)
<jamespage> jpds, thanks for your work on this this cycle
<jdstrand> crafting a release note now
<jpds> jamespage: Always a pleasure. :)
<jamespage> jdstrand, thanks for doing the release note btw
<jdstrand> np
<jdstrand> jamespage: did you commit all your changes? I only see the strongswan-starter change
<jamespage> jdstrand, in server-ship yes
<jamespage> jdstrand, the others are in supported-misc-servers in the platform.trusty seeds
<jdstrand> ah, platform.trusty
<jdstrand> right. thanks!
<jdstrand> jamespage: I'm going to get ahead of component-mismatches and promote these now
<smoser> zul, is there a way to easily tell which cloud-archive packages have delta ?
<bekks> have delta compared to what?
<smoser> compared to their source release.
<smoser> ie, the majority are straight (changelog change only) backports of trusty packages for icehouse
<smoser> but some require changes.
<smoser> my best guess is package presense at https://code.launchpad.net/~ubuntu-cloud-archive/
<zul> smoser: not really...its just libvirt/xen/mongodb/subunit that have deltas
<smoser> i'm fairly sure thats not true.
<smoser> i know mongodb oes
<Runemoro> Hi, could anyone help me fix some problems I'm having with bind9?
<Runemoro> Whenever I do "dig @rebornlegend.no-ip.org rebornlegend.tk", I get the correct response, but if I remove the "@rebornlegend.no-ip.org" part, it doesn't work anymore. I've checked with whois that my nameserver is set to rebornlegend.no-ip.org
<sarnold> hah, why is the "dot tk" registry in the netherlands? o_O
#ubuntu-server 2014-04-15
<sarnold> Runemoro: 'whois rebornlegend.tk' both on my machine and at geektools.com/whois.php doesn't return any NS information.
<sarnold> oh jeeze. no. I can't read.
<Runemoro> sarnold, that's unusual...
<sarnold> Runemoro: sorry, it just isn't in the format I expected and apparently I can't read :)
<Runemoro> This is what I get: http://pastebin.com/WrBqpLyF
<sarnold> Runemoro: how healthy is REBORNLEGEND.NO-IP.ORG? I can't ping it, I can't query it for dns
<Runemoro> sarnold: I can, here's what I get: http://pastebin.com/B5iN5zMJ
<sarnold> Runemoro: when I traceroute to your IP, here's the last machine to respond to pings 199.127.224.68
<sarnold> s/to pings//
<Runemoro> sarnold, For me it gets to the end (199.127.226.65)
<Runemoro> sarnold, Could it be because the reverse DNS isn't set up correctly?
<sarnold> Runemoro: probably not broken reverse dns.. I just can't communicate with your dns server. if you have a webserver on that machine, downforeveryoneorjustme.com also can't get there: http://www.downforeveryoneorjustme.com/rebornlegend.tk
<__dan__> hi there guys, anyone got any info on the status of btrfs / zfs on linux with the upcoming 14.04 release?
<__dan__> i'm thinking of replacing a freebsd box and robust filesystem is very important, i'm a big fan of zfs
<Runemoro> sarnold, Yes, I do have a webserver, and it's not working because the DNS request isn't completing...
<sarnold> __dan__: you may do better in #zfsonlinux -- I haven't heard any 14.04 specific reports yet, but it feels like users who try to use zfs for root and /boot wind up fighting things, but just using it for a storage pool works well enough.
<__dan__> cool sarnold thanks for the info :)
<sarnold> Runemoro: any chance you can talk with the administrators of 199.127.224.68 and ask why traceroute doesn't get any further than their router?
<sarnold> Runemoro: http://paste.ubuntu.com/7252676/
<Patrickdk> cause icmp is evil
<sarnold> Patrickdk: we hates it nassty nassty packets
<Patrickdk> wait, your attempting to run a dns server at home?
<Patrickdk> likely, like smtp, and everything else, it's blocked
<Patrickdk> don't do that
<Runemoro> sarnold, I'm able to connect to my webserver by connecting to the IP directly. Just traceroute doesn't work
<Runemoro> Patrickdk, no, It's on a VPS
<sarnold> Runemoro: oh crazy. http to the ip works fine.
<Patrickdk> ya, dns is not working
<vonsyd0w> firewall?
<sarnold> nor is icmp. sigh. stupid broken providers...
<Runemoro> iptables maybe?
<sarnold> Runemoro: do you need to fiddle with security groups on the thing to open up udp and tcp 53 and icmp?
<Runemoro> sarnold, I don't understand the question...
<Runemoro> I'm clearing all iptables rules right now to see if it works
<sarnold> Runemoro: AWS has a pile of 'security groups' -- you need to ask them to open up ports to specific IP ranges, etc
<sarnold> Runemoro: I'm wondering if your VPS provider has something similar, a firewall that is enforced separate from your host-based firewall
<Runemoro> sarnold, No, I used the iptables command to set them up
<Runemoro> sarnold, after I've run "iptables --flush", traceroute is working
<Runemoro> AND DNS TOO! :D YAY!
<sarnold> woo :)
<sarnold> Runemoro: both wfm :) nice
<Runemoro> Thank you for your help :D
<sarnold> I'm glad you got it :) have fun
<pmatulis> how do i prevent a kernel from being upgraded?  all the tricks i found via google do not work
<sarnold> pmatulis: dpkg 'hold' too?
<kirkland> hmm, what's wrong with this squid line?
<kirkland> FATAL: Bungled /etc/squid3/squid.conf line 1056: http_access allow localnet
<kirkland> that's exactly how it's written in the inline comments...
<kirkland> http_access allow localnet
<pmatulis> sarnold: i've tried 'echo linux-image-3.2.0-56-generic hold | sudo dpkg --set-selections'
<kirkland> lifeless: ^ any ideas?
<sarnold> pmatulis: oh, nuts. that was my best shot.
<sarnold> kirkland: does the previous line look sane? is there a localnet acl defined?
<kirkland> sarnold: that was it, thanks
<sarnold> woo :)
<DavidBorg> Installing Ubuntu 13.10 Server and getting "Continue without a default route" error.
<DavidBorg> Can someone tell me how to proceed?  I am not clear on what a "default route" is.
<pmatulis> DavidBorg: it's the default gateway.  where packets are sent in the absence of a specific routing rule
<DavidBorg> I'm using internet sharing with my Mac
<DavidBorg> Don't have an ethernet cable long enough right now.
<DavidBorg> Should I manually input default route?
<DavidBorg> pmatulis thanks!
<mwhudson> um
<mwhudson> sounds like there's something funny about your network
<DavidBorg> Yes, clearl.y
<DavidBorg> :)
<DavidBorg> Should I just let it go without a default route so I can get the install going?
<DavidBorg> Will this be something I will regret not fixing now?
<mwhudson> so you have (internet)<-(wifi)->mac<-(cable)->server you are installing?
<mwhudson> i dunno, if the server is going to be in a different network when you're really using it i guess you don't need to fix it now...
<DavidBorg> Yea, it's just a stupid hack due to a cable shortage
<DavidBorg> It's for a simple minecraft box
<DavidBorg> Nothing too high-tech
<sarnold> DavidBorg: do you have a keyboard and monitor that you can hook up to it when you -do- move it?
<DavidBorg> No real need for security.
<DavidBorg> Yes
<sarnold> woo :)
<DavidBorg> It's setup on a KVM
<sarnold> DavidBorg: good good. when the time comes, check out /etc/network/interfaces and configure it as needed
<DavidBorg> KK, partitioning now.  :)
<DavidBorg> I hope I don't regret configuring it like this.
<sarnold> DavidBorg: fixing networking parameters is easy enough as long as you can actually get a shell prompt :) hehe
<DavidBorg> I am using 13.10 and want to autoconfig the eth0 network settings.
<DavidBorg> How do I do this?
<pmatulis> sarnold: fyi, http://paste.ubuntu.com/7252966/
<vonsyd0w> DavidBorg, you mean obtain an IP via DHCP instead of setting it static?
<DavidBorg> Yes
<DavidBorg> I believe that is what I need to do
<DavidBorg> I'm on a rather odd ad hoc network that is a shared connection with a Mac.
<DavidBorg> WIFI -> MacBook Pro -> Ethernet Port -> Unmanaged Switch -> Ubuntu Server
<vonsyd0w> DavidBorg, https://help.ubuntu.com/12.04/serverguide/network-configuration.html walks you through both static and DCHP
<sarnold> DavidBorg: the interfaces(5) manpage is a bit verbose, but something like "iface eth0 inet dhcp" would be a good start
<DavidBorg> Yes, I am novice with the CLI
<sarnold> pmatulis: ah! cool :) thanks
<DavidBorg> vonsyd0w, this is the solutions, it seems - "To configure your server to use DHCP for dynamic address assignment, add the dhcp method to the inet address family statement for the appropriate interface in the file /etc/network/interfaces. The example below assumes you are configuring your first Ethernet interface identified as eth0."
<sarnold> vonsyd0w: nice, that's a lot easier to read than interfaces(5) :)
<DavidBorg> How do I "add the dhcp method" to the inet address family statment?
<vonsyd0w> DavidBorg, do you know how to use nano or any CLI text editor?
<vonsyd0w> you want to open /etc/network/interfaces and edit it as stated in the web link i provided. You're at the right section of that web page
<DavidBorg> What do I edit?  How do I edit it?
<sarnold> sudo nano /etc/network/interfaces
<DavidBorg> I went to interfaces.d
<sarnold> ignore interfaces.d, that directory is to make tool-based network interface management easier, or help configure systems with many network interfaces
<DavidBorg> I am in the nano editor now, and it looks to already be configured for auto DHCP
<DavidBorg> I can't ping google.com
<sarnold> DavidBorg: so, if you run 'ifup eth0' or 'ifdown eth0', does the right thing appear to happen?
<DavidBorg> sarnold, when I type ifup, I get "failed to open lockfile"
<sarnold> DavidBorg: try again with 'sudo'
<vonsyd0w> you need to be root, so use sudo
<sarnold> (sorry I left it out, there's a certain number of commands that require administrative privileges to run, and I forget that not everyone knows which ones those are..)
<DavidBorg> eth1 already configured
<DavidBorg> "ignoring unknown interfae eth0
<sarnold> DavidBorg: okay, how about ifconfig -a ? does that show that you've got a reasonable-looking IP address and netmask?
<DavidBorg> sarnold, I'm trying the alternate port
<DavidBorg> Perhaps I'm mixing them up
<DavidBorg> ugh, nothing still
<vonsyd0w> DavidBorg, deep breaths :)
<DavidBorg> Should I reboot the server now that I've flip flopped the ethernet ports?
<DavidBorg> I think I may have had it plugged into the wrong port, and now it is working - however, it isn't giving me any IP address, only IPv6
<sarnold> DavidBorg: run ifup for the interface you just moved to
<DavidBorg> Already configured
<sarnold> DavidBorg: I hate rebooting as a debugging method, but that might be the easier approach to take to get your NICs into an expected state. probably both are running dhclient or similar at this point, and only one of them -should- have an address, etc. a reboot is a quick way to tear it all down again and bring it allback up...
<lifeless> kirkland: 3.2 IIRC adds more builtin acls, so you can't redefine them
<kirkland> lifeless: thanks
<lifeless> kirkland: see squid.conf.default which will have different comments around there ;)
<guzzlefry> hello
<guzzlefry> I just upgraded openssl, and I'm getting this: Server should be SSL-aware but has no certificate configured
<guzzlefry> ^ when trying to restart apache. :/
<guzzlefry> anyone?
<dv81>                    | thelamest thomi three18ti thumax        â bekks          â                   | tom[] TREllis trevorj Tribaal tsimpson ttx TWWOC txomon|home tych0 tyhicks Tzunamii ubottu ubuntulog ulkesh Underbyte   â bekks
<dv81> omg
<dv81> sry :(
<i5150pc> hello, how long does it take for Ubuntu Server to complete the boot process?
<sheptard>  your question is awfully subjective
<i5150pc> I don't see it on my network
<sheptard> then go check the console
<i5150pc> How can I do that if the signal coming out of the machine is out of my monitor's range?
<hxm> hi in the webdav server what are the correct permissions?
<i5150pc> oh and I cannot ssh to it
<i5150pc> Rephrase: How may I access the console if it doesn't respond to crtl + alt + f1
<i5150pc> ?
<sheptard> is the computer on?
<i5150pc> sheptard: I hear it humming
<bekks> i5150pc: boot into rescue mode, and/or use nomodeset kernel parameter
<hxm> i have a webdav, I can see the list of files but not its content
<hxm> owner of files is www-data
<hxm> what I do wrong?
<hxm> this is what I get Mac-mini-de-hXm:webapp hxm$ cat header.php
<hxm> cat: header.php: Interrupted system call
<bekks> hxm: that indicates a proboem which has nothing to do with the owner.
<bekks> *problem
<RoyK> hxm: interrupted system call?
<RoyK> check dmesg
<hxm> what can be? Sandbox: webdavfs_agent(487) deny mach-lookup com.apple.networkd
<Guestwho> hi guys how do i set up ssh auth sock in ubuntu 13.10?
<bekks> Whats "ssh auth sock"?
<Guestwho> ssh_auth_sock environment varible i need it so when i am using filezilla my cloud server ip will use it.
<Guestwho> normally you can add i to filezilla but filezilla wants the format to be in ppk which is the puttykeygen ptivate key format.  but i generated my private key using ssh key-gen so its not in a .ppk filde type
<bekks> Why do you need to set that var at all?
<bekks> And a ppk file is a putty private key, not a socket.
<Guestwho> bekks i never said it was a socket.
<Guestwho> i need it to use the private key to connect to my cloud server
<Guestwho> filezilla ONLY access .ppk file type which is generated by putty key gen
<Guestwho> the alternative is to set up a ssh_auth_sock variable
<bekks> Guestwho: filezilla accesses all valid keyfiles, no matter wether generated by putty or not.
<Guestwho> bekks go to "Edit"-> settings and click on SFTP. try adding on of your private key file that doesnt end with .ppk and see what happens
<bekks> The file extension is irrelevant. It doesnt tell you anything about the content.
<Guestwho> it will say  is not in a format supported by filezilla
<bekks> You can use any key generated from whatever as long as you name it .ppk - so filezilla checks the file extension, not the content.
<Guestwho> if you have a passprase it will also say protected keyfiles are not supported by filezilla yet
<Guestwho> bekks thanks
<hxm> Segmentation fault occurred at 00000021000025ae in /usr/lib/apache2/mpm-prefork/apache2[apache2:9646] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/apache2/mpm-prefork/apache2[apache2:18982] uid/euid:0/0 gid/egid:0/0
<hxm> this ocurrs when I try to reach the content of a file trought a webdav
<welly> Hello all - repeating the same question I put to #ubuntu:
<welly> Running an ubuntu 12.04 development server on our network. I'm finding network activity just a little bit laggy/slow compared with other machines on our network. Not really sure why this might be. It's wired directly rather than using wifi. Is there anything I can do to test or check what might be causing this lag?
<welly> Specifically, when I do a git pull or push on the dev server to bitbucket, it's not that responsive whereas when I run the same git pull/push on my mac which is on the same network, it responds pretty much immediately
<ikonia> have you benchmarked your network performance in general on the ubuntu host
<ikonia> or just using those commands
<welly> ikonia, no just those commands. Haven't done any benchmarking. I'm hoping someone might be able to suggest how
<ikonia> welly: a basic test is to just use the server to do some basic things, such as downloads, domain look ups etc etc, see how each responds
<ikonia> the most common things you describe is poor name server response
<welly> yeah.. that would make sense. I wonder if the name server settings are incorrect
<ikonia> who said they are incorrect
<ikonia> have you checked them ?
<ikonia> test them
<welly> i shall do this
<welly> ikonia, ok looks like the nameservers in resolveconf.d/base were incorrect or at least there was an additional nameserver was isn't a nameserver. it feels a little more "snappy"
<vegnt> is there an easy way in ubuntu to do link aggregation of two internet connections?
<Patrickdk> define easy?
<Patrickdk> oh, no
<Patrickdk> you can't link aggregation of internet
<Patrickdk> unless, you are using the same ip address on both internet connections
<vegnt> Patrickdk, i might be reading the wiki article incorrectly but here's a snippet "In addition there is a basic layer-3 aggregation (available at least from Windows XP SP3),[12] that allows servers with multiple IP interfaces on the same network to perform load balancing, and home users, with more than 1 internet connection, to increase connection speed by sharing the load on all interfaces."
<vegnt> http://en.wikipedia.org/wiki/Link_aggregation#Microsoft_Windows
<vegnt> this obviously for windows, but if it's doable in win, should be doable in ubuntu
<Patrickdk> it's not that simple
<Patrickdk> most websites don't like it when you login from multible ip addresses
<Patrickdk> and that is not link aggregation
<Patrickdk> that is multi-homed nat
<trijntje> Hi all, i need to run a simple server on the internet to serve 2-10 MB files to users, what program should I use?
<z> Apache.
<trijntje> z thanks, ill check it oiut
<vegnt> Patrickdk, what about failover - use the first connection and it stops working, start using the second one
<z> vegnt: I think you're confusing link *aggregation* which is a L2 concept, with L3 load balancing.
<z> vegnt: most L2 aggregation is done using L2/L3 hashing but at least in the case of 802.3ad both devices (on each end) must support it, and Linux's balance-alb or balance-tlb doesn't really work in a Dual WAN situation
<z> vegnt: you *could* do it on a session-based basis so each flow goes out either Link A or out of Link B
<z> but each WAN address is likely to be different so you have a masquerading (NAT) issue, and if the link properties (latency, throughput) aren't close/identical you may end up with a sucky user experience in active/active and want to do active/passive instead.
<z> tl;dr - its entirely possible, it requires quite a lot of work, you could just look at pfSense or buy a box (i.e. a Firebrick) which does it for you
<maveas> For some weird reason my server hasn't been logging to kern.log, syslog and messages since last monday. Anyone experienced this?
<mardraum> maveas: no.
<mardraum> everyone's syslog didn't just break on the same day. You need to investigate what is wrong with yours.
<vegnt> z, pfSense is something i stumbled upon - i might give it a try
<zul> jamespage:  this is going to be fun cinder rc3 is out
<jamespage> zul, \o/
<maveas> Ownership of the mentioned logs had been changed.. very weird.
<zul> jamespage:  i just pushed cinder rc3 i dont expect to see any more rc from now until thursday
<jamespage> zul, excellent
<zul> smb: awesome changelog for xen ;)
<smb> zul, Glad to be of entertainment value :)
<zul> jamespage:  libvirt im going to leave as is in the CA since yesterday's change is going to break on precise
<jamespage> zul, it needs to be synced again - otherwise first security update has todo it
<jamespage> even if its just to revert that change ontop of our existing delta
<zul> jamespage:  ok
<iri-> Hi Folks, I'm having some trouble updating the kernel on my AWS instances, because update-grub-legacy-ec2 refuses to update /boot/grub/menu.lst, even though it finds the newer kernels.
<iri-> `debconf-get-selections | grep grub-l`  gives `grub-legacy-ec2Â Â Â  grub/update_grub_changeprompt_threewayÂ Â Â        selectÂ Â Â  install_new` which I interpret as "use the new configuration"
<iri-> I've also tried setting UCF_FORCE_CONFFNEW=1 when running update-grub-legacy-ec2, with no luck.
<iri-> Finally, I've tried e-mailing the cloud-init maintainer to ask for directions from here, but I've had no luck
<rbasak> iri-: can you reproduce this on a fresh EC2 instance?
<iri-> rbasak: I've spun up new instances and encountered the problem, yes, it has been going on for some time and it happens reliably to all of my instances.
<iri-> rbasak: I havevn't spun up an instance for the purpose of *just* checking this though
<rbasak> iri-: if you can figure out a way that somebody else can independently reproduce the problem, then you can file a bug against cloud-init
<rbasak> (well, you can anyway, but that probably won't help much)
<iri-> rbasak: trying now. In any case I need some pointers for backing out of this trouble if possible
<rbasak> smoser: so http://pastebin.ubuntu.com/7255270/ is what I had to do just now to get cloud instances started with automatic updates. How do you feel about adding a boolean flag that achieves this?
<iri-> since I need to upgrade the machines I have now
<rbasak> iri-: I can only suggest stepping through the code. Or trying to reproduce on a fresh instance to get to a root cause, which could result in pointers.
<smoser> rbasak, why the runcmd ?
<smoser> i dont have an issue with a toggle that accomplishes that
<rbasak> smoser: unattended-upgrades is seeded via software-properties-common
<rbasak> smoser: thus it's already there, so needs a reconfigure
<iri-> rbasak: we've tried stepping through the code, it's a debconf thing, and it is very non-intuitive. It seems that debconf or UCF decide not to update the file, but we couldnt' find a root cause
<iri-> *very* strangely, if you interrupt update-grub-legacy-ec2, then it updates the file.
<rbasak> iri-: works for me, so it's pretty hard to guess what your issue might be.
<smoser> rbasak, ah.
<smoser> isnt that then an example of 'debconf-as-a-registry' bug ?
<iri-> rbasak: what works? When I run update-grub-legacy-ec2, it *looks* like it is working, it lists all of the kernels, correctly, but then it doesn't actually update /boot/grub/menu.lst
<iri-> I'm just trying on a fresh instance now.
<rbasak> iri-: I just ran update-grub-legacy-ec2, and my /boot/grub/menu.lst was updated.
<rbasak> At least it said it updated it and it had a current timestamp afterwards.
<iri-> rbasak: aha! It *SAYS* it does, I actually get output that looks like it is doing so, and it updates the timestamp, but the contents are unchanged
<iri-> I see "Updating /boot/grub/menu.lst ... done" and everything
<rbasak> smoser: a bug? debconf is working as designed here I think. debconf-set-selections isn't supposed to reconfigure packages if they're already installed.
<iri-> rbasak: and unsurprisingly, I can't reproduce on a fresh instance. But I have a suspicion as to what might be happening, perhaps.
<rbasak> iri-: then it sounds like it's enumerating the kernels wrong or soething?
<iri-> rbasak, no, because when it lists the kernels the list is correct
<rbasak> Or have you modified it?
<iri-> I haven't modified /boot/grub/menu.lst
<iri-> However, when I first ran "apt-get dist-upgrade" on the machine I did so from salt, i,e, not from a terminal
<iri-> and since I just ran apt-get dist-upgrade from a terminal on this new one, it asked me what I wanted to do about the file, the default was to keep the package maintainer's version
<shafox> Hi, I have this use case. server1 has php application running under apache, and server2 has nginx for front-end app, What I want to do is from front-end it sends a request i.e. server2 to server1 to create a virtualhost in server2, for the virtualhost part i have a bash script file that will create the vhost, so my question is how do i connect to server2 from server1 i.e.(the flow is server2 sends post request to server1 with subdomain name, server1
<shafox> parses it and runs the bash script that is located in server2 and gets response and sends the response back to the server2 ?
<smoser> rbasak, it is an example of using debconf as a registry
<rbasak> shafox: this is the the sort of problem that juju solves really well
<smoser> i think
<shafox> rbasak, we are not using juju, but if you can tell me how to do it with ssh or any other way that would be great.
<rbasak> smoser: I don't see how. To change the answer to any question asked with debconf, you always have to run debconf-set-selections and then dpkg-reconfigure.
<rbasak> That's how it's supposed to work.
<smoser> but you're not supposed to store data in debconf.
<rbasak> smoser: an alternative would be to write out /etc/apt/apt.conf.d/20unattended-upgrades by hand.
<smoser> changing the file is "the right way" to do it.
<rbasak> smoser: I'm not storing data. I'm *setting* the answer to the question "yes, automatic updates please".
<smoser> because as it is right now, if the user changes that file, and then dpkg-reconfigure gets run, it will destroy the data they wrote there.
<rbasak> If it did that, then *that* would be a bug.
<smoser> well, it clearly is.
<smoser> how else could it work ?
<smoser> you're giving it a value, and running dpkg-reconfigure
<rbasak> ucf conffile handling? I hope that's what it's doing.
<smoser> and its going to write that value into that file.
<rbasak> Via ucf I hope.
<smoser> i dont think ucf changes anything.
<smoser> you now have 2 places where a user can  set the value.
<rbasak> Indeed, it's via ucf.
<smoser> preseed or file.
<rbasak> If the user sets the file by hand, the postinst won't touch it, thanks to ucf.
<rbasak> debconf is helping with just the packaging *preference*.
<rbasak> The user is still king in /etc/
<rbasak> THe rigiht way to set the default is via packaging preference, via debconf via ucf.
<rbasak> Then the user won't be told that he changed the file on upgrade.
<rbasak> It will just remember his debconf preference.
<smoser> ok. i think you've convinced me.
<rbasak> :)
<smoser> any idea why i'd see this;
<smoser> https://launchpadlibrarian.net/172834901/buildlog_ubuntu-precise-amd64.subunit_0.0.18-0ubuntu7%7Ectools0_FAILEDTOBUILD.txt.gz
<rbasak> Is --shebang a new dh_python3 thing in >precise?
<smoser> ah.i htink i know.
<smoser> subunit doesn't build-depend on dh_python3
<smoser> so the newer version (which is available there) doesn't get installed
<smoser> but must already be in the build root
<rbasak> Looks like --shebang is new
<iri-> rbasak: that advise was relevant to me, too. I did debconf-set-selections and dpkg-reconfigure, but it really seems that /boot/grub/menu.lst isn't being updated because ucf or debconf doesn't feel like it
<iri-> so how can I diagnose problems with debconf or ucf?
<rbasak> iri-: it sounds like your debconf might have remembered that you "said no" to updating the file, because that was the default.
<rbasak> iri-: install debconf-utils, then run "dpkg-get-selections", and see if you can spot the relevant answer there.
<iri-> rbasak, but I've set it in the debconf-set-selections..
<rbasak> iri-: if that's the case, then you can override it with debconf-set-selections
<smoser> hm.. no that doens't make sense.
<iri-> rbasak: that was the first thing I pasted when I arrived
<iri-> grub-legacy-ec2	grub/update_grub_changeprompt_threeway	select	install_new
<smoser> rbasak, i have trusty-level dh-python in that archive.
<iri-> so I've chosen install_new, and it seems to be ignoring me
<rbasak> iri-: do you get a prompt if you set DEBIAN_PRIORITY=low
<rbasak> ?
<rbasak> smoser: I'm a little confused that I don't see a dh-python build-dep in trusty
<rbasak> smoser: that looks broken to me. Try adding one?
<smoser> rbasak, yeah, thats what i'm doing.
<smoser> i think thats the bug.
<smoser> its just inside build roots
<rbasak> I agree.
<iri-> rbasak, and then say dpkg-reconfigure, or update-grub-legacy-ec2?
<rbasak> iri-: update... I think
<rbasak> Assuming that's what prompted you the first time?
<rbasak> (that you didn't see)
<jamespage> smb, nice changelog comment btw
<iri-> rbasak, no prompt
<smb> jamespage, ta. :)
<zul> jamespage:  ok libvirt/xen uploaded
<zul> smb/hallyn: no more please ;)
<hallyn> hm?
<zul> hallyn:  no more libvirt changes ;)
<smb> zul, Oh and I wanted to do another libvirt just for fun. :-P
<smb> just kidding
<zul> smb:  nooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
<iri-> rbasak: is there any other way to get dpkg-reconfigure to re-ask questions?
<iri-> I can't get it nor update-grub-legacy-ec2 to ask.
<shafox> rbasak, can I do it with ssh ?
<iri-> rbasak: on my fresh machine, I just edited the grub configuration and now update-grub-legacy-ec2 refuses to update it
<rbasak> iri-: I don't know, sorry. There is a "seen" flag associated with each question you should be able to reset.
<rbasak> iri-: but I don't see why setting what you need with debconf-set-selections doesn't change behaviour.
<iri-> rbasak: any idea where I can find the "seen" fflag?
<erictr1ck> one of my servers seems to be the target of an attack. in my access logs there are tons of requests for various ad networks, including ads.yahoo.com, ads.mediafem.com, ads.sonital.com, and many others. i was able to stop the attack by tightening up my firewall rules. however, im not too sure how or why this could have been happening. any suggestions on where i should start looking to try and figure this out?
<patdk-wk> not without seeing the entries in your access log
<iri-> ah, found it, it's in /var/cache/debconf/config.dat
<rbasak> iri-: that's exactly what debconf-get-selections and debconf-set-selections manipulate by default, AFAIK
<iri-> removing it didn't cause me to me reprompted
<iri-> (the Flags: seen line)
<erictr1ck> patdk-wk: an example one from ip address 142.91.245.140 "GET http://pm.5188bh.com/header53621.php HTTP/1.0" 301 462 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
<erictr1ck> the ip addresses are from the most part different as well
<patdk-wk> erictr1ck, that is a proxy request
<patdk-wk> do you have proxy enabled? cause you shouldn't
<erictr1ck> patdk-wk: it doesnt look like the apache proxy mod is enabled. but they still must be proxy requests
<caribou> smoser: I see that you're chairing today's meeting.
<caribou> smoser: just wanted to let you know that I will not be able to attend, nothing particular to bring up
<patdk-wk> erictr1ck, what ip is the server at?
<erictr1ck> patdk-wk: it is at 184.106.91.248. but it is behind a load balancer and to block the requests, i now only allow requests from the load balancer
<patdk-wk> ah
<patdk-wk> the lb ip then?
<patdk-wk> or did doing that stop it all?
<erictr1ck> doing that stopped it, they were hitting that one server directly
<erictr1ck> the load balancer is at 198.61.151.10
<patdk-wk> the lb is doing strange things to it
<erictr1ck> patdk-wk: how so?
<patdk-wk> it's not really fixing it, it's just they haven't noticed they need to use your lb instead of direct
<patdk-wk> the good thing is, yes, your protected, and not doing someting stupid
<patdk-wk> and there isn't much you can do about it, people will always request junk
<patdk-wk> you could setup a rewritecond to match those url's, like anything starting with http, and return a 403 if you want
<patdk-wk> this url might help you, https://wiki.apache.org/httpd/ProxyAbuse
<patdk-wk> but it's not a security issue, just random internet junk
<erictr1ck> patdk-wk: i see, thanks for the help. i'll have to dig deep and see why it is accepting proxy requests. it doesnt look like mod_proxy is enabled.
<patdk-wk> it's not accepting them
<patdk-wk> it's just receiving them
<patdk-wk> and following the rules you setup
<patdk-wk> but your currently rules don't notice a proxy request, so it's just making a mess of it :)
<erictr1ck> i see....
<DavidBorg> How do I disable the encryption pass phrase on boot?  It is causing the system to halt prior to booting, and I really regret setting it up that way.
<DavidBorg> Can someone help me with removing the passphrase for encryption on boot?
<DavidBorg> I love you all.
<DavidBorg> Anyone here?
<lordievader> DavidBorg: Jup, many. But most idle.
<lordievader> Also see !patience.
<lordievader> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<DavidBorg> Don't ask for help too frequently in an idle chatroom.  The lurkers may get upset.  LOL
<patdk-wk> hmm, 2 days before the world ends
<zul> jamespage:  im running the stable/havana triggers fyi
<jamespage> zul, oh good
<jamespage> zul, glance is still not accepted btw
<zul> jamespage:  crappers
<jamespage> zul, did you see taskflow update is blocked in proposed in trusty?
<zul> jamespage:  no
<zul> im on it
<smoser> caribou, thanks for the heads up.
<jamespage> zul, promoting wahts in staging havana -> proposed now
<zul> jamespage:  ack
<jamespage> zul, was there a keystone release btw?
<zul> jamespage:  for keystone?
<zul> sorry for havana?
<zul> jamespage:  yes for havana
<jamespage> zul, its not in any queues
<zul> jamespage:  lemme check
<zul> i uploaded it
<zul> coreycb: can you check to see if you got a reject message for keystone?
<zul> coreycb: keystone-2013.2.3-0ubuntu1
<coreycb> zul, no, I didn't
<zul> alright lemme re-upload this then
<zul> jamespage:  re-uploaded it...i could have swore i uploaded it though
<jamespage> zul, lolz
<jamespage> zul, it was not rejected so must be a wetcode error
<zul> jamespage:  black hole
<jamespage> zul: "dput /dev/null keystone_...._source.changes"
<coreycb> jamespage, zul: btw I don't think I get reject messages.  likely b/c I don't push?
<jamespage> that works in no way I can imagine
<jamespage> coreycb, as the changer you should have
<jamespage> coreycb, did you get a pending approval message?
<zul> jamespage:  its like that disney movie
<coreycb> jamespage, I get messages for merge approved/denied and things like that
<DavidBorg> How do I force dependencies to be downloaded and installed when running apt-get install?
<DavidBorg> I'm trying to get apt-get install php*
<DavidBorg> Dependencies are causing it to error out.
<pmatulis> looks like we'll be stuck with ancient openldap software for another 5 years...
<jamespage> zul, cinder and swift in
<jamespage> still waiting on neutron
<zul> jamespage:  i saw
<zul> jamespage:  taskflow fixed just doing one more test
<esde> Fresh install of ubuntu server 13.10 on both boxes. Both boxes appear to be running fine, and doing their jobs well. However, I noticed whoopsie in htop on both boxes. When I end the whoopsie process, these entries keep showing up in syslog "GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.NetworkManager was not provided by any .service files". Any idea how I can track down what's crashing???
<tonyyarusso> I have a bit of a security dilemma.  I have a VPS that I'd like to use encrypted disks for, encrypting /home, /tmp, /var/lib, /var/log, swap, and certain portions of /etc.  (Not /boot or the whole /)  The problem is the console access is through VNC, so during boot I'd have to enter the encryption passphrase over an unsecured VNC session.  How might I be able to boot a minimal system that would be enough for me to make an SSH ...
<tonyyarusso> ... connection and then mount the encrypted containers from there?
<bekks> tonyyarusso: a) as long as someone has access to the physical host of the vps, he/she has full access to you vps b) encryption doesnt change a), c) not encrypting the whole system is fairly nonsense in terms of d) security by obscurity, which encryption of a vps basically is.
<tonyyarusso> bekks: Well, the tinfoil-hatted thinking is if something came up such that I suspected the data was going to be targeted, I could shut the system down, and the encryption would kick in at that time.  I'm aware that it's useless while booted up.
<sarnold> perhaps your vps image would be snapshotted while it is running, keeping the key nice and legible in memory?
<sarnold> I'd spend some more time thinking about what problems you're trying to solve -- who are your adversaries, what mechanisms do they have at their disposal, and how much can you mitigate against them?
<DavidBorg> I can't get LightDM to work via SSH using a Mac to Ubuntu Server 13.10
<DavidBorg> Can someone tell me what command I should type after logging in with the ssh -X user@name command?
<blkperl> DavidBorg: you can't xforward Lightdm, you will need to use VNC for a graphical session or XDMCP
<Overand> Is there a more 'fresh' build of the ubuntu-server installer for the beta than the march ~27 'beta 2' one?  Didn't see one under the dailies
<Overand> er, installer?  i meant ISO
<andol> http://cdimage.ubuntu.com/ubuntu-server/daily/current/
<Overand> ha- that makes sense!
<resno> ok, so everyday my ubuntu server loses its static ip set and gets a dhcp setting
<resno> if i do ifdown eth0 && ifup eth0 it gets the static ip back again
<resno> this is on ubuntu 14.04
 * resno yawns
<mwhudson> resno: is dhclient still running?
<sarnold> resno: please file bug :) though I don't know what to file it against
<sarnold> resno: that doesn't sound like sometihng that should happen.
<resno> sarnold: heh ok, im not even sure what details to include
<sarnold> resno: if you can catch the dhcp client in action, that'd be nice..
<resno> i know something is making it do it, because it happens at about the same time everyday
<resno> ya, its dhclient
<sarnold> hrm, there's lots of half-baked ways I can think of to tyr to figure out which process is kicking off dhclient, but none of them are quite what I'd like to suggest to someone else :)
<resno> mwhudson: dhclient is not installed
<mwhudson> resno: special
<resno> somehow in the los dhclient is receving the request for the ip
<mwhudson> resno: the package is called isc-dhcp-client fwiw
<mwhudson> the binary is dhclient though
<mwhudson> i assume you must have some kind of dhcp client installed, or getting a dhcp address would be pretty amazing :)
<resno> yes it would
<resno> i magically get ips from dhcp through space
<resno> im just curious though how it would ignore the conf
<mwhudson> sarnold: i think i've seen things where i've modded /etc/network/interfaces to change eth0 to static, ifdown ifup and dhclient is still running
<mwhudson> sarnold: is that possible?  expected?  a bug?
<mwhudson> i was pretty confused about what was going on when i saw this though
<sarnold> mwhudson: if you didn't ifdown the interface before editing interfaces, I wouldn't be too shocked.
<mwhudson> resno: anything in syslog?
<mwhudson> sarnold: oh, ifdown would only kill dhclient if the config still said auto?
<mwhudson> that probably is what happened
<resno> mwhudson: ya, it mentions get the dhcpoffer
<mwhudson> somehow i like to leave the gap between ifdown and ifup as short as possible, even if i'm editing on the serial console :)
<sarnold> mwhudson: as far as I'm concerned, there is much magic going on, and while we may hope for the best :) I suspect it's a bit cranky about details
<resno> heh, cranky
#ubuntu-server 2014-04-16
<billy_ran_away> Can anyone tell me what happened to apache's auth_pam in 13.10?
<adun153> Hi, I have a situation where my my server installation is starting Upstart services, but not the SysV ones. How should I go about troubleshooting this?
<tomixxx7> hi, does anyone know a good test editor for ubuntu?
<tomixxx7> in its functionality comparable to pspad or notepad++ for windows
<posthuman> hey guys im running a exim4 mailserver since yesterday. I created 2 additional Mail Accounts.Sending from my "old" account to the new accounts works fine, vice versa does not. Exim4 log gives mailbox unavailable\n550 Sender address is not allowed . All 3 accounts are gmx accounts
<adun153> tomixxx7: In order of my preference. Vi, Bluefish, Kate, Gedit.
<tomixxx7> ty
<posthuman> ok sending mails from a lokal client works fine
<Elfuego> Hey anyone around who can help with a small issue with ubuntu server networking in a hyperV VM
<sheptard> don't ask to ask just ask
<jamespage> zul, wanna fixup trove - https://bugs.launchpad.net/ubuntu/+source/openstack-trove
<jamespage> ?
<Elfuego> I have a hyperV-vm running server12.04 - the NIC connects at only 100Mbps in this VM but 10GBps in other
<jamespage> zul, nm - I'll get it
<jamespage> most of the bugs are invalid but trove-common is foobar
<lordievader> Good morning.
<zul> jamespage:  i uploaded ceilometer rc3 last night
<jamespage> zul, w00t
<jamespage> is it in?
<paranoids> hi there
<paranoids> I'm running ubuntu14.04 want to use vlan interfaces
<paranoids> vlan's everytime get renamed by udev
<paranoids> how to prevent the renaming of the vlan interfaces?
<paranoids> systemd-udevd[488]: renamed network interface vlan100 to rename4
<zul> jamespage:  i think so
<zul> jamespage:  nope
<zul> jamespage:  ceilometer has been accepted
<jrwren> can you specify minimum version to apt-get
<jrwren> e.g. apt-get install libssl1.0.0>=1.0.1-4ubuntu5.12
<jrwren> I'd like to be able to do that, but it seems i cannot :(
<zul> jamespage:  did trove got accepted this morning?
<patdk-wk> why does it matter?
<patdk-wk> apt-get will always get the newest version
<patdk-wk> assuming you know how to do apt-get update
<zul> jamespage:  duh...nm
<rbasak> jamespage, beisner: http://sources.debian.net/src/apache2/2.4.9-1/debian/apache2.NEWS is a good reference for apache2 upgrades, could we link to that in the release notes?
<rbasak> I can't find a suitable launchpad link - the UDD branch for apache2 is out of date.
<beisner> rbasak, sounds sane to me.  a good reference indeed for bug https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1308570
<uvirtbot> Launchpad bug 1308570 in apache2 "Sites not served after Precise - Trusty upgrade - new apache2 documentroot path" [Undecided,New]
<jrwren> patdk-wk: the use case is that I've not run apt-get upgrade, nor will I and the package in question is already installed.
<patdk-wk> I don't get the usecase
<patdk-wk> dpkg -l libssl1.0.0
<patdk-wk> isn't enough?
<jrwren> does "apt-get install pkgname" upgrade that pkg even if it is already installed.  I guess it does and I didn't realize it.
<patdk-wk> yes, it does :)
<jrwren> patdk-wk: looking for something I can do in an entirely automated way.
<xevwork> With ufw, can I limit ssh from all IPs *except* a specific CIDR mask?
<patdk-wk> that is what I do when I want to upgrade one thing, but not the rest, yet
<jrwren> patdk-wk: its what I do to, as of now :)
<jamespage> rbasak, good idea
<jamespage> rbasak, could you add that to the release notes
<rbasak> jamespage: nack. Sorry, I have to run, and I'm not sure I'll be back in time :-/
<jamespage> rbasak, np - I'll pop something in
<jamespage> roaksoax, smoser: what do we want to highlight in the maas section
<smoser> link ?
<smoser> roaksoax, i think we want to highlight further improvements to fast path install. additional power types.
<jamespage> smoser, https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes
<jamespage> zul, trove went in automatically :-)
<DavidBorg> Anyone have tips for Ubuntu Server as data mining crawler?
<stetho> Hi all. I've got a couple of servers with dual NICs on them. Until recently I've been installing my servers from USB sticks and configuring them manually or Chef. I now want to PXE Boot them and automate everything and there's one aspect that's got me stumped. As part of the install process I install ifenslave and set up active/failover bonding on the interfaces. Getting to the question - I can't figure out how to add AA:BB:CC:DD:EE:11 and AA:BB:CC:DD
<stetho> :EE:22 to my DHCP server so the machine gets the correct IP at startup regardless of which port is active.
<jrwren> stetho: isc dhcp server?
<jrwren> stetho: if isc dhcp, look for host blocks in config & use hardware ethernet & fixed-address
<stetho> In DNSMasq, for example, you can set dhcp-host=AA:BB:CC:DD:EE:11,AA:BB:CC:DD:EE:22,192.168.0.1 and both interfaces will be offered 192.168.0.1 - if you do that in ISC-DHCP it complains about it.
<stetho> jrwen: Sorry - I was just typing that ^ :-) Yes, it is. It complains about their being two hosts called server1 (for example).
<zul> jamespage:  yeah duh i suck ;)
<jamespage> zul, it might not now - I think everything is on manual review
<DavidBorg> Is there a way to have my server crawl the web and download data?
<jrwren> stetho: i don't know that the hostname tehre matters at all. just name them -1 and -2 ?
<DavidBorg> Automatically
<jrwren> DavidBorg: yes, you must write code for that.
<jrwren> DavidBorg: unless you just want wget --mirror
<DavidBorg> I don't know how to crawl and download - I have a LAMP server and everything is operating.
<DavidBorg> Can you tell me what type of code I would need to use, jrwren?
<DavidBorg> Thanks for helping, btw
<stetho> jrwren: But then the server will have the wrong name.
<stetho> Actually, it might not.
<jrwren> stetho: use cloud-init and set the hostname to whatever you want :)
<jrwren> DavidBorg: no, i can't tell you.
<stetho> I was just thinking something similar. The server is using use-host-decl-names which is probably what's breaking it to begin with.
<Elfuego_> Hi, Im having some problems with UbuntuServer + PlexServer in a VM and getting out of memory errors
<Elfuego_> Anyone have any idea - I seem to be using 2-3x more CPU/RAM resources than I was with win7
<mand0> Elfuego_, what are the specs? is it more than Plex recommends?
<delinquentme> so I was trying to install nodejs without using sudo ... and I ran sudo chown -R $USER /usr/bin  hoping that it would give me the permissions I needed to install without sudo
<delinquentme> now I cant install anything ... and I get this "sudo: must be setuid root"
<delinquentme> $ sudo chown -R $USER /usr/bin  << this is the command which I ran, that I think is breaking things
<sarnold> delinquentme: you are in for a wonderful learning experience. :)
<sarnold> delinquentme: do you have any root shells open right now?
<delinquentme> sarnold, nope just a single one
<delinquentme> So if I gather correctly I have no accounts which can access that file .  Since I dont have a second root shell open  ... I'm going to need to do some digging to get it back.
<sarnold> delinquentme: did you set a root password? try /bin/su
<delinquentme> sudo chown -R $USER /usr/bin/su ?
<sarnold> delinquentme: your sudo is completely broken. it will not function.
<sarnold> delinquentme: I am hoping that your 'su' is not yet broken, but you might not be able to use it if you don't have a root password
<delinquentme> /bin/su >> authentication failure
<sarnold> delinquentme: drat.
<delinquentme> yeah no root password ... only a primary account
<delinquentme> TLDR reinstall ?
<pmatulis> recovery session
<sarnold> delinquentme: okay, as I see it, your best option to fix this is pretty brutal -- use sysrq to umount, sync, and reboot; add "single" to your kernel command line at the grub menu to boot into a rescue environment; then you'll want to run "chown -R root /usr/bin/*" -- then sync, reboot, and then we can fix up the few files that shouldn't be owned by root
<sarnold> delinquentme: oh, I'm sorry, that would be "chown -R root /usr/bin"
<justizin> is it just me, or does trusty not have openssl 1.0.1g?!
<sarnold> justizin: trusty does not. we backported the security fix to trusty's openssl.
<delinquentme> kk going down for reboot =/
<sarnold> delinquentme: good luck :)
<justizin> sarnold: ah ok.
<justizin> right.  duh.
<justizin> heh.
<pmatulis> justizin: i didn't think trusty was affected
<pmatulis> http://www.ubuntu.com/usn/usn-2165-1/
<sarnold> justizin: we weren't about to make a change that drastic so close to release, we just wanted the security bug fixed
<justizin> pmatulis: trusty doesnât release until tomorrow, so it wouldnât get an advisory
<sarnold> pmatulis: we don't bother including the devel release in USNs, but we do make sure the security bugs get fixed :)
<justizin> sarnold: totally
<pmatulis> justizin: true dat
<justizin> in other news: TRUSTY! :D
 * justizin has been using it for a while here and there in non-critical roles and test environments
<justizin> itâs like precise, but without having to upgrade all kinds of stuff from ppas!
<sarnold> success! :)
<delinquentme> laptop isnt on fire !
<delinquentme> I feel so bad ... brand new laptop .. brand new install
<sarnold> delinquentme: awesome :)
<delinquentme> =[ poor thing. but ok! ran the commands
<delinquentme> sudo apt-get update >> sudo: must be setuid root
<justizin> oof.
<sarnold> delinquentme: aw damn. I forgot that the setuid bit would be dropped.
<sarnold> delinquentme: but hey, you're good at the rescue shell now :)
<delinquentme> I booted into recovery console as root .. ran the chown
<delinquentme> ^_^;;
<delinquentme> so I need to give it a new setuid ?
<sarnold> delinquentme: yeah; reboot into the rescue shell again and run chmod 04755 /usr/bin/sudo
<sarnold> it should look like this when you're done:
<sarnold> -rwsr-xr-x 1 root root 155008 Feb 10 11:16 /usr/bin/sudo
<sarnold> (note especially the 's' in the permissions)
<delinquentme> deal
<delinquentme> kk ran that
<Havenstance2> does anyone know how to make truecrypt auto mount the favorite volumes at system boot?
<delinquentme> I dont think that did it ...no s
<delinquentme> sarnold, where go from here?
<sarnold> delinquentme: no luck? what does ls -l /usr/bin/sudo look like?
<delinquentme> -rwxr-xr-x 2 lilith root 71288 Mar 11 05:24 /usr/bin/sudo
<delinquentme> and I believe I'm rebooting correctly into the recovery console via grub ... and the user is set as root
<sarnold> delinquentme: hrm, it's still not owned by root, either.
<sarnold> delinquentme: does the rescue environment say something like "your old root is mounted at ..." or something similar?
<delinquentme> I dont believe so
<delinquentme> mount -o rw,remount /; chown -R root:root /usr/bin
<delinquentme> was recommended in #ubuntu
<sarnold> could be, I haven't used the rescue environment in ages, maybe it isn't mounted read-write..
<delinquentme> I do get confirmations that the permissions are changed ...
<delinquentme> kk rebooting
<delinquentme> $ ls -l /usr/bin/sudo >> -rwxr-xr-x 2 lilith root 71288 Mar 11 05:24 /usr/bin/sudo
<delinquentme> still no sudo after running $ rw, remount /; chown -R root:root /usr/bin
<sarnold> delinquentme: well, maybe try just chown root:root /usr/bin/sudo -- let's get -something- back..
<delinquentme> http://ubuntuforums.org/showthread.php?t=2158822
<delinquentme> looks like this outlines it pretty well
<delinquentme> brbz!
<posthuman> hello, i installed courier-imap-ssl on exim4  and allowed port 993  but i cant use imap+ssl on thunderbird anyway
<posthuman> 143 works great but nothing else
<delinquentme> -rwxr-xr-x 2 root root 71288 Mar 11 05:24 /usr/bin/sudo
<delinquentme> so I think the user is at least correct
<sarnold> delinquentme: half-way there :) woo
<delinquentme> I mean if worse comes to worse I plan on upgrading to 14.04 stat
<delinquentme> sooooo
<sarnold> delinquentme: re-do the rescue system and soforth, then run: chmod 04755 /usr/bin/sudo
<delinquentme> lets break things
<sarnold> delinquentme: these skills are wonderful to have, so when SHTF for real, you'll be familiar with how to piece things back together from a dozen little pieces :)
<delinquentme> haha true! Oh also FYI sarnold apparently the filesystem is default in read only in recovery
<delinquentme> so you've got to $ mount -o rw,remount /;
<delinquentme> BRB!
<sarnold> delinquentme: cool! :)
<delinquentme> check!  done w those ... now what file system objects should we be checking permissions on now?
<sarnold> delinquentme_: sweet!
<delinquentme_> kk cool got laptop #2 up and running
<delinquentme> ill just sit with the other one in the recovery console
<sarnold> delinquentme_: so, the forum post had some files that weren't owned root:root -- and I pasted a few, much overlap
<sarnold> delinquentme_: http://paste.ubuntu.com/7262855/
<sarnold> delinquentme_: you'll also need to fix the setuid bits on the other files -- that forum post had some
<delinquentme_> so I need to set all of the permissions according to this
<sarnold> delinquentme_: http://paste.ubuntu.com/7263043/
<sarnold> delinquentme_: those are from my system
<delinquentme_> yeah so I have zero
<sarnold> delinquentme_: once you've fixed those up, install the debsums package and run debsums -s
<delinquentme> so chmod 04755 for those files?
<sarnold> delinquentme_: some of them will be 02755 and some will be 06755
<delinquentme_> it looks like daemon is the only 06755 right?
<delinquentme_> nm nm nm
<sarnold> delinquentme_: at, procmail, and X on my system
<delinquentme_> so I dont have a /usr/bin/daemon dir
<delinquentme_> OR lpadmin OR mail
<sarnold> delinquentme_: time for me to run :) you're very nearly back together. nice work. :)
<delinquentme_> those are good things?
<delinquentme_> sarnold, any idea between the two of these I should prefer?  http://paste.ubuntu.com/7263043/  http://paste.ubuntu.com/7262855/
<delinquentme_> they've got some differing permissions
<delinquentme_> YES.
<delinquentme_> FIXED IT.
<funcoland1> can anyone here tell me why "d-i partman/unmount_active boolean true" isn't being honored by the trusty installer?
<funcoland1> i have to go and hit the enter button every time i install and it goes through just fine.. but the above command is supposed to do it for me :-/
<jtran> anyone ever seen an issue in which after setting an /etc/network/interfaces  with a stanza for bond1.2002 and specify a gateway,the gateway line disappears after a reboot?
<amriunix> guys i need to ask how to setup a mail server on my ubuntu server VPS !!!
#ubuntu-server 2014-04-17
<nith1210> quit
<Guest67771> Hi I tried to install Moodle on my 12.04 Ubuntu server. I already had LAMP, so I just used sudo apt-get install Moodle. The instructions I followed were a little out of kilter, and so the install failed. Is there any way to resume the install, now that I've fixed the items that were missing?
<cylee_> Hi all, does anybody know what kind of technical support Canonical provide? If I want to pay for it.
<jamespage> cylee_, its called ubuntu advantage
<cylee_> !! thank you
<ubottu> You're welcome! But keep in mind I'm just a bot ;-)
<jamespage> cylee_, http://www.ubuntu.com/management/ubuntu-advantage
<cylee_> ??
<cylee_> Thank you james, does it include openstack deploy/development consulting service ?  Because I don't see that in product info.
<rbasak> cylee_: openstack consulting thing is http://www.ubuntu.com/cloud/tools/jumpstart
<cylee_> thank you, it looks like what we want :D
<rbasak> jamespage: thanks! Back now.
<jamespage> cylee_, there is a specific ubuntu advantage offering for openstack clouds
<jamespage> cylee_, an as rbasak points out Canonical do jumpstarts to get you up and running as well
 * jamespage feels like he's in sales this morning :-)
<cylee_> it's ok, my manager want me compare support between Canonical and Red Hat
<cylee_> So I need more information to him
<andol> cylee_: Sounds like you wnt to contact Canoical directly then? :)
<cylee_> I contacted their sales before but I am not native speaker.  He said he will forward request to China team but  no response yet.
<cylee_> That's why I ask for help here
<cfhowlett> !cn|cylee_
<ubottu> cylee_: å¦æ¬²ç²å¾ä¸­æçåå©ï¼è«è¼¸å¥ /join #ubuntu-cn æ /join #ubuntu-tw
<stephank> AMIs on the locator site are apparently already tagged 14.04 LTS, but the release date is from before heartbleed. Should I wait before using these?
<stephank> Oh, it looks like those are the beta images. I'll wait a bit, not in too much of a hurry. :-)
<jamespage> stephank, the dailies are OK
<jamespage> stephank, and release is today :-)
<stephank> Cool. Yeah, hence my excitement. :-)
<zul> jamespage:  swift got accepted
<jamespage> zul, good
<zul> just buidlign ceilometer now
<zul> jamespage:  ceilometer up
<rbasak> jamespage: who's doing the iso testing for this release? infinity was asking.
<jamespage> rbasak, beisner has been doing it
<rbasak> jamespage: is beisner familiar with the testing tracker etc? Nothing's showing up there for server ISOs at all right now, or is that due to a recent respin?
<rbasak> Looks like there was one yesterday :-/
<jamespage> rbasak, he is
<rbasak> Great!
<zul> jamespage:  trove up
<jamespage> zul, ditto keystone
<zul> jamespage:  trove and keystone have both been accepted
<jamespage> zul, great
<lordievader> Good morning.
<jamespage> zul, nova uploading
<zul> jamespage:  ack
<zul> that was quick
<jamespage> rbasak, was that a request todo iso testing?
<zul> jamespage:  cinder is building now
<rbasak> jamespage: yes - we have no results atm
<zul> jamespage:  cinder up
<zul> jamespage:  nova accepted but you already knew that
<jamespage> rbasak, I'll pull down images and do at least the iscsi testing
<rbasak> jamespage: thanks!
<rbasak> I've only an armhf machine here with no virt :-/
<jamespage> beisner, coreycb, zul, smoser, roaksoax, hallyn, rharper: ^^ iso testing please
<jamespage> rbasak, urgh - are you in london?
<jamespage> rbasak, I'm at least 45 minutes off my first iso
<jamespage> rbasak, grrrr adsl
<rbasak> I was and will be again. I am in Manchester this afternoon admittedly, but I don't really want to touch anything since I need to leave it unattended and depend on it.
<jamespage> rbasak, ack
<jamespage> rbasak, I'm trying some in nested kvm on serverstack as well but its slllooooowwww
<zul> jamespage:  iso tracker says the tests have been ran ?
<jamespage> zul, thats the automatic testing filing results
<jamespage> zul, we need to fill in the gaps for release
<zul> jamespage:  ah ok
<jamespage> also a random sample test is always a good idea
<jamespage> zul, I can do the iscsi ones quite quickly once i have an image
<zul> jamespage:  lemme download the iso
<jamespage> jacalvo, hello
<jamespage> re bug 1252375
<uvirtbot> Launchpad bug 1252375 in zentyal-samba "Please remove zentyal-samba + zentyal-printers from trusty" [Medium,Confirmed] https://launchpad.net/bugs/1252375
<jamespage> jacalvo, someone fixed up the depends by (by way of Depends: samba (>= 4) | samba4, apparently)
<jamespage> zul: the horizon branch was not 2014.1 so I did that as well
<zul> jamespage:  yeah i left it yesterday since i knew we probably had to do a asset refresh
<jamespage> as there was no change from the last rc not required
<zul> jamespage:  heat is up
<rostam> HI I have a general question. Currently we are using 12.04 LTS for our production. I would like to upgrade our system to 14.04 LTS, given the fact the 14.04 is just being released, is this a good idea? or should I wait for more time if it needs to get more stable? thx
<cfhowlett> rostam the advice I usually see is to wait until the first point release e.g. 14.04.1    but then I don't run a production server ...
<andol> rostam: Waiting an extra week or so probably won't hurt, but more importantly is of course to test the upgrade on a staging systems, to see what to expect.
<rostam> cfhowlett, andol  thanks
<andol> Well, in my eyes waiting for the first point release might (dependong on the situation) be a bit of an overkill, but really the important part isn't neccesary the length of the wait, but the amount of testing.
<cfhowlett> andol agreed.
<rostam> cfhowlett, andol  when 14.04.1 will be available ?
<stephank> rostam: july 24th: https://wiki.ubuntu.com/TrustyTahr/ReleaseSchedule
<rostam> stephank, thanks
<jamespage> beisner, up yet?
<moparisthebest> where is the best place to watch for the release? assuming it's still on for today? here: http://cdimage.ubuntu.com/releases/14.04/ ?
<andol> https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce :)
<moparisthebest> haha awesome, even better, thanks :)
<rostam> HI how I can be notified for security update by ubuntu? thx
<zul> jamespage:  glance up
<moparisthebest> I have unattended-upgrades set up so my servers just apply security updates automatically
<jamespage> zul, ditto neutron
<jamespage> zul, keystone still building - release team aware
<jamespage> ~50 mins left
<jamespage> rostam, there is a security announce mialing list
<moparisthebest> however it's not fool-proof, heartbleed bug for instance, it updated openssl, but didn't restart my services (nginx, postfix, etc), so server was still vulnerable until I did that rostam
<rostam> thanks
<beisner> jamespage - good morning!  about to take the littles to school, back in 30
<jamespage> beisner, ack
<jrwren> happy launch day!
<mdeslaur> hallyn: any hope the libvirt in saucy-proposed will get released some day?
<cfhowlett> mdeslaur saucy has a 9 month life cycle and it's already 6 months in so ...
<mdeslaur> cfhowlett: so you're saying I should just push my security update over it?
<cfhowlett> mdeslaur responding ONLY to the libvirt saucy-proposed question, I was suggesting that it may not get backported but may (hopefully) be contained in the trusty release.
<Daviey> utlemming: bug 1305418, is this the third SRU regression in a row?
<uvirtbot> Launchpad bug 1305418 in walinuxagent "[SRU] walinuxagent breaks sshd configuration" [Critical,In progress] https://launchpad.net/bugs/1305418
<zul> Daviey:  does he win a prize?
<Daviey> zul: Well, I want to work out if I am smoking crack and misunderstood, or if there is something dire wrong with the SRU verification process for Azure related uploads.
<Daviey> If the former, I win a prize of rehab - if the second, then someone wins a prize of wtf?
<zul> Daviey:  ok Amy Winehouse
<zul> jamespage:  lol kesytone still building
<jamespage> zul, omg
<ivoks> :]
<hallyn> mdeslaur: looking...
<beisner> Good day, happy release day!
<jamespage> zul, taskflow is still foobared
<zul> jamespage:  ill SRU it
<hallyn> bleh
<mdeslaur> hallyn: thanks
<jamespage> zul, meh - its been pushed in anyway
<jamespage> autopkgtest failure on amd64 only
<zul> jamespage:  meh
<rharper> jamespage: running iso installs now
<jamespage> rharper, hey - np - I think most things are covered off now
<rharper> jamespage: ok
<bismark> Anyone around that's familiar with ISC-DHCP DDNS updates to Bind9 running on 12.04 LTS?  I seem to have it configured correct according to the hundred or so pages/tutorials I've read and I can use nsupdate with the rndc key to update a DNS entry but DHCP isn't sending any information over
<bismark> hell as far I can tell it's not even trying
<ddsss> when editing ~/.ssh/config -> why are there both Host and HostName things? what's he difference?
<patdk-wk> totally different
<patdk-wk> Host defines config sections
<patdk-wk> Hostname is the host to log in to
<bismark> Host can actually refer to multiple hosts too, for example in this stanza
<bismark> Host serverA, serverB, 10.10.10.10, cserver
<bismark> Hostname 10.10.10.10
<bismark> will allow you to ssh to any of those systems and they'll all go to Hostname 10.10.10.10
<ddsss> bismark, hmm. I seee. thanks. sounds useful.
<bismark> ddsss: welcome
<alex88> hi guys, is there a tool to keep running a pool of processes
<alex88> ?
<mardraum> ?
<mardraum> more information about what you need
<alex88> mardraum: actually running a background job with upstart
<alex88> wanted to run multiple processes of it
<alex88> and keep them running
<alex88> mardraum: any idea?
<havnestance3> is there an article out there on how to get mdadm to automatically notify of a failure?
<beisner> jamespage:  oh hey!  i forgot to holler back at ya, how goes?
<jamespage> beisner, ok
<havnestance3> I have configured the email and got it to send a test email but when I unplug a drive to simulate a failure it does nothing
<roaksoax> zul: does samba support .d/ config?
<jrwren> no
<nthdesign> It looks like 14.04 is not yet available via do-release-upgrade. Anyone know if/when the final release will be available?
<jrwren> works for me.
<jrwren> you could try do-release-upgrade -d :)
<jrwren> or -p trusty?
<med_> pmatulis, what's the "RIGHT" way to add a DNS search? /etc/network/interfaces line? /etc/resolvconf/resolv.conf.d/base or something completely different (and what's the right way to ACTIVATE it so that it makes that change effective immediately without downing an interface?)
<Queops> Hello! If I don't use DHCP on my server which packages can I purge? I know about isc-dhcp-client but that also takes away ubuntu-minimal? (14.04)
<Queops> Maybe just deactivating it is enough
<sarnold> Queops: once the ubuntu-minimal is installed it's done its job of dragging in other dependencies. I don't think you'll miss it much.
<pmatulis> med_: boy, it used to be so simple :)
<Queops> sarnold, good point, didn't know about that
<hallyn> https://www.system76.com/  now featuring 14.04LTS.  that was fast
<med_> pmatulis, I sent you a ticket. :^)
<med_> hallyn, sweet!
<blahRus> anyone know when the 14.04 MAAS images will land?
<blahRus> currently grabbing RCs still
<sarnold> utlemming,bigjools,smoser ^^ see blahRus, is that something one of you guys can fix? :)
<blahRus>     path: http://maas.ubuntu.com/images/ephemeral-v2/releases/ is what's currently being used
<blahRus> Not sure which Trusty folder is picking up though
<Lcawte> So I have this VPS, it's just been restored from a backup, all the file permissions seem the same as an identical server, the one hte backup was taken from (except this one has been running for two more days), but all sorts of things seem to give permission errors (or permission related errors)... for example MySQL can't create it's temp files, sudo can't be run, etc. Any idea why it doesn't seem
<Lcawte> to recognise the permissions?
<Ergo> hello, is that normal that do-release-upgrade doesnt pick up new release
<sarnold> Lcawte: how strange. does ps auxw show the right user accounts used for the various services?
<bekks> Ergo: Yes. Wait for the mirrors to be synced.
<Ergo> ok
<sarnold> Lcawte: maybe check ls -ln and ps auxwn output and make sure the numbers line up properly
<Lcawte> sarnold: I've checked a few, including root, mysql and my own user account...
<Lcawte> They all seem to be the same...
<Lcawte> s/the same/match
<Lcawte> Are there any strange daemons or commands that reload/refresh these sorts of things?
<sarnold> Lcawte: okay.. what's ls -l /usr/bin/sudo look like? what happens if you run sudo id ?
<sarnold> Lcawte: none that i know of
<Lcawte> root@grunt-2:~# ls -l /usr/bin/sudo
<Lcawte> -rwsr-xr-x 1 root root 71288 Mar 11 08:24 /usr/bin/sudo
<sarnold> looks good enough. though it's half the size of mine, that's odd.
<Lcawte> sudo: unable to open /etc/sudoers: Permission denied (the problem I hit with sudo)
<sarnold> Lcawte: can you install and then run debsums -s to check file checksums?
<sarnold> Lcawte: oh interesting; how about ls -ld /etc /etc/sudoers  ?
<Lcawte> root@grunt-2:~# ls -ld /etc /etc/sudoers
<Lcawte> drwxr-xr-x 100 root root 4096 Apr 17 16:51 /etc
<Lcawte> -r--r-----   1 root root  723 Apr 17 17:22 /etc/sudoers
<Lcawte> Looks exactly the same to root@grunt (the original), but yeah, I'll try debsums
<sarnold> Lcawte: can you run aa-status as root? I'm wondering if you're stuck in an apparmor profile..
<Lcawte> I get command not found
<sarnold> Lcawte: okay.. how about cat /sys/kernel/security/apparmor/profiles  ?
<Lcawte> debsums-s output: http://pastebin.com/4kRfbdk1
<Lcawte> No such file or directory
<sarnold> Lcawte: you've got a pretty good riddle going :)
<Lcawte> yup, :(
<sarnold> Lcawte: anything in dmesg? or elsewhere in the logs? it'll be hard to spot a root cause amidst the noise, but you never know.
<Lcawte> . /var/log/dmesg is empty
<Lcawte> Other than the fact my server has a bluetooth daemon for some bizare reason, nothing that shouldn't be there
#ubuntu-server 2014-04-18
<hallyn> sarnold: hey, seems like something you'd know - do you remember koneko, the old program that turned your cursor into a mouse and drew a cat chasing the mouse if it moved, and sleeping otherwise?
<hallyn> wondering if that code is sitting around anywhere :)
<hallyn> maybe i should check the old sunsite or whatever it was
<sarnold> hallyn: haha, that does sound vaguely familiar, but I couldn't tell you the name of the thing...
<Pici> !info oneko
<ubottu> oneko (source: oneko): cat chases the cursor (now a mouse) around the screen. In component universe, is optional. Version 1.2.sakura.6-9 (trusty), package size 36 kB, installed size 126 kB
<hallyn> sarnold: the name was koneko,
<hallyn> d'oh
<hallyn> Pici: you rock, thx
<sarnold> Pici: haha, nice :)
<Pici> hallyn: np :)
<hallyn> yay!  there's a cat on my screen
<bekks> hallyn: catbuntu? :)
<sarnold> I think we can all agree that mir won't really take off until this thing has been ported
<hallyn> alas it's not changing my cursor, but i can live with that
<hallyn> sarnold: hear hear!
<hallyn> my phone needs oneko
<hallyn> now i can get back to getting Xspice to work
<hallyn> hm, i honestly don't see how this was ever meant to work.  'qxl->st->dispatcher = some_fn(qxl)', where some_fn dereferences qxl->st_dispatcher->somefield
<sarnold> changing dispatcher from deadline to noop or similar?
<hallyn> it's at startup,         qxl->st->dispatcher = red_dispatcher_init(qxl);
<hallyn> anyway my laptop's being comandeered, will have to look later
<hallyn> sarnold: ah, i see, the newer upstream git doesn't do it that way
<sarnold> hallyn: haha, good :)
<hallyn> what we need is a maintainer for this stuff
<hallyn> sarnold: you're bored right? :)
<sarnold> hallyn: lol
<hallyn> well i don't see how this ever worked anywyere.  i suppose i could grab fedora pkgs and see what they do there,
<hallyn> but i guess best bet is to figure out how to make a pkg from git (bc they haven't done a new release tarball;  but ther eare empty directories in git)
<sarnold> hallyn: which package is this?
<hallyn> sarnold: it's in libspice-server1,
<hallyn> though to exercise it you use xserver-xspice
<hallyn> my goal is to run ubuntu-desktop from a container
<hallyn> it's gonna ROCK
<sarnold> ooo
 * hallyn does a king julian dance
<hallyn> bah git submodules are stupid
<hallyn> bc if i git clone git://a/b, then git clone b b-1, then i can't go into b-1 and do git submodule update
<hallyn> or maybe that's just bc this site is abbreviating in .gitmodules..
<ddsss> does ubuntu have some web-based rss reader as a package?
<hallyn> not sure how you mean web-based.
<hallyn> you mean you'd run a server which fetches rss content, and you read it with a browser from your server?
<hallyn> ppl seem to like liferea, i use rss2email myself
<hallyn> then i have a cron script pushing the resulting emails to pocket
<hallyn> so i read them from my ereader and sometimes from fireefox with the pocket plugin
<ddsss> hallyn, I mean like news plugin for owncloud, but not ownloud
<ddsss> hallyn, meaning I can open gui ina  browser from anywhere and read use rss.
<sarnold> hallyn: fwiw red_dispatcher_init() doesn't ring any alarm bells for me..
<sarnold>     red_dispatcher = spice_new0(RedDispatcher, 1);
<sarnold>     init_data.qxl = red_dispatcher->qxl = qxl;
<sarnold> those two lines make it feel kosher
<ddsss> hallyn, ahh - i see - there is a tiny tiny rss plugin or something as a web gui?
<hallyn> sarnold: red_dispatcher_add_memslot()
<hallyn> it gets dispatcher which is the qxl->st
<hallyn> then it sends &dispatcher->dispatcher to dispatcher_send_message
<hallyn> dispatcher was NULL, so it's sending 0x88, which is the offset of dispathcer in RedDispatcher
<hallyn> then dispatcher_sned_message() dereferences that
<sarnold> hallyn: http://paste.ubuntu.com/7272383/
<sarnold> hallyn: how on earth does -that- work?
<hallyn> it works like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729054 :)
<uvirtbot> Debian bug 729054 in xserver-xspice "Xspice fails to start (segfaults)" [Grave,Open]
<sarnold> hallyn: I'd expect that could only work if QXLWorker looked like struct QXLWorker { struct RedDispatcher foo; .. }
<sarnold> hallyn: hahahahaha
<sarnold> hallyn: such sadness :(
<hallyn> much corrupt
<hallyn> ddsss: there are a ton of options... but the nature of rss is that something has to fetch and/or store it;  yeah you can run ttrss
<hallyn> http://s3hh.wordpress.com/2013/09/13/rss-over-pocket/     that's what i do.  works great for me
<hallyn> maint.mk: found non-public submodule commit
<hallyn> oh for pete's sake
<sarnold> hallyn: the gift that keeps on giving...
<hallyn> haha, i just rm -rf the .git and then Makefile.am skips that annoying check
<hallyn> and... i've got packages.  i'll wait a minute to take wagers about how badly they perform
<hallyn> 2 beers for "hoses the container entirely", 1 for "works worse than before", 3 for "fixes the bug"
<hallyn> IT WORKS
<sarnold> three beers for hallyn!
<hallyn> three beers >> three cheers :)
<sarnold> yes! :)
<sarnold> goodnight hallyn :) have fun breaking things :)
<hallyn> :)   thx - good ngiht
<MavKen> any success installing phalcon on ubuntu 14.04?  phpinfo not showing phalcon...have tried several times following same instructions i used to install on 12.04 and it worked for it
<lordievader> Good morning.
<LeMike> Hello. Is it possible to have a smb mount act like a synced folder? (so that files are still there after umount) One way could be rsync every minute with another folder but I guess there is some better way :)
<DarkStar1> hi all. This might be a stupid question, but I am setting up a mail-server following this: https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/ and editing the amavis content_filter_mode file. It says to uncomment the lines in that file.
<DarkStar1> what I want to know is that does the @ serve as comments?
<DarkStar1> I wouldâve thought the # were the comment lines and would be readily commented except in the files theyâre not
<mardraum> DarkStar1: looks like they are already uncommented in the example, you are right, the # are comments
<bekks> DarkStar1: Better follow this guide: http://ubuntuguide.org/wiki/Mail_Server_setup
<DarkStar1> Thanks guys. I just wanted to be sure because I know some setup files have 2 comment delimiters
<mardraum> DarkStar1: you are jumping in deep with that tutorial. While I think amavis is useful for protecting clients, something has to be said for just getting you major systems working first and adding things from there, if you are new?
<DarkStar1> mardraum: I am new.
<mardraum> work on understanding postfix first then
<mardraum> work out how you want to use php
<mardraum> for example, these days I prefer using php-fpm and nginx
<Roy___> Hello, can someone help me install something on my mount using apt-get ?
<mardraum> don't think because of that tutorial it's the only way
<DarkStar1> mardraum: I wish I had that luxury to understand postfix. But I am only a newbie admin and my boss insists on me setting this thing up within the next few days.
<mardraum> ugh
<mardraum> all of it? or does he just need mail coming in for now?
<mardraum> he/she
<DarkStar1> mardraum: no. I am meant to migrate a clientâs email onto our system
<mardraum> ok
<DarkStar1> so after this setup I need to copy the db and the mail directories over
<mardraum> well the ubuntu defaults are useful. so question why you are changing something if the tutorial says you should, and try to understand the config files
<mardraum> for your testing, I still think you need to work on getting each service running where can
<DarkStar1> mardraum: youâre right
<mardraum> else you be trying to debugging clamav issues when your mail server can't even write to the filesystem :p
<mardraum> good louck
<mardraum> luck
<DarkStar1> mardraum: itâs just the timescale I have involved. I wanted to install everything first then test by sending emails.
<mardraum> I'd also suggest starting with 14.04 if you are comfortable with ubuntu itself
<DarkStar1> ok I will test the mail service first then install spam assassin and stop there I guess
<DarkStar1> mardraum: I am comfortable with ubuntu but canât get 14 so I have to stick with the 12.04 for now
<mardraum> that's a shame
<mardraum> DarkStar1: how are you doing the client auth?
<mardraum> DarkStar1: are you planning to offer them webmail too?
<DarkStar1> mardraum: client-auth is via mysqldb, and yes they want roundcube or something better that at least allows users to change their password
<mardraum> are you ok with mysql/
<mardraum> in terms of admin
<DarkStar1> Ok ish
<wedgwood> I'm looking at moving to Ubuntu from Debian but I'm seeing some weird performance characteristics with regard to memory.
<wedgwood> Using sysbench, block sizes below 512K are twice as fast on Debian as they are on Trusty. I don't understand why
<DarkStar1> mardraum: Iâm a dev with basic admin experience.
<mardraum> DarkStar1: why did your boss give you sich a tight timeline for all thise new stuff?
<mardraum> this*
<DarkStar1> mardraum: because as far as heâs concerned I should be able to do it. Because some dev he hired elsewhere told him that these sort of things are easy.
<Havenstance> DarkStar1, sounds like my boss, you sure we don't work for the same company?
<Havenstance> lol
<Meerkat> initech?
<DarkStar1> Havenstance: Knows squat about admin and development and insists everything is easy? They mustâve been manufactured at the same place :D
<Havenstance> DarkStar1, exactly what I was thinking :)
<Havenstance> my boss always wants to make windows do things linux can do and says oh it should be easy, my favotire one was when he told me to open the command line in windows and apt-get install it
<Havenstance> I was like uhhhhh apt-get is a linux only command does not work with windows bro
<DarkStar1> rofl
<Havenstance> well fix it, because it should be easy enough to do....
<Havenstance> *facepalm*
<Havenstance> so I fixed it alright, machine in question runs ubuntu server as a base and has a windows VM on it :)
<nszceta> Havenstance who do you work for may I ask
<Havenstance> a little grocery store up in Michigan
<nszceta> Why does your boss want apt-get
<Havenstance> well hardware/grocery/gas station...
<Havenstance> he had a linux only program he wanted me to run on windows
<nszceta> What is his ultimate goal
<nszceta> what linux-only program
<Havenstance> told me to apt-get install it from the windows command line...
<Havenstance> hell if I remember its been over a year ago now
<nszceta> kk
<Havenstance> at the time it didn't have a windows version
<nszceta> was this a back-end server or what
<Havenstance> no actually it was a windows client machine
<DarkStar1> Havenstance I can top that
<Havenstance> had a couple programs on it for sales.
<Havenstance> I put ubuntu server on it because I like the installer for server
<Havenstance> DarkStar1, really?
<nszceta> so now everyone has to deal with balls slow windows VM
<Havenstance> nszceta, sure, but it fixed the problem
<nszceta> epic
<nszceta> virtualbox?
<Havenstance> he got his precious apt-get on windows
<Havenstance> nszceta, yes, with winxp as a backdrop
<Havenstance> well client
<nszceta> omfg
<DarkStar1> Me : âwhen I install this mail server, I will install spamassassin because Iâve been advised to, and it may take sometime for it to learn as Iâve been told so let the client be aware that some mails may not get through whilst itâs learningâ
<Havenstance> its actually not that slow cuz all of a our cash registers are quad core machines
<nszceta> noob managers + technology is just mind boggling
<nszceta> DarkStar1 why would it block while learning?
<Havenstance> nszceta, I have since upgraded all of them to w7 at the time we had lots of XP disks floating around so I threw it together to see if it'd work
<nszceta> doesn't make sense. should be permissive and increasingly stringent
<nszceta> Havenstance makes sense
<DarkStar1> Boss : âThatâs not true. Spam filtering has been around for years and everybosy does it now. Google will not say these kinds of things. Canât you just download one that already exists?â
<nszceta> DarkStar1 just use google mail for business then
<Havenstance> that was my thought lol
<nszceta> boss clearly gives no shits, get google
<DarkStar1> nszceta: I was just repeating what I was told. that the spam filter may target some mail as spam.
<DarkStar1> nszceta: I told him that mail service is not an easy thing and I didnât want it on my plate
<Havenstance> and its true it may, some things as it becomes more restrictive may get blocked and you have to add custom filters in
<DarkStar1> but he went ahead and got it
<nszceta> got what
<DarkStar1> the clientâs contract to manage their mails
<nszceta> now outsource that contract to google
<nszceta> take the cut in the middle
<nszceta> why stress?
<DarkStar1> nszceta: He wonât âWeâre an IT company. we shouldnât be buying IT services from elsewhere"
<DarkStar1> So Iâm playing admin and dev.
<nszceta> wow do you still work for those shills?
<Havenstance> yeah I was gonna say he'd be down an admin guy
<shauno> email is surprisingly difficult to do well.  using an established provider isn't just lazy, it's actually a good idea
<nszceta> exactly
<Havenstance> at least with my boss I can usually figure out some bullshit scheme that will work for what he wants and moving on
<nszceta> there are 2 important things that anybody wants when you for for them
<nszceta> 1) you have to make them look good
<nszceta> 2) you have to make your customers look good in front of others
<nszceta> *when you _work_ for them:
<nszceta> how you get there is irrelevant
<nszceta> DarkStar1 so how is the mail contract
<nszceta> is your boss still hazing you with mail server implementation
<Havenstance> yup, that's was the case with this guy, he wanted something windows couldn't do
<DarkStar1> nszceta: All I know is that I have a few days to do all of this.
<nszceta> You have to outsource the solution to something already established and wire it up in the next 1-2 days
<DarkStar1> nszceta: has had me put the email server with the web server
<DarkStar1> because they paid for one server.
<nszceta> how far along are you
<Havenstance> so I gave him windows over linux so he could run linux programs and since there is only one real program that runs on that vm it isn't too bad. been thinking of trying to get WINE to take it and getting rid of win totally
<DarkStar1> nszceta: well webserver is up and running.
<Havenstance> DarkStar1, have you looked at zentyal? I use that here for our web mail and the such
<nszceta> this looks shady but might work http://www.iredmail.org/
<nszceta> man I hate that kind of situation
<DarkStar1> Havenstance: I have to do as he says.
<Havenstance> support for it sucks so i've had to get a crash course myself but it seems to work well, supposidly its a complete replacement for exchange server and also has a built in apache server
<Havenstance> DarkStar1, what OS is he forcing you to use?
<DarkStar1> Havenstance: I use whatever I want
<DarkStar1> as long as weâre not outsourcing anything
<DarkStar1> so Iâm using ubuntu
<Havenstance> okay, give zentyal a test in a vm, it might do just what you want
<Havenstance> it runs over server 13.10 right now, afaik it hasn't been tested on the new lts
<Havenstance> but that's the community edition, the commercial edition runs over lts distros and gets fairly decent support in terms of you can call someone and they'll call you back within a set time frame
<Havenstance> http://www.zentyal.org
<Havenstance> its got a firewall, av, and it uses openstack as the email client. makes it all fairly simple to setup, i just deployed a new network controller here in a little over two hours
<Havenstance> brb coffee break
<Kawaiola> I updated my server from 13.10 to 14.04 and my wordpress no longer works but my apache is still running and seems to work just fine any ideas?
<DarkStar1> Havenstance: not sure I can get the 13.10 os templates for the VM yet. + I have the web server running perfectly and I donât want to spend my 3 day weekend working on this if I am tbh :(
<Meerkat> check the apache logs, Kawaiola
<Kawaiola> How would I check the apache logs I'm pretty new to linux to be honest haha
<Meerkat> Kawaiola, they are in /var/log/apache2/ by default.
<Kawaiola> Okay I'll go look
<Kawaiola> There is nothing in the logs does that mean it reset when I updated the server maybe?
<Meerkat> Kawaiola, is access.log empty too?
<funcoland1> i have an ubuntu 14.04 live cd customized with a new package and everything goes well into it executes a post install script that calls "ldconfig".. it appears that this program is not available in the environment that's spawned by the installer.. any hints here? :-/
<nszceta> funcoland1 ldconfig must be run with elevated privs
<Kawaiola> Meerkat, Let me check
<Kawaiola> Meerkat, Yeah those are empty too
<funcoland1> nszceta: there is no sudo inside the shell that's created during the installation of ubuntu server.. and when i hit ALT + F2 to drop into a shell calling the "ldconfig" program manually makes it says "ldconfig: not found"
<Kawaiola> Meerkat, So I think maybe all of the services reset mysql and php are back to defult too but I can't even find my wordpress files at all
<Kawaiola> Meerkat, So basically I think I'm going to have to rebuild them at this point.
<nszceta> funcoland1 type 'which ldconfig'
<nszceta> and give it the full path
<Roy___> does any body knows how to use apt-get to install something on a specific mount ?
<funcoland1> nszceta: i did /usr/bin/which which and it's telling me /usr/bin/which is not found
<nszceta> wtf
<nszceta> you are missing the most basic utilities
<funcoland1> i'm wondering, if i should just have it install the packages during the post installation script
<Stats_Ethan> Does Ubuntu Server use a different version of the Linux kernel than Ubuntu Desktop?
<funcoland1> yeah i know
<funcoland1> i think what it is is during the installation of ubuntu server the shell is limited.. i think it's called busybox
<nszceta> I don't know which ubuntu package can help you. I usually use Arch, CentOS,and OS X
<bekks> Stats_Ethan: No.
<Meerkat> Kawaiola, enter 'a2query -s' and tell me what it returns.
<nszceta> yeah the installation has a limited envir
<nszceta> I've never remastered a linux image
<Kawaiola> Meerkat, 000-defult (enabled by site administrator)
<funcoland1> thanks anyways
<Kawaiola> Meerkat, That is all it came up with when I typed that command in
<Meerkat> Kawaiola, now enter a2ensite and press tab a few times until it shows some files. Which files are shown?
<Kawaiola> Meerkat, 000-default.conf defaultssl.conf
<Kawaiola> Meerkat, That is all that came up over and over again when I ran that one
<Aison> nice one, update fails on slapd
<Aison> now ldap is no longer working
<Meerkat> Kawaiola, enter 'a2dissite 000-default'. Then 'a2ensite 000-default.conf'. Then reload apache, 'sudo service apache2 reload'.
<Kawaiola> Meerkat, Okay
<Meerkat> Kawaiola, apache 2.4 requires sites to have the .conf file ending. So people have to fix this manually, I guess.
<Meerkat> Kawaiola, does the site run now?
<Kawaiola> Meerkat, Let me check I just reloaded it
<Kawaiola> Meerkat, Yeah! it is thank you would you mind explaining to me what I did and why that fixed the issue I was having
<Kawaiola> Meerkat, Was it because of the order of which apache goes and looks for the file directory because I know I had to put .php before .html in the beginning because it would still load the default apache webpage
<Meerkat> In apache 2.4, which comes with ubuntu 14.04, all site configuration files must end with .conf. You disabled the old site (000-default) with the properly named site (000-default.conf).
<Kawaiola> Meerkat, Oh okay that makes sense
<Kawaiola> Meerkat, Thanks for your help
<Kawaiola> Meerkat, I was freaking out I thought I was going to have to rebuild the entire thing.
<Aison> why the fuck did the upgrade delete /var/lib/ldap content
<cfhowlett> Aison language!  family friendly channel here ...
<Aison> yeah, but it is a little bit ennoing, that an upgrade can delete a whole database
<IdleOne> indeed. still need to be polite and professional in here though
<Aison> anyway, no idea what to do now
<Meerkat> there's a no-cursing rule in a server chat?
<Meerkat> wt*
<bekks> Aison: restore the backup?
<cfhowlett> !guidelines
<ubottu> The guidelines for using the Ubuntu channels can be found here: http://wiki.ubuntu.com/IRC/Guidelines
<Aison> bekks, yes, that's one possibility, but an ennoing one
<Aison> the point is, the fucked up server IS the backup server. So I have to move the backup media to another server first
<IdleOne> Imagine how annoying it would have been if you didn't have the backup
<IdleOne> Aison: you were asked nicely to not swear
<IdleOne> Please don't do it again
<cfhowlett> !guidelines|Aison these are the rules - for everyone.
<ubottu> Aison these are the rules - for everyone.: The guidelines for using the Ubuntu channels can be found here: http://wiki.ubuntu.com/IRC/Guidelines
<Aison> ok, when I playback the /var/lib/ldap directory and do apt-get dist-upgrade to upgrade slapd, it always removes the whole content of /var/lib/ldap
<Aison> nice one...
<Aison> to be concrete, It is moved to /var/backup
<MavKen> has anyone installed phalcon php on 14.04 yet?
<pmatulis> Aison: what sort of upgrade are you talking about?
<Aison> pmatulis, trusty (slapd version is the same as before, but upgrade failed)
<Aison> but removing the ldap database before upgrade and add it back after upgrade works
<DarkStar1> Bon weekend a tous
<axisys> how to remove plymouth safely?
<Morclye> I just installed Ubuntu Server 14.04 and it ignores static IP assigned by router's DHCP server altogether. On every boot it picks a new address. Any help is appreciated.
<qhartman> I'm working on getting a MAAS server setup. Is there anyway I can check the progress of the boot image import? I've been waiting over an hour and it doesn't seem to have completed.
<qhartman> There's no appreciable net traffic on the box, and the logs in /var/log/maas aren't terribly enlightening
<qhartman> anywhere else I can look?
<adam_g> qhartman, unless its changed recently, you should see some wget's running in the background
<sarnold> Morclye: I saw a bug report recently about a dhcp client sending the literal string <hostname> ..
<sarnold> Morclye: see if this looks similar https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1308968
<uvirtbot> Launchpad bug 1308968 in isc-dhcp "isc-dhcp-client sends string literal "<hostname>" instead of hostname" [Undecided,New]
<Havenstance> anyone know of a good linux backup solution?
<Havenstance> im running 13.10 server if that helps
<qman__> rsync
<patdk-wk> duplicity?
<patdk-wk> dd
<patdk-wk> tar
<Havenstance> I have a server here that hosts samba shares I want to back those shares up off site to another server
<patdk-wk> samba with acl's?
<sarnold> amanda and bacula seem popular among 'larger' installations
<Havenstance> patdk-wk, yes, the server actually uses zentyal as a front end
<patdk-wk> but sounds like a job for rsync or duplicity depending on how yo uwant it
<Havenstance> okay thank you i'll look into both of them and see if they fit our needs
<patdk-wk> sarnold, depends on the backup target, really
<patdk-wk> one day,  Iwill get amanda or bacula setup
<Havenstance> the boss was interested in URbackup but trying to get it to run on linux is like pulling teeth don't wanna spend too many "man hours" on it
<patdk-wk> or maybe  Inever will, and will dump all my lto3 stuff, and buy all new lto6
<patdk-wk> Havenstance, that would be amanda/bacula :)
<patdk-wk> duplicity will give you simple backups over like ssh with versions
<patdk-wk> rsync will give you a backup, but only current copy
<Havenstance> yeah that's what he wanted actually almost to a t
<qman__>  I use backuppc for workstation backups, but I stick to rsync scripts for servers
<Havenstance> i'll look into the 3 and see what I can come up with, maybe a combination of 1 or 2 would actually suffice. wouldn't matter much as long as I can set the backup location.
<patdk-wk> duplicity uses rsync
<Havenstance> the versions can be stored on the server locally then we could back the entire location up at a set time off site so either way it should work.
<patdk-wk> but instead of just dropping the files exactly like it read them, it packages them up
<Havenstance> how about a way to restore the backups in event of a failure?
<patdk-wk> rsync? yo ujust rsync it back, or copy it how ever you want
<patdk-wk> duplicity, you just extract it
<qman__> Yep
<Havenstance> perfect
<patdk-wk> duplicity basically wraps rsync into *tape files*
<Havenstance> sounds exactly like what i'm looking for i'll check em out thank you
<patdk-wk> it's how I backup my laptop
<Morclye> sarnold: Thank you. I will try for now modifying /etc/network/interfaces and set static IP on server end instead of router, at least for now. Hopefully that'll work.
<sarnold> Morclye: heh, yeah, if that doesn't work we're all in big trouble :)
<patdk-wk> the only way dhcp wouldn't work right is, config error, or rouge dhcp server
<sarnold> patdk-wk: heh I wish that were true, we went through quite a few rounds of updates for dhcp clients, especially in the face of udp checksum offloading and virtio-based nics, iirc..
<sarnold> patdk-wk: I had a suspicion Morclye's run into this: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1308968 just based on his description of the symptom he saw..
<uvirtbot> Launchpad bug 1308968 in isc-dhcp "isc-dhcp-client sends string literal "<hostname>" instead of hostname" [Undecided,New]
<sarnold> you'd have thought that we'd have dhcp down by now. guess now. :)
<patdk-wk> oh, I only assign static ip via mac address
<patdk-wk> never had an issue
<sarnold> :)
<Morclye> My router has hostname and MAC address required when assigning static IP outside automatic DHCP range.
<Morclye> Can't tell which is primary though
<patdk-wk> normally they do it via mac, and use hostname for a local dns lookup
<Morclye> sarnold: After finding how to assign static IP to server end things started to work. Thanks againg for helping out relatively new Ubuntu user :]
<Morclye> * again
<sarnold> Morclye: nice :) have fun
<patdk-wk> yay, got mod_spdy for trusty compiled
<patdk-wk> now nothing holding me back from upgrading my webservers
<ahmadgbg> Hi, what solution is better and easier. A tower server or a qnas as a webserver? im going to have like 5 diffrent domains with wordpress
<ahmadgbg> qnap*
<sarnold> NAS systems are usually built "just enough" for their own storage processing needs. If your needs are light it might do okay but I'd make sure it even has the grunt to handle wordpress and mysql and soforth.
<pmatulis> Aison: an upgrade from Precise or from Saucy?
<pmatulis> Aison: and the only thing that saved you was the backup that was placed under /var/backup ?
<qhartman> adam_g, Thanks for the tip. I didn't see anything like that when I looked, but apparently something worked, I have them now that I've come back from lunch.
<patdk-wk> hmm, you could run like 1000 wordpress sites on a tiny nas
<patdk-wk> the question is how much rps it will hve, and how large the wordpress db's will be
<Aison> pmatulis, from saucy to trusty. The backup in /var/backup was corrupt also. The only thing that saved my database was the one from the dayli backup to the tape drive
<Aison> pmatulis, I upgraded now two machines. Both ldap databases were completely killed during the update
<Aison> pmatulis, I had to playback both from the tape backup (bacula)
<Aison> pmatulis, the only way to finish the upgrade was even to remove all ldap config files from /etc/ldap, then I finished with dist-upgrade
<Aison> dist-upgrade failed always
<Aison> when there was some ldap database data
<ahmadgbg> sarnold, my sites have like 2-3000 unique users/month
<ahmadgbg> and i need the storage for my videos :P
<ahmadgbg> so can i use it as a web server + storage
<ahmadgbg> i see that they have like 2-3 GB ram and a bad dual core :P.. is this enough?
<DonRichie> Hi, i did "do-release-upgrade" on my ubuntu server and now my log daemon diappeared. What can I do to reinstall the daemon?
<qhartman> DonRichie, do you mean rsyslogd?
<DonRichie> I had klogd and sysklogd running
<qhartman> looks like for klogd you need to install busybox-syslogd
<qhartman> aside from that, I'm not sure, it's not apackage I use
<DonRichie> busybox sounds wrong to me. Its this multi purpose binary.
<sarnold> ahmadgbg: ah maybe it'll do well, that's pretty quiet..
<DonRichie> I wonder what happened to klogd
<DonRichie> I thought this daemon runs to log kernel messages
<qhartman> aptitude says it's provided by busybox-syslogd
<qhartman> if you really want to use that one, I think that's what you need. That said, I find the default rsyslog to be a very flexible and reliable system, so unless you have a particular reason to use klogd it might be worth investigate switching
<DonRichie> I will install rsyslog daemon instead. Do you have information about how the kernel log daemon (klogd) works and how I can restore it?
<DonRichie> I am a little bit unsure how the gears work together
<ahmadgbg> sarnold, its better to build a computer and install linux right :P
<DonRichie> I know about the syslog daemon and that he listens on the device /dev/log but never heard about this kernel log daemon
<qhartman> rsyslog should replace all the functionality that klogd provides. I suspect it's already there and working with a default install. If you need it to collect remote logs, you only need to uncomment the appropriate lines near the top of /etc/rsyslog.conf
<DonRichie> Thanks for the answers qhartman. I installed rsyslogd now and a little test with logger succeeds again now as espected. If you say I don't miss any functionality from klogd I am fine with it :)
<qhartman> You shouldn't. klodg is a very minimal logger. I would be surprised if it does naything that rsyslog does not
<DonRichie> It came with the basic ubuntuserver 12.4  installation
<qhartman> ah, that makes some sense. That install is targeted to low-spec machines, so they would have chosen the most light-weight logger available
<DonRichie> Then I upgraded to 13.10 and it was still there. Now on 14.4 it disappeared during the upgrade
<patdk-wk> klogd died when rsyslogd came in
<DonRichie> I think I can dispense some little resources for a good logging daemon^^
<qhartman> indeed. Any rate, glad you're going again
<DonRichie> Thanks for your help
<Patrickdk> sarnold, how do I get someone to look at a bug?
<justizin> i have a cronjob which just sends an OK message via send_nsca to nagios, verifying that my crons are running, but sometimes it times out and generates email, even though iâm redirecting output at the end with 2>&1 >/dev/null, any idea what obvious mistake iâm making that i should be immune to after 15yr of using cron? ;d
<Patrickdk> seems like this one is just getting missed, due to people not testing it
<Patrickdk> bug #1286911
<uvirtbot> Launchpad bug 1286911 in xtables-addons "Kernel Panic using 14.04" [Undecided,Confirmed] https://launchpad.net/bugs/1286911
<Patrickdk> suprised it made it to release, since I reported it awhile ago
<sarnold> Patrickdk: hrm, that one might be difficult; to get the thing updated through the security team, it'd be best to get some CVEs assigned for the crashes and just put together specific fixes for the crashers
<sarnold> Patrickdk: we might also be able to handle this as an SRU update if the changes between 2.3 and 2.4 were entirely bugfix and reliability fixes
<Patrickdk> I only went over a quick diff of it
<Patrickdk> looked like it to me
<Patrickdk> I gave up attempting to track down what specific module caused it to crash
<Patrickdk> ya, I could try it sometime
<Patrickdk> my firewall doesn't load just the ones it needs, currently, it just loads all
<Patrickdk> ok, updated bug report, crashs when iptable_rawpost is loaded
<sarnold> hah ,that's why 2.4 fixes it, it just removes the whole thing
<Patrickdk> :)
<Patrickdk> atleast that should be an easy sve, just tell it not to install that module anymore, simple
<qhartman> When I change interface configuration in the MAAS interface, should I expect that to actually make changes to the network config on the server? It does not seem to...
<Guest67771> Hi I need help from a permissions expert. I have a Ubuntu 12.04 server. Just installed Plesk, and went to change permissions on a directory from read and write (700) to read only. I was still in SU mode, and typed chmod 0544 -R/Music. It appears to have changed my permissions for the entire file system. I googled the info for read only. Can anyone help me get back to a normal state please?
<sarnold> Guest67771: can you pastebin the output of ls -l /   ?
<Patrickdk> guess he didnt like you
#ubuntu-server 2014-04-19
<pmatulis> hallyn: does do-release-upgrade work in recent LXC?
<pmatulis> (ok, worked for me on Trusty)
<hallyn> pmatulis: yeah, i've used it pretty recently there
<arrith> anyone ever RAID 0 three drives or see benchmarks for it? i've heard roughly double performance from RAID-0-ing two drives, so would RAID-0-ing three drives give roughly triple the performance?
<Guest67771> Hi I need to mount an old hdd on Ubuntu 12.04 server. Google some info - but I get an error mount: wrong fs type. I'm using xfce as my desktop. Any chance of some advice please?
<sheptard> so I've got 3 ssds
<sheptard> made a raid5 of them (still rebuilding)
<sheptard> and I'm trying to mkfs on them, and it's taken 10-15 minutes so far
<sheptard> any ideas?
<tonyyarusso> sheptard: 1) You haven't said what their capacity is, so it's hard to say if 15 minutes is unreasonable even when healthy, 2) Attempting anything like that before the rebuild is complete is going to take a minor eternity, 3) RAID 5 is probably a poor choice - it usually is.  :P
<sheptard> 120gb
<sheptard> I blew the raid array away, and tried on just one, mkfs exited almost instantly
<arrith> probably the rebuild then
<arrith> i would think SSDs wouldn't take *that* long to rebuild though
<arrith> sheptard: i say backup to a spinning platter hdd, and raid 0 those three >:D
<sheptard> haha
<arrith> sheptard: that's what i want to do in this laptop
<arrith> just need to order the parts and install. hopefully should be pretty fast
<lordievader> Good morning.
<dwarder> what is the proper way to update ubuntu VPS ?
<dwarder> sudo apt-get update ?
<dwarder> what the difference with sudo apt-get dist-upgrade
<cfhowlett> dwarder https://www.dropbox.com/s/msv95ijbb0uoeb4/Ubuntu%20Reference%20Sheet.pdf
<dwarder> cfhowlett: danke
<cfhowlett> dwarder de nada
<cfhowlett> dwarder bitte!
<dwarder> cfhowlett: do i need to restart my VPS after apt-get upgrade
<dwarder> ?
<cfhowlett> dwarder sorry, no idea what VPS is ...
<dwarder> cfhowlett: virtual private server
<cfhowlett> dwarder right/NEVER used one, don't know, sorry.
<dwarder> cfhowlett: i.e. vbox and vmware
<dwarder> cfhowlett: do you restart your box after apt-get upgrade
<cfhowlett> dwarder umm, it can't hurt???
<dwarder> cfhowlett: the question is do i need it?
<cfhowlett> dwarder I never restart after a dist-upgrade.
<Meerkat> dwarder, if you got new kernels then, yes. Otherwise no.
<dwarder> Meerkat: does it tell if i have new kernels?
<Meerkat> it should display a list of packages that you have to press Y to install.
<dwarder> Meerkat: so it restarts all the services upon apt-get upgrade , right?
<Meerkat> no
<dwarder> Meerkat: it restarted my apache
<dwarder> Meerkat: not sure about the ssh service
<Meerkat> dwarder, did you upgrade to a new release of ubuntu server? or simply updated it?
<dwarder> Meerkat: i did apt-get upgrade
<Meerkat> dwarder, what does 'lsb_release -r' return?
<dwarder> Meerkat: 12.04
<Meerkat> dwarder, to update ubuntu with the latest security and bug fixes you wanna enter: 'sudo apt-get update && sudo apt-get upgrade'
<Meerkat> update will update the list of packages available and upgrade will start to download them. You'll have to press Y when asked, though.
<Meerkat> dist-upgrade will update ubuntu to a new release (currently 14.04).
<cfhowlett> Meerkat false.
<dwarder> Meerkat: https://www.dropbox.com/s/msv95ijbb0uoeb4/Ubuntu%20Reference%20Sheet.pdf
<cfhowlett> Meerkat https://www.dropbox.com/s/msv95ijbb0uoeb4/Ubuntu%20Reference%20Sheet.pdf
<dwarder> cfhowlett: haha ;)
<cfhowlett> dwarder good one!
<Meerkat> cfhowlett, how is it false?
<cfhowlett> dwarder just for that:   https://www.dropbox.com/s/7sqzo0wip1tlngh/fwunixref.pdf
<cfhowlett> Meerkat dist-upgrade does NOT upgrade to a new release
<cfhowlett> Meerkat that would be "sudo do-release-upgrade"
<Meerkat> cfhowlett, according to your source it will. "apt-get dist-upgrade â upgrade with package replacements; upgrade Ubuntu version"
<cfhowlett> Meerkat package within the same distro e.g. 12.04 to 12.04.1
<cfhowlett> NOT 12.04 to 14.04
<dwarder> cfhowlett: shoud i do apt-get dist-upgrade
<dwarder> cfhowlett: ?
<dwarder> cfhowlett: if i just want security upgrades
<cfhowlett> dwarder I do so regularly for maintenance
<dwarder> well, not just ,but this is important
<dwarder> cfhowlett: on a production server?
<cfhowlett> dwarder ah - no.  dist-upgrade will do ALL package upgrades, not security only
<cfhowlett> dwarder I don't know how to restrict updates to security.  sorry
<dwarder> cfhowlett: you do dist-upgrade on production server?
<cfhowlett> dwarder desktop ...
<dwarder> cfhowlett: i don't need to restrict. will dist-upgrade do security upgrades, or do i need dist-upgrade for that?
<cfhowlett> dwarder dist-upgrade will include security in package upgrades
<dwarder> cfhowlett: my question?
<dwarder> :)
<dwarder> ohh
<dwarder> i meant
<dwarder> cfhowlett: i don't need to restrict. will 'apt-get upgrade' do security upgrades, or do i need 'apt-get dist-upgrade' for that?
<cfhowlett> dwarder yes, apt-get DIST-upgrade will include security updates
<dwarder> cfhowlett: not apt-get upgrade?
<lordievader> apt-get upgrade should also include security updates, unless the package wants to pull in new dependencies or remove packages.
<cfhowlett> dwarder ^^^ lordievader has a better grasp than I of the distinctions
<dwarder> lordievader: thank you
<lordievader> apt-get upgrade may only upgrade packages, it may not install new or remove things. apt-get dist-upgrade may pull in new or remove packages.
<dwarder> will do apt-get upgrade only then on my production server
<lordievader> dwarder: No problem ;)
<lordievader> dwarder: Then you won't get kernel updates ;)
<dwarder> lordievader: i worry about recent heartbleed issue
<dwarder> lordievader: is it also kernel related?
<lordievader> dwarder: That was patched very fast in Ubuntu.
<lordievader> dwarder: No, openssl.
<dwarder> lordievader: should i do apt-get dist-upgrade on a production server?
<bekks> dwarder: OF course.
<bekks> dwarder: that wikll not get you a new release but upgrade all packkages within a release.
<lordievader> dwarder: Every once in a while.
<dwarder> bekks: what is 'wikll' ?
<dwarder> ok will do then
<bekks> dwarder: a typo of "will".
<dwarder> ahh
<lordievader> dwarder: I've set it up here that apt-get upgrade is run automatically. With the cron mails I get I see if there are held back packages. Those can be installed with apt-get dist-upgrade.
<Geraner> Is there an option to let the server automatically check for updates and automatically apply all security updates?
<bekks> Geraner: you can confugure that using unattended-upgrades
<Geraner> Thanks, will look for that.
<Geraner> just found that on the internet http://askubuntu.com/questions/325998/how-to-enable-auto-security-update-in-ubuntu-12-04-server
<Geraner> writing also about unattended-upgrades.
<Geraner> thanks
<bekks> Geraner: https://help.ubuntu.com/10.04/serverguide/automatic-updates.html
<Geraner> Yea, or this one. since I'm running 12.04 LTS https://help.ubuntu.com/12.04/serverguide/automatic-updates.html
<Geraner> looks really easy an straight forward.
<Geraner> good also that all automatically made updates are logged under /var/log/unattended-upgrades
<Geraner> so the admin can check later what has been patched.
<Geraner> trying to install but it tells me that it is already installed but set to manually.
<Geraner> unattended-upgrades is already the newest version.
<Geraner> unattended-upgrades set to manually installed.
<bekks> And?
<bekks> It is installed already.
<Geraner> yes, I'm now in the file /etc/apt/apt.conf.d/10periodic
<Geraner> checking the settings there.
<Geraner> do I need to restart any service after chaning the 10periodic file? Or are the changes recognized automatically and applied?
<bekks> Geraner: you dont have to restart anything, since it is triggered by /etc/cron.daily/apt
<Geraner> Cool. :)
<Geraner> I will install apticron as well and set my e-mail address in the /etc/apticron/apticron.conf to get an info every time an update is done.
<Geraner> Sounds like a cool feature. :)
<Gordio> Hi.
<Gordio> How restart uwsgi?
<Gordio> # apt-get install uwsgi
<Gordio> â¦ installing ...
<Gordio> uwsgi start/running, process 12801
<Gordio> zsh: no such file or directory: /etc/init.d/uwsgi
<Gordio> centauri@gordio /var/www/gordio:master>/etc/init.d/uwsgi                    [2]
<Gordio> zsh: no such file or directory: /etc/init.d/uwsgi
<Gordio> $ service uwsgi restart - http://pastie.org/private/gdjkymcflkybya9stetbg (it's error?)
<bekks> Gordio: did you look at the package content yet?
<Gordio> How?
<bekks> Gordio: by looking at packages.ubuntu.com e.g.
<Gordio> packages.ubuntu.com don't have valid version.
 * Gordio use Ubuntu 14.04
<bekks> Then where did you get that package from?
<Gordio> frome here?
<Gordio> In packages.ubuntu.com last version I can't find 13.10
<Gordio> I unstall package in ubuntu 14.04
<bekks> http://packages.ubuntu.com/trusty/uwsgi
<bekks> There it is.
<Gordio> And don't have /etc/init.d/uwsgi (in 13.10 (on packages.ubuntu.com) i see this file)
<Gordio> http://packages.ubuntu.com/trusty/amd64/uwsgi/filelist
<Gordio> my system: ls: cannot access /etc/init.d/uwsgi: No such file or directory
<Gordio> How me check package file-list in system?
<Gordio> Like `equery f pkg_name`?
<bekks> dpkg-query -L uwsgi
<Gordio> Hm. /etc/init.d/uwsgi exist in files-list =\
 * Gordio sad
<Gordio> bekks: thank you.
<Gordio> rm -rf /* fix all my problems.
<bekks> not funny.
<Gordio> But it's real :)
<Gordio> I restore basic system from image.
<Madkiss> cheers. i am trying to start a libvirt vm on a ubuntu 12.04 system ,and all I get is
<Madkiss> error: internal error cannot load AppArmor profile 'libvirt-9647a43e-29b9-40f4-b088-f228f6648032'
<Madkiss> I tried uninstalling apparmor because I don't like that stuff anyway, but uninstalling apparmor means uninstalling libvirt
<Madkiss> so how do I get rid of this?
<Gordio> http://stackoverflow.com/questions/12069297/create-virtual-machine-using-libvirt-error-related-to-apparmor
<Gordio> Madkiss: ^^^ (maybe this help you: "Replace type='host_device' with type='raw' in the xml definition.")
<dwarder> i did apt-get dist-upgrade , do i need to reastart my server?
<lordievader> dwarder: Depends. Was there a kernel among the updates?
<lordievader> If so, if you want to use it you should restart. (Or do kernel splicing, but I've heard that is rather tricky)
<dwarder> lordievader: http://pastebin.com/92BGqsad
<lordievader> Jup, new kernel.
<dwarder> lordievader: on VPSs how should i restart? will shutdown -r now work?
<dwarder> lordievader: or should i just power off / power on though the control pannel?
<lordievader> dwarder: No idea, I have no experience with VPS'es. If it is kvm-qemu clients are simply able to use 'reboot'.
<dwarder> lordievader: dist-upgrade    upgraded my 12.04 to 13.04
<dwarder> lordievader: is this ok?
<dwarder> lordievader: that is what lsb_release -r shows
<dwarder> lordievader: reboot worked ok
<lordievader> dwarder: That is not possible.
<lordievader> apt-get dist-upgrade doesn't do that.
<dwarder> lordievader: well it does
<lordievader> dwarder: No it doesn't.
<dwarder> hmm
<lordievader> sudo do-release-upgrade does
<dwarder> lordievader: maybe i confused myself
<dwarder> lordievader: i have several vps's
<dwarder> lordievader: and this one was 13.04
<lordievader> dwarder: That is a more logical explanation ;)
<dwarder> lordievader: ok i now cheched on another box that it is 12.04 , gonna dist-upgrade on it
<dwarder> lordievader: brb
<dwarder> i am back
<dwarder> :)
<lordievader> Welcome back, dwarder
<dwarder> lordievader: so it was true, one box was 13.04 :)
<dwarder> lordievader: the box that was 12.04 stayd 12.04
<dwarder> lordievader: thank you :)
<lordievader> dwarder: No problem ;)
<RealKillaz> hi there..
<RealKillaz> I have a question related to chkrootkit...
<RealKillaz> I have server 10.04 running..
<RealKillaz> and when I do o chkrootkit I get the following error: Checking `chkutmp'...                                       *** stack smashing detected ***: ./chkutmp terminated
<RealKillaz> and the following is shown in the messages log: http://paste.ubuntu.com/7284501/
<RealKillaz> Should I worry?
<maxb> Hard to say definitively, especially since chkutmp doesn't even seem to exist in 14.04 which is what I'm running, but yes, I'd be inclined to be a bit worried
<maxb> 10.04 is pretty ancient; I'd consider this an opportunity to reinstall from scratch
<pmatulis> Aison: i could not reproduce your slapd upgrade mess-up
<alaing> I'm running ubuntu server on a spare machine at home
<alaing> i'm having problems with permission with a CMS that I'm using
<alaing> which made me wonder if my configuration is correct
<alaing> I know my apache server is using user www-data and user group www-data
<alaing> I've just noticed that my /var/www is displaying my username for both owner and group
<alaing> is this correct?
<alaing> shouldn't it be www-data?
<alaing> my username is part of www-data group
<alaing> I've noticed the /var/www/ files and folders mainly have my username:group and some have root:root
<alaing> drwxrwxrwx+ 20 thelaings thelaings  4096 Apr 18 20:50 www
<alaing> www permissions
<bekks> Looks wrong.
<bekks>  /var/www should be owned by root:root, as well as /var/www/html/
<bekks> The content, as needed, should be owned by www-data:www-data
<alaing> should it be 755 root?
<alaing> i dont have a /var/www/html/
<alaing> bekks: ^
<alaing> I did a bit of googling and it seemed to be mixed views about whether it should be root or whether it should be www-data
<Ben___> hey,
<Ben___> how can i install a package on a mount other than my default one that my OS sits on?
<bekks> alaing: the document root should never be owned by the webserver user. never. that would allow an attacker to change everything - which is mostly unwanted.
<shauno> Ben___: to clarify, you've a second system mounted on your current one? (eg, mounted from a rescue disk, etc)
<Ben___> shauno: yes, i mounted another disk
<arrith> Ben___: is there an install on that other disk?
<shauno> --root= will work for that scenario, but not if you're just trying to install it somewhere it doesn't belong
<alaing> bekks: yeah that makes sense
<Ben___> arrith: what do you mean "install" ? i want to install with apt-get
<alaing> should it be 755 root?
<Ben___> i'm trying to install a database
<shauno> (as an option to dpkg I mean, not apt.  apt won't go far here, but can be used for --download-only to fetch the required packages)
<bekks> alaing: And in < 14.04 there was a /var/www/html, in 14.04 there isnt. This is because of the configuration changes between Apache 2.2 (< 14.04) and Apache 2.4 (14.04)
<arrith> dpkg is pretty neat in the stuff it lets you override
<Ben___> shauno: so i need to install it manually?
<arrith> used --force-depends recently to test some stuff, worked great
<alaing> yeah i dont have that
<alaing> this cms needs 755 access
<shauno> Ben___: I'd download it whatever way you feel most comfortable, and use dpkg -i --root=
<arrith> Ben___: you can store the actual database in a different place than the database managing/administration binaries
<shauno> you may be able to change the paths apt uses, but I have no idea how - so I side with the option that makes me look less silly
<arrith> Ben___: when you create the database, after you install it, is when you decide where to put it. you should read a tutorial on making a database
<Ben___> how did you know i'm creating a database?
<bekks> "0419 192229 < Ben___> i'm trying to install a database".
<bekks> We didnt even need glass orbs.
<alaing> :-)
<alaing> bekks so shoudl my /www/ be 755 root:root?
<Ben___> lol
<Ben___> i must be drunk
<bekks> alaing: Yes.
<arrith> <Ben___> i'm trying to install a database
<alaing> or just not drunk enough
<arrith> oh yea
<alaing> and subfolder/files?
<arrith> Ben___: don't drink and sysadmin
<alaing> shoudl they be owned by www-data?
<Ben___> so you mean that i can install my database on the default disk, but let it store its content on my mount?
<alaing> my user is part of www-data group
<arrith> Ben___: yes. google guides on like mysql
<Ben___> its actually CouchDB :)
<arrith> Ben___: same process roughly
<Ben___> i just thought that it may work better if the db sits in the same disk with the content
<arrith> Ben___: there is no distinction there, the db is the content
<arrith> Ben___: the only thing installed through like apt is the software, not the db datums
<arrith> a db is stored as a file generally
<Ben____> sorry
<Ben____> my internet got disconnected
<Ben____> [20:28] <arrith> Ben___: same process roughly [20:28] <Ben___> i just thought that it may work better if the db sits in the same disk with the content
<Ben____> this was the last thing i saw..
<Ben____> can someone copy-paste?
<arrith> <arrith> Ben___: there is no distinction there, the db is the content
<arrith> <arrith> Ben___: the only thing installed through like apt is the software, not the db datums
<arrith> <arrith> a db is stored as a file generally
<bekks> The last sentence is not correct in term of a raw device.
<Ben____> yes i understood that
<Ben____> arrith:
<Ben____> but,
<Ben____> doesn't it matter whether the database binaries sits in the same disk with the database content or not?
<alaing> how do I chmod 0644 files only?
<alaing> and 755 folders
<Ben____> i just assumed it would be faster if it does
<arrith> Ben____: actually being on different disks would be faster since it can read/write to both of them at once. different seek positions
<arrith> Ben____: although if your root drive is really slow then that possibly could affect performance, but if that's the case then you should move your root to a RAID or SSD or 10k drive
<Ben____> cool, thanks!
<miseria> "vamos por el mundo, odiando y rechazando, aspectos que creemos despreciable de los demas y de uno mismo" bienvenidos: http://castroruben.com *temo_a_un_ser_sin_rival*
<Aison> pmatulis, nice
<Aison> pmatulis, I hope your solution help others not to mess up their system
<aslaen> hello, I'm trying to get cobbler working on ubuntu 12.04. I've got everything working, but when it tries to connect to ubuntu mirrors I am hitting this bug. https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/1000219
<uvirtbot> Launchpad bug 1000219 in cobbler "cobbler does not recognise 12.04 server iso" [Medium,Confirmed]
<aslaen> I tried the workaround of changing $suite to precise but then I get an error saying
<aslaen> "mirror does not have any suite symlinks" and precise is not a recognized release
<aslaen> anyone got this working?
<bekks> aslaen: USe another mirror then.
<aslaen> bekks: I don't think it's the mirror.. it seems to be a bug in cobbler. I'll try and use this PPA I just found https://launchpad.net/~pdffs/+archive/precise-cobbler
<roy_> Hi, was upgrading ubuntu on server by ssh an the terminal froze, I managed to ssh back into the server but it was half way through a upgrade how do I get it to carry on with the server upgrade?
<Patrickdk> you don't
<Patrickdk> see if it's still going
<Patrickdk> if not, just do a normal upgrade
<Patrickdk> why you shouldn't do it over ssh, except when using screen
<roy_> It was asking me a question about php.ini before it froze
<roy_> so the upgrade is still active but stuck on that question,
<roy_> if I try to do normal upgrade it says locked
<Aison> how can I rescue a ubuntu system, that failed during update and now no longer boots?
<Aison> I mean the kernel fails at boot
<Aison> I guess I simply have to boot and changeroot into the system and continue the upgrade
<timmoe> Hey guys ^^
<timmoe> I think you "server guys" know more about software-RAIDs than the "desktop guys".
<timmoe> I'm planning to install a Ubuntu with SW-RAID on a Notebook with a Core 2 Duo. Will I feel the CPU usage of the RAID or isn't it that dramatic?
<jrwren> i'm told it is negligable
<pmatulis> Aison: i don't have a solution.  the problem could not be observed
<Aison> timmoe, depends on your raid
<Aison> timmoe, what kind of raid? 1, 5, 6?
<Aison> or how many drives?
<timmoe> Aison: I want a RAID 0
<timmoe> WIth 2 Drives
 * bekks doesnt
<Aison> timmoe, I don't think raid0 is a good idea
<Aison> the point is, when one drive fails, the whole data of both drives maybe lost
<Aison> what is the reason for raid0?
<timmoe> The harddrives themselves aren't the fastest, so the main reason is speed
<Aison> well, if you need it for caching (against an even slower storage), then you MAY think about raid0
<Aison> timmoe, what do you plan to store?
<timmoe> I had to replace the graphics card twice, so I think that if the system breaks, it's most likely that it's because of the graphics card
<timmoe> I just want to use it as a normal notebook, no business stuff
<timmoe> Maybe some things for school
<Aison> well, but if your graphic card breaks, you don't loose any data
<Aison> so you screw out the hard drives and read them with a 2nd machine
<Aison> but if one of your raid0 drives failes, then you lost all your data
<timmoe> That's the reason for a sw raid, because the notebook has a via raid controller in it
<timmoe> but if the graphic card breaks, i won't replace it another time
<Aison> so your data on the notebook is completely unimportant?
<Aison> if you use your notebook just as mobile device for browsing and such and you do not store important data, then go with raid0
<timmoe> Not completely, but I can do some backups of the things that are important
<Aison> but back to your question: raid0 requires almost no cpu time
<timmoe> okay, that sounds great
<timmoe> which raid types require cpu time?
<Aison> eg. raid5,6
<timmoe> okay, thank you very much
#ubuntu-server 2014-04-20
<Aison> np
<GJPMiningco> I have a deditcated server with 2 onboard nic card that is running ubuntu desktop 14.04, eth0 has a static IP and eth1 goes to a 8 port unmanaged gigabit switch. I need to know how to give the Systems connected to that switch internet access since they are all setup as DHCP for their IP addresses
<pmatulis> GJPMiningco: does the server/desktop have internet access?
<pmatulis> GJPMiningco: if so then go here: http://goo.gl/sX9Se2 .  i need to go
<lordievader> Good morning.
<mark__> hello
<mark__> does anyone know how to access login screen in ubuntu 14.04
<mark__> server
<mark__> i'm stuck in this dmesg looking screen
<mark__> and am able to ssh into it
<ziyourenxiang> shucks, just found out ia32-libs is deprecated since 13.x
<mardraum> ziyourenxiang: you might try lib32gcc1
<mardraum> works for eg steam
<ziyourenxiang> ok thanks. will try that.
<ziyourenxiang> mardraum: thanks, my 32bit executable runs now.
<ziyourenxiang> not working yet, mind. :)
<flg> hi all, sup
<flg> i try to install identd (server) on ubuntu 14.04, any help?
<flg> in #ubuntu they told me to ask up here...
<flg> im using 14.04 desktop... and think need identd answer from this machine to connect to miau irc bouncer
<flg> any help? :)
<ziyourenxiang> goto packages.ubuntu.com and search for the package
<ziyourenxiang> itâll give you the package name you need to feed to apt-get
<flg> i tried some, none worked...
<flg> nullidentd, pidentd, oidentd ...
<flg> thanks
<ziyourenxiang> oh.
<flg> perhaps i didnt configure properly...
<flg> and i wonder too how i can test it if it works,...
<ziyourenxiang> i havenât used identd since the last century. canât help.
<flg> ok, thanks :)
<mardraum> ident, really? you are probabl behind NAT and need to port forward
<mardraum> methinks you should find a new "irc bouncer" instead.
<flg> i cant change miau cause it comes prepackaged with the distro i'm using for the system where the bouncer is installed. and the bouncer is in my local net. it connects to irc server, just not with my client...
<flg> well, i could change the bouncer perhaps, but dont know how... using special distro...
<Delemas> I've already upgraded most of my servers to 14.04. However for my last server, which has 12.04, I'm getting "No new release found". We are supposed to be able to upgrade from LTS to LTS no?
<Delemas> ah found it.. Not available until 14.04.1 is released...
<nszceta> Hello, I am interested in using the ZFS filesystem for my data storage disks. Is it possible or even recommended to use ZFS RAID-Z between drive two partitions? I would prefer to not give ZFS access to the full disk, instead I would want to give it these two partitions to RAID on its own. Thanks for any tips.
<mardraum> nszceta: are you sure you are using the right OS ?
<nszceta> mardraum can you elaborate please?
<mardraum> there are other OS with better ZFS support. And yes, you should be giving ZFS full access to your disks.
<nszceta> mardraum what is the OS with the best ZFS support
<nszceta> thanks for responding
<mardraum> these days, FreeBSD
<ddsss> why does 'sudo apt-get install owncloud' wants so many unrelated packages: http://paste.ubuntu.com/7292026/  ??? (Ubuntu 14.04 LTS)
<ddsss> ^I mean  - WTF does owncloud needs libreoffice installed?
<ddsss> ^that's just weird
<andol> ddsss: No idea, but it looks like you'll get to skip libreoffice, etc by adding the --no-install-recommens option. Of course, possible that there are some other packages among the Recommends which you will want to install to get all the wanted features.
<andol>  Without knowing much about Owncloud I'd still wager that some of those Recommends might be better suited as Suggests.
<ddsss> andol, hmm. thanks . this certainly looks like a lot trimmer version.
<ddsss> andol, 151mb vs 800mb. I mean - I don't care about space, but libreoffice on a server headless desktop is clearly a mistake.:)
<andol> Hmm, http://owncloud.org/six/ mentions a "ownCloud Documents" feature. I *guess* that it is possible that that feature uses libreoffice in some kind of backend capacity.
<ddsss> andol, hmm. so I installed owncloud - but sites-enabled doesnt contain another virtualhost? So how  dos it work?
<andol> Any chance that it drops a symlink under /etc/apache2/conf.d/ (apache2.2) or /etc/apache2/something-similar/ (apache2.4)?
<ddsss> andol, there is /etc/apache2/conf-enabled/owncloud.conf, -> but all it has is this: http://paste.ubuntu.com/7292130/
<andol> So?
<ddsss> andol, what im saying is - going to te ip address from the browser side doesnt show antyhing
<andol> ddsss: What about http://ip.address/owncloud/ ?
<ddsss> andol, ohh - I see. I had to restore 000-default in sites-enabled -> then  http://ip.address/owncloud/ worked
<ddsss> andol, still though. this package kinda relies on 000-default being there, instead ofdroppping own separate virtualhosts file...
<andol> ddsss: And what hostname and/or ip would you suggest that that virtualhost file was associated with?
<andol> ddsss: Also, this isn't really a owncloud-specific issue, but a more general issue on how to package web-stuff.
<ddsss> andol, I'd say just localhost with a different port, so there wouldnt be any collisions with other things that might be running on port 80 ?
<andol> Personally I'd imagine that being less obvious, but that is just me.
<andol> Besides, really doesn't matter once you understand your apache/nginx/whater config.
<ddsss> andol, nyway -> thanks for your help.:)
<GJPMiningco> I have a deditcated server with 2 onboard nic card that is running ubuntu desktop 14.04, eth0 has a static IP and eth1 goes to a 8 port unmanaged gigabit switch. I need to know how to give the Systems connected to that switch internet access since they are all setup as DHCP for their IP addresses
<GJPMiningco> well i need to know how to assign them all an internal IP and give them all Internet access
<GJPMiningco> can anyone help me setup DHCPd on my server?
<alaing> hi I'm having problem with permissions
<alaing> I've set my var/www/ to be owner www-data:www-data
<alaing> but I keep having to sudo
<alaing> and changing owner/group for files
<alaing> my user is part of www-data group
<hexaclock> hi all
<hexaclock> can anyone offer any advice on whether to go with iscsitarget (iET) or LIO for iSCSI?
<hexaclock> been reading a bit, and there's no clear consensus + quite a bit of politics surrounding the issue
<phunyguy> hello... I am having a heck of a time here trying to convert my server install from a single disk to RAID1... I have a new array created as degraded to migrate the install to... which I did, but it keeps booting to a blank screen. that won't respond.  I even tried a fresh instal on the spare disk with degraded array... same thing, no boot.  Any ideas?
#ubuntu-server 2015-04-13
<pr3d4t0r> Greetings.
<pr3d4t0r> Trying to recover some data from an HDD with a damaged boot sector. Â This was installed on an Ubuntu Server 12.04 LTS; I have a brand new disk with Ubuntu Server 14.04 LTS loaded. Â From what I gathered yesterday the rest of the disk is fine, only the boot partition is bad. Â When I plug both to a SATA black port each, GRUB tries to boot the bad, not the good drive.
<pr3d4t0r> Good drive is on ata1, bad drive is on ata2. Â I can't figure out on the ROM set up how to change priorities. Â The system works fine if only the new HDD is plugged to ata1. Â Please advise on how to proceed and thanks in advance.
<pr3d4t0r> (Intel motherboard, admin access to setup utility and physical access to the mobo if I need to look for jumpers or something else.)
<pr3d4t0r> Thanks in advance.
<lordievader> Good morning.
<krzychu> Hey, I am running kernel 3.2 on my LVS machines. It receives lot of networking traffic and perform lot of nats and other conntrack related work. is it true that in kernel 3.8 there were some modifications in conntrack which makes it performance better?
<krzychu> It is ubuntu 12.04 server
<OpenTokix> krzychu: is most of the traffic http?
<krzychu> OpenTokix, yes
<OpenTokix> krzychu: Add your port 80 to the raw NOTRACK target, - since http isnt stateful, there is no point in conntracking it
<igalic> hello happy people o/~
<igalic> i'm trying to network boot / install a machine, and i'm getting: http://i.imgur.com/9aQFmdz.png
<Sling> and with network boot you mean a pxe installer? or netinstall image? or?
<Odd_Bloke> A friend of mine is hitting problems using 'service mongodb ...' and '/etc/init.d/mongodb ...'; should the Upstart and SysV stuff play nicely together, or should they stick with one or the other?
<rbasak> Odd_Bloke: if there's an upstart job, don't call /etc/init.d/ directly.
<rbasak> Odd_Bloke: safest to use "service" all the time
<rbasak> Odd_Bloke: there was a bug somewhere to make it less easy to shoot yourself in the foot but I can't find it right now.
<Odd_Bloke> rbasak: Ack; I think they're running in to problems with new packages but old Chef scripts.
<Odd_Bloke> (i.e. the packages use Upstart to start the job, but their Chef scripts are using /etc/init.d/...)
<Odd_Bloke> So I'll just tell them to stop that. :p
<rbasak> Odd_Bloke: found it: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1273462
<igalic> Sling: yes, that's what i mean. i'm pxe booting the netinstaller from the standard iso
<igalic> cobbler creates a pxe boot with these two files from the iso: https://gist.github.com/igalic/769087e09c049e225665
<Odd_Bloke> rbasak: Turns out they're actually using 10gen's packages. *grumble grumble*
<igalic> Sling: so, any idea how to fix it? :O
<Sling> sorry, $stuff happened and now im going into a meeting-streak
<Sling> mondays
<igalic> oh noe ._.
<igalic> found, and updated this bug, https://bugs.launchpad.net/maas/+bug/1302158 not sure it's the exact one i'm hitting.
<jamespage> stgraber, hallyn: can you think of any nasty side effects that running irqbalance inside and outside of the container might have?
<hallyn_> jamespage: well, they'll step over each other's policy calculations, presumably
<hallyn_> or might thrash both trying to force some task (in the container) being on different processors
<hallyn_> but i'v enot used irqbalance or looked at the source
<rbasak> Would/should irqbalance inside a container actually be able to mess with things anyway?
<flipapy> it will be my first server if i install ubuntu server on this hdd, anyone have any tips on starting from scratch? what i need to know? how to go about learning from the beginning?
<genii> flipapy: The server guide is a good start. https://help.ubuntu.com/lts/serverguide/
<flipapy> i suppose i just want to elarn about it, how to run one how to set one up as a main hub so i can monitor and protet a few inhouse computers, serve as a main database etc. thanks genii  ill check it out
<genii> No problemmo
<flipapy> im an ave user on pc's install remove softwr noissues, install os, no probs, even a little cli here and there, nothing serious i know, im justwondering given that baseline of an ave user, what do you think my learning curve would be to getting semi profficient, at least for my own purposes, on ubuntu server? is it a general beginners server ? thank you and sorry for the length of this.
<flipapy> just realized i better becoem proficient in cli before i runa  server. ok well thanks agian, planned on doing that eventually anyway. cool, bye
<eagles0513875> hey guys is there a PPA with nagios 4
<pmatulis> eagles0513875: did you search launchapd?
<eagles0513875> pmatulis: searched google but its not returning me anything of use
<pmatulis> https://launchpad.net/ubuntu/+ppas
<eagles0513875> thanks pmatulis  was finding alot on how to install from source
<pmatulis> "searched google", that's interesting
<eagles0513875> pmatulis: reason im asking this is nagios 3 is rather out dated im aware that i should probably file an upstream debian bug against nagios there and it will find its way into ubuntu
<pmatulis> eagles0513875: yep, good idea
<eagles0513875> pmatulis: guess im stuck with nagios 3 for now
<eagles0513875> not much out there it seems in the way of a ppa sadly
<Odd_Bloke> rbasak: I wouldn't bet on it, but I think the existence of a /run/cloud-init directory is enough to know that there will be the expected files in it.
<eagles0513875> the nagios inc ppa hasnt had activity in 49 weeks from what i can tell
<Odd_Bloke> rbasak: At least, this is true for the versions in Ubuntu (i.e. precise doesn't have that directory, but trusty onward do).
<rbasak> Odd_Bloke: but if I'm really quick, I might be able to get in before cloud-init has created it. Eg. on LXC. On a VM maybe not in practise, but I probably shouldn't rely on that behaviour of cloud-init (choosing to order what it does related to starting ssh).
<rbasak> Odd_Bloke: in any case I'd like a single thing to work in all cases, including LXC where I can get to the filesystem before init has even done anything.
<Odd_Bloke> rbasak: Ah, good point, I hadn't considered when the directory is created.
<rbasak> Odd_Bloke: I hadn't either until I started writing to /tmp before the tmp cleaner had done its thing, and wondered where all the files went :)
<Odd_Bloke> :D
<ikonia> don't file an upstream bug to debian
<ikonia> file a bug to Ubuntu and let the ubuntu team push it up steam IF it's a valid bug for upstream
<eagles0513875> ikonia: is it no longer the norm to file upstream bugs to get into ubuntu?
<eagles0513875> that was what i was always told to file upstream and once upstream gets it updated it trickles its way down into ubuntu
<ikonia> eagles0513875: you where never told that
<eagles0513875> ikonia: well i will file a bug on launchpad
<ikonia> if the bug is with the core package then it will need to go to debian - but are you qualitified to say it is %100 a problem with the debian pacvkage ?
<eagles0513875> ill be honest i am not
<lucidguy> $11k Supermicro server/storage:  http://paste.ubuntu.com/10817128/        vs  Dell $18k option    http://paste.ubuntu.com/10817128/    What would you choose?
<ikonia> lucidguy: choose what's best for youi
<teward> lucidguy: also use correct pastebin links (they;re identical)
<lucidguy> In many ways they are similiar.. I'm looking for opinions.  I could use them both.  Just wondering if anyone has more experience with these two products in helping me decide.
<lucidguy> tweard, sorry    http://paste.ubuntu.com/10817128/       vs   http://paste.ubuntu.com/10817144/
<lucidguy> teward, thoughts?
<jvwjgames> i am having a problem with apach2
<jvwjgames> [Mon Apr 13 15:44:11.558027 2015] [alias:warn] [pid 17435] AH00671: The ScriptAlias directive in /etc/apache2/sites-enabled/mailman.conf at line 4 will probably never match because it overlaps an earlier ScriptAlias.
<jvwjgames> nevermind i fixed it
<superboot> Hi all. I am looking for a manifest of 10.04.3 server edition. Any hints?
#ubuntu-server 2015-04-14
<sarnold> superboot: http://old-releases.ubuntu.com/releases/lucid/ubuntu-10.04.3-server-amd64.list ?
<storrgie> In 14.04 is it advisable to install mariadb from the base repositories or use their repository?
<sarnold> storrgie: base repo is probably fine, one of our users (otto) does a good job keeping up on security fixes
<sarnold> storrgie: though feel free to use their repository if you'd feel better about that
<storrgie> sarnold, hypothetical, if someone was able to gain underprivileged user access, say through wordpress (if I have a php or wordpress user to run their garbage code), would that user be able to see the crontab, or is that a root only thing?
<storrgie> I ask because I typically do this on my mariadb installs: @weekly mysqlcheck -o --user=root --password=<your password here> -A
<sarnold> storrgie: that should be safe
<storrgie> sarnold, along those same lines, whats the convention for installing something like wordpress? I always just make a wordpress user and chown the wp install directory(s) with that user account
<sarnold> storrgie: the crontabs are stored in /var/spool/cron/crontabs/, which has restrictive permissions, and the individual files have restrictive permissions, too;
<sarnold> storrgie: that's a good approach; especially if you make sure the user running the webserver / wordpress executables doesn't have write access to its own files
<storrgie> sarnold, isn't there a way to pass an arg when you make the user account that makes it a 'system' account effectively iwth no home directory?
<storrgie> sarnold, is there a guide on hardening nginx that you'd recommend?
<storrgie> sorry with all the questions, I still have more
<storrgie> is fail2ban considered useful or is there alternatives that are better?
<sarnold> storrgie: hmm, adduser seems to create homedirs even with --system ... that's probably n ot terrible though, only things that use getent(3) would care. You could set the permissions on its directory to forbid it from writing in the directory, if you wish
<sarnold> storrgie: nginx hardening is best asked to teward ^^
<storrgie> teward, sir are you present?
<sarnold> storrgie: and some people do like fail2ban, I think it's better to just turn off password authentication once your keys are on the system, and avoid bruteforce password searches entirely that way, but blocking those hosts via iptables isn't a bad idea
<sarnold> storrgie: ufw can also do rate limiting, which may help avoid need for fail2ban too
<sarnold> storrgie: .. I'm just reluctant to run scripts as root on data supplied by attackers, even if the log files "should" be safe ...
<storrgie> sarnold, thats a good point
<storrgie> I've already installed it, is it easy to remove (will it leave system cruft)? I'm already using key based auth and a diff port
<sarnold> storrgie: apt-get purge will clean up config files too
<storrgie> I like the ufw limit a lot more
<storrgie> sarnold, just installed php5 and php5-fpm, do you know where the php.ini file is located now days?
<storrgie> on fedora/centos its /etc/php.ini
<storrgie> sarnold, nvm, found it at: sudo vim /etc/php5/fpm/php.ini
<lxus_> Evening folks, having a few issues with ubuntu server. for some reason when i try to boot normally the boot fails and the process restarts. the message i keep getting is / boot terminated with error 1
<lxus_> any clues?
<lxus_> However when i boot into recovery and continue normal boot i lets me into console :|
<fattywumpus> apologies to those that just saw this on #ubuntu, how are most folks managing user accounts/ids/groups on 20+ systems.  ldap?
<fattywumpus> or just synchronizing passwd/shadow/etc
<jpds_> fattywumpus: Probably using LDAP at that point.
<jpds_> fattywumpus: Another method would be to use something like puppet to roll out user accounts.
<fattywumpus> jpds_: that's what i was wondering, if folks are digging into that route these days.   it's been a few years and i've done ldap a few times
<fattywumpus> haven't tried any of the cool new tools for managing users
<jpds_> I hear freeipa is good.
<fattywumpus> whoa, never heard of it, looks interesting..thanks!
<lordievader> Good morning.
<megapixel> Hello
<megapixel> Please give me command line for format root sda
<megapixel> debian
<Sling> megapixel: you want to remove the current partitions on your /dev/sda disk and create a new one, or?
<megapixel> yes
<Sling> you could use 'fdisk' or 'sfdisk' for that
<Sling> sfdisk is probably easiest
<Sling> although it doesn't understand GPT
<Sling> there is also 'parted'
<linuxmint> Hello?
<linuxmint> Is there a grep command to search for a line of code, as I can't find the file containing the code?
<Walex> linuxmint: yes
<halvors> I'm trying to setup dovecot with sieve and a default script in the path: /var/lib/dovecot/sieve/default.sieve. But when an email arrives i get the following error: Error: sieve: main script: failed to stat sieve script: stat(/var/lib/dovecot/sieve/default.sieve) failed: Permission denied (euid=1011(halvors@halvors.org) egid=1004(halvors.org) missing +x perm: /var/lib/dovecot, we're not in group 0(root), dir owned by 0:0 mode=0750)
<halvors> I understand that this is a permission problem somehow, but what user is supposed to own it?
<Walex> halvors: also "missing +x perm"
<halvors> i did chmod +x default.sieve
<halvors> Walex: But what user should be the owner of the default.sieve file?
<Walex> that depends on which user is running the dovecot and/or sieve processes.
<Walex> halvors: also note that the 'sieve' process needs to traverse the '/var/lib/dovecot' directory, and as the message says its mode is "=0750".
<halvors> Walex: How can i find out what user is running the sieve process?
<Tazmain> hi all, it seems that some packages in my update list on my server can't be authenticated? does that mean I waited too long to update or something ?
<Sling> hm, if i put '/var/log/folder/file*' in a custom logrotate.d/file , is it smart enough to not match the .gz files created by logrotate in the past?
<Walex> halvors: with 'ps' with the 'u' option.
<Walex> halvors: if you are asking basic questions like this perhaps you need a system administrator to help you...
<Walex> Sling: the psychic version of 'logrotate' will be released soon :-)
<Sling> Walex: well I would expect it to only rotate textfiles, for example :)
<Sling> oh well I've fixed it now by just specifying the files in full
<halvors> Walex: Seems like root is running dovecot.
<halvors> I don't see why this wouldn't work then.
<halvors> 1055 root      20   0   17768   1528   1236 S   0.0  0.0   0:00.03 dovecot
<halvors>  1164 dovecot   20   0    9276    956    812 S   0.0  0.0   0:00.00 anvil
<jpds_> halvors: Have you checked the dovecot apparmor rules?
<superboot> sarnold: Thanks for the manifest link. Just got it now.
<strikov> rbasak: is it correct in case of juju-core: dpkg-source: warning: Version number suggests Ubuntu changes, but there is no XSBC-Original-Maintainer field
<strikov> rbasak: i though that i lost it while baking 1.22.0 but it looks like it was not available even before it
<rbasak> strikov: that's fine to ignore, since we maintain it primarily in Ubuntu and it is not derived from Debian.
<strikov> rbasak: ok, thanks
<strikov> rbasak: https://github.com/juju/juju/pull/2072/files
<strikov> rbasak: could you review this please
<strikov> rbasak: looks ~okay to me (don't know how to make it better)
<rbasak> strikov: looks great to me.
<strikov> rbasak: allocate some time tomorrow afternoon please to review/upload juju-1.22.1 to vivid; i modified tests to install upstart and finished d/copyright; need to wait for a single upstream fix and we're done
<rbasak> strikov: OK
<arcsky> what do you guys recommend ansible or puppet or chef?
<roaksoax_> arcsky: juju and maas
#ubuntu-server 2015-04-15
<harushimo> i'm trying to install openstack on ubuntu server.  For the hypervisor portion, can someone direct me how to setup the kvm
<sarnold> harushimo: I hope this is helpful http://docs.openstack.org/havana/config-reference/content/kvm.html
<sarnold> harushimo: (you may need to pick a different openstack release than havana depending upon which version you're running)
<harushimo> i'm running whatever ubuntu server is giving me
<harushimo> I don't know which one I can get
<sarnold> which version of ubuntu are you using?
<harushimo> 14.04.2
<sarnold> 14.04 LTS is using icehouse..
<harushimo> I thought it was a current version
<harushimo> okay thank you
<harushimo> I may be asking a lot of questions
<harushimo> please bare with me
<sarnold> http://docs.openstack.org/icehouse/config-reference/content/kvm.html
<harushimo> i'm reading it now
<harushimo> sarnold: thank you
<harushimo> I can't get anyone on the openstack side to help
<sarnold> harushimo: that's too bad :/ openstack is sooo complicated, it feels like a mentor is practically a necessity
<harushimo> sarnold: this is my 4th attempt at it
<harushimo> sarnold: i've debated on giving up
<sarnold> harushimo: hehe, I know the feeling; I've thuoght before it might be easier to write tools by hand than to learn these tools..
<shauno> I've always been under the impression that openstack is written by consultants, to keep consultants in business. might not be true, but it sure feels like it
<harushimo> I agree with both of you
<harushimo> i appreciate the help
<harushimo> let me see if I can get it done successfully
<sarnold> good luck! and have a good night
<harushimo> another quick question
<harushimo> does it matter if you use Xen or KVM as hypervisor
<patdk-l2> heh?
<patdk-l2> there is little difference
<patdk-l2> xen uses qemu for hvm
<patdk-l2> qemu will use kvm if available
<patdk-l2> xen gives a different management interface over pure qemu
<sarnold> harushimo: I'd prefer qemu/kvm myself, it feels easier to work with to me
<harushimo> okay
<harushimo> thank you
<conner> Anyone available to help a guy figure out a CDROM installation problem?
<conner> Been scratching my head for a while now, and just can't seem to get it figured out. Just trying to re-install the server.iso. Also have a few questions regarding my setup, in case there is an easier way to go about it.
<patdk-l2> we wouldn't have any idea, we don't even know what your attempting to ask yet
<patdk-l2> mainly cause you didn't
<patdk-l2> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<conner> Oh sorry. So, I've been trying to either re-install or "reset" my server installation on a home computer. Currently 12.04 server is installed, and I have a DVD-R burned with the 14.10 x64 iso on it. I've managed to boot into the DVD and get the installation going, however, it fails to "detect and mount the CD-ROM". I've checked several logs and it just says in various places that the CDROM was unmounted "just to be safe".
<conner> To continue my question beyond the DVD installation, since I have 12.04 already installed, is there a way to just do-release-upgrade to 14.10 and forget about the DVD? I've read you can do release updates, however my host/network files are all botched and I'd just like a fresh start.
<arcsky> what do you guys recommend ansible or puppet or chef?
<blueingress> Hi, How can I tail multiple logs from differnt servers to a console? Thanks.
<jpds_> blueingress: Set up an rsyslog server and have them all log there.
<blueingress> jpds_, thanks .. I will try
<lordievader> Good afternoon.
<jamespage> zul, I almost have horizon done and tested btw
<zul> ok
<zul> jamespage:  just rebuilding kilo-rc1 for trusty
<zul> jamespage:  just have keystone and neutron* to rebuild
<kyle__> Anyone here good with apt-cacher-ng?  Familiar with why it would have over 200k close-waits open?
<OpenTokix> kyle__: because the fin timeout is very long
<OpenTokix> kyle__: close wait, and not time wait?
<kyle__> OpenTokix: Close wait
<kyle__> OpenTokix: Humm.  Poking at the configs a little.  Apparently the default package has a lot of example remappings in there that don't need to be.  Dunno if it will solve problems, but taking them out makes the error log less chatty.
<OpenTokix> kyle__: what is the error log? - ie. what is the error?
<OpenTokix> kyle__: you havent changed any of yoru networking settings in sysctl?
<kyle__> Lots of "Error creating pipe file descriptors", a complaint about the gentoo remapper (I commented out all but the ubuntu one I care about for now), and now that cleared out the cruft, too many open file handles.
<kyle__> Argh.
<kyle__> OpenTokix: network settings in sysctl have been rather modified, but nothing out of the ordinary.
<OpenTokix> kyle__: increase file handles then?
<OpenTokix> kyle__: modern computer can handle millions
<OpenTokix> how many nodes are talking to your -ng-server?
<kyle__> OpenTokix: Errr... 318
<OpenTokix> kyle__: increase your fdlimit in /etc/security/limits.conf and restart apt-cacher-ng
<OpenTokix> default it is 1000 =)
<caribou> jamespage: any reason why you merged python-tz 2014 ? I don't see it in Debian
<kyle__> Hrumm.  Not applying limits to the user it's udner... fscking pam.
<OpenTokix> kyle__: ?
<kyle__> OpenTokix: It's not loading the changes to limits.conf, and I can't reboot this system (prod)(
<OpenTokix> kyle__: did you restart the apt-cacher-ng - it should give you a new shell- not restart, bt stop + start
<kyle__> OpenTokix: I had to edit the init script for it
<slowe> Quick Upstart question (this is on 14.04.1): is there a way to specify environment variables to be used by an Upstart job in a separate file from the Upstart job file itself?
<sarnold> slowe: a .override file perhaps? http://upstart.ubuntu.com/cookbook/#override-files
<slowe> sarnold: Looks like override files are only for changing whether a job should start automatically or not (at least, that's how it appears to read).
<slowe> sarnold: Never mind...need to scroll down farther. :-)
<sarnold> slowe: that is how it appears to read but I suspect it can do more than just that -- I haven't confirmed for myself thoughc
<OpenTokix> kyle__: is it working now?
<kyle__> OpenTokix: Yeah.  I had to throw limit nofile somehugenumber somehugernumber in the beginning.
<OpenTokix> kyle__: ok,  =)
<OpenTokix> kyle__: Defaults is from when a server ad 8MB of ram =)
<kyle__> OpenTokix: I need to dig through and see just how that works, because I've never seen it done that way before.
<kyle__> All sorts of defaults in linux are back from the days when 64MB was pi in the sky big.
<OpenTokix> kyle__: yes =)
<dustinspringman> any postfix masters in the house?
#ubuntu-server 2015-04-16
<vhaylor> hi, i'm working on a kickstart script for ubuntu-server-mini 14.04, anyone have much experience with kickstart?
<_1_jb> m/f
<jeffreylevesque> i have a bash script called `bash_loader`.  I'd like this script to run at each ubuntu (14.04) bootup.  Do i simply create `/etc/init/my.conf` (does it have to be a conf file?), with https://bpaste.net/show/73983b56fe34?
<linocisco> I have nokia E5 and using intenet on laptop via USB cable. I want to share internet to ubuntu server from Nokia E5 via USB cable, what do i do? what to install first?
<lordievader> Good morning.
<linocisco> lordievader, thanks for icebreaking
<lordievader> linocisco: ?
<linocisco> lordievader, yes
<lordievader> Icebreaking? I'm just saying goodmorning ;)
<linocisco> lordievader, this server channel is still silent
<lordievader> It's early. Stick around, be patient.
<linocisco> lordievader, i m not from GMT-. I am from GMT+. so if this channel is only for western countries users, sorry
<linocisco> lordievader, i have silent patience
<lordievader> It isn't, but it is usually quiet in the morning ;)
<linocisco> please love me or I'be gone!
<lordievader> Going away doesn't help....
<mv> hello im running ubuntu server, my package system is broken and the help of other people broke my kernel i think. i was upgrading from ubuntu server 14.04 to 14.10. also grub is broken, now i start from livecd and mount the systeem and chroot to it. can this still be repaired? (#ubuntu told me to ask more info here), i would prefer to fix it somehow instead of full reinstall
<lordievader> mv: Do you still have broken packages?
<mv> im not sure, apt-get -f reports error, install gives error that it needs other packages
<lordievader> mv: Could you pastebin that output?
<mv> il try, which one do you want? from -f install?
<lordievader> To start with, yes.
<mv> pastebin.com/1cx7iUR2
<lordievader> update-initramfs: not found.... Wut?
<lordievader> Did you remove initramfs-tools?
<mv> some people tried to help me, and they did remove it.
<lordievader> Why?
<mv> because it came up in the list of errors from apt-get
<mv> they removed a couple of packages
<mv> lordievader would you want to look at the system yourself? i installed ssh-server on the livecd to acces it.
<jpds_> mv: We talked about this yesterday.
<mv> jpds_ yes, but after trying all night i was able to get into the system again using the livecd
<mv> i tried to use boot-repair to fix grub, but it comes up with the same error that apt-get -f install isnt working succesfully
<RusAlex> q: getting this error uvt-kvm: error: timed out waiting for dnsmasq lease for. after command `uvt-kvm wait <machine> --insecure`
<RusAlex> virbr0 networking interface has IP address
<RusAlex> no ip address only on vnet0
<lordievader> mv: No, remoting in is not something I do.
<lordievader> mv: Install initramfs-tools then reinstall the kernel.
<mv> lordievader thanks, im now trying to instal initramfs-tools, downloading from ubuntu archive and then dkpg -i initramfs-tools*.deb
<mv> installing initramfs-tools gives dependecy problems, http://pastebin.com/xmmYGtDV
<rbasak> RusAlex: has the VM itself got an IP address?
<rbasak> RusAlex: you can use --log-console-output when creating the VM and then examine /var/log/libvirt/qemu/ (IIRC)
<lordievader> !info initramfs-tools utopic
<ubottu> initramfs-tools (source: initramfs-tools): tools for generating an initramfs. In component main, is required. Version 0.103ubuntu8 (utopic), package size 43 kB, installed size 365 kB
<rbasak> RusAlex: or look in /var/lib/libvirt/dnsmasq/ and try to match up against the VM's MAC address (virsh dumpxml <name>)
<lordievader> !info initramfs-tools trusty
<ubottu> initramfs-tools (source: initramfs-tools): tools for generating an initramfs. In component main, is required. Version 0.103ubuntu4.2 (trusty), package size 43 kB, installed size 365 kB
<lordievader> mv: From where did you get the package?
<mv> http://packages.ubuntu.com/precise-updates/all/initramfs-tools/download
<mv> uhm after changing the url im thinking i should use this one? http://packages.ubuntu.com/trusty-updates/all/initramfs-tools/download
<lordievader> Precise?
<lordievader> No wonder you get dependency issues.
<lordievader> mv: What does /etc/issue say?
<RusAlex> rbasak: there is cloud-init-nonet[16.90]: waiting 120 seconds for network devic
<RusAlex> and then gave up waiting for a network device
<mv> it says Ubuntu 14.10
<mv> trudy initramfs-tools also gives error http://pastebin.com/H71UR8xR
<RusAlex> Booting system without full network configuration...
<lordievader> mv: Then get the utopic one.
<lordievader> mv: And try to use apt.
<mv> lordievader: both gave dependencie problems http://pastebin.com/sdeRSCuX
<lordievader> mv: Hence the notion to use apt.
<mv> apt-get install initramfs-tools right? i used that one and put the log in the same text here http://pastebin.com/sdeRSCuX
<rbasak> RusAlex: sounds like DHCP isn't working on your virbr0.
<RusAlex> yes
<rbasak> Are you running Vivid?
<RusAlex> reading libvirtd help
<lordievader> mv: What is the output of "apt-cache policy initramfs-tools initramfs-tools-bin"?
<RusAlex> rbasak: i have 14.02 ?
<mv> http://pastebin.com/SKXwDxLi
<lordievader> mv: apt-get install initramfs-tools-bin
<lordievader> !info util-linux utopic
<ubottu> util-linux (source: util-linux): Miscellaneous system utilities. In component main, is required. Version 2.25.1-3ubuntu4.1 (utopic), package size 820 kB, installed size 2954 kB
<mv> http://pastebin.com/mzUgfPJA
<lordievader> mv: Do as it says.
<RusAlex> rbasak: thanks . finally enabled
<RusAlex> sorted
<mv> apt-get -f install http://pastebin.com/4pdi23s8
<lordievader> mv: Select those pacakges it want to remove for install.
<lordievader> Then try again.
<mv> like this "apt-get remove linux-image-3.16.0-031600-lowlatency linux-image-extra-3.13.0-49-generic"?
<lordievader> No, select them for install.
<mv> okY
<mv> http://pastebin.com/B13CczsU
<lordievader> Well that is a pickle.
<lordievader> Perhaps 'apt-get install -f initramfs-tools-bin' works?
<mv> http://pastebin.com/RQhhd67v
<mv> i trusted to wrong people on facebook to help me, they made it allot worse, before them grub and initramfs was still working.
<lordievader> apt-get install util-linux
<lordievader> apt-get install util-linux udev
<lordievader> apt-get install util-linux udev initramfs-tools-bin
<mv> http://pastebin.com/TwTnztjD
 * ogra_ wonders how you actually got into that situation ... 
<lordievader> mv: Dependency hell :P
<lordievader> You could manually go through everything...
<ogra_> do-release-upgrade should efinitely have cared for this properly
<mv> i tried upgrading from 14.04 to 14.10 (in the past running older version, i thought 12)
<lordievader> Or find someway of removing those kernels/preventing apt-get install -f to remove them before fixing things.
<lordievader> ogra_: I think it is rather what he did trying to fix things that got him in this mess.
<mv> im afraid lordievader is right
<ogra_> lordievader, point is that there shouldnt be anything to fix :)
<lordievader> mv: Do you have a backlog of what you did exactly?
<ogra_> do-release-upgrade gets tested in 100 variations and corner cases nowadays ... and should cover you from such mess
<ogra_> (unless you pull the power plug in the middle of an upgrae or some such ... )
 * lordievader whispers ppa's
<mv> here you can see a backlog, and the people who tried to help me. https://www.facebook.com/photo.php?fbid=828768073837036&set=gm.1062529163761527&type=1&theater
<ogra_> lordievader, it disables them all :)
<lordievader> Was more talking about the dependency hell thing than the upgrade.
<lordievader> You installed a kernel outside of the Ubuntu repo?
 * lordievader sigh
<mv> they send me 3 links to kernel files to install
<lordievader> So much for FB support....
<lordievader> mv: Use dpkg to purge those kernels.
<ogra_> lol
<mv> i will never ever ask on an FB group for help anymore
<lordievader> mv: The trouble is they didn't ask questions on what the problem was. They assumed you were running Debian and started shouting things...
<mv> lordievader: dpkg --purge "linux-image.."?
 * ogra_ would actually start with: sudo apt-get -f install ... 
<ogra_> to get back to a half way consistent state
<ogra_> and then move forward from there
<lordievader> ogra_: That is broken because it tries to remove the kernels but it need initramfs-tools for it, which is broken too.
<lordievader> mv: Not all of them, just those installed outside of the Ubuntu repos.
<ogra_> lordievader, it doesnt remove everything cleanly ?
<lordievader> ogra_: The postrm script fails on calling initramfs (since its broken) and then apt gives up.
<ogra_> so create a link to from /usr/sbin/update-initramfs to /bin/true
<ogra_> to overcome that ...
<ogra_> one you are back in a semi consistent state, make sure the sources.list is proper, then install "linux" ... that should pull in all kernel related bits
<ogra_> (might need some manual grub love later though)
<mv> i tried purging the kernel, http://pastebin.com/FcERJga3
<ogra_> (and make sure to *never reboot until you are sure it is all fixed)
<lordievader> mv: Follow ogra_'s advice.
<lordievader> ogra_: He is in a live-cd chrooted ;)
<mv> yeah they made me remove grub, and an other friend made me reboot to livecd
<lordievader> mv: You know, even now, you should use common sense.
<lordievader> Is a good idea to remove grub? Hmm, perhaps not...
<mv> lordievader your so right, i made the mistake to trust them blindly
<mv> they sayt like yeah remove grub and etc. and after apt-get -f inistall reinstall grub
<lordievader> Sure it is possible, but why?
<lordievader> Without a good reason I wouldn't do it.
<RusAlex> q: im trying to restore my custom iptables rules
<RusAlex> tried 2 ways already
<lordievader> RusAlex: iptables-restore < iptables-file?
<RusAlex> yes. but tried to run this command in /etc/network/if-up.d/iptablesload as per Network Howto
<lordievader> Meh, you could put it in there. I don't like things dissapearing based on interfaces.
<lordievader> Personal preference I guess.
<RusAlex> but where do you place it?
<RusAlex> I also tried to use /etc/network/interfaces file with pre-up iptables-restore < /etc/iptables.rules
<RusAlex> but no success. after reboot it does not restore
 * ogra_ always uses ufw ... 
 * lordievader dislikes ufw
<lordievader> :P
<mv> "dpkg --purge linux-image-extra-3.13.0-49-generic" is failing "FATAL: could not load /boot/System.map-3.13-0/49-Generic: no such file"
<lordievader> Copy some other system map? (Ugly hacks save the day????)
<mv> oh, also. my friend yesterday made me copy /boot from ubuntu 14.04 server cd to my system, so now i get the cd grub when booting without livecd
<lordievader> Before you copied stuff did you happen to remove the contents of /boot?
<mv> i didnt remove. i just used cp -R /cdrom/boot /mnt. i mounted my system on there
<mv> contents of /boot now are "grub  memtest86+.bin  memtest86+.elf  memtest86+_multiboot.bin"
<lordievader> Just that?
<mv> yes
<lordievader> Did you nuke /boot or did you forget to mount it?
<mv> uhm, im not sure
<lordievader> mv: Go figure it out ;)
<mv> boot isnt in the mount list. so that would mean its not mounted
<lordievader> If it is a seperate partition, yes.
<mv> im not sure if it is a seperate partition. i used the default settings from the ubuntu cd when installing it in the past
<lordievader> mv: parted -l
<mv> parted isnt installed :c
<lordievader> fdisk -l
<mv> fdisk is from util-linux, which they also nuked...
<lordievader> Pfff.
<lordievader> Use the one of the live-cd.
<mv> should i do it outside of chroot? or on the desktop from the livecd?
<lordievader> Outside of the chroot, yes.
<mv> outside of chroot both commands return nothing
 * lordievader is back in a bit
<mv> ok
<lordievader> Use sudo ;)
<mv> ahh thanks, im feeling stupid for that mistake >_<
<mv> http://pastebin.com/X5zpKsKF  the 30GB is my SSD running the system, /dev/sdi
<RusAlex> hwo can I get root access to a kvm machine ?
<RusAlex> it allows me to login only with ubuntu@host
<ogra_> use sudo ... thats ubuntu ...
<RusAlex> will try
<mv> lordievader: tell me when your back?
<arcsky> CRITICALUbuntu 10.04 LTS / 12.04 LTS / 14.04 / 14.10 : libtasn1-3, libtasn1-6 vulnerability (USN-2559-1)
<arcsky> still got that after apt-get update
<jpds_> arcsky: Tried upgrade ?
<arcsky> do I have to do reboot after upgrade?
<arcsky> maybe thats why it doesnt work
<jpds_> arcsky: No, it's more the fact that update doesn't update the package.
<lordievader> mv: Does the live-cd come with parted? Else install it...
<lordievader> fdisk doesn't do gpt.
<mv> parted -l says http://pastebin.com/2j9EZSsu
<mv> lordievader: should i use ok?
<lordievader> Auch.
<lordievader> No cancel that.
<lordievader> mv: Make it 'sudo parted /dev/sdc print'
<mv> "error: end of file while reading succes, retry/ignore/cancel?"
<mv> ok
<mv> "error end of file while reading invalid argument"
<mv> retry/ignore/cancel?
<lordievader> This if from the live-cd right?
<mv> yup
<lordievader> gdisk?
<mv> should i use gdisk?
<lordievader> You can give it a shot. Installing it doesn't really matter as it is a live-cd anyways.
<mv> hmm, anyway i think you would wanted to see this? http://pastebin.com/XSgw7E3V
<lordievader> Hmm, yeah. Did I get sidetracked?
<mv> dev-sdc is one of the drives from my RAID
<mv> dev-sdi is my system
<lordievader> Right, no seperate /boot.
<lordievader> Is the /boot on sdi1 really that empty?
<mv> http://pastebin.com/aaLY7qL0
<lordievader> That is the chroot?
<lordievader> Could you give the 'mount' output?
<mv> yes its the chroot
<mv> ok
<mv> http://pastebin.com/ZEuRuYGu
<lordievader>  /boot doesn't happen to be on the raid device?
<mv> i dont think so. when i installed it it didnt have raid yet
<lordievader> So you nuked /boot :P
<mv> yup :c
<lordievader> mv: Time to get drastic. Under normal circumstances you shouldn't do this: force dpkg to do all it needs to remove those two kernel packages.
<mv> "dpkg --fore-yes --purge"?
<lordievader> dpkg -P --force-all <packages>.deb
<mv> http://pastebin.com/k7abhcxV
<mv> it seems it is removed
<mv> now try apt-get -f install?
<lordievader> The lowlatency kernel is removed too?
<mv> ignoring request to remove linux-image.... which isnt installed
<mv> dpkg: warning: ignoring request to remove linux-image-3.16.0-031600-lowlatency which isn't installed
<lordievader> Hmm, odd. Try the apt fix, I guess.
<mv> http://pastebin.com/pmu85s9C
<mv> it keeps complaining about linux-image-extra-3.13.0-49-generic while dpkg says it isnt installed
<lordievader> mv: dpkg -P --force-all http://pastebin.com/pmu85s9C
<lordievader> Err...
<lordievader> mv: dpkg -P --force-all
<lordievader> mv: dpkg -P --force-all linux-image-extra-3.13.0-49-generic
<lordievader> Copy pasting in Windows is hard.
<mv> haha okay :P
<lordievader> Especially when it is swapping.
<mv> http://pastebin.com/ZxsJpChg
<mv> windows makes everything slow~
<lordievader> Windows can be allright...  Usually it performs quite okay. Guess I'm torturing it with a A0@300dpi PS file.
<mv> ahh thats why xD
<mv> next week i wil start troturing it with a 4K screen, but specially for PS i got 32GB DDR3
<mv> did you see the error message? http://pastebin.com/ZxsJpChg
<lordievader> Even more ugly hack fixing: edit /var/lib/dpkg/info/<package>.postrm
<mv> http://pastebin.com/qY4tPMia
<lordievader> mv: Comment lines 9 through 15.
<mv> done, now dpkg command again?
<lordievader> Yes.
<mv> done, now going to do apt-get -f install again
<rberg> It looks like that error is comming from /usr/sbin/mkinitramfs.. line 11 very odd
<lordievader> rberg: That's the one wich we are trying to fix. But apt want to remove the kernels before fixing initramfstools.
<lordievader> In short, it's a mess.
<rberg> ahh.. thats super weird to not have gnuopt
<mv> http://pastebin.com/X5nBpBvB
<lordievader> Whoo, there is an initramfstools :D
<mv> its back? :D
<lordievader> Maybe it is not configured...
<lordievader> Anyhow, is ts3server/sickbeard required?
<mv> they are my personal programs
<mv> and i have 2 different sickbeard installations, one under the name animebeard
<lordievader> Their initscripts are a mess.
<mv> i see the error on the animebeard script. i think thats because i tried to make it work as service :c
<lordievader> Read lines 34 till 40.
<mv> can i just remove theire scripts somehow?
<lordievader> You can.
<lordievader> They are in /etc/init or /etc/init.d
<mv> seems like apt-get -f install worked :D
<mv> il post results
<mv> http://pastebin.com/9cMPYFQy
<mv> before i go do crazy things. tell me what do now first :3
<lordievader> mv: Reinstall linux-image-generic, for starters.
<mv> installing now :)
<mv> so happy now it seems everything acts normal again :D
<ogra_> install the "linux" metapackage ... not just the -image-generic one
<mv> okay, il start that when its finnished with the image-generic
<davegarath> Hi, I've installed proftpd on a server. Logrotate is configured for rotate weekly and run postrotate : invoke-rc.d proftpd restart
<davegarath> but proftpd will stop and not start
<davegarath> executing by hand invoke-rc.d proftpd restart proftpd remain stopped
<davegarath> ok I found a bug https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1246245 I've inserted sleep statement in init.d script file
<mv> still got an error when it tried to configure http://pastebin.com/QnvvaAix
<mv> i tried the apt-get install linux, but linux package isnt found~
<mv> now it gives errors on the linux-image-generic, etc. uhh what to do now?
<mv> are you busy?
<lordievader> Actually I have no idea how to fix that one properly. I've read of dirty ways (disableing the hook), but I do not know what it does, nor what the consequences of such an action are.
<mv> ok, i tried removing the packages that where in the error list and now try installing linux-image-generic again. when removing it asks to make an boot menu file but if i say yes it gives an error.
<mv> if it doesnt work il try your dirty way. i have nothing to loose right? now its not working so it cant get worse :P
<lordievader> Heh, that is what you say now.
<mv> i dont understand what you mean
<lordievader> Now you say you got nothing to loose. Until, say, you loose all your data...
<mv> lordievader: 2 years ago i already lost 6TB of data. im used to the hurt now xD also my most important data is on the mdadm raid
<mv> also the really most important data, my photography, i have already on backup
<mv> still got the same error http://pastebin.com/UwP6JyWh
<mv> you knew a dirty way to fix it? lets try that i guess
<lordievader> Hunt out the fixtrc script and take away its execute rights.
<mv> you mean searching it like this (find / "*fixtrc*")? but it doesnt find anything
<lordievader> No, your output tells you where it is.
<mv> oh fixrtc i see
 * lordievader is off to make dinner
<mv> it workd! :D
<mv> succesfully setup linux-image-generic
<stiv2k> hi
<mv> what should be the next step to take?
<stiv2k> so i've had this bug on my server since day 1 of installing ubuntu 14.04... https://bugzilla.samba.org/show_bug.cgi?id=8449
<stiv2k> and associated launchpad bug: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1257186
<stiv2k> i read the comments in the samba bugzilla and it says they fixed it in samba 4.1
<stiv2k> but i checked my samba...
<stiv2k> samba -V
<stiv2k> Version 4.1.6-Ubuntu
<mv> stiv2k i also had the talloc error but it seemed it just worked without problems
<stiv2k> yes i never noticed any problems either
<stiv2k> other than shell users complaining that the message is annoying
<mv> lordievader: can i try apt-get upgrade now? (apt-get -f install now returns without errors)
<rbasak> stiv2k: if somebody can provide a backported fix that works and doesn't introduce any regressions, I'd be happy to upload it.
<OpenTokix> rbasak: yes
<rbasak> I haven't spent much time myself as I understand that it's mainly just an annoyance.
<stiv2k> well i just wanted to know if the fix is issued in our samba packages yet
<stiv2k> i was under the impression that they fixed it upstream in 4.1
<stiv2k> and im running 4.1.6 so it should already be fixed....?
<stiv2k> or am i missing something?
<mv> lordievader: can i just try to use apt-get upgrade now? or should i do something else first?
<rbasak> stiv2k: I think upstream backported it to their 4.1 stable branch, but if they've released it it's after 4.1.6.
<stiv2k> rbasak: so no worries? just wait longer?
<rbasak> stiv2k: we don't automatically update to samba's latest stable release, so it is waiting on somebody to backport and test. I don't know if it'll get to the top of our list or not any time soon.
<rbasak> Volunteers welcome.
<stiv2k> rbasak: let me graduate college first
<stiv2k> ;)
<faust> How can I get the command executed by an user via ssh in /etc/ssh/sshrc? I'm looking for something like "SSH_ORIGINAL_COMMAND"
<pmatulis> faust: not sure what you mean.  you want a command issued automatically when a user connects via ssh?
<faust> pmatulis: e.g. an user run "ssh root@server uname -a" I want my /etc/ssh/sshrc to know that the user run "uname -a"
<pmatulis> faust: you want that b/c sshrc will act on it in some way?
<faust> I'm looking for something like the SSH_ORIGINAL_COMMAND enviroment variable defined for the script run by ForceCommand
<faust> pmatulis: yes
<pmatulis> faust: i don't think it's possible b/c sshrc is run before the remote command is run
<faust> pmatulis: when you use ForceCommand that script is run before the remote command, but you have access to its command line via SSH_ORIGINAL_COMMAND, but probably you are rigth it is not possible...
<lordievader> mv: You have a kernel installed?
<mv> lordievader: yes, no i was trying apt-get upgrade but its just finished with some errors
<ogra_> lordievader, well, if the fixrtc hok failed there is something seriously essential missing (did you check what it copies)
<lordievader> ogra_: No, as I mentioned before I have no idea what it does.
<ogra_> that looks more like something like core-utils and e2fsprogs are missing
<mv> but the kernel installed succesfully. http://pastebin.com/mS9AcCuy
<ogra_> it copies three files around
<ogra_> these three are: /bin/date /sbin/hwclock /sbin/dumpe2fs
<ogra_> if it cant find them i assume there was more essential stuff remnoved than just the kernel or grub
<mv> e2fsprogs seems not installed. should i try install it?
<ogra_> is ubuntu-minimal installed ?
<ogra_> that pulls the most essential bit in
<mv> no i dont think so. il try to let it install.
<pmatulis> faust: yes, but SSH_ORIGINAL_COMMAND is within the user's shell/environment.  sshrc is not run within that environment so i don't know how it could ever discover it
<mv> it looks like its downloading fonts and installing them~
<mv> now adobe-flash-plugin
<ogra_> when you install the ubuntu-minimal task ?
<mv> yup
<mv> its done now, no errors
<ogra_> this sounds surely mseed up
<ogra_> *messed
<pmatulis> faust: however, ~/.ssh/rc (user level) is run within the user's env so you could grab it in that way
<mv> maybe its because of previous updates
<ogra_> what else did it install ?
<mv> yes, all upgrades have been done now, only 120 updates are held back
<ogra_> err
<ogra_> you should not have any held back updates
<ogra_> (never)
<mv> it says so now
<faust> pmatulis: mm I cannot use ~/.ssh/rc, but thanks anyway
<mv> if i try apt-get upgrade
<ogra_> dont use upgrade ...
<ogra_> use dist-upgrade
<lordievader> Ah, what happens when you do apt-get dist-upgrade
<mv> doing so now
<mv> its installing allot more updates
<mv> 120 and 97 newly installed
<ogra_> anyway, missing ubuntu-minimal is quite serious and actually the point where i would start to suggest a reinstall ...
<ogra_> but finish that dist-upgrade first and see where that leaves you
<mv> but its reinstalled now right? and its updating. ok il wait for it to finish
<mv> it will take a while now it says 31~20 mins
<mv> i never knew i should use dist-upgrade. i always been told to use upgrade from my teacher... (our teacher just got a linux mint workshop of a couple hours and a linux mint book, so he also didnt know much)
<ogra_> upgrdae will only update installed packages ... if it needs to remove something due to a changed dependency it will hold back the package and all its dependencies
<ogra_> dist-upgrade will always also remove and replace other packages to fulfill everything
<mv> ohh good to know :) i learn so much more from the community then from teachers at school
<ogra_> also ... mint != ubuntu
<ogra_> they hack up things like the upgrade mechanism heavily
<ogra_> nothing we have any experience with in here
<mv> so ubuntu is much better then mint? :)
<ogra_> not saying that
<pmatulis> i wonder why mint would hack such a thing?
<lordievader> Better is a matter of opinion.
<mv> okay, better in your opinion?
<ogra_> pmatulis, to suppress kernel upgrades, xorg and grub upgrades etc
<lordievader> Have never used Mint, can't say.
<pmatulis> ogra_: wow interesting ok
<ogra_> pmatulis, they also replace some essentiual libs with their own patched versions (sometimes without bumping the ABI ...)
<ogra_> and i doubt do-release-upgrade even works on mint ...
<ogra_> ... while on ubuntu this is the only official way to go from one release to another
 * ogra_ wont say anything more about mint ... the last time i did i ended up with a 3 week long shitstorm and and presonal threads from mint people ... 
<mv> im curious if grub would be working again now? if i could later restart and wont use livecd anymore~
<mv> ogra_ omg thats really crazy. people shouldnt be so hatefull
<ogra_> well, they thought it was a canonical conspiracy ... :)
<mv> but still they shouldnt be so hatefull
<ogra_> http://www.omgubuntu.co.uk/2013/11/canonical-dev-dont-use-linux-mint-online-banking-unsecure
<ogra_> well, there was a lot clickbait stuff going on ... i made a comment on a developer mailing list and the press pulled it out of context and added sensationalist headlines
<mv> im reading it now~ but the press nuked it all? thats to bad
<ogra_> just google "wouldn't do homebanking with mint"
<ogra_> you will find a lot more articles
<mv> il take a look
<mv> i just notice your from germany, greetings from your neighbour from the netherlands :D
 * ogra_ waves west 
<ogra_> :)
<mv> :)
<lordievader> Oehh, more dutchies :)
<mv> lordvader: im curious where your from?
<mv> im a dutchie yes :P
<Seveas> too many dutchies
<mv> really? why? :c
<lordievader> mv: Make an educated guess ;)
<mv> lordievader: my guess would by a dutchie too? :#
<lordievader> Wow, first guess.. and it's right....
<Seveas> lordievader: Tatooine
<ogra_> lol
<mv> haha you wish
<mv> just a curiouse question. for a home server would you recomend not updating at all? (if it works dont mess with it~)
<Seveas> for a home server I'd enable automatic dist-upgrades and even reboots.
<ogra_> i would keep the reboots manual ... but thats just me :)
<ogra_> but yeah, enable unattended-upgrades
<mv> i wouldnt know howto do that~ now i just use webmin and sometimes when neccesery ssh/cli
<Seveas> webmin is more of a security risk than mint
<lordievader> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<mv> but its totally safe to enaable unattended upgrades?
<ogra_> LOL
<mv> looool
<ogra_> https://help.ubuntu.com/community/AutomaticSecurityUpdates
<mv> so webmin is a really no go? xD
<lordievader> Not on Ubuntu/Debian.
<ogra_> if the machine is visible on the internet it definitely is a no-go
<Seveas> it's always a no-go
<Seveas> just like cpanel
<mv> hmm its at my home, but i enabled it so i can access webmin from school~
<Seveas> and most other web based admin frontends
<ogra_> well, if you have a safe firewall and only use it for a home network i guess thats not that bad
<ogra_> as soon as it can be seen by others it definitely is a security hole
<mv> so i should better block webmin from being vissible from the internet? il do that then
<mv> what about ssh? is it safe to keep that vissible to the internet?
<lordievader> mv: You have ssh for remote management.
<mv> i already dissabled ftp anonymous login because a couple months ago i saw google indexing my files
<mv> yup i use ssh. even now on ssh
<Seveas> *backing away slowly from this trainwreck*
<mv> haha is it that bad?
<lordievader> mv: You might also want to disable the remote management on your router, or at least disable the gues login.
<mv> my router doesnt have remote management, i never enabled it~
<mv> whoooo the install just ended succesfully :D
<lordievader> mv: Is your network 10.1.1.0?
<mv> yup, how you know?
<lordievader> Like I said, remote management on your router is on and accesible for guests.
<mv> WHAT?!
<faust> o.o
<mv> somehow my routers remote management was enabled~
<mv> :O
<ogra_> call the NSA, tell them they forgot to disable it ... so it doesnt happen again
<mv> i think so xD
<mv> anyway the dist-upgrade finished succesfully. what should i do now?
<lordievader> Make sure grub is installed?
<mv> it is installed. i hope it also is working
<ogra_> it is installed in the boot record of the disk ?
<ogra_> or just the package ...
<lordievader> ^ that.
<ogra_> thats the tricky part :)
<mv> how do i know? i checked the apt-get install grub and it says installed. and i saw something in the log making image in boot
<mv> ls /boot
<mv> abi-3.16.0-34-generic         memtest86+.elf
<mv> config-3.16.0-34-generic      memtest86+_multiboot.bin
<mv> grub                          System.map-3.16.0-34-generic
<mv> initrd.img-3.16.0-34-generic  vmlinuz-3.16.0-34-generic
<mv> memtest86+.bin
<lordievader> By installing it again ;)
<mv> so reinstall it?
<lordievader> grub-install /dev/<some-disk>
<ogra_> https://help.ubuntu.com/community/Grub2/Installing#Reinstalling_GRUB_2
<ogra_> for reference :)
<mv> okay thanks :) im really worried about trying things found on google now after all this trouble. i listen to you guys only~
<lordievader> ...
<lordievader> With a bit of common sense applied I hope?
<lordievader> Else you haven't learned a thing.
<mv> yes, i wont do anything without thinking anymore
<lordievader> Good :)
<mv> after grub install i get some log and then "The file /boot/grub/stage1 not read correctly.
<mv> "
<lordievader> Right, everything needs to error... -.-
<mv> i see a site telling me to try from grub cli
<lordievader> From what I read... How large is the inode size of your drive?
<ogra_> you used sudo for that command i hope ?
<ogra_> sudo grub-install /dev/sdX  # Example: sudo grub-install /dev/sda
<ogra_> from the wikipage above
<mv> i used sudo
<mv> umm, trying to find inode size. but my system drive is just 30GB
<ogra_> then follow the next paragraph on the page "Fixing a Broken System"
<ogra_> and since you are on the livecd ... pick "via the LiveCD terminal"
 * ogra_ wanders afk ... 
<lordievader> mv: dumpe2fs -h /dev/sdi|grep Inode size
<lordievader> mv: dumpe2fs -h /dev/sdi|grep "Inode size"
<mv> "bad magic number in super-block while tring to open /dev/sdi"
<lordievader> Err, sorry that needs to be /dev/sdi1
<mv> 256
<lordievader> If the internet is right... Grub only works with inode size 128.
<lordievader> Hmm, that might be about grub-legacy...
<mv> i just thought, i need to install grub2 instead of grub right?
<mv> thats the problem~
<lordievader> mv: What is the output of 'apt-cache policy grub-pc'?
<mv> just installed grub2 and it gave me a complete installing setting screens. and it seems now grub is working
<mv> update-grub gives good results. everything is found and then done
<mv> so my guess grub is working now
<mv> shall i try to reboot?
<lordievader> mv: Did you install grub?
<mv> apt-get install grub2. got all the setup screens and to my it feels it installed corectly
<mv> it let me select which drive to put it on
<lordievader> Hmm, okay.
<mv> i feel safe to reboot now. going to try, wish me luck? :D
<lordievader> Good luck ;)
<mv> it rebooted but my network card isnt visible. not network connection. and on ifconfig it doesnt show my network card
<mv> lshw says network dissabled
<mv> it looks like dbus doesnt start when booting
<mv> when trying "sudo ifconfig p2p1 up"(this is my primary network card), it says "p2p1: ERROR while getting interface flags: no such device"
<mv> can the dbus fail cause the network card not to work
<mv> oh it isnt dbus, my fault. high resolution. its jsut bleutooth~
<mv> is my network card driver maybe nuked?
<mv> network-manager isnt installed. any tips on installing it without network access?
<mv> there we go to the livecd again, hopefully last time now xD
<sarnold> ... are you sure you want network manager installed on a server? most people prefer their servers to have predictable networking..
<rberg> its not bad if you are pluged into ethernet.. try 'dhcient eth0'
<mv> what else should i use? now network isnt working at all
<sarnold> mv: /etc/network/interfaces
<mv> yes, it still had my p2p1 connection. but it wont come up.
<mv> dhclient gave me my internet acces back. should i install network-manager now?
<rberg> sure if thats what you want.. another on a server you may be better served by a static config in /etc/network/interfaces
<rberg> /another/although/
<mv> i have yes, i see online i should use networking package
<mv> it seems like networking is already installed. but at boot my internet p2p1 wont come up
<mv> how can i fix networking?
<mv> only problem left is network that wont work. but with dhclient eth0 i get internet access again. dont know how to fix it now but at least the other part are working again :D
<sarnold> mv: pastebin your /etc/network/interfaces, and maybe whatever error messages you had on the terminal and in the logs when you ran 'ifup eth0'
<mv> i want to thank everyone on here for all the help (all of the day) thaaanks!! :D
<ebonics> im trying to follow this guide: https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassasin     - i get to the point where i "verify permissions" by doing "ls -ld /var/mail" ,, but the output for "vmail" in the guide is just "mail" for me. i don't really understand what the vmail/mail string is referring to?
<st1v2k> why does ubuntu server get stuck at grub menu? it happens particularly if there is a power failure
<st1v2k> ffs, it's a SERVER, no minotor no keyboard
<st1v2k> just boot!
<st1v2k> any idea why its programmed to do this? how to stop it?
<rberg> I think the whole grub recordfail stuff is to prevent boot loops.
<st1v2k> ick
<st1v2k> its never happened before
<st1v2k> now all of a sudden, dont know if it is due to an update or something
<st1v2k> but whenever there is power failure, it no longer boots up until i hook up a keyboard and press ENTER
<st1v2k> to get past GRUB screen
<st1v2k> please advise, thanks
<st1v2k> no i dont live in a third world country if that's what you're wondering
<st1v2k> but in the land of flo-ri-da we get monsoon rains every day
<bekks> "monsoons every day" in flo-ri-da?
<st1v2k> yes bekks
<bekks> That climate change is catastrophic, isnt it?
<st1v2k> yes, the climate changes over time
<rberg> now I have never done this but it looks like you can disable this in /etc/grub.d/00_header line 236
<st1v2k> rain super hard -> tree branch or something hit the line -> voltage brownout -> server dies
<st1v2k> rberg: sounds like something not meant to be edited? its not in the regular grub config?
<rberg> looks like you can also add that var to /etc/default/grub
<st1v2k> ok
<st1v2k> i will check it out
<st1v2k> brb
<st1v2k> i will be back to give you proper thanks if it worked
<rberg> "set timeout=${GRUB_RECORDFAIL_TIMEOUT:--1}" means use the variable GRUB_RECORDFAIL_TIMEOUT or if its not set use -1
<rberg> so put GRUB_RECORDFAIL_TIMEOUT= some time in /etc/default/grub
<stiv2k> hey
<stiv2k> who was i talking to ?
<stiv2k> rberg: hi
<sarnold> stiv2k: the bit you missed, < rberg> "set timeout=${GRUB_RECORDFAIL_TIMEOUT:--1}" means use the variable GRUB_RECORDFAIL_TIMEOUT or if its not set use -1 < rberg> so put GRUB_RECORDFAIL_TIMEOUT= some time in /etc/default/grub
<stiv2k> ok
<stiv2k> thanks!
<rberg> (also consider a UPS :) )
<andre_pl> I have 3 of the 4 disks that used to comprise a raid 5 array, and I've booted an ubuntu server live disk in the machine, how can I go about reconstructing the array so that I can transfer the data to a new machine?
<rberg> andre_pl: Hi if this is mdadm software raid you can start here https://raid.wiki.kernel.org/index.php/Recovering_a_failed_software_RAID
<rberg> gtg good luck
<andre_pl> darn, thanks. that looks far more complicated than what I'm dealing with.. i'll try to make some sense of it
<andre_pl> it  doesn't touch on lvm at all, which I do have sitting on top of my raid array, not sure how relevant that is.  I also don't have any disk handy to do the overlay stuff they're doing there... so I'm really not sure I can glean anything useful from it :\
<patdk-lap> heh? not sure how it can be more complicated
<patdk-lap> if you have a broken raid, you fix the raid
<patdk-lap> if you have a broken lvm, you fix lvm
<patdk-lap> you don't fix lvm, and ignore your broken raid
<andre_pl> I'm not really trying to fix the raid, more like trying to migrate a degraded array into a new machine
<patdk-lap> you don't build the second story of your house, without first making sure the first floor will hold it up
<sarnold> the third paragraph of that page is "In the following it is assumed that you have a software RAID where a disk more than the redundancy has failed. " -- are you sure that page is relevant to you?
<patdk-lap> if it's degraded, it is *fine*
<patdk-lap> lvm will function ok, you won't notice anything is wrong
<patdk-lap> if you have a raid issue, you are no longer degraded, but broken
<andre_pl> patdk-lap: in that case, all I'm looking for is how to reassemble it so I can read the data from a live cd.
<patdk-lap> mdadm auto reassymbles
<patdk-lap> assuming enough of it to be atleast degraded is functional
<patdk-lap> blkid post maybe?
<andre_pl> thing is, the OS is gone, all configuration is gone, its just the 3 disks in a new machine. so I don't know how to get mdadm to reassemble / mount it
<patdk-lap> what does the os and config have to do with anything?
<andre_pl> well if I put these disks in the old machine where the OS is, mdadm will (as you said) auto-reassemble it, and all is well... when I boot a live cd, no such thing happens
<andre_pl> and I don't know the manual steps to make it happen
<patdk-lap> mdadm --assemble
<patdk-lap> that is all you have to do, it's pretty simple :)
<patdk-lap> does your *live cd* have mdadm installed on it? and lvm?
<andre_pl> afaik yes, its the 14.04 ubuntu server live cd (usb)
<andre_pl> something like: mdadm --assemble /dev/md0 /dev/sda /dev/sdb /dev/sdc ?
<sarnold> "Assemble  the  components  of a previously created array into an active array.  Components can be  explicitly  given  or  can  be searched  for." http://manpages.ubuntu.com/manpages/trusty/man8/mdadm.8.html
<sarnold> may not even be necessary to specify them
<andre_pl> it didn't like that way, I'll try specifying
<patdk-lap> shouldn't have to
<andre_pl> if I just do mdadm --assemble /dev/md0 it says: /dev/md0 not identified in config file
<andre_pl> hmm, and when I specify all the disks it tells me they're all busy
<andre_pl> that's  odd
<andre_pl> they're not mounted or anything
<patdk-lap> define mounted?
<patdk-lap> not sure exactly how you mount a raid
<andre_pl> i just mean `mount` doesn't show anything interesting, no physical disks or partitions aside from the boot disk
<patdk-lap> why should it?
<patdk-lap> did you run blkid yet?
<andre_pl> it shouldn't, but mdadm is telling me my 3 disks are 'busy' whatever that means
<andre_pl> my only idea of what 'busy' involves would require them to be mounted
<patdk-lap> mounted has nothing to do with busy
<patdk-lap> busy means they are in use
<patdk-lap> mount is only ONE way it could be in use
<patdk-lap> mdadm is another, lvm another
<andre_pl> ok, I'm not sure what they're in use by then. i've done nothing but boot the live diskc
<patdk-lap> did you run blkid yet?
<andre_pl> just now, it printed some uuids for the raid partitions
<andre_pl> is there a way to find out why mdadm thinks they're busy and what I can do about it?
<andre_pl> i'm worried its writing to them and they're all that's left of my data :)
<andre_pl> ok it looks like the os tried to reassemble the array on its own, which is why they're busy, but its given me an 'inactive' array on md127 which i'm not sure how to activate.  `mdadm -A /dev/md127` tells me md127 is not in the config file.
<patdk-lap> mdadm --detail /dev/md127
<andre_pl> mdadm: md device /dev/md127 does not appear to be active
<patdk-lap> we are guessing, cause you don't appear to be posting any pastebins
<andre_pl> the machine has no network atm, I'm re-typing things :\
<andre_pl> I can type out the results of cat /proc/mdstat which is how I determined its got some kind of inactive array
<andre_pl> if that will help
<patdk-lap> ok
<andre_pl> http://pastebin.com/TcYRxsHa
<patdk-lap> try a mdadm --stop /dev/md127
<patdk-lap> mdadm -A --scan -v
<andre_pl> ok, lots of output, the stop worked.  the scan found the 3 relevant partitions, 2 of them were (possibly out of date) which resulted in "/dev/md/0_0 assembled from 1 drive - not enough to start the array"
<patdk-lap> now the question is, are you really sure you should force it to assemble
<patdk-lap> change -v to --force if you feel good
<andre_pl> that is a good question, the 3 disks likely ARE out of sync, I had been attempting to replace each disk in the array with new disks, resyncing after swapping out each one, and a small amount of data was written during that time. :|
<andre_pl> i'm assuming a force would be catastrophic in that case?
<andre_pl> i dont mind losing the small amount of data that was written
<andre_pl> but i'd like to avoid losing all of it
<patdk-lap> not really
<patdk-lap> it is possible, not not hightly likely
<andre_pl> I'm not sure what you mean by that :)  its highly unlikely to cause catastrophic data loss? or highly unlikely not to?
<patdk-lap> it is not likely to destroy your data
<patdk-lap> but it is always possible
<patdk-lap> it feels like the old system was not shutdown cleanly
<patdk-lap> so the raid is complaining and won't assymble cleanly
<patdk-lap> soa force would be needed
<patdk-lap> but this is based on the amount of info I have
<andre_pl> not exactly. its kind of a long story how it got in this condition, but they are definitely not in sync.  I'll try to explain what I did, please bear with me
<andre_pl> I had a 4x2TB raid array at one point, and a disk failed. so I bought 4 new, bigger disks and was going to grow the array...
<andre_pl> I replaced the faulty drive with a new bigger one and let it resync. then repeated the process 3 more times with the remaining larger drives.
<andre_pl> during that time, I was using the array, writing data.
<andre_pl> not a lot, but some.
<andre_pl> now the new array didn't work out... i screwed up the partition tables, couldn't reassemble it. so i was hoping to rebuild the original array on a separate machine out of the remaining 2TB drives, build a brand new array out of the new 3TB drives, and copy data over.
<patdk-lap> oh, that won't work
<andre_pl> but then realized, the 2TB's are not in sync due to the writes that happened while i was swapping in the 3tbs
<patdk-lap> yep
<sarnold> patdk-lap: out of curiosity, how well would zfs handle that?
<andre_pl> in theory, the 3tbs have all the data, but the array may be in worse condition due to the crazy things i did to screw it up :P
<patdk-lap> sarnold, not well
<patdk-lap> but after a lot of pain, you could roll back the transaction to a common point
<patdk-lap> but it is not fun
<sarnold> patdk-lap: thanks :)
<patdk-lap> andre_pl, well, I think force is your only option
<patdk-lap> but your filesystem will be strange
<patdk-lap> and you need to repair it
<patdk-lap> but you should be able to recover anything not being changed during that time
<andre_pl> patdk-lap: I think restoring the 3tb array may also be an option, but I'm not sure exactly how badly I've hosed it
<andre_pl> i can try to explain what I did there :P
<andre_pl> basically. once the array was completely rebuilt out of 3tb's, I attempted to grow it, but I only got 500GB extra because I had neglected to use GPT partition tables.  I was told I might be able to write the correct partition tables without losing data, I was going to do this from a live disk again, but i missed the boot menu and it attempted to boot the original OS again, which hung trying to reassemble the array with a message a
<andre_pl> patdk-lap: I've booted up the other machine with the "new" array, on a live disk. mdstat shows the array as active, so I'm thinking it has all my data safe. how can I proceed to mount the lvm volume that should exist on that array?
<patdk-lap> it should have automounted
<patdk-lap> vgs
<patdk-lap> lvs
<andre_pl> its not mounted, but vgs and lvs appear to be showing me the correct bits :) the VG is 'lvm-raid' and the LV is called 'media'
<patdk-lap> what exactly does lvs show?
<patdk-lap> you probably need, lvchange -a y ......
<andre_pl> LV: media VG: lvm-raid Attr: -wi-a---- LSize: 5.46t
<patdk-lap> ok, so you just need to mount it then
<patdk-lap> mount /dev/lvm-raid/media
<andre_pl> sweet. I see all my data, and it looks good :) so I think my safest option at this point (since I need to rebuild this array with correct partition tables) is to copy all of this data to the degraded 2TB array on the other machine, then rebuild this one, then copy it back
<andre_pl> sound sane-ish?
<patdk-lap> no
<andre_pl> oh.. :\
<andre_pl> that's the best I've got :)
<patdk-lap> you could do that as is
<patdk-lap> just remove a disk, reformat it, and add it back in
<patdk-lap> but is mdadm using anything >2tb yet?
<patdk-lap> if no, just add a 2tb disk into it
<patdk-lap> then just remove and readd them one by one
<patdk-lap> then finally remove that 2tb
<patdk-lap> make sure you add the 2tb as a replacement, not a new disk
<andre_pl> afaik it can't use >2tb becuase of my bad partitioning
<patdk-lap> so the 2tb disks are fine to use
<patdk-lap> just do what you did when you upgraded from 2tb to 3t
<patdk-lap> 3tb
<patdk-lap> but just take one of them back down to 2tb
<patdk-lap> and rotate through them
<patdk-lap> replace 3tb with 2tb, repartition that 3tb, add it back in, replacing a 3tb, redo that one, ...
<patdk-lap> and finally change the last 3tb to replace that 2tb again, done
<andre_pl> ok, basically what I did before but with one extra re-sync...
<andre_pl> that's gonna be about 4 days :)
<patdk-lap> coping it is going take awhile too
<patdk-lap> and you can't really use it while it's being copied
<patdk-lap> at risk of missing stuff
<andre_pl> true, but if I use it I risk ending up in this same situation with out of sync disks if I screw it up again :)
<andre_pl> only thing that scares me is that I did manage to resize the array on these new disks for an extra 500GB or so, so i'm not sure the 2TB will suffice...
<andre_pl> even the 2TB it could allocate on these drives was more than was actually available on the 2tb drives
<andre_pl> i didn't fill it up, but the partitions are bigger
<patdk-lap> no, you don't
<patdk-lap> you only risk out of sync if you attempt to use OLD disks
<patdk-lap> not the ones currently in use
<patdk-lap> don't use parititons
<patdk-lap> just use the whole disk
<andre_pl> i've never done that before. does that mean i don't have to worry about the GPT tables or anything? just fail / remove one, and re-add the disk itself instead of the partition?
<patdk-lap> yep
<andre_pl> and hypothetically speaking, if I was an idiot.. (or if it won't let me use a 2tb drive in this array) I could just let it go degraded between swaps?
<patdk-lap> you could
<patdk-lap> at the disk of no protection if something happens
<andre_pl> do I lose the autodetect stuff if I don't use partitions?
<patdk-lap> no
<andre_pl> I've never seen that suggested, but it seems like the obviously superior method, so I'm wondering why...
<patdk-lap> the only thing you loose, is if you want to attempt to control the size to something smaller
<patdk-lap> you aren't able to load grub or anything onto the disks then
<patdk-lap> so if you don't use it as a boot disk
<patdk-lap> if you do, you need space for grub
<andre_pl> yeah no need for any of that junk. its just a pure storage array
<andre_pl> I'm going to attempt to swap in a 2TB now then... but I'm expecting some kind of complaint about the size mismatch
<andre_pl> I think I'll have to format it first since it thinks its part of the same array, things could get confusy
<patdk-lap> just wipe the first meg or so
<patdk-lap> dd if=/dev/zero of=/dev/.... bs=1M count=1
<andre_pl> awesome will do... need to shuffle some hardware around again first.. 1 spare monitor is not enough! :)
#ubuntu-server 2015-04-17
<andre_pl> this live disk doesn't have smartctl, how can I get the serial number of a drive? I'm not sure which one I just wiped :)
<sarnold> try lshw?
<andre_pl> there we go, thanks :)
<andre_pl> so, I booted my machine back into its original os (the same hardware that just had a working array) and on startup I get: mdadm: superblock on /dev/sdd doesn't match others - assembly aborted.  then a bit further down [....] Cleaning up temporary files...
<andre_pl> but it seems hung there
<andre_pl> it eventually booted but theres no sign of the array here... :\
<andre_pl> nothing in /proc/mdstat or mdadm --detail
<ebonics> having an issue with dovecot.. it's not sending AUTH LOGIN. if anyone can check if my configs are wrong thatd be great: https://dpaste.de/aqcb
<sarnold> ebonics: is there anything inthe logs?
<ebonics> sarnold, not in mail.log or mail.err, but i have a feeling it's just configured wrong
<sarnold> ebonics: does dovecot have its own log file?
<ebonics> sarnold, afaik it just logs to those two
<zerowaitstate> ebonics: it often does. rsyslogd has a config file that routes some syslog traffic to different files
<andre_pl> anyone have any thoughts as to why the live CD auto assembled my array, but an older debian install won't due to the non-matching superblock?
<andre_pl> or how I can safely correct it?
<ebonics> hmm ok ill investigate zerowaitstate thanks
<ebonics> ok sarnold zerowaitstate it's just using method=PLAIN
<ebonics> is there some reason why it would default to that?
<zerowaitstate> as opposed to what?
<ebonics> auth_mechanisms = plain login
<ebonics> isn't login a method?
<zerowaitstate> what type of login mechanism do you want?
<ebonics> i thought that "LOGIN" was a mechanism, which explains the AUTH LOGIN smtp packet header
<ebonics> i had it working before but i guess i broke something
<zerowaitstate> are we talking about SMTP or dovecot?
<ebonics> dovecot
<zerowaitstate> SMTP is Postfix, not dovecot
<ebonics> so when i telnet to port 587 what protocol is that ?
<zerowaitstate> ESMTP
<ebonics> which is dovecot right?
<zerowaitstate> which is being handled by Postfix, as shown in your dpaste
<ebonics> oh..
<ebonics> i thought that it just meant that dovecot was delegating to postfix
<ebonics> shouldn't it be going through dovecat?
<zerowaitstate> there is some interaction yes, because dovecot needs to know where postfix is storing messages for that domain
<zerowaitstate> postfix handles SMTP, dovecot handles POP3/IMAP
<zerowaitstate> I realize it's confusing
<ebonics> like for a mail client i have it configured to port 587 and under imap
<ebonics> and yet when i telnet to port 587 it's using ESMTP
<ebonics> so i don't really understand
<zerowaitstate> SMTP is what your mail client is using to SEND MAIL. IMAP is what your client is using to CHECK MAIL.
<ebonics> oh wow my mail client is using port 143.. what the
<zerowaitstate> they are two totally different protocols. for historical reasons, mostly, they are handled by two different software packages
<ebonics> okay i understand now zerowaitstate thanks
<ebonics> so really postfix is my problem zerowaitstate?
<zerowaitstate> are you having problems sending mail, or checking mail?
<ebonics> i'm hitting spambox in my tests when i send mail. so i tried telnetting and realised it wasnt sending the AUTH LOGIN packet so i assume that has to do with it
<zerowaitstate> hitting spambox...i don't follow
<ebonics> my mail is being sent to spam
<ebonics> because of some auth or validation related reason
<ebonics> ie. it wasn't hitting spam earlier and it was using AUTH LOGIN
<zerowaitstate> mail you are sending is being sent to the spam folder when someone else receives it?
<ebonics> when i receive it
<ebonics> yes
<ebonics> my server -> my gmail account
<zerowaitstate> ah, so you are testing by sending to yourself?
<ebonics> gmail spamboxes it
<ebonics> yes
<zerowaitstate> okay. unfortunately, the answer is "it's complicated"
<zerowaitstate> ebonics: your smtp server is functioning, however, Google does not fully trust it
<zerowaitstate> ebonics: there are a number of reasons that can happen.
<zerowaitstate> ebonics: lack of DKIM / SPF records for the domain can be one reason
<zerowaitstate> ebonics: the lack of SSL support server-to-server can be another
<ebonics> zerowaitstate, shouldn't it be using SSL
<ebonics> i implemented a cert
<zerowaitstate> ebonics: also, if you are sending from an IP block that is a previous known abuser, it may be blacklisted
<ebonics> and zerowaitstate thanks for the info, however i wasn't hitting spambox earlier and i noticed in my telnet adventures that it was sending AUTH LOGIN, while now it's not
<ebonics> so i feel like that's likely the problem at hand at this moment
<ebonics> zerowaitstate, are you saying the AUTH LOGIN is handled by postfix?
<zerowaitstate> ebonics: AUTH LOGIN is what the client sends, not the server
<ebonics> zerowaitstate, how :| i swear it was sending AUTH LOGIN earlier..
<zerowaitstate> ebonics: and yes, SMTP is handled by postfix, so the config you're interesting in is there
<zerowaitstate> ebonics: ah, yeah, you definitely have a postfix problem
<zerowaitstate> ebonics: it looks like you are operating an open SMTP without authentication
<ebonics> lol
<ebonics> :|
<zerowaitstate> ebonics: however there is a little caveat. It may be that postfix is set up to support pop-before-smtp which allows you to use smtp from an ip address without authentication if you used pop/imap from that same address recently
<ebonics> zerowaitstate, i haven't enabled pop3 as far as i know
<ebonics> zerowaitstate, shall i post my postfix conf?
<zerowaitstate> yeah, but the same is true for imap I believe
<ebonics> zerowaitstate, https://dpaste.de/yObJ
<zerowaitstate> I actually have to go in a sec. However, I would recommend you check smtp from a different IP address that has not checked mail via POP/IMAP to that server recently.
<ebonics> zerowaitstate, okay, thanks for the help.
<zerowaitstate> ebonics: based on my prior experience with dovecot, my guess is you checked mail from your computer, then ran your smtp test and it didn't attempt to authenticate you due to dovecot telling postfix via SASL that you were already legit.
<zerowaitstate> ebonics: the reason imap-before-smtp is used is so people putting in their email stuff on their phones, etc, don't have to enter a username/password twice for both imap and smtp
<ebonics> zerowaitstate, that's possible. i'm using thunderbird so it will be using my ip
<zerowaitstate> ebonics: i think it's poor security personally
<zerowaitstate> ebonics: but it's a very popular default configuration
<ebonics> zerowaitstate, it seems good for large scale systems for performance
<zerowaitstate> http://en.wikipedia.org/wiki/POP_before_SMTP
<zerowaitstate> http://wiki2.dovecot.org/HowTo/PopBSMTPAndDovecot
<ebonics> zerowaitstate, do you know how i can flush the session or whatever it is so i can do proper testing
<zerowaitstate> no idea, but it's probably in the dovecot docs
<zerowaitstate> since dovecot is handling the user database
<zerowaitstate> ebonics: performance has nothing to do with it. there is very little performance hit in checking a password, especially compared to doing things like TLS
<ebonics> zerowaitstate, there could be if the database isn't threadsafe
<zerowaitstate> ebonics: also, NAT screws up POP before SMTP
<zerowaitstate> ebonics: username/password databases are key value stores. it's very easy to make a key-value store threadsafe
<zerowaitstate> ebonics: anyway, I got to eat. take it easy
<ebonics> seeya zerowaitstate thanks for the help
<andre_pl> patdk-lap: as I suspected, mdadm says the 2TB is too small to replace the 3, so i'm going commando
<cyclob|work> hi guys, trying to set up munin cgi using this guide: http://munin-monitoring.org/wiki/MuninConfigurationMasterCGI but all i get is 403 forbidden :S any help on what to do
<patdk-lap> hmm
<andre_pl> is it basically fail & remove /dev/sdX1, then add /dev/sdX
<andre_pl> no format in between?
<patdk-lap> you can
<andre_pl> from your reply i gather there is a better way?
<patdk-lap> not really
<patdk-lap> have two options
<patdk-lap> get a larger disk to rotate with
<patdk-lap> or make your raid array with your 2tb, and copy it all over
<patdk-lap> and copy it all back
<patdk-lap> would be the only 100% safe way
<andre_pl> i'll take my chances with the swaps
<patdk-lap> doing a drop and add is ok
<patdk-lap> but there can be risk during the time
<andre_pl> by doing that as I said above, it will use the full disk instead of a partition, and I'll get the full 3tb each once it's all done?
<patdk-lap> it will see the full 3tb
<patdk-lap> but it won't use it till you tell it to grow
<patdk-lap> and it won't grow till your done
<andre_pl> ok I just saw something frightening
<andre_pl> resync claims to be WAY faster than last time, and if I'm reading it right, mdadm says there's only 2tb of data instead of 5ish
<andre_pl> Used Dev Size: is that per disk? or total occupied space?
<patdk-lap> per disk I think
<andre_pl> I guess I can mount it and see if anything is missing?
<andre_pl> it seem wierd that a ton of data would just disappear like that
<andre_pl> but i'm also worried about how the previous OS wouldn't reassemble the array
<patdk-lap> ya, per disk
<andre_pl> phew
<patdk-lap> Array size is total
<andre_pl> the resync is gonna take 350 mins.. last time it was 1200
<andre_pl> i dont think these disks are that much faster
<patdk-lap> newer faster disks
<andre_pl> possible I guess...
<andre_pl> scary.. I should have looked closer at the files to make sure they were all there
<ruben23> hi guys
<ruben23> i have an existing ubuntu server with apps - when i do  apt-get update does it effect the other apps installed or update them also..?
<ruben23> any idea guys
<sarnold> ruben23: how did you install those other apps?
<ruben23> i worry my server might get broken when i run  - apt-get update
<ruben23> they are install by package, some are by source
<sarnold> when you built packages by source, did you install them into /opt/ or /usr/local or did you install them into /usr?
<ruben23> /usr/local some are /usr/src
<sarnold> okay, those should be left alone, packages should leave /usr/local alone, some packages od install into /usr/src but that's mostly kernel headers, I think...
<sarnold> now, the packages, how did you install those packages? did you download .deb files and use dpkg -i on them? or did you add new repositories to your /etc/apt/sources* files?
<arcsky> i did chmod -R 700 /home/user and now all files are green
<lordievader> Good morning.
<jrwren> arcsky: dont' do that. :)
<ebonics> anyone know if its common for GNU mailman with default settings to be hitting gmail spambox on postfix (DKIM + SPF enabled) setup? i don't hit spambox when just sending through postfix
<arcsky> jrwren: how should i make it then? if i dont want other users to list my home dir?
<jrwren> arcsky: without the -R
<jrwren> arcsky: -R means recurse. It sets mode on all files and dirs in that dir recursiverly
<arcsky> jrwren: danke
<arcsky> jrwren: how can i switch back fist to default mode?
<jrwren> arcsky: you cannot.
<spyridonas> Hello guys i tried to setup postfix/dovecot with virtual emails but i recieve the following error "status=bounced (cannot update mailbox /home/admin//var/vmail for user admin unable to create lock file /home/username//var/vmail.lock: No such file or directory)"
<spyridonas> The mailbox path is wrong but i can't find it to change it , where is it located?
<spyridonas> Any ideas?
<spyridonas>  Hello guys i tried to setup postfix/dovecot with virtual emails but i recieve the following error "status=bounced (cannot update mailbox /home/admin//var/vmail for user admin unable to create lock file /home/username//var/vmail.lock: No such file or directory)"
<spyridonas> The mailbox path is wrong but i can't find it to change it , where is it located?
<strikov> spyridonas: http://www.postfix.org/postconf.5.html#home_mailbox
<strikov> 'Optional pathname of a mailbox file relative to a local(8) user's home directory.'
<spyridonas> Oh , how i see the user home directory?
<spyridonas> strikov : cat /etc/passwd says  vmail:x:2000:2000:Virtual Mailboxes,,,:/var/vmail:/usr/sbin/nologin
<spyridonas> strikov: can i modify it so its /var/vmail?
<strikov> spyridonas: it depends on what you want to achieve; 'If set, mail_spool_directory specifies an absolute path where mail gets delivered. Alternatively, if set, home_mailbox specifies a mailbox relative to the user's home directory where mail gets delivered.'
<strikov> spyridonas: you seems to have home_mailbox=/var/vmail which is probably wrong
<spyridonas> strikov: thanks this seems to fix it but no i don't recieve the email at all, and no errors to be found
<strikov> spyridonas: what did you do exactly?
<spyridonas> strikov: the logs says everything is ok
<spyridonas> strikov: i commented out the home_mailbox and set  mail_spool_directory to be /var/vmail
<strikov> spyridonas: i think you receive mail w/o any issues now but it gets placed to some unexpected folder
<strikov> spyridonas: it should be placed into /var/vmail then
<spyridonas> strikov: but i have virtual mailboxes that defined like that mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes
<spyridonas> strikov: but that's inside dovecot
<spyridonas> strikov: i also have "virtual_mailbox_base = /var/vmail"
<spyridonas> strikov: on postfix
<strikov> spyridonas: i'm not an expert but i assume that you have two options
<strikov> spyridonas: you either store mail for user X inside /home/X/<something>
<strikov> spyridonas: or you store all the mail inside /var/vmail/ and do sorting there
<strikov> spyridonas: which way you want?
<strikov> If you want 1st way (which is simpler) you do home_mailbox = Maildir/
<spyridonas> strikov: the 1st because virtual emails are stored like so "/var/vmail/domain/user/"
<strikov> and then (when you receive mail) mutt -f ~/Maildir
<strikov> this dir should exist i think
<spyridonas> strikov: that means i have to delete everything postfixadmin created and redo the whole virtual mail boxes setup....
<strikov> spyridonas: you want 2nd way then (I think) not 1st
<spyridonas> strikov: the problem is that the directories are variables
<spyridonas> strikov: i don't want all emails to /var/vmail , i want the email from admin@example.com to be on /var/example/admin/ and the email from admin@example2.com to be on /var/example2/admin.
<strikov> spyridonas: try to comment out both mail_spool_directory and home_mailbox
<strikov> spyridonas: it seems to me that you have a working config but this home_mailbox thing simply broke everything
<spyridonas> strikov: hmm... still nothing
<strikov> spyridonas: define 'nothing'
<spyridonas> strikov: i wonder why virtual_mailbox_base doesn't simple override everything
<strikov> spyridonas: check /var/vmail/*
<strikov> spyridonas: i assume that you should get mail to /var/vmail/%d/%n/Maildir as you defined in the config
<spyridonas> strikov: /var/vmail has nothing delivered to it and the domain folders i cant understard if something was just added
<spyridonas> strikov: the Maildir has .Archive, .Drafts etc...
<spyridonas> strikov: but nothing delivered to it
<strikov> spyridonas: Maildir is used only when home_mailbox is set
<strikov> spyridonas: you either use it or not
<strikov> spyridonas: we came to conclusion that you don't want to have it
<spyridonas> strikov: ok i dont want it then
<spyridonas> strikov: sure
<strikov> spyridonas: so, you don't have home_mailbox in the config?
<strikov> spyridonas: you don't forget to restart the thing, right?
<spyridonas> strikov: i do have it commented out because its relative the user
<spyridonas> strikov: home_mailbox
<spyridonas> strikov: relative to user means /home/vmail but i have it on /var/vmail. Should i just delete the Maildir part of "mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes"
<spyridonas> strikov: but then indexes doesn't exist...
<spyridonas> strikov: should i simply copy the folder to /home/vmail instead ?
<strikov> spyridonas: /var/vmail/%d/%n/Maildir means that mail will be stored at /var/vmail/<domain>/<user>/Maildir
<strikov> spyridonas: you either want this or not
<strikov> info@example.com will be store at /var/vmail/example.com/info/Maildir
<spyridonas> strikov: i don't mind if i copy it to the parrent folder, the problem is the parrent folder doesn't have indexes folder which its used latter
<strikov> spyridonas: i don't understand you problem
<spyridonas> strikov: "mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes"
<spyridonas> strikov: says on dovecot
<spyridonas> strikov: i can simple made it "mail_location = maildir:/var/vmail/%d/%n"
<spyridonas> strikov: but i wont have the indexes part
<strikov> spyridonas: for what reason?
<spyridonas> strikov: because i dont want to user Maildir
<strikov> spyridonas: you want to 'convert' existing mail database into a new hierarchy of folders?
<spyridonas> strikov: no i don't care the existing mail database is empty
<strikov> spyridonas: i don't know if Maildir name is required or not by some other components
<strikov> spyridonas: i'd stick with a regular way and don't invent the wheel
<spyridonas> strikov: i will delete i then
<spyridonas> strikov: if that doesn't work i will re-do it
<spyridonas> strikov: it doesn't work.. i will re-do it again, thanks for helping me out
<strikov> spyridonas: yw
<spyridonas> Hello guys is there any way to track a directory when new files are created?
<dasjoe> inotify?
<purplehorace> Hi looking for some help on a strange problem with ubuntu server and apache2
<purplehorace> I have the system set up and there is an index.html being served in /var/www/
<Sling> spyridonas: yeah, inotify could be used for this, you can let it 'monitor' a specific location
<Sling> use the google power to find out how exactly
<purplehorace> I have tried to remove the index.html to try and use an index.php but no matter what I do it always returns the content of the index.php even if I move it out of the way ???
<Sling> purplehorace: most likely due to browser caching
<spyridonas> Sling: Thanks, i can't recieve emails but i can't understand where the files end up.
<Sling> purplehorace: or do you mean it returns the contents of index.html instead of index.php ?
<teward> purplehorace: purge your browser cache and retry
<purplehorace> The browser is rendering the index.html and the server isn't serving the index.php even though its there.  I thought it should use the php if the html isn't there
<dasjoe> purplehorace: check /etc/apache2/sites-enabled/ for enabled sites and their docroot
<purplehorace> OK I'll have a check of settings, thanks
<Sling> purplehorace: make sure DirectoryIndex lists index.php before index.html
<Sling> but still, if index.html doesn't exist and your browser still 'gets' the index.html contents, its definitely caching
<Error404NotFound> How do I know which screen session i am connected to from within a screen session, assuming have multiple screen sessions running and I am connected to others too from same machine.
<Sling> Error404NotFound: screen -list will show the PID's
<Sling> so from within one of the screens do echo $PPID
<Sling> and that should correspond to one of them
<Error404NotFound> hmmm, let me try
<Sling> assuming your shell is a child process of the screen process
<Error404NotFound> Sling: awesome
<Error404NotFound> thanks
<spyridonas> Hey guys how can i change postfix default email save location?
<Sling> spyridonas: postfix is usually not the daemon 'saving' email
<Sling> its an MTA
<spyridonas> if i change home_mailbox = it only appends whatever i type to /home/username/whatever/i/typed/
<Sling> ah
<Sling> spyridonas: the most flexible would be letting postfix deliver it to procmail
<Sling> and then each user can have its own procmail rules
<spyridonas> Sling: i have already setup dovecot/postfix, currently it doesn't work because emails end up on wrong directories
<spyridonas> Sling: i have them setup with virtual domains and emails
<Sling> spyridonas: so what does your main.cf look like?
<Sling> you would normally have something like "virtual_transport = lmtp:unix:private/dovecot-lmtp" for a postfix+dovecot stack
<Sling> and then have lmpt listed in the 'protocols' section in dovecot.conf
<spyridonas> Sling: like this http://pastebin.com/mFjyh5uG
<spyridonas> Sling: i dont have what you said
<Sling> I see that
<Sling> is this a new setup you're building or/
<spyridonas> Sling: it's new i dont care if i loose emails, i followed this guide http://serion.co.nz/howto/howto-setup-mailserver-using-postfix-mysql-dovecot-postfixadmin-amavis-new
<spyridonas> Sling: i need postfixadmin
<Sling> why?
<spyridonas> Sling: map files are exactly the same with this guide
<spyridonas> Sling: i need to have multiple hosts with accounts end up in the same server
<Sling> what I use is mysql for storing the domains/maps/aliases
<Sling> like, virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
<Sling> which then contains something like http://paste2.org/I1BUI5O4
<Sling> then you can use SQL to manage your postfix stuff, or phpmyadmin, etc
<Sling> but maybe this is a topic for #postfix :)
<spyridonas> Sling: well i only need to change the directory , everything else works
<spyridonas> Sling: i can send emails , all emails have ssl, dmarc,dkim, and a bunch of stuff
<Sling> dovecot should be storing your incoming mails
<Sling> not postfix
<spyridonas> Sling: i can't recieve them because that config doens't work... :S
<Sling> ..
<tash> anyone know if you can configure unattended upgrades to notify only, but not actually upgrade?
<tash> i can't seem to find it in docs
<rbasak> tash: maybe --dry-run?
<rbasak> tash: you might have to modify /etc/cron.daily/apt though
<rbasak> tash: also note that you can run /usr/lib/update-manager/apt-check from a script
<rbasak> (I'm not sure that's "official" API though)
<ebonics> is it normal for mailman to be getting spam filtered by gmail with default settings (im using postfix with DKIM and SFP setup)? note: i dont get the same results with just postfix alone.
<lhorace> Hello
<lhorace> I have a KVM with 238MB.... Webmin fits nicely but when it runs apt-show-versions... OOM get's excuted
<lhorace> I am just curious, apt-show-versions needs a lot memory to run? I assume it loading stuff into MEM?
<ebonics> lhorace, https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04
<lhorace> ebonics: I know how... The KVM came with template but since you mention that
<lhorace> I am going to see if I can add swap
<lordievader> lhorace: Is apache running on the same box?
<lhorace> Nope, just mail box
<lhorace> just Postfix, webmin
<lhorace> sshd
<lhorace> There extra process that I am not using and I am going to kill
<lhorace> dbus,init, and kernel pids
<lhorace> I don't recall how to resize EXT4 so I am looking up that information
<lordievader> resize2fs
<lordievader> Anyhow 238Mb is really tiny...
<lhorace> The assigned size is... 9.9GB total with 1.1Gb in use
<lordievader> Assigned size of what?
<lhorace> For the plan that I have
<lordievader> What?
<lhorace> It's 238MB with 9,9GB
<lhorace> I am renting a KVM from a hoster and they assigned me 238MB with 9.9GB
<bekks> Can you pastebin "free -m" please?
<lhorace> I am also renting another KVM, which is 512MB, a bit bigger but I am using for something else
<lhorace> They are Cloud Service
<lhorace> http://pastie.org/10098764
<lhorace> Both have Ubuntu 14.04
<bekks> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<lhorace> bekks: I don't have issues with Webmin on Ubuntu
<bekks> For a small mailserver, the 154M free would be ok. For nothing else.
<bekks> Well, it isnt supported anymore on Ubuntu.
<lhorace> Okay, thanks
<lhorace> Umm, where you get 154M?
<lhorace> You adding the cache and free?
<lhorace> BTW, This box relays mail to another box
<bekks> Yes. Because thats the RAM available to applications.
<bekks> http://www.linuxatemyram.com/
<lhorace> That does the actual deveilvery
<lhorace> bekks: Thanks, I read up Linux memory management actually
<lhorace> If I sound dumb, not trying to be
<lhorace> I think swap of size 300MB should be good enough
<lhorace> I can't resize2fs, it's online
<lhorace> "resize2fs: On-line shrinking not supported", I am going to have to ask the admins to do it for me
<lordievader> What kind of filesystem is it?
<lhorace> Ext4, I am going to look into a swap file
<lordievader> Ah, shrinking... live extending is supported. Read that wrong...
<lhorace> yeah
<lhorace> I was going to make room for a swap partition since that's most recommended
<lhorace> swapfile is the most easiest fixed and the admins are not in the mood
<lhorace> bekks: lordievader http://pastie.org/10098824
<bekks> And?
<lhorace> Thanks for the suggestion, that really helped me a lot, wasn't sure how to solve the problem... I was thinking of disabling Webmin from running apt-show-version... When it runs, it jumps, then processes based on score start to be killed
<lhorace> bekks: Just show you I resolve the problem
<lhorace> bekks: Better?
<bekks> So you added a swap file then?
<lhorace> yup
<bekks> Did you change swappiness too, as well as changing the default behaviour of the OOM killer?
<lhorace> Uh, I was thinking about swappiness but as for OOM killer behavior.. I still have more to read
<lhorace> I think, with 60, that should be good enough, I am not sure I really want to go for agressive swappiness
<lhorace> KVM is on SSD
<bekks> Well, you actually dontwant to swap at all, if it can be avoided. So set vm.swappiness=5 or 10 in /etc/sysctl.conf
<lhorace> Hmmm, good point
<lhorace> I will see
<bekks> And set vm.oom_kill_allocating_task=1 too
<lhorace> What does that do?
<bekks> When you are running out of memory, the OOM killer starts to randomly kill processes until the situation is resolved. You actually never want that. You want the process which causes the situation to be killed.
<lhorace> bekks: Okay, my observation, apt-show-versions get's killed
<lhorace> Then, I have tmux
<lhorace> So, I don't see ramdoniess, thus far
<lhorace> webmin which is the parent, get's killed but the time span
<lhorace> The parent of 'apt-show-versions'
<bekks> So if tmux causes the OOM situation, and webmin gets killed, thats random death.
<lhorace> lol
<lhorace> Okay
<lhorace> I so a lot of tmux inovked OOM
<lhorace> s/so/saw/
<lhorace> For now, my critical serices keep running
<lhorace> services*
<lhorace> bekks: Actually, the template, so swapiness to 0
<lhorace> s/so/set/ I don't have great spelling skills
<bekks> So if tmux is causing the OOM, set vm.oom_kill_allocating_task=1 to make sure tmux gets killed then.
<lhorace> okay, set
<Peiniger> Iâm logged in to a server that is rejecting all new connections. In /var/log/auth.log Iâm seeing the following message:  Connection closed by myipaddress [preauth]
<Peiniger> Iâve restarted ssh and verified authorized_keys hasnt been changed.
<lhorace> Peiniger: not enough information
<lhorace> SSHD might be closing the connection just becaust
<Peiniger> What other info would you like?
<lhorace> You can put SSHD in DEBUG mode
<Peiniger> Can I put it in debug mode without losing my current connection?
<lhorace> Peiniger: openSSH spawns SSH clients
<lhorace> so, you can restart SSHD witout affecting your current session
<pmatulis> Peiniger: pastebin what you get with the client in verbose mode (ssh -v).  could be a number of things.  like permissions of .ssh directory or key files
<Peiniger> no problem. 1 minute please
<pmatulis> more v's are possible but one is usually good (ssh -vvv)
<Peiniger> http://pastebin.com/YXbp1ZGC
<pmatulis> Peiniger: so could be a few things.  but i would first check auth.log on the server.  pastebin the last few lines
<lhorace> Umm pmatulis you explain or can I?
<lhorace> Uhhh
<pmatulis> lhorace: go ahead
<lhorace> Well, the authentication mentods is publickey
<lhorace> That's why it faied
<lhorace> oops, failed*
<lhorace> There is not other method to try
<pmatulis> lhorace: ?
<lhorace> Well, with my SSHD, I might keep it to just publickey
<lhorace> But if you lose it, you need to find another way
<pmatulis> Peiniger: anyway, provide auth.log.  otherwise, this error can occur if you're connecting to the wrong user account or the public key is not installed in the remote ubuntu user's home directory
<Peiniger> pmatulis: the only sshd error im getting in /var/log/auth.log is Connection closed by myipaddress [preauth]
<lhorace> What SSHD tells me now is enough to know what is the problem
<lhorace> Some of you need to read the openSSH docs
<lhorace> It's clear as day in the pastebin
<lhorace> debug1: identity file /Users/someuser/Documents/someorg/ssh-keys/someorg-east.pem type -1 ?
<lhorace> that might be the problem
<Peiniger> lhorace: can you elaborate?
<sarnold> lhorace: but the command line asked for -i ~/Documents/someorg/ssh-keys/someorg-server1.pem and it appears it was tried.. debug1: Trying private key: /Users/someuser/Documents/someorg/ssh-keys/someorg-server1.pem
<lhorace> I keep my private key safe
<lhorace> On, I have Arch Linux, Ubuntu, etc severs... I usally disable the password or any other mechnasim of auth on SSH
<sarnold> Peiniger: are you confident the public portion of /Users/someuser/Documents/someorg/ssh-keys/someorg-server1.pem  is in the authorized_keys of the user account on the remote server you're tryingt ouse?
<Peiniger> I will double check
<lhorace> Except for publickey
<lhorace> sarnold: All the AUTH methods failed
<Peiniger> the output of my .pem file is a private key.
<Peiniger> what do you mean the public section?
<lhorace> I didn't know that you keep private keys in PEM format
<sarnold> Peiniger: most ssh clients store the privkey ina file named e.g. id_rsa and the public portion in afile named id_rsa.pub
<lhorace> Must be a new SSH feature
<sarnold> lhorace: I think the .pem format was a feature of the ancient commercial ssh
<bekks> The .pem file contains a SSL certificate, which is not a SSH key.
<bekks> Isnt it?
<Peiniger> âThe private key file is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.â
<sarnold> Peiniger: _browser_?
<Peiniger> from the amazon docs
<lhorace> As long of SSH that I have, I never seen SSH encode it in PEM format
<sarnold> lhorace: be thankful :)
<Peiniger> sarnold: i would ignore the browser piece
<Peiniger> must download instructions
<sarnold> lhorace: the old commercial ssh was verybadterrible
<lhorace> I want to help Peiniger
<Peiniger> Its for Amazon EC2 key pairs
<lhorace> make sure he solved his issue
<sarnold> lhorace: .. but this sounds like some funky amazonery rather than the old commercial ssh
<lhorace> sarnold: Don't care about the backround
<Peiniger> http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
<pmatulis> Peiniger: i can connect to Amazon instances with such a .pem key
<pmatulis> Peiniger: the problem is probably you didn't choose the proper key when you created your instance
<lhorace> It might end with .pem
<Peiniger> pmatulis: the instance has been around for a while now
<lhorace> the contents is different
<Peiniger> ssh suddenly stopped working
<Peiniger> i just happened to be logged in to it
<pmatulis> interesting, "suddenly stopped working"
<pmatulis> Peiniger: you have console access right?
<lhorace> SSH will spawn a process
<Peiniger> yesâ¦i should have said stopped receiving new connections
<lhorace> It stop working doesn't mean the deamon stopped
<lhorace> I said, before, but SSHD in debug mode
<Peiniger> lhorace: can i put it in debug mode without disconnecting my current session?
<lhorace> Peiniger: It could be your SHELL that disconnect you
<Peiniger> others are experiencing this problem too
<lhorace> Peiniger: If you currently logged and ROOT authority .. yes
<lhorace> SSHD spawns new process for clients under their priviledge
<lhorace> Peiniger: When you say others, I need to know what Ubuntu Version?
<Peiniger> lhorace: server is 14.04.1
<lhorace> Okay, I have 4 14.04.1
<lhorace> and Arch Linux.. etc
<lhorace> You asked me a few times if making changes will destro your current session
<lhorace> SSHD spawns Processes
<lhorace> It means depends on how the program is program that one process shouldn't effect another
<Peiniger> im with you. thanks for the explination
<lhorace> I wanted to make sure everthing was goign alright with you Peiniger
<lhorace> I just finish reading up on SSH and PEM
<Peiniger> I need to get a port opened to run in debug mode
<lhorace> That debug1: identity file /Users/someuser/Documents/someorg/ssh-keys/someorg-east.pem type -1
<lhorace> that was your problem
<lhorace> I took at my key, it's in PEM format
<lhorace> It's not*
<Peiniger> what is the problem?
<lhorace> PEM and SSH key are both base64 but when you decode it.. it means something else
<sarnold> I really don't think that's it; the command line asked for a specific (different) key, and that other key was tested later
<sarnold> here's a successful login to my isp with half-dozen of those "type -1" lines: http://paste.ubuntu.com/10841461/
<sarnold> I think you're better off putting that sshd into debug mode and hoping for more verbose messages that way
<lhorace> RIGHT
<Peiniger> Ill give that a shot once I can open another port
<Peiniger> thanks for your help
<sarnold> unforuntately I don't see much in the way of debugging messages when I search for "Connection reset by", they all show up on len==0 results from socket reads, e.g. http://sources.debian.net/src/openssh/1:6.7p1-3/packet.c/?hl=1137#L1137
<sarnold> so debug mode may not help much, but it's worth trying
<pmatulis> Peiniger: i asked before, did you confirm the public key is installed in the remote ubuntu user's home directory?  even though it "suddenly stopped working", it is good to check
<Peiniger> yes i did
<sarnold> Peiniger: check ls -ld output for ~ ~/.ssh ~/.ssh/authorized_keys on the remote server; if owners, groups, or permissions are the least bit wrong, sshd will refuse to use it; I'd expect it to log something about it on the server, but the client often has no visibility about why the public key didn't work
#ubuntu-server 2015-04-18
<pmatulis> yeah, the client will mention permissions on its own side only
<pmatulis> permissions, http://paste.ubuntu.com/10841546/
<sarnold> which is as it should be, but the first time you debug one of these things it's pretty annoying :)
<Peiniger> pmatulis: thanks
<lhorace> Didn't I say that SSHD should be in debug
<zzxc> Hey, I have a situation where I have userA and userB both belong to the same group. I have an issue where they are both share a directory that is owned but a group. If userA creates a directory or file then userB can't write in it and viceVersa because the premissions for the new directory are 755. Anyone know a way to fix this?
<lhorace> zzxc: Try ACL?
<lhorace> You can set which use irregardless of Permissions
<lhorace> s/user/
<mgooley> Hi everyone! I'm trying to come up with a solution for a DHCP/DNS server. I really like using Ubuntu server, but I only have a 1 GB drive and 1 GB of RAM to work with.
<mgooley> Any suggestions? I'm using an old Wyse thin client.
<Seveas> mgooley: get a raspberry pi and run raspbian. The cost of buying the pi will be offset soon enough by the electricity bill :)
<lordievader> Good morning.
<pmatulis> Peiniger: did you solve the ssh problem?
<andre_pl> i'm having some raid issues, I've gone through a week of trying to upgrade my drives and probably caused some problems in doing so.  I've got the following output from mdstat: http://pastebin.com/0fkr21EM
<andre_pl> the correct configuration is a single array of sd[abde]1
<andre_pl> i can assemble it that way and it seems to work fine, but on boot I always get back to this
<andre_pl> sometimes its sdd which is by itself, other times sda
<andre_pl> i feel like may be a side effect of an attempt I made to add the entire /dev/sdd device instead of partitioning it
<andre_pl> i since corrected that but maybe somethings left on the drive causing it to auto-detect incorrectly?
<HarryRSole> I'm having issues with Webmin. I just installed Webmin via ssh and set the user <root> and <password> so then when I try to log in I can't. I have copied it straight from terminal and pasted into webmin and get loggin failed. Can someone maybe help me with this?
<bekks> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<HarryRSole> Ok, I guess that I should check when a webpage gets published.
<bekks> Hmm?
<HarryRSole> I got my info from a linux home server guide, http://linuxhomeserverguide.com/server-config/NFS.php
<HarryRSole> Can you point me in a direction where I can find a guide that is current?
<bekks> That guid is at least 4 years old.
<bekks> HarryRSole: https://help.ubuntu.com/lts/serverguide/
<HarryRSole> thanks, I'll check it out.
<_1_niku> hi
<pelle2_> why doesn't find . -name â*.aviâ -type f -exec cp {} ./video \; work?
<pelle2_> does anyone have any clue what might be wrong with that command? nothing happens, no error message or anything
<bekks> Because of the weird characters before and after *.avi
<pelle2_> hm, ok
<pelle2_> should be " i guess
<bekks> Correct
<pelle2_> worked wonders now, thanks alot
<pelle2_> now i now that there are different " also
<Siilwyn> Hi people, it's late and I thought I would have it done by now but well... I just setup a new Ubuntu server, disabled root access and login in with a password only. Made a new user, gave it sudo access, also changed the port for ssh. But now when I try to SSH like: ssh newuser@hostIP -p newPort it returns 'Permission denied (publickey).'
<Siilwyn> So I looked into the authorized_keys file (which I put in the .ssh directory of the new user) through DO's direct access console and compared the key to the one I have on my local machine and they look the same.
<Siilwyn> What in the world could be wrong here? :/
<andre_pl> permissions on tthe authorized_key file?
<andre_pl> if they're not correct it will refuse to read it
<andre_pl> not sure what they need to be exactly
<andre_pl> ah: http://stackoverflow.com/a/6377073/61000
<Siilwyn> If this is it, dis gun be good! ;p
<andre_pl> make sure the file is owned by yourself as well, not root or something
<Siilwyn> andre_pl, would: -rw------- 1 earth root ... be good?
<Siilwyn> Or do I need to change the group as well
<andre_pl> probably the group as well, i believe users is the default
<Siilwyn> (Sorry I'm a newb when it comes to chown...) Just got permissions figured out.
<andre_pl> can anyone help with a lvm question? I've just created a new raid5 array and was able to pvcreate and vgcreate, but lvcreate tells me device or resource busy
<andre_pl> http://pastebin.com/rRtTnppn
<andre_pl> that's all the info I have on it
<Siilwyn> Thanks so much andre_pl!
<Siilwyn> I'm sorry I can't help you with your problem.
<Siilwyn> Would it be a good idea to remove the root user and the '/root' directory?
<andre_pl> no
<andre_pl> leave those
<Siilwyn> why? (If I may ask ;p
<andre_pl> the root user most of your non-user files, /usr /etc etc
<andre_pl> removing him would not be good
<Siilwyn> oh alright, ofc.
<Siilwyn> and what about the '/root' directory?
<andre_pl> that's his home dir
<andre_pl> theres no reason to remove it, and it might be bad, I dunno
<Siilwyn> okay, thanks for your answers
<Siilwyn> Just thinking about it, I got stuff secured now but people could get into my server just by logging into my DO account. Only passwords needed.
<Siilwyn> I guess there's no way to disable 'direct console access'? If you use Digital Ocean ofc...
<BZWingZero> I could use a little help. I have samba configured and am able to map the share from my windows computer.
<BZWingZero> However files created (within windows on the share) are not properly getting their permissions set.
#ubuntu-server 2015-04-19
<RusAlex> q: what command manages virtual machine resources settings kvm?
<lordievader> Good morning.
<Seveas> Hello, Anakin.
<lordievader> Hihi ;)
<RusAlex> q: im trying to add my own firewall rules to /etc/sysconfig/firewall script
<RusAlex> and the problem is I cant add rule like this : iptables -I FORWARD -p tcp -d <ip> -j ACCEPT, it is always comes as the last rule , after reboot.
<RusAlex> but /etc/sysconfig/firewall uses iptables --policy FORWARD FORBID
<RusAlex> so my rule does not work
<lordievader> RusAlex: Adding individual lines to iptables in a script is SLOW. Rather use the iptables-save and iptables-restore functionality.
<RusAlex> lordievader: ok, but it was default ubuntu script for iptables urles
<lordievader> RusAlex: Really? Quickly looking through [1] I do not see the script you are referring to. [1] https://help.ubuntu.com/community/IptablesHowTo#Saving_iptables
<lordievader> Not that I agree with the way that is presented there, but I guess that is a personal preference.
<RusAlex> im trying to understand what happens when kvm start with using bridge networking
<RusAlex> it add some of iptables rules, during startup I think.
<RusAlex> I want to figure out where it comes from
<RusAlex> because my iptables-restore command write my forward rule to the end of forward chain
<RusAlex> already after REJECT ALL bit
<RusAlex> so I understand that it's libvirt rules
<RusAlex> and they are loading before my iptables-restore command executed
<RusAlex> so maybe I have to prepend rules.. trygin
<RusAlex> trying
<lordievader> RusAlex: Libvirtd adds a few rules for the bridging/natting.
<RusAlex> yep, I understand this. Now I need to figure our how to set up my custom rule using libvrtd xml configs.
<devster31> hi, what's a good ircd to start with? I'm looking mainly for ease of use and basic feature support, I don't need ldap or sasl support
<oopaine> hi@ll, i like to use two network interfaces on my machine, but if i set up the second interface to a static ip address i could not load any packages; what is the right way to solve?
<sleepee> hello everybody, quick question here.  so i was using an ubuntu server as a kvm host and i want to reinstall the host OS... but, i want to save the kvm guests which are located /var.  whats the worst that could happen if i just reinstall and leave /var unformatted?
<lordievader> sleepee: You'd loose your vm definitions. Normally they are in /etc/libvirt/qemu/
<Mead> Hello all, about to install server to run a home server. Would there be any issue with ubuntu server running a emulator or playing media?
<darius93> anyone know how to make the kickstart format the whole partition without setting a specific size or could i omit the --size?
<samsn> lva
#ubuntu-server 2016-04-18
<echosystm> is there any way to run NFS on a port other than 2049?
<echosystm> i can't find anything on google
<patdk-lap> sure, you can specify any port you want
<patdk-lap> but the problem isn't really nfs, but all the other rpc stuff too
<patdk-lap> let alone portmapper
<patdk-lap> also try, man rpc.nfsd
<patdk-lap> then assign said options to RPCNFSDOPTS= in /etc/default/nfs-kernel-server
<coreycb> jamespage, ddellav or I will take a look at bug 1568971
<ubottu> bug 1568971 in horizon (Ubuntu) "Ubuntu Mitaka package fails to upgrade with SyntaxError: Undefined variable: '$helpPanelWidthDefault'." [Undecided,Confirmed] https://launchpad.net/bugs/1568971
<jamespage> gnuoy, ^^
<gnuoy> jamespage, ta
<devster31> I know it seems a stupid question, but how do I know what components are available for a given repository? for example, I have http://archive.ubuntu.com/ubuntu trusty universe , I can guess the trusty main and trusty contrib but what other are available?
<jamespage> coreycb, https://etherpad.openstack.org/p/newton-global-requirements
<jamespage> a session we should make sure gets attended...
<jamespage> has some fairly serious implications...
<patdk-wk_> is it not possible to run xenial in lxc yet? due to systemd/cgroup issue?
<coreycb> jamespage, oh that would be a nightmare, per project version requirements?
<jamespage> patdk-wk_, certainly is on xenial - not sure on releases before then
<patdk-wk_> running fully uptodate xenial with xenial inside an lxc
<coreycb> jamespage, I'll add that to my agenda, which I should put together :)
<patdk-wk_> init starts, but systemd fails, and so nothing else starts
<jamespage> patdk-wk_, not sure  - I'd go ask in #lxcontainers
<patdk-wk_> I should look into it some more I guess and attempt a bug report
<patdk-wk_> looks the same, but it might not be, bug #1347020
<ubottu> bug 1347020 in lxc (Ubuntu) "systemd does not boot in a container" [High,Fix released] https://launchpad.net/bugs/1347020
<jrwren> devster31: I don't really understand your question. Do you want to know which repos are enabled on a server? look at /etc/apt/sources.list and /etc/apt/sources.list.d/
<zul> jamespage: thats going back to the dark ages
<DirtyCajun> anyone know why server buntu doesnt allow for pre-release upgrades?
<ogra_> what do you mean by pre-release upgrades
<patdk-wk_> doesn't allow?
<patdk-wk_> it would be kindof difficult to upgrade to 16.10 though, at the moment
<teward> Unless his questio nis "How do I go from 15.10 to 16.04 before it's released"?
<patdk-wk_> but that is doable, or no one would be able to *test* 16.04
<patdk-wk_> or I have been doing it wrong for years
<FFForever> Hey hey. Where does bind9 keeps it logs?
<FFForever> I don't see anything under /var/log that could be bind related. Nothing in dmesg to hint to why the service won't start
<sdeziel> FFForever: /var/log/named
<FFForever> How do I enable caching of forwarded lookups?
<FFForever> (Bind)
<jrwren> FFForever: afaik its enabled by default and you would need to disable it.
<FFForever> jrwren, Hmm. /var/cache/bind only shows my one slave zone and managed-keys.bind. Is caching only done in memory?
<jrwren> FFForever: yes? I don't know. I have nothing for any zones in my /var/cache/bind, but I don't run any slaves.
<jrwren> FFForever: i've been a bind novice for 20 years. In that time I do not recall any disk cache.
<sruli> how can i install ubuntu 14.04 mini in uefi? or is there 16.04 beta mini in uefi available?
<rbasak> jrwren, FFForever: I concur. bind traditionally does memory caching with no disk option. Unless there's something new. I remember using some other daemon when I wanted the cache to persist across reboots, but that was possibly last century so something may have changed.
<patdk-wk_> it doesn't do disk caching except for things that MUSt servive a restart, like slave zones, dynamic updates, ...
<smellsLikeGoatSp> hello everyone, just a quick question here, is it possible to connect different clients to a TCP/IP server at the same time?
<citizenruin> hello
<jrwren> smellsLikeGoatSp: of course it is possible. Any TCP Server would be written to support it.
<smellsLikeGoatSp> jrwen: to explain what I need: so a friend of mine has a light control software called e:cue that connects to a LAS server (I believe) which is connected to a butler that controls the light via DMX. this software sends signals down the network using TCP/IP to ignite command to play sound in his RPi. This is done to avoid paying for the sound licence and only sticking to the lights. (continues)
<smellsLikeGoatSp> Now this system failed for one of the RPi and I was thinking of setting a separate server-client  TCP network to input the RPi with commands for the sound. I tested a tutorial using my LAN connection and worked out fine. I should try with an ethernet now. But I was wondering whether a server can listen to multiple clients simultaneously
<jrwren> smellsLikeGoatSp: i don't know any of the acronyms you just said. Most TCP servers are written to handle multiple simultanious clients.
<smellsLikeGoatSp> jrwren: thank you. I realise this acronyms are quite niche. I was taken care of in the meanwhile. thanks for your help though. appreciated
<tobyj> http://puu.sh/ona5d/491a2b83a0.png my fresh install of ubuntu-server minimal looks like this over ssh, how do i fix it?
<tobyj> i can't enter the password when prompted, it doesn't appear as stars like it usually does on a full install
<teward> tobyj: it's not supposed to
<tobyj> and my character encoding settings seem to be okay on either end
<teward> it'll still take your password
<teward> it just won't display stars
<teward> you can make it do that, but the default is to not display
<tobyj> is there any way to fix it though?
<tobyj> the character encoding issues
<tobyj> they appear to be set properly
<cliffer> is there anybody administrating a server using a ldap directory to manage domains (bind9) and email addresses (postfix/dovecot) and using a (not self written) gui willing to name his solution?
<FFForever> cliffer, I do. It's pretty straight forward to configure yourself without a ui
<patdk-wk_> oh? bind finally got a ldap backend
<cliffer> FFForever: i tried and tried to setup ldap->bind9 but the example file uses a missing ldap schema which is only included in freeipa
<cliffer> and since i discovered this, i thought there should be a more common solution
<patdk-wk_> I have always used powerdns for ldap
<cliffer> patdk-wk_: the pkg is named bind9-dyndb-ldap
<cliffer> patdk-wk_: if you want to give it a try, i have a virgin server setup :)
<patdk-wk_> absolutely not
<patdk-wk_> I dropped bind back in 2002
<patdk-wk_> and I don't ever want to use it again
<contumax> hi, there is no tty after ubuntu server 14.04 boot, but i'm able to ssh to the server, any help?
<devster31> jrwren: no, I want to know which components exist for a given repository, and which distributions there are, the repo url is something like: http://site.example.com/ distribution component1 component2 component3 but how do I know which are the components and which are the distributions available
<coreycb> jamespage, does this look ok to you? https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/horizon/commit/?id=0a2c97442a1f63a4d72ed14090132524e8226ec2
<jamespage> coreycb, maybe - does it fix the upgrade issue and is the dash still functional?
<coreycb> jamespage, it fixes the upgrade issue, but needs more testing
<jamespage> coreycb, you can test the packages by pointing your install at the serverstack keystone ip and using your credentials
<coreycb> jamespage, ok
<YamakasY> hi guys
<YamakasY> more people having issues with puppet and keeped kernels on the apt module ?
<coreycb> jamespage, I uploaded the new horizon package for mitaka with the upgrade fix
<Kallis> If i run a getfacl on a windows mounted directory , should it show me a list of ACL's on the directory/file assigned from the windows server ?
<Kallis> the windows share is mounted with  acl enabled
<max3> how do i up the log level of apache in /etc/defaults/apach2?
<max3> what's the env variable i have to set?
<sarnold> Kallis: linux acls are not samba acls
<FFForever> cliffer, Huh? I have a win2012 ad and setup a zone transfer from the ad dns to bind
<cliffer> FFForever: sounds good.
<cliffer> i'm trying to setup it, i think i know how to do it. if i have questions, i love to be able to come back to you
<cliffer> but i thought perhaps there is an ui for it since it is a common task
<FFForever> Meh. SSH is faster once you get everything setup.
<FFForever> Zone updates are handled automatically, email provisioning is handled via ad so it's semi automated.
<cliffer> but i have no ad and i thouzght there might be a gui for it
<Kallis> how can i check the ACL's are copying from the windows server to the linux box when using the rsync -A command
<FFForever> If you don't have an existing forest check out Zentyal (it's built on top of Ubuntu)
<sarnold> Kallis: iirc samba stores them in xattrs in the security.* namespace -- try lsxattr on the files in question
<FFForever> With how you phrased your question earlier it sounded like you had an existing domain that were expanding
<Kallis> sarnold, i will try that now
<sarnold> Kallis: err, sorry, try attr -l
<Kallis> sarnold, ok trying now
<Kallis> so running attr -l 00\ -\ PROJECT\ REF/ on that directory gives me no information at all
<sarnold> Kallis: how about files in the directory?
<Kallis> sec
<Kallis> sarnold, attr -l Processes\ For\ NEW\ Projects.docx again no information, tried with sudo as well, that file is located on the ubuntu box, having been copied with rsync -aAX
<sarnold> Kallis: what filesystem was the source? what filesystem was the destination?
<sarnold> Kallis: it looks like -a doesn't copy extended attributes by default, does adding -X fix it?
<Kallis> sarnold, source is ntfs destination is ext4
<genii> Heh, NTFS
<sarnold> Kallis: ah so no samba involved? I'm going to guess there's no way to bring over the acls then
<Kallis> sarnold, yes, no samba involved yet, the plan is to move the entire fileserver over to the ubuntu box and samba, I was just hoping I could preserve all ACL's so users could still just login with LDAP and have all the correct access to files and directories
<sarnold> Kallis: you -might- have success if you put the ntfs filesystem into a windows machine, set up samba on your ubuntu machine, and try using windows to copy from one to the other. explorer.exe may have a configuration option somewhere for "retain ownership and permissions" or something similar. I hope.
<Kallis> sarnold, I know powershell has a copy acl switch, so maybe I will try setting up samba first
<sarnold> Kallis: ah that sounds promising
<Kallis> sarnold, I will go get that all configured now, thanks for the advice
<sarnold> good luck, let me know how it works out, probably someone else will want to do the same thing :)
<Kallis> will do man
#ubuntu-server 2016-04-19
<fifty> yo hello guys whats up, what are u guys doing?
<IdleOne> you got a lot of time to waste
<IdleOne> Why don't you go play a game or something
<fifty> Just because i help people and ur just sittin there and banning people who writes not correcly :D
<fifty> And just doing nothing?
<fifty> Great job.
<fifty> lspci was needed ;) worst admin ever :D
<llinguini> Anybody has any experience running mail servers?
<llinguini> What's the best way to go about it? mail-in-a-box?
<sarnold> there's a lot of moving pieces with email; and modern antispam tools seem like the sort of thing that eat souls. can you let google handle it instead?
<sarnold> if you have to do it yourself, pick one piece at a time and work on it, keep a good eye on the logs, and test each layer by hand when you can..
<sarnold> where "one piece at a time" means e.g. local delivery or local submission for remote delivery or imap4 or pop3 or dkim or .. whatever the other thing is that's like dkim :)
<llinguini> sarnold: Do you think paying $5/month for a google apps is worth it?
<llinguini> That's what I'm thinking about, because I already pay $5/month for a digital ocean droplet. If it's that much more work then I guess it would be worth it
<sarnold> llinguini: it'd certainly be work $5 / mo for me :) (heck, i'm paying more htan that per month for an ancient he.net account with way worse email..)
<sdeziel> $5/month is really cheap in comparison of the time you'd need to put in your hand made mail stack
<sarnold> yeah
<sarnold> if you're doing the mail stack because you want to learn how to do it and don't want to hand it over to google, well, that's one thing.
<sdeziel> true that ^^
<sdeziel> mail is fun but tedious too
<sarnold> fifteen years ago I had good fun setting it up..
<llinguini> Well, I mostly need it so I have a more professional email address. Not saying I'm not interested in learning about setting up the stack.
<llinguini> Just maybe not worth my time if it takes that much time to set up.
<sarnold> yeah that sounds like an ideal candidate for just paying google to do it for you.
<sarnold> (which one of these days I'm going to get around to doing for myself. I'm just a very lazy person.)
<ruben23> hi guys anyone can help with this command somehow ------> isql -v MySQL -cdr.awayin.net.au aaaaaaaa bbbbbb   ----------> i get this error somehow [IM002][unixODBC][Driver Manager]Data source name not found, and no default driver specified and [ISQL]ERROR: Could not SQLConnect
<cliffer> Critical extension is unavailable: unable to start SyncRepl session is used using bind-dyndn-ldap: http://pastebin.com/cqwx5Lqk FFForever any idea?
<cliffer> it seems as if base is not set but should be set in /etc/bind/named.conf.options
<DelphiWorld> hi ubuntuyists
<DelphiWorld> i am trying to compile tbs dvb drivers but getting lot of unknowne symbols up on loading them
<DelphiWorld> anyone know of this situation?
<RoyK> DelphiWorld: no idea, but what is TBS DVD? And if you could pastebin the errors, it might be easier
<RoyK> !pastebin | DelphiWorld
<ubottu> DelphiWorld: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<DelphiWorld> RoyK: tbs is a brand, making DVB (digital video broadcasting) card
 * DelphiWorld rebooting ... wait
<DelphiWorld> yo
<DelphiWorld> RoyK: paste: http://paste.ubuntu.com/15927094/
<RoyK> DelphiWorld: pastebin output of uname -r and modinfo tbs_pcie_dvb
<DelphiWorld> i made it to work RoyK
<RoyK> what did you fdo?
<RoyK> what did you do?
<DelphiWorld> RoyK: removed the media drivers
<DelphiWorld> RoyK: and redid make install for my drivers
<DelphiWorld> all went well!!!
<RoyK> :)
<DelphiWorld> :P
 * DelphiWorld love DVB
<_KAMI_> Hi!
<_KAMI_> After http://www.ubuntu.com/usn/usn-2950-1/ security update the ldap connection to smb ldap has stopped. Do you have ide what went wrong or what was misconfigured in my system?
<_KAMI_> Thank you in advance!
<mdeslaur> _KAMI_: is that using owncloud?
<_KAMI_> We doesn't use owncloud but we use few other software that uses ldap of samba for user authentication
<mdeslaur> _KAMI_: you need to use ldaps, or re-introduce the security issue by adding "ldap server require strong auth = no" to your config
<_KAMI_> okay I will set up things to enforce ldaps everywhere
<mdeslaur> _KAMI_: see https://www.samba.org/samba/security/CVE-2016-2112.html for more info
<_KAMI_> mdeslaur: thank you for the information
<_KAMI_> We will go to ldaps for all connection
<devster31> given the choice between a start-stop-daemon init script and an LSB compliant one which should I prefer?
<cliffer> Critical extension is unavailable: unable to start SyncRepl session is used using bind-dyndn-ldap: http://pastebin.com/cqwx5Lqk FFForever any idea?
<coreycb> jamespage, I tested horizon in trusty mitaka staging and it's ready to promote
<jamespage> coreycb, ack doing so now
<autofsckk> hello everybody, i have a little problem, im getting some strange behaviour from a ubuntu box, i have 3 NIC's there with this chip  "Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 06)"  i found some strange output in dmesg showing the nic going down and up a bunch of times, i read about the driver r8169 having some troubles in
<autofsckk> ubuntu & debian, but i want to know if ...
<autofsckk> ... that could be really affecting my server performance, i mean if that problem could be making some disconnections
<jrwren> autofsckk: check, test, or replace the cables? it could be a bad cable.
<autofsckk> jrwren -> i have several servers with this chip/problem i get some strange things going on, i know it could be a bad cable but on all the machines?
<jrwren> autofsckk: not likely.
<autofsckk> the thing i would like to know if somebody here have had this chip and if the have had problems with it
<jrwren> autofsckk: sorry. mine are all RTL8168evl/8111evl and RTL8168c/8111c
<autofsckk> i found there's a module replacement from realtek r8168 that i already did on a test machine, but i dont know how to test it before putting it on production, because the place where i should put it is like 3 hours from here :/ jajaja and that is the shortest
<FFForever> cliffer, Did you check out zentyal? I haven't personally used the bind ldap module before
<cliffer> FFForever: no, i could check there for reference values
<FFForever> Possibly. Load it up on a vm and see how they do things.
<hallyn> say - i seem to vaguely recall a website that let you search 'all the code in debian packages' ?
<hallyn> was that in a dream, or does that exist?
<Odd_Bloke> hallyn: https://codesearch.debian.net/ ?
<hallyn> Odd_Bloke: rockin', thanks
<Odd_Bloke> hallyn: (Guess what I typed in to Google ;)
<hallyn> you're supposed to hand me a lmgtfy link then
<Odd_Bloke> I vaguely recalled that website, but couldn't work out how to find it. ;)
<hallyn> ugh, http://sources.debian.net/src/kde4libs/4:4.14.14-1/kpty/kgrantpty.c/?hl=101#L101  of to a terrific start
<sarnold> it's super-handy to assign it a keyword for searching; I use o dcs <foo> in pentadactyl a few times a day.. ;)
<hallyn> sarnold: or a function in edbrowse :)
<hallyn> but (obviously) i've had far less need for it than you
<sarnold> hallyn: ooh you can do that? :) I only gave edbrowse ten minutes of trying the other day.. it looked promising but I don't know ed well enough to feel at home in edbrowse :(
<hallyn> sarnold: yup, nicely scriptable.  in some ways easier to do (if you are using multiple pages) than scripting around wget
<sarnold> hallyn: then it obviously deserves more of my time :) thanks
<jge> Hey all, anyone in here ever used xmllint to extract multiple values out of an xml page?
<YamakasY> anyone an idea why kernels are still not autoremoved ?
<YamakasY> old ones, I need to run auto-remove for it
<jge> I have this command working: curl -s http://app-01-prod:8080/manager/status?XML=true | xmllint --xpath "string(/status/connector[@name='\"http-bio-8080\"']/requestInfo/@requestCount)" -
<jge> but it only fetches one of the values I need
<jge> I need @requestCount and @bytesSent
#ubuntu-server 2016-04-20
<DR_Moreau> hi everyone
<lunaphyte> hi.  hostname --fqdn and dnsdomainname don't work, but it appears to me that by all accounts they should: http://dpaste.com/17VP3HP.txt
<grendal_prime> hola
<grendal_prime> peaches
<nacc> lunaphyte: that's almost certainy a configuration or local network issue ... what does `hostname --all-fqdns` provide, if anything?
<lunaphyte> nacc: aha, that returns the desired result:  "foo.example.com"
<nacc> lunaphyte: read `man hostname` :)
<nacc> lunaphyte: iirc, it says to never use --fqdn :)
<lunaphyte> i have been
 * lunaphyte looks again
<nacc> lunaphyte: under "THE FQDN"
<lunaphyte> "If a machine has multiple network interfaces/addresses or is used in a mobile environment" - it's not
<lunaphyte> it's a bare bones, minimal server install, with only eth0 and lo, and a single address for each
<lunaphyte> the actual symptom which led me here is sudo complaining: "sudo: unable to resolve host foo"
<nacc> lunaphyte: anything funky in /etc/hosts?
<sarnold> it might be easiest to ensure the hotsname is in /etc/hosts
<nacc> sarnold: ack
<sarnold> it's customary to give the hostname 127.0.1.1 and leave 127.0.0.1 for 'localhost'.
<lunaphyte> http://dpaste.com/1W52WFC.txt
<sarnold> nacc: bingo :D
<sarnold> lunaphyte: add 127.0.1.1 foo foo.example.org  to your /etc/hosts :)
<lunaphyte> heh, sort of
<lunaphyte> there should be no need to
<lunaphyte> the hostname is perfectly resolvable
<lunaphyte> doing that causes other problems, and the presence of that silly pretend address is only to satiate bugs in certain software [e.g. gnome]
<sarnold> good poiunt
<sarnold> but it's been a decade or more since i've seen a host without the 127.0.1.1 alias for the hostname, so I can't really say one way or another if what you're seeing is strange or not
<nacc> lunaphyte: you could strace `hostname` to see what's complaining
<lunaphyte> nacc: i was just thinking that, yeah
<sarnold> lunaphyte: maybe this means your /etc/nsswitch.conf needs fiddling?
<tarpman> lunaphyte: just to double check, reverse dns is working as well as forward? i.e. hostname -> ip -> fqdn round-trip
<lunaphyte> ah, let's try putting dns first
<lunaphyte> tarpman: yeah, both are good
<lunaphyte> http://dpaste.com/26G71D1.txt
<nacc> lunaphyte: where are you current defining your hostname and domain? /etc/hostname?
<lunaphyte> yes, /etc/hostname contains "foo"
<lunaphyte> sudo seems to ignore the nsswitch config somehow
<lunaphyte> nsswitch.conf looks typical to me: http://dpaste.com/35RRWD8.txt
<lunaphyte> [well, i just switched the hosts db order]
<lunaphyte> i've tried both "hosts: dns files" and "hosts: dns"  sudo doesn't seem to care
<lunaphyte> i've just installed a kernel update, so time for a quick reboot and then i'll see what strace reveals
<lunaphyte> if there's interest in complete hostname strace output, i'll pastebin it.  it's not too long, but if not, that's fine
<sarnold> you've piqued my curiosity :)
<lunaphyte> sure, one moment
 * patdk-lap never uses 127.0.0.1 for the local hostname
<patdk-lap> would totally break my software that bind to the ip, and not localhost
<lunaphyte> http://dpaste.com/3TEJW3Z.txt
<lunaphyte> i see dns queries with tshark too
<lunaphyte> i have to step awayfor just a bit
<lunaphyte> *away for
<lunaphyte> http://dpaste.com/18NQXT8.txt
<sarnold> lunaphyte: is that second paste showing that the dns server doesn't know the address?
<nacc> sarnold: lunaphyte: does `hostname` actually parse /etc/hosts? looking at the strace, it feels like it read in the file, didn't find what it wanted and errored out
<patdk-lap> indirectly, libc did that
<lunaphyte> sarnold: yeah, i noticed that too.  i'll look at the logs on the dns server answering those queries.  it seems odd at first glance
<lunaphyte> oh no.
<lunaphyte> ugh.  this is awful.  i have just wasted 1+ hours of everyone's time :(
<sarnold> ooh did you solve it?
<lunaphyte> template-ubuntu-1404 != ubuntu-1404-template
<sarnold> doh :)
<lunaphyte> my most sincere apologies.  that is woefully absurd
<lunaphyte> i guess i was probably overdue for a "you're an idiot" moment.  seems i need a few of those every now and again to ensure my humility remains intact.  :)
<sarnold> somehow they happen more frequently _after_ going on irc, don't they? :)
<sarnold> oh well, you got it sorted out.
<lunaphyte> yeah, all is well.  thanks for enduring
<Starn88> hello, i've been running into issues with Citadel server. as the citserver stuff is running webcit is running but when i try to connect to say localhost or the ip or domain the webcit gives me it's little error "This program was unable to connect or stay connected to the Citadel server. Please report this problem to your system administrator."  i've followed all of their instructions
<Starn88> netsta -lpn shows all the citserver's running shows webcit is running and on the proper port. i had everything working but i wanted to do a reboot to clarify in a sitiaution of crash power outage or other unforseen events that everything would work after booting back up that's when everything stopped working like it should that's when webcit started giving me the error and netstat -lpn
<Starn88> is showing everything is running. a simple test email from my web server was able to send a varification email. so smpt is working.
<Starn88> i just can't get webcit working right
<sarnold> is there any chance that they give you a useful error message in a log file somewhere?
<sarnold> "unable to contact or stay connected" is nearly useless
<sarnold> no, I take that back, it is useless..
<Starn88> sarnold, i completely agree that it's useless. if they do have a log file i cannot find it
<sarnold> damn
<Starn88> sarnold, i've been working on trying to resovle this issue my self for the past couple days even eventually said eff it and tried postfix and dovecot but my webserver didn't like those two
<sarnold> is the server bound to the proper IP address? is the client running on the same system or a different system?
<sarnold> is a firewall blocking it? local to the server, local to the client, or on any systems between?
<Starn88> i've tried client locally and externally. the server is on a proper ip. with domain. and the ports are open
<sarnold> can you connect to the server from the client using a simple tool like netcat or telnet?
<Starn88> to help the server runs on NFOServers.
<Starn88> yeah telnet connect to the citserver stuff. the website sends emails using the citserver.
<sarnold> is that a cloud provider thingy? or more traditional vps provider? you may need to fiddle with "security groups" there.. (AWS terminology, sorry)
<Starn88> only thing telnet isn't getting a communications from is the webcit
<Starn88> traditional vps and dedicated.
<Starn88> they leave all ports open they leave it to the end user to close the ports
<sarnold> was it working for a while and then stopped? or has it never worked? or..
<Starn88> it worked perfect when i first installed it. rebooting ubuntu is when issue arise.
<Starn88> it's been driving me bonkers. i'm half tempted to pay someone to properly setup and secure postfix and dovecot
<Starn88> sarnold, by the way their error page does give you a link to " http://www.citadel.org/doku.php/faq:generalquestions:webcit_unable_to_connect "
<Starn88> sarnold, but even after following those and doing as they said to varify servers are running.  if postfix and dovecot have a web-based user interface i'll happily use it i do believe it can work with spamassassin and clamav
<sarnold> hah that's just as useless -- a consequence of the original error message being useless. sigh.
<sarnold> Starn88: web-based thing.. roundcube seems popular, squirrelmail (used to be?) popular.. there's probably more choices in the archives, but I don't know them by name..
<Starn88> sarnold, hmm i'll investigate roundcube. i have a deadline to get this stuff setup by sunday fully functional.
<Starn88> sarnold, this roundcube looks nice. very nice
<Starn88> sarnold, give me about ten minutes i'll varify that it works
<sarnold> Starn88: \o/ :)
<norc> Hi. How can I change the current nameserver directly?
<Starn88> sarnold, i got that roundcube working ontop of the citadel server.
<Starn88> sarnold, also fixed my dns mx records to allow it to receive emails. thank you so much! this roundcube will allow the admin and their staff to reply to emails.
<jamespage> Odd_Bloke, around?
<jamespage> Odd_Bloke, gaughen: hey - so we just tripped on an issue with final xenial testing of openstack
<jamespage> Odd_Bloke, gaughen: the naming of network devices on cloud instances is no longer ethX
<jamespage> was that an intentional change?
<frickler> jamespage: what interface names are you seeing? I'm getting "virtio_net virtio0 ens3: renamed from eth0" but only with debian-testing, so I was blaming their image for that. I'm still running from a week-old snapshot though, so I might be missing some more recent changes
<jamespage> frickler, latest xenial cloud image on an openstack cloud
<jamespage> syslog:Apr 20 08:06:00 ubuntu kernel: [    3.491798] virtio_net virtio0 ens2: renamed from eth0
<frickler> jamespage: looks similar to mine, let me recheck with a recent image
<frickler> jamespage: o.k., I'm also getting ens3 with build 20160418. with build 20160412 everything was still fine
<frickler> jamespage: the other image I am seeing the same behaviour with is http://cdimage.debian.org/cdimage/openstack/testing/debian-testing-openstack-amd64.raw which is from 2015-10-05, so I doubt that this is a recent change or something done intentional on the Ubuntu side
<Odd_Bloke> frickler: So Ubuntu Server has used the systemd interface naming this entire cycle.
<Odd_Bloke> frickler: But because clouds tend to assume that interfaces will be named eth0, we needed some work in cloud-init to enable that in the cloud images.
<Odd_Bloke> frickler: That work landed ~2 weeks ago, so we made the change last week.
<Odd_Bloke> frickler: So it is an intentional change. :)
<Odd_Bloke> Albeit a late one. :(
<jamespage> Odd_Bloke, shame its broken all of our xenial functional testing for openstack...
<jamespage> on the day before release..
<frickler> ah, just found https://bugs.launchpad.net/ubuntu-on-ec2/+bug/1510345
<ubottu> Launchpad bug 1510345 in cloud-init (Ubuntu Xenial) "[SRU] Cloud Images do not bring up networking w/ certain virtual NICs due to device naming rules" [High,Triaged]
<Odd_Bloke> frickler: Right, see comment #17 from Martin Pitt; that's what we're now doing.
<Odd_Bloke> jamespage: Urgh, I'm sorry. :(
<frickler> Odd_Bloke: can you point me to the patch that you did? so you had net.ifnames=0 and are now doing exactly what?
<frickler> it is also sad that the cloud images are hardcoded to using just one interface, we regularly use multiple ones and have to amend the images in order to do DHCP on all of them
<Odd_Bloke> frickler: http://bazaar.launchpad.net/~ubuntu-core-dev/livecd-rootfs/trunk/revision/1365 is the livecd-rootfs change.
<Odd_Bloke> There are cloud-init changes that meant we could stop having ENI.d/eth0.cfg; let me track those down.
<Odd_Bloke> (FWIW, we would now expect cloud-init to consume network_data.json correctly.)
<frickler> looks like the cloud-init changes do not work, the image still is trying to do networking on eth0: "networking[194]: Cannot find device "eth0""
<Odd_Bloke> frickler: So there isn't really one cloud-init commit to point to, http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/files/head:/cloudinit/net/ contains some of the relevant bits.
<jamespage> Odd_Bloke, can you confirm exactly which cloud image build picked up this change? I'm trying to bisect why we only just started seeing this today...
<Odd_Bloke> jamespage: So we were _also_ having some sync problems due to rotating SSH keys because of a leaving team member; those only got fully resolved (we hope Â¬.Â¬) in the last 48 hours.
<jamespage> Odd_Bloke, so up until the last 48 hours, our cloudimages did eth0
<Odd_Bloke> jamespage: So "older than today" cloud images probably had it, but either weren't getting to cloud-images.u.c or weren't in streams.
<frickler> jamespage: 20140416 is working, but it does indeed set up networking properly on ens3 instead of eth0
<jamespage> frickler, when did that get into the streams?
<jamespage> frickler, our cloud feeds off stream data, so if the stream was old, then we would not have got new images...
<frickler> jamespage: I just downloaded that from https://cloud-images.ubuntu.com/xenial/20160416/
<jamespage> frickler, sorry - those questions where mean't to be directed at oddbloke
<jamespage> Odd_Bloke, ^^ ?
<frickler> still interesting that it was working with ens3 intermediately, while it was using eth0 earlier
<Odd_Bloke> frickler: Can you pastebin the cloud-init.log from a 20160418 instance that you're seeing bad behaviour on?
<Odd_Bloke> jamespage: We can't see the sync logs, so I'm asking IS on #is if they can.
<frickler> Odd_Bloke: jamespage: it seems that 20160418 is indeed working, too, see http://paste.ubuntu.com/15943256/ . I only checked for the interface rename happening earlier and did not check whether the instance configured its network correctly in the end
<Odd_Bloke> frickler: OK, phew.
<frickler> so in fact all is well, at least from my side, except some people may get confused when they see ens3 now instead of eth0
<frickler> Odd_Bloke: yeah, sorry for giving you a bit of adrenaline rush here :D
<Odd_Bloke> frickler: :)
<frickler> just by the similarity of the message with what I had seen earlier in debian-testing I was false assuming that the error would be the same
<YamakasY> ok, any good alternatives compared to PandoraFMS ?
<hateball> YamakasY: have you tried Zabbix
<hateball> I did not like Zabbix. But it's an alternative :p
<hateball> Depends what you need to get done, nagios or icinga works just fine as well
<YamakasY> hateball: yeah never liked it
<YamakasY> I think opennms is ok
<Impaloo> Which clock does the cron service run against?
<Impaloo> It's either misconfigured by 6 hours, or it's running on a different timezone that I've configured elsewhere (looking at timestamps in logs).
<Impaloo> s/that/than/
<ddellav> coreycb cinder point release ready for review/push lp:~ddellav/ubuntu/+source/cinde
<ddellav> r
<jamespage> bug 1569035
<ubottu> bug 1569035 in python-formencode (Ubuntu) "Packaging error causing installation to /debain/usr/..." [Undecided,New] https://launchpad.net/bugs/1569035
<jamespage> lamont, roaksoax: bug 1569035
<ubottu> bug 1569035 in python-formencode (Ubuntu) "Packaging error causing installation to /debain/usr/..." [High,Confirmed] https://launchpad.net/bugs/1569035
<coreycb> ddellav, me looks
<coreycb> beisner, when you get a chance, python-oslo.messaging 2.5.0-1ubuntu2~cloud0 is ready to be promoted to updates in the liberty UCA.  the wily versions were just promoted.
<jamespage> coreycb, already done it
<coreycb> jamespage, awesome thanks
<ddellav> also coreycb my neutron is passing now, not sure why it was failing before
<coreycb> ddellav, ok let me know when it's ready for review.  cinder is uploaded and awaiting sru team review.  once we get all the packages uploaded can you subscribe the sru team to the bug?
<ddellav> coreycb it's ready, same repo i gave yo ubefore
<ddellav> coreycb sure
<coreycb> ddellav, ok
<lamont> jamespage: interesting
<hallyn> rharper: smb: gah, i'm having a failure to load architectural diagram in my head.  How does 'qemu64' relate to 'pc-i440fx-trusty' ?
<smb> hallyn, I think its basically the effect of using that compat_bla_... function. It keeps the previous hw definitions as is but changes stuff for newer ones
<rharper> qemu64 is the cpu
<rharper> unrelated to the system collection of devices
<smb> hallyn, roughly... from my memories which might be tainted
<rharper> qemu64 is an alias for a subset of cpu features (meant to have greater compat across migrations) hiding vendor specific flags
<hallyn> rharper: so when i start a pc-i440fx-trusty machine type on an amd host,
<rharper> the pc-i440fx-trusty is a machine alias
<smb> rharper, I just think that the upstream change meddles with the definition of the cpu based on what hw type one uses
<hallyn> can it be qemu64 cpu type?  or is it a different one?
<rharper> which specifies a set of configurations (which devices)
<rharper> smb: it's been a while since I examined in detail but it shouldn't be variable w.r.t host cpu
<rharper> hallyn: yes, the -M  is independent of -cpu
<hallyn> we currently force VMX on for qemu64.  wondering whether i can add both VMX and SVM to the same thing :)
<smb> rharper, it kind of is that and the other as well just to make it more fun for you
<rharper> try it out -cpu qemu64,svm
<rharper> err, +svm
<rharper> smb: hallyn , maybe they do per-vendor stuff like +svm instead of +vmx if host cpu is amd
<rharper> there's a definition file for the cpu types..
 * rharper runs find 
<smb> hallyn, which is already kinda ugh (qemu64 is modelled from a non-exiting amd cpu)
<hallyn> well kvm -cpu qemu64,+svm -m 1024 -cdrom xenial-desktop-amd64.iso seems fine
<hallyn> waiting for terminal
<smb> rharper, additionally it gets more complex as kvm_amd not only wants the svm flag but also requires to read some amd specific cpuid leaf
<rharper> well, of course
<rharper> the cpuid stuff is where it determines cpu virt capabilities etc;  what's going on ? ie, the bug ?
<hallyn> rharper: bug is https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1561019
<ubottu> Launchpad bug 1561019 in libvirt (Ubuntu) "copied cpu flags don't match host cpu" [Medium,New]
<hallyn> qemu historicaly always set svm on for nesting
<hallyn> then they decided to change that
<hallyn> we didn't notice bc noone uses amd :)
<smb> hallyn, and as I found out today on top of that libvirt is too smart for its own good...
 * hallyn wouldn't be surprised if it was an intel person who made that change to diss their competitor :)
<rharper> no, in general, redhat and nested has been unsupported
<rharper> they don't want to have to support it so they've disabled it upstream
<jamespage> coreycb, seed update ready to go...
<coreycb> jamespage, that was quick :)
<rharper> the comment in the commit is wildly off since nested svm is *far* more functional and performant than intel
<jamespage> coreycb, they are super easy todo
<rharper> but as you say, no one has amd (or not enough of them and also want to do nested)
<coreycb> jamespage, let me know how to do one if you can
<smb> was playing with xenial today and found that even if I use something like model="phenom" and feature forced on svm this won't work because libvirt detects that phenom would have svm enabled (not seeing that qemu will disable it) and so never adds the +svm to the qemu command line
<smb> rharper, except those who report the bugs about it.. ;-P
<jamespage> coreycb, bzr branch lp:~ubuntu-core-dev/ubuntu-seeds/platform.xenial
<rharper> right
<jamespage> and read...
<hallyn> rharper: no, come on - qemu community used to talk about how great amd's nesting support was and how terrible intel was for not having good support
<rharper> hallyn: we're in agreement, maybe I typo'ed
<hallyn> oh, ok.
<hallyn> but so i wonder what happened to make them say "we need to disable amd nesting by default"
<rharper> nested svm was implemented in a weekend; svm architecturally is much much nicer for virt because it was *designed* for virt by vmware (who learned from s390)
<rharper> that's RH
<rharper> the "we ship it, we support it"
<rharper> they don't want anyone to accidentially have it on in a RHEL release
<hallyn> wonder why upstream didn't ask for a build-time configuration flag then...
<hallyn> oh well
<beisner> coreycb, horizon 9.0.0-0ubuntu2~cloud0 promoted --> mitaka-updates
<coreycb> beisner, thanks
<beisner> coreycb, thx for the fix yo
<coreycb> ddellav, neutron 7.0.4 upload
<ddellav> coreycb ack
<coreycb> ddellav, everything's uploaded for the liberty point releases except for neutron-lbaas: https://launchpad.net/ubuntu/wily/+queue?queue_state=1&queue_text=
<coreycb> ddellav, neutron-lbaas is getting test failures for me
<ddellav> coreycb hmm ok, i'll double check, it passed error free on ppa and sbuild for me
<coreycb> ddellav, I think neutron-lbaas needs the new neutron, it built ok for me once neutron 7.0.4 was available
<TAFB> how do I upgrade my ubuntu server from 15.04 to 15.10?
<TAFB> it's a VPS (over ssh)
<patdk-lap> https://help.ubuntu.com/community/EOLUpgrades
<sarnold> do-release-upgrade ought to work
<patdk-lap> 15.04 is still in the repo?
<TAFB> sarnold: broke it REAL bad last time I tried, rsyslog or something?
<sarnold> patdk-lap: I think it might be, between ancient snappy and ancient phones..
<TAFB> I just re-installed "ubuntu-15.04-x86_64-minimal" fresh so will try the upgrade again.
<patdk-lap> I just remember it's like 9 months now
<patdk-lap> and it's been longer than 9 :)
<patdk-lap> Ubuntu 15.04
<patdk-lap> 	
<patdk-lap> Vivid Vervet
<patdk-lap> 	
<patdk-lap> Rel
<patdk-lap> 	
<patdk-lap> April 23, 2015
<patdk-lap> 	
<patdk-lap> February 4, 2016
<patdk-lap> damn, sorry, formatting was bad on that
<TAFB> patdk-lap: that looks like a lot of work :(
<patdk-lap> heh?
<patdk-lap> if your install is broken, well, you have to fix it first
<patdk-lap> but otherwise, it's just a single sed command, and upgrade
<TAFB>  <TAFB> I just re-installed "ubuntu-15.04-x86_64-minimal" fresh so will try the upgrade again.
<patdk-lap> why would you install 15.04?
<patdk-lap> it hasn't been supported for 2months now :)
<patdk-lap> just install 15.10 or 16.04 :)
<TAFB> patdk-lap: because that's the only source available for re-intalling my VPS
<patdk-lap> that vps provider needs help
<TAFB> they are retarded, no worried (dedistation)
<TAFB> sudo sed -i 's/vivid/wily/g' /etc/apt/sources.list
<TAFB> that all I run?
<patdk-lap> no
<patdk-lap> that will defently break things
<patdk-lap> you need to point to the archive/old-releases repo
<patdk-lap> and do an upgrade
<TAFB> my vps is running SolusVM, no way I an like remotely mount an image of 15.10 and just install it fresh? It has a serial console available.
<bekks> TAFB: SolusVM is the VPS platform, not an OS.
<TAFB> I know, I figured it'd have the option to mount ISO images or something to boot the VPS from
<sarnold> you know you may wish to just wait a day and install from 16.04 LTS instead
<patdk-lap> na, his vps won't have it for atleast 2 years :)
<bekks> Or ask your hoster for providing a 14.04 / 16.4 image.
<patdk-lap> most likely they won't update from 15.04 till 17.04 comes out
<sarnold> patdk-lap: hehe
<TAFB> they have a 14.04 image
<bekks> TAFB: So use it.
<TAFB> instead of 15.04? what sense does that make??
<bekks> TAFB: Then, you can update to 16.04.1 when it comes out.
<patdk-lap> 15.04 is not support, much more sense
<TAFB> oh, I see :)
<sarnold> 14.04 has had security support for the lsat three months, when 15.04 has been unsupported for three months.
<patdk-lap> it's only security
<TAFB> will 16.04 come out before 11am EST tomorrow?
<patdk-lap> not like any openssl/samba/libc/kernel/... issues to worry about
<patdk-lap> I think around 2pm
<patdk-lap> though, I'm running it on a few now
<patdk-lap> already had to backport freeradius to it :(
<sarnold> heh :/
<TAFB> damn, I got a big event I gotta stream at 11am tomorrow. I'll see if I can get 14.04 working well
<patdk-lap> 2.2 kept giving me issues, 3.0 just worked
<sarnold> TAFB: heh if it were me i'd definitely go with 14.04 in this situation :)
<TAFB> it's installing now :) I'll let ya know how it goes. just need to get nginx and php working before tomorrow
<sarnold> patdk-lap: dang, 3.0.11? I wonder why debian is still on 2.2.x.
<patdk-lap> no one cares
<patdk-lap> it's good enough, for what they are doing
<TAFB> Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 2.6.32-042stab113.11 x86_64)
<sarnold> 2.6.32
<sarnold> smells like an openvz system
<patdk-lap> :)
<patdk-lap> or lxc, but kindof old for that
<bekks> Stinks. :P
<tarpman> last I heard, systemd still wouldn't work on openvz kernels
<sarnold> tarpman: ahhh that could explain why they don't have 15.10
<sarnold> and why it may take them two years to get 16.04 LTS :)
<tarpman> the solusVM homepage claims to support kvm and xen as well, but no idea what this particular hoster runs ofc
<tarpman> actually nothing about openvz in particular, just that openvz hasn't been ported to anything newer than 2.6.32 :)
<TAFB> is there a way to install the latest nginx without having to compile it?
<bekks> TAFB: Why do you need the latest version?
<TAFB> for the RTMP streaming fixed stuff.
<patdk-lap> locate an ppa
<patdk-lap> I'm sure one exists
<tarpman> I'd put money on teward having a good one for 14.04
<TAFB> 14.04 doesn't come with nano? wtf were they thinking :(
<TAFB> what is the "codename" for 14.04?
<tarpman> TAFB: trusty
<TAFB> thx. adding some "mainline" sources
<tarpman> "mainline"?
<TAFB> as apposed to "stable"
<tarpman> yeah, having stuff work and be reliable is highly overrated
<tarpman> btw, https://launchpad.net/~nginx/+archive/ubuntu/stable is probably the ppa you want for nginx
<tarpman> or I guess https://launchpad.net/~nginx/+archive/ubuntu/development if that's what you're into :)
<TAFB> how can I tell what's bound to port 80?
<patdk-lap> just pick a random persons ppa :)
<tarpman> TAFB: netstat -lpt and look for the 'http' port
<TAFB> 1.9.15-1~trusty is what it's going to install, looks good.
<TAFB> apache2 :(
<sarnold> feel free to apt-get purge it
<TAFB> should I stop it first?
<sarnold> and i'm surprised it didn't come with nano -- that's the first package I apt-get purge
<sarnold> probably doesn't matter :)
#ubuntu-server 2016-04-21
<TAFB> okies, here it goes :)
<sarnold> I suspect these are choices from your vps provider
<tarpman> eh, hoster-provided images tend to be pretty bad...
<tarpman> about the same as OEM-provided windows images, from my perspective :)
<sarnold> ouch man that's a low blow :)
<tarpman> :D
<TAFB> says it's removing 6 apache packages
<patdk-lap> heh, first packages I purge are os-prober and mlocate
<TAFB> is os-prober the thing that keeps deleteing my ffmpeg?!?
<sarnold> patdk-lap: oh is os-prober ther thing that craps all over dmesg? :)
<patdk-lap> well, craps all over grub
<patdk-lap> it totally screwed something up
<patdk-lap> think it was my glusterfs testing
<TAFB> http://167.114.135.106/
<TAFB> holy crap, works!
<TAFB> now just need to get php working :(
<TAFB> sudo add-apt-repository ppa:ondrej/php5-5.6
<TAFB> Ok, wtf?? When I go "apt-get install php5" it says "The following NEW packages will be installed:   apache2 apache2-bin apache2-data apache2-utils"
<TAFB> why would I want apache with php??! :(
<patdk-lap> cause the default is mod-php
<patdk-lap> install like, php5-fpm
<patdk-lap> as that is what nginx really wants
<TAFB> ahhh, nice :)
<TAFB> PHP 5.6.20-1+deb.sury.org~trusty+1 (cli)
<TAFB> new enuff?
<patdk-lap> na
<patdk-lap> should install php 7
<TAFB> damn, how could I make it do that? :(
<patdk-lap> no idea :)
<patdk-lap> but not sure how much stuff supports php 7
<patdk-lap> not much stuff I use atleast does
<TAFB> my script will, it's super simple
<sarnold> i'd skip php7 not everything supports it yet
<sarnold> if this were a long-lived server it might be worth investigating but if it's getting torn down again tomorrow afternoon what's the point? :)
<TAFB> i thought I could upgrade to 16.04?!
<sarnold> it'll probably be a pain in the ass to upgrade to 16.04 with all those extra ppas installed
<sarnold> you'd want to purge them first
<TAFB> lol :(
<TAFB> ok, so stick with PHP 5.6.20-1+deb.sury.org~trusty+1 (cli) then?!
<sarnold> sure
<TAFB> okies. re-installing :)
 * patdk-lap wonders how well 16.04 has been testing on a 2.6 kernel :)
<sarnold> probably "none at all" given systemd's list of requirements
<TAFB> i enabled php-fpm in default.conf and added index.php to the nginx.conf, I just get "an error occured" now :( http://167.114.135.106/
<TAFB> default.conf: http://pastie.org/10806168
<TAFB> nginx.conf: http://pastie.org/10806169
<sarnold> error logs?
<TAFB> 2016/04/20 20:27:39 [error] 28277#28277: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 104.158.123.204, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "167.114.135.106"
<sarnold> alright that's good progress, is fpm listening on 127.0.0.1:9000?
<TAFB> sarnold: how do I tell that?
<sarnold> netstat -tlnp | grep 9000
<TAFB> ^^ empty
<sarnold> try netstat -alnp | grep fpm -- see where it -is- listening, if it's running..
<TAFB> http://pastie.org/10806173
<sarnold> TAFB: nice, uncomment the unix:/... socket line and fix the path to match, and restart nginx
<TAFB> how do I tell where the path to php is?
<TAFB> unix:/var/run/php-fpm/php-fpm.sock failed (2: No such file or directory)
<patdk-lap> php-fpm pool config
<sarnold> TAFB: it's line 2 of http://pastie.org/10806173
<TAFB> nice. getting closer: unix:/var/run/php5-fpm.sock failed (13: Permission denied)
<sarnold> TAFB: check ls -l /var/run/php5-fpm.sock -- what group owns that file? you can probably tell nginx to run with that group
<TAFB> srw-rw---- 1 www-data www-data 0 Apr 20 20:23 /var/run/php5-fpm.sock
<patdk-lap> easier to just modify php to have it set correctly
<patdk-lap> edit the file in /etc/php5-fpm.d/www.conf likely
<sarnold> hunh i'm surprised that failed
<TAFB> this one? /etc/php5/fpm/php-fpm.conf?
<patdk-lap> no
<patdk-lap> /etc/php5/fpm/pool.d/*.conf
<patdk-lap> I've been in rhel land too long lately
<TAFB> listen.owner = www-data
<TAFB> it says to make sure execute permission on that user on the file?
<sarnold> on the directories that contain the file?
<TAFB> not sure, just searching google for "permission denied php"
<sarnold> oh don't do that, that'll lead to nutters who solve everything with chmod 777 rather than understand the problem at hand :)
<TAFB> also read to uncomment "listen.mode = 0660" in the www.conf
<patdk-lap> 777 solves everything
<patdk-lap> it also invites *guests* to help solve things
<TAFB> uncommenting "listen.mode = 0660" didn't fix the permission problem
<patdk-lap> apparmor?
<patdk-lap> type in, dmesg
<TAFB> dmesg said nothing
<patdk-lap> what user is nginx running as?
<TAFB> how do I check that?
<sarnold> I'd check with ps auxw | grep nginx
<TAFB> http://pastie.org/10806183
<sarnold> full detailswould be in /proc/<pid>/status but ps auxw should show user ..
<patdk-lap> why is it running as nginx? :)
<patdk-lap> change php to run as nginx
<TAFB> no clue, just apt-get installed it :)
<sarnold> changing the nginx configuration to use "user nginx www-data" ought to work too
<patdk-lap> well, in that same php file
<patdk-lap> just change the user/group listen-user/group lines
<patdk-lap> sarnold, assuming he has a www-data user
<patdk-lap> he isn't using the ubuntu package
<patdk-lap> it might not exist
<sarnold> patdk-lap: he does, it owns the socket :)
<patdk-lap> ok, hope it doesn't screw nginx finding it's own modules or someting :)
<TAFB> k. done. change all www-data to nginx, now getting this: *11 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 104.158.123.204, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "167.114.135.106"
<sarnold> great now you're just stuck with php problems :D
<TAFB> http://167.114.135.106/
<patdk-lap> or nginx -> php problems
<TAFB> i tell you it's like this every time for me :(
<TAFB> someone needs to write install script for php. check what program is on port 80, check what user it's running as, self config, check permissions, set up nginx.conf, etc. etc. :(
<TAFB> "You need to ensure you have +x on all of the directories in the path leading to the site's root - so /home, /home/noisepages and /home/noisepages/www
<TAFB> checking
<TAFB> all had +x already :(
<TAFB> looks like something wrong with this line: "fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;"
<TAFB> "NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini"?
<TAFB> was set to 1, restarting php and trying
<TAFB> changed the error a bit: 2016/04/20 21:20:55 [error] 28635#28635: *4 FastCGI sent in stderr: "Unable to open primary script: /etc/nginx/html/index.php (No such file or directory)" while reading response header from upstream, client: 104.158.123.204, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "167.114.135.106"
<TAFB> the path is completely wrong
<TAFB> that .php is in /usr/share/nginx/html :(
<TAFB> how do I point it to the right place?
<TAFB> IT WORKS using the default.conf from here: http://pastebin.com/Y2CaqNeZ
<sarnold> \o/
<TAFB> ok, now to enable directly listing and install h5ai!
<Emmanuel_Chanel> Hello! I'm going to upgrade my Ubuntu Server from 14.04 LTS to 16.04 LTS when it's released. It's not released yet?
<sarnold> Emmanuel_Chanel: it should be released tomorrow
<Emmanuel_Chanel> On UTC, it's today. On JST, too. So I wondered.
<Emmanuel_Chanel> sarnold: thx for answering me.
<sarnold> Emmanuel_Chanel: ah then "later today" :) hehehe
<patdk-lap> ya, something around 8pm or so your time
<cliffer> is there a dovecot line needed in /etc/postfix/master.cf on using postfix iwth dovecot? i cant find any mention in the docs
<qman__> if you want dovecot sasl auth, you need several
<qman__> oh, in main.cf, not master.cf
<cliffer> a line starting with dovecot
<qman__> I can check if mine has one
<qman__> no, mine doesn't have one
<cliffer> i get the following errors related to dovecot: "qmgr: warning: connect to transport private/dovecot: No such file or directory" and "systemd: dovecot.service: PID file /var/run/dovecot/master.pid not readable (yet?) after start: No such file or directory"
<cliffer> is it right that "ls /var/run/dovecot/master.pid  -al" is owned by root?
<cliffer> qman__: thx btw :)
<qman__> my master.pid is root.root
<qman__> and the first error appears to be related to the unix socket location
<qman__> make sure postfix and dovecot have the same thing specified
<qman__> and that the directory exists
<qman__> mine's /var/spool/postfix/private/auth
<qman__> postfix's config line only uses private/auth, the rest is implied for it, but dovecot uses the whole path
<cliffer> both correctly set, dir exists and is owned by postfix:postfix
<cliffer> but private /var/spool/postfix/private/dovecot does not exists
<qman__> ok, dovecot might not be starting correctly then, it should be creating it
<qman__> I'm not exactly an expert on it, just what I ran into making mine work
<cliffer> dovestart is started, the onyl message in the logs is the missing master.pid
<contumax> hi, any experience with Cannot make directory '/var/run/screen': Permission denied ?
<SierraKomodo> contumax: What exactly are you doing that's bringing up that error?
<contumax> trying to run screen
<contumax> ubuntu 14.04 server
<contumax> furthermore this issue started with another one at same time
<contumax> there is no tty after boot, just black screen, but I'm able to ssh to the server
<lynxman> aah exciting LTS release day :)
<Dieselhonky> anyone feeling helpful and polite?
<cpaelzer> Dieselhonky: sure - feelings are easy - BEING helpful and polite is the hard part
<Dieselhonky> just asked for help in the #ubuntu support channel and those guys tore me apart and werent helpful.  they just talked crap to me.
<Dieselhonky> ok so here is my question
<Dieselhonky> The unetbootin website says that you can make a bootable USB instance on the main hard drive to boot from.  I dont have a USB stick and only have external hard drives over 250GB.  i want to install ubuntu.  tried to do it that way and it didnt work.
<Dieselhonky> i dodnt want to dual boot.  i want windows gone.
<rbasak> External USB drives are basically identical to USB sticks as far as the system is concerned. So whatever instructions you follow, when you see "USB stick" just think "my external USB drive" instead.
<cpaelzer> rbasak: exactly
<Dieselhonky> correct.  but my computer will not allow me to format any of my external HDD devices to FAT32.  thats the issue there
<Dieselhonky> says they are too big
<cpaelzer> Dieselhonky: and be careful - unetbootin is about creating an install media onto e.g. an usb stick / or disk in your case
<cpaelzer> Dieselhonky: that is what the other channel tried to refer to I think
<cpaelzer> Dieselhonky: so this won't "install" Ubuntu on it - instead it would convert your USB drive so you are able to install FROM it
<cpaelzer> wasn't there wubi or so in the past
<Dieselhonky> ok.  so no linux until i can oer a live CD.
<rbasak> I don't really know how Windows does it. In principle there is no need to create a filesystem on your "USB stick" first. Perhaps that's a requirement on Windows though, I don't know.
<Dieselhonky> cpaelzer exactly thats what i want to do
<Dieselhonky> wubi only installs a dual boot as far as i know
<cpaelzer> Dieselhonky: well the windows would be sad being wiped away while running :-) so yes probably only dual boot
<Dieselhonky> haha.  windows needs to be sad
<cpaelzer> I look for alternatives, ... do you have a smartphone with some space around ?
<Dieselhonky> i am in the process of converting all of my pc's.  just starting with a laptop to see how it goes.
<Dieselhonky> cpaelzer, yes i do have a smartphone with free space
<cpaelzer> second please, I need to find how that app was called ...
<cpaelzer> Dieselhonky: could you check if this would be an option for you https://www.maketecheasier.com/install-linux-distro-from-android/
<cpaelzer> Dieselhonky: I neverused it but a friend of mine recommended it once
<hateball> DriveDroid works, if you have android
<hateball> for booting ISOs, that is
<cpaelzer> hateball: that is what I just linked - glad you agree
 * hateball hopes he read the above conversation right
<Dieselhonky> hateball, cpaelzer, awesome!!! finally an option.  you guys rock.  Let me go check it out
<hateball> cpaelzer: :)
<Dieselhonky> thanks for going eazy on a noob.
<cpaelzer> Dieselhonky: don't hurt yourself, even in the other channel they didn't really go that bad - they even started to call each other back to reason
<cpaelzer> Dieselhonky: good luck with this approach
<cpaelzer> Dieselhonky: in IT there is always more you don't know than what you know - so everyone or nowone is a noob :-)
<Dieselhonky> thanks man.
<Dieselhonky> cant abtain root on my android :(  i must be Tech-Tarded
<lynxman> zul: hey hey
<zul> lynxman: whats up
<lynxman> zul: waiting for the release so I can build AMIs out of it ;)
<zul> lynxman: nifty....
<lynxman> zul: you know me :)
<sts> hi. anyone knows where i can find the current ubuntu package source for the zfs systemd service files?
<TJ-> sts: for which release?
<sts> 16.04
<TJ-> !info zfsutils-linux | sts
<ubottu> sts: Package zfsutils-linux does not exist in wily
<TJ-> ahhh!
<sts> :)
<TJ-> sts it's there, zfsutils-linux "/lib/systemd/system/zfs-mount.service" and friends
<TJ-> !info zfsutils-linux  xenial | sts
<ubottu> sts: zfsutils-linux (source: zfs-linux): Native OpenZFS management utilities for Linux. In component universe, is extra. Version 0.6.5.6-0ubuntu8 (xenial), package size 277 kB, installed size 721 kB
<sts> got it!
<TJ-> I forgot the bot still thinks 15.10 is the current release
<rbasak> Well, it is :)
<lynxman> rbasak: as of this hour :D
<TJ-> nah, its 6 months old... far too old in the Internet age :)
<jrwren> ancient!
<lynxman> almost EOL
<randymarsh9> does richard stallman get along with linus
<nacc> randymarsh9: #offtopic.
<randymarsh9> nacc: sry i'm on my lunch break
<randymarsh9> what is the topic anyway
<nacc> randymarsh9: type /topic
* ChanServ changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support, try #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/14.04/serverguide/ | 16.04 will become an upgrade path on July 21st when 16.04.1 is released
* ChanServ changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support, try #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/14.04/serverguide/ | 14.04 to 16.04 will be offered on July 21st when 16.04.1 is released
<RoyK> hm... can I install ubuntu 16.04 on a zfs root?
<patdk-wk_> maybe?
<Odd_Bloke> RoyK: I don't believe that's supported.
<patdk-wk_> I see grub has zfs and *wonders zfscrypt
<Odd_Bloke> But I'm not 100% sure.
<nacc> i think it's not supported, but some folks have done it (meaning it's possible)
<RoyK> lemme try...
<nacc> RoyK: there is this, as well, fwiw: https://github.com/zfsonlinux/pkg-zfs/wiki/HOWTO-install-Ubuntu-to-a-Native-ZFS-Root-Filesystem
<nacc> i think the installer natively doesn't allow it, but i'm not sure
<RoyK> yeah, found that
<RoyK> no, the installer doesn't seem to have zfs
 * patdk-wk_ is just using zfs-on-linux for datastore currently
<nacc> RoyK: it's meant mostly for datastore for containers, aiui (in 16.04)
<RoyK> I know, but then, I've worked with zfs for six years or so and have seen the nice things about having on the root as well as for data
<nacc> your experience is, ultimately != Ubuntu supporting it :)
<nacc> RoyK: but I think it's a known thing (no root support)
<jcastro> yeah, would have been a nice-to-have
<RoyK> Plan A: Setup a normal system, add a disk, setup an zfs rpool on it, rsync everything, install grub, reboot
<RoyK> or perhaps not... setting the mountpoint for the pool will be tricky
<nacc> RoyK: and note, though, you immediately become unsupported
<patdk-wk_> I find it strange, rpool name is limited to only using rpool
<patdk-wk_> I commonly rename it, to support upgrading/moving my rpool
<RoyK> nacc: what do I care? It's a VM for testing - I use debian in production (lvm/ext4 root with zfs datastore)
<nacc> RoyK: just a note :)
<RoyK> nacc: I'm quite aware of that, thanks ;)
<RoyK> the 'support' in ubuntu (without paying) is rather on the slack side anyway
<nacc> *cough*, /me puts RoyK on the ignore list :)
<nacc> i mean, technically, the above *is* support :)
<devster31> hi, I'm trying to make a directory owned by someuser:somegroup that behaves in such a way that every new file or directory created inside has rw permission for the group regardless of the user who creates it and is owned by somegroup, how can I do it?
<jalt> Hi, #maas was not helpful so trying my luck here: anyone using MAAS knows how does it manage its (rack controller) networks? It currently sees both NICs but only setup the first one (DHCP), so I want to know if manually enabling the 2nd one on /etc/network/interfaces is the right thing to do.
<nacc> devster31: you probably want to look into the setgid and setuid bits
<nacc> iirc
<sdeziel> devster31: chmod g+s the dir and make if group owned by the group you want to be set on every files under it
<saftblandarn> Can someone tell me a easy way to upload files from my (windows) computer to my ubuntuserver? LIke when I want to change my /var/www/html?
<jalt> winscp
<saftblandarn> okey, cool
<saftblandarn> or can I do it with directly with putty?
<jalt> not putty per se, but you can use pscp (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
<devster31> sdeziel: I already have them set g+s, but when I create a new folder it's created with the correct group but not the correct permissions
<devster31> meaning a user:group owned folder with 2775 permissions contains a second folder with 2755 permissions
<sdeziel> devster31: the permissions are derived from your user's umask
<devster31> and I can't enforce them with acl or something?
<sdeziel> devster31: ACLs could do this IIRC but if you tune the umask you should get the perms you want
<saftblandarn> jalt, thanks!
<JanC> FileZilla also supports SFTP, and there are Explorer (the file browser) plugins that implement sftp
<devster31> and I should change umask in login.defs,  /etc/pam.d/common-session or user profiles?
<sdeziel> devster31: I would suggest to try manually first and see if that gives what you want
<sdeziel> devster31: then /etc/login.defs seems to be the place now :)
<devster31> thanks
<sdeziel> np
<jalt> For 16.04 is there any supported way to reload the whole /etc/network/interfaces short of rebooting?
<sarnold> jalt: try ifdown -a ; ifup -a  ?
<jalt> nope, that is the same as ip link set <devname> up and does not load ip (or any other configuration really)
<jalt> For reference: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1301015
<ubottu> Launchpad bug 1301015 in ifupdown (Ubuntu) "Networking does not restart" [High,Confirmed]
<sarnold> jalt: that bug is a dumping ground; there's nearly nothing useful in it except  the advice to use (ifdown -a ; ifup -a) & -- which seems like better advice than my ifdown -a ; if up -a -- if there's something wrong with it, please file a bug
<jalt> actually the bug is about the removal of a useful feature "Networking does not restart ", as per title.
<sarnold> yes, I myself filed a bug somewhere along the way when "service network restart" destroyed my desktop environment
<sarnold> that's when I learned that ifup and ifdown were the way to restart networking services
<jalt> i'd blame your DE then ;)
<sarnold> if those don't work, please file a bug.
<sarnold> oh I did. and still do. :)
<jalt> they are a way to restart an interface, but not to reload the full networking stack
<jalt> i.e., you cannot change ips, cannot create bonds, etc.
<jalt> that is not a bug, because ifupdown and ip set link are not supposed to do all that
<jalt> so I rebooted (and it worked to load the new interfaces conf) but tty1 font color is now orange-ish!? any idea why that happened?
<randymarsh9> so ubuntu server supports zfs now
<randymarsh9> ?
<sarnold> randymarsh9: yes
<jalt> you may want to read the whole ZoL docs to confirm what features are supported, but in short, yes.
<sarnold> jalt: wiggle the vga cable? that was the cause last time I saw something like that
<jalt> for desktop use you should be careful if you want to boot out of it, dual boot with win and/or efi, or full drive encryption.
<jalt> sarnold, i'm using DVI, the cable did not move and the other TTYs are normal :)
<sarnold> jalt: dang :)
<jalt> restarting again fixed it....
<sarnold> o_O
<dasjoe> Hah oh wow, 16.04 got released today
<dasjoe> I thought we had one week left
<patdk-wk_> I have only upgraded 1 server so far
<patdk-wk_> others still running beta :)
<Emmanuel_Chanel> Hello! I'm trying to upgrade my Ubuntu 14.04 LTS. "sudo do-release-upgrade" says "No new release found"
<Emmanuel_Chanel> Shall I wait for a few days?
<dasjoe> For around 3 months, the upgrade will be made available around July 21st
<Emmanuel_Chanel> hi
<Emmanuel_Chanel> ok.
<patdk-lap> upgrades from 14.04 aren't supported till 16.04.1 comes out
<Delemas> Anyone know if 16.04 still supports upstart like 15.10 did?
<Delemas> The answer is yes.
<JanC> 16.04 uses systemd as its (default) init system though
<Delemas> Agreed.
<Delemas> I was trying to figure out if upstart alone would cause do-release-upgrade to fail. It seems it shouldn't.
<JanC> it didn't break upgrades on earlier versions  :)
<JanC> and 15.10 used systemd too
<Delemas> I've had bad luck with do-release-upgrade lately... Did with 15.10 too...
<Delemas> One of them was a btrfs corruption though so that's not do-release-upgrade's fault.
#ubuntu-server 2016-04-22
<axisys> on a initial built we always have to build a  raid on a remote system through ipmi gui .. is there a way that can be automated? may be boot from a iso that run some megaraid commands to build the array and hand it over to pxe boot?
<axisys> so far did not find through google search
<axisys> I guess I could find a good live cd iso and use that boot and turn on ssh and then install megaraid and configure the system using megacli? once that works, then add puppet manifests to the iso to build a custom iso which will do the first time raid build? looking for direction/suggestion
<DirtyCajun> so stress is not a package in 16.04?
<zjhxmjl> hi,guys!who can give me help or advance?https://forums.geforce.com/default/topic/932240/geforce-drivers/install-gtx-750ti-driver-in-ubuntu-14-04-32bit-system/
<Mazda> Hello guys i have " Error reading from remote server" when i'm trying to get http://192.168.5.120/SOGo from browser, there is my /etc/apache2/conf.d/SOGo.conf http://pastebin.com/LqSkzhKZ
<kyentei> Hey all, I'm trying to spawn xenial images using uvtool but I get "uvt-kvm: error: libvirt: Connection is closed". Does anybody know what's causing this?
<kyentei> Nevermind, it's breaking with all images. I reckon it's an uvtool or libvirtd thing
<rbasak> kyentei: sounds like a libvirt issue. Try getting something like "virsh list" working first. When that's working, then uvtool will have a better chance.
<Mazda> Hello guys i have " Error reading from remote server" when i'm trying to get http://192.168.5.120/SOGo from browser, there is my /etc/apache2/conf.d/SOGo.conf http://pastebin.com/LqSkzhKZ
<Strykar> Hi, I just installed 16.04 as a Vmware guest with 2 GB RAM and when I run cpan, the console becomes unresponsive with these errors - http://i.imgur.com/mDgCSax.png
<Strykar> is it me or 2 GB doesn't seem enough for a LAMP stack?
<enleeten> what does cat /proc/meminfo say on the vm?
<Strykar> enleeten, the console prints those messages but won't give me a shell, for all purposes it's hung.
<Strykar> I can't ssh in or shift to another console
<Strykar> in any case shouldn't it kill the app instead of becoming unresponsive
<enleeten> you'd think so, but maybe it kernel panic'd ;)
<enleeten> might want to reset the vm
<jrwren> Strykar: I think the package you want is: libdbi-perl
<jrwren> Strykar: that screenshot doesn't show what started cpan. did you start cpan?
<Strykar> jrwren, it turned out to be Bundle::DBI, I started cpan to install it
<jrwren> Strykar: if there are c modules as deps for that bundle, 2G ram concievably may not be enough to compile them. :[
<patdk-wk_> I thought a LAMP stack was php, not perl :)
<jrwren> i thought it was python or pike, not perl ;]
<patdk-wk_> pascal?
<Pici> prolog
<patdk-wk_> :)
<patdk-wk_> 2g should be more than enough, assuming you don't have something else eating all your ram
<patdk-wk_> easy fix would be, add some swap space
<jrwren> 1apt-get install swapspace` is your friend
<ws2k3> why i cannot install sshpass in ubuntu 14.04?
<ws2k3> it says package sshpass is not available
 * patdk-wk_ just installs a 300mb swap partition, can calls it good
<patdk-wk_> then if any of it ever gets used, upgrade the ram in the machine
<jrwren> i do same, but without the partition. apt-get install swapspace <3
<patdk-wk_> lazy, let the ubuntu installer setup the swap space for me :)
<randymarsh9> hello
<randymarsh9> who came up with LDAP?
<jrwren> the university of michigan
<jrwren> go blue
<patdk-wk_> and it was based on x.500, that was made by ibm I think
<patdk-wk_> oh, ITU
<randymarsh9> patdk-wk_: did x.500 run unix?
<jrwren> it ran on some unixes
<ws2k3> it says package sshpass is not available
<ws2k3> why i cannot install sshpass in ubuntu 14.04?
<randymarsh9> ws2k3: try typing sudo
<patdk-wk_> dunno, x.500 lives on in ldap and in x.509 ssl certs
<ws2k3> randymarsh9 im already root
<jrwren> ws2k3: the package is named ssh-askpass
<randymarsh9> do you guys pronounce sudo as "su-doh" or "su-du"
 * patdk-wk_ never pronouces it
<randymarsh9> have one coworker who goes around telling people to run "su-du" and that sounds off to me
<patdk-wk_> just tell them to enable GOD mode :)
<Odd_Bloke> randymarsh9: The world is a rich place that has room for more than one pronuncation of sudo. :p
<randymarsh9> Odd_Bloke: nah, if people say tomahto i punch them in the face
<randymarsh9> i just don't want to get punched in the face
<randymarsh9> by angry linux users
<BlackDex_> hello there
<BlackDex_> i ihave a strange problem with bonding
<BlackDex_> i have configured a bond
<BlackDex_> but it keeps telling me "waiting for slaves to join
<BlackDex_> while it should just work as always
<patdk-wk_> and your config?
<BlackDex> http://pastebin.com/NT005fiw
<BlackDex> sorry
<BlackDex> wrong one
<BlackDex> http://pastebin.com/WTijNn8K
<BlackDex> thats the correct one
<Strykar> Anyone here use smokeping and can share their apache2 smokeping conf?
<jrwren> I do use smoke ping!
<jrwren> I thought I was the only one ;]
<jrwren> Strykar: I a2enconf smokeping, that is all.
<Pici> I only have it running in nginx, sorry.
<Strykar> jrwren, its enabled "FastCGI: (dynamic) server "/usr/share/smokeping/www/smokeping.fcgi" has failed to remain running for 30 seconds given 3 attempts"
<Strykar> jrwren, can you share your apache smokeping, I edited mine and didnt take a backup
<jrwren> Strykar: sure, you could also reinstall the deb to get it back.
<jrwren> Strykar: http://paste.ubuntu.com/15982825/
<Strykar> jrwren, that would overwrite my old config I just mighrated
<Strykar> jrwren, thanks, doesn't your config need a DirectoryIndex? I get AH01276: Cannot serve directory /usr/share/smokeping/www/: No matching DirectoryIndex (smokeping.cgi) found, and server-generated directory index forbidden by Options directive
<Strykar> actually yours has it, this is fun
<jrwren> :]
<jrwren> Strykar: you have Options set somewhere else which is preventing directory index.
<Strykar> jrwren, you're prolly right, could you please post your /etc/apache2/conf-enabled/serve-cgi-bin.conf
<jrwren> http://paste.ubuntu.com/15982907/
<Strykar> weird, it still tells me AH01276: Cannot serve directory /usr/share/smokeping/www/: No matching DirectoryIndex (smokeping.cgi) found, and server-generated directory index forbidden by Options directive
<Strykar> and I didn't touch any other conf :(
<jrwren> maybe you have another options directive, or maybe you have fcgid only and not cgi or cgid and so ENABLE_USR_LIB_CGI_BIN is never defined?
<ws2k3> jrwren it still says sshpass not found
<Strykar> jrwren, since this is an apache conf issue, shouldnt reinstaling apache and reloading the smokeping conf do the job?
<jrwren> Strykar: depends on if you say yes to overwrite configs and such.
<Strykar> jrwren, apt-get reinstall apache2 ?
<Strykar> how do I get it to overwrite conf on reinstall?
<jrwren> apt-get -o Dpkg::Options::="--force-overwrite" ? maybe?
<JanC> first purge it?
<Strykar> jrwren, one last thing before I purge reinstall apache, can you past the output of "ls -alh /usr/lib/cgi-bin/smokeping.cgi
<Strykar> " on your system. I'll lookup purging and the options suggested
<jrwren> Strykar: -rwxr-xr-x 1 root root 73 Nov 26 06:11 /usr/lib/cgi-bin/smokeping.cgi
<Strykar> thanks, its not a permissions issue then
<Strykar> might be easier to just purge both smokeping and apache and reinstall and then copy my configs over
<Strykar> jrwren, purged and reinstalled both smokeping and apache2, and I still get: AH01276: Cannot serve directory /usr/share/smokeping/www/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
<jrwren> Strykar: i noticed you are using fcgid. do you have cgi or cgid also enabled?
<Strykar> jrwren, smokeping has always used fcgi on other distros for me.
<jrwren> Strykar: is serve-cgi-bin enabled?  a2enconf serve-cgi-bin
<Strykar> Conf serve-cgi-bin already enabled
<jrwren> Strykar: edit /etc/apache2/conf-enabled/serve-cgi-bin.conf and add <IfModule mod_fcgid.c> Define ENABLE_USR_LIB_CGI_BIN </IfModule>  ?
<Strykar> jrwren, no change, are you running 16.04 and the latest smokeping?
<jrwren> Strykar: yes
<Strykar> jrwren, this is weird, I managed to get the DirectoryIndex warning gone but now  apache loads the file as text
<Strykar> http://paste.ubuntu.com/15984557/
<jrwren> Strykar: fcgid isn't a handler for cgi files by default. you need to add `AddHandler    fcgid-script .cgi` somewhere in apache config
<jrwren> i'm using mod_cgi handler, not fcgid, I guess.
<Strykar> line 4? AddHandler fastcgi-script .fcgi
<jrwren> yes, see the extension is fcgi not cgi ?
<Strykar> as it should be for fastcgi?
<jrwren> ok, then, rename or link the smokeping.cgi file so it matches?
<Strykar> jrwren, now it shows me the script as text
<jrwren> so... same as before?
<jrwren> Strykar: directory index still cgi instead of fcgi?
<Strykar> jrwren, could you paste the output of "cat /usr/share/smokeping/www/smokeping.fcgi"
<Strykar> or ls /usr/share/smokeping/www/
<randymarsh9> hello
<randymarsh9> what is landscape for
<eagles0513875A> hey guys has 16.04 been released yet?
<genii> eagles0513875A: Yes, yesterday
<teward> eagles0513875A: you should start subscribing to the ubuntu-announce mailing list
<teward> or my twitter feed :P
<eagles0513875A> lol tekk
<eagles0513875A> whoops i mean teward
<teward> eagles0513875A: but yes it did release yesterday, April 21.
<eagles0513875A> odd cuz a friend of mine is trying to do a sudo do-release-upgrade and his server isnt seeing any upgrade
<eagles0513875A> for 16.04
<teward> eagles0513875A: that's not enabled as an upgrade path until .1
<eagles0513875A> is there a way to enable it
<jrwren> Strykar: I'm not using it with fcgi. Mine is setup with defaults. Classic cgi
<teward> Landscape question: it's still showing a 'package reporting' error for one of my systems that had Chrome repos on it (but before they were set to amd64 only) - is there a way to clear the "package reporting problems" status on Landscape for that system?
<teward> oops
<teward> that's probably an #ubuntu question...
<jrwren> Strykar: oh, but I see an fcgi is there. I hsould try it!
<eagles0513875A> teward: said person is on ubuntu-server not ubuntu desktop
<jrwren> Strykar: the spokeping.fcgi contents are #!/bin/sh and exec /usr/bin/smokeping_cgi /etc/smokeping/config
<teward> eagles0513875A: irrelevant?
<teward> eagles0513875A: the upgrade paths are turned on globally, not per-variant
<eagles0513875A> ok thanks
<Strykar> jrwren, does exec /usr/bin/smokeping_cgi exist? I dont have it
<jrwren> Strykar: nope, looks like it moved, so if I had tried fcgi, mine would be broken too
<Strykar> jrwren, could you paste the output of ls /usr/share/smokeping/www/
<jrwren> Strykar: I have /usr/lib/cgi-bin/smokeping.cgi and /usr/share/smokeping/smokeping.cgi  the former calls the later with config
<jrwren> Strykar: http://paste.ubuntu.com/15986029/
<jrwren> Strykar: I think /usr/share/smokeping/www/smokeping.fcgi is my attempt to get it rolling with fcgi. that was long ago.
<Strykar> jrwren, how did you determine /usr/lib/cgi-bin/smokeping.cgi calls /usr/share/smokeping/smokeping.cgi
<Strykar> apache should be trying to load smokeping.fcgi
<jrwren> Strykar: looked at the source.
<jrwren> Strykar: well, your apache. mine was never configured for fcgi
<Strykar> jrwren, now it's our apache, default ubuntu install ;)
<jrwren> Strykar: tehre, I just got the fcgi working.
<Strykar> how
<coreycb> beisner, heat 1:5.0.1-0ubuntu2~cloud0 is ready to promote to trusty-liberty proposed when you have a chance
<jrwren> Strykar: well, almost. the DirectoryIndex says permission denied :]  but accessing smokeping.fcgi directly works.
<coreycb> beisner, qemu 1:2.3+dfsg-5ubuntu9.3~cloud0 is also ready to promote
<Strykar> jrwren, how can it work when "/usr/bin/smokeping_cgi" does not exist?
<jrwren> Strykar: I changed that to /usr/share/smokeping/www/smokeping.fcgi
<Strykar> exec /usr/share/smokeping/www/smokeping.fcgi /etc/smokeping/config ?
<jrwren> Strykar: no, that will exec loop.
<jrwren> Strykar: /usr/share/smokeping/www/smokeping.fcgi is exec /usr/share/smokeping/smokeping.cgi /etc/smokeping/config
<jrwren> Strykar: http://paste.ubuntu.com/15986191/
<Strykar> jrwren, changed smokeping.fcgi to match but even with Options Indexes ExecCGI FollowSymLinks   apache loads it as text
<jrwren> Strykar: are you sure fcgid is loaded? if you restart apache does it show mod_fcgid in errorlog ?
<teward> rbasak: need bug filing assistance - where can I file to get 'manual package selection' removed from Ubuntu tasksel for Server?
<jrwren> something must be wrong with me. I find the old hdiutil convert instructions easier than the new "use UNetbootin" instructions for making USB boot media on OSX
<randymarsh9> hello
<randymarsh9> im trying to download this file from here: https://docs.google.com/uc?export=download&confirm=_ZAa&id=0B4acymQTOxqhb3V6OHU2T0pmRUk
<randymarsh9> is there a way to do a wget on that?
<randymarsh9> it's a .zip file
<sdeziel> jrwren: isn't dd supposed to work?
<jrwren> sdeziel: i think it will work. i'm trying it now. I'm guessing Unetbootin is considered easier. It is a gui afterall ;]
<randymarsh9> i keep getting a bad request error
<randymarsh9> is there no way to wget files from google docs?
<randymarsh9> wish the -h for free and df was universal command line option
<jrwren> human?
<jrwren> it work in ls and du too. what else do you want ;]
<jrwren> oh, and sort can sort based on it.
<randymarsh9> jrwren: want it to work in ls actually
<jrwren> randymarsh9: it does. ls -lh
<randymarsh9> what's the l for?
<randymarsh9> that's the command i was looking for
<jrwren> long.
<randymarsh9> they should get rid of the l and make h do the same thing
<jrwren> "they"
<jrwren> you can do that.
<randymarsh9> i know i can
<randymarsh9> should be standard behavior
<randymarsh9> ls -h on its own does nothing
<teward> ls -alh does :P
<sdeziel> randymarsh9: I always use "ll -h" myself
<jrwren> lots of ls commands do nothing unless with -l
<randymarsh9> sdeziel: that works quite well ty
<randymarsh9> so i should be using ls to list directories/files
<randymarsh9> and use ll if i want info on files?
<sdeziel> randymarsh9: if you like -h, you could define your own alias. Check your ~/.bashrc for some examples like "ll"
<randymarsh9> what's ll i've never used it before
<jrwren> ll isn't standard. I don't have it as an lias.
<jrwren> its a common alias for ls -l
<sdeziel> jrwren: it's now defined by default in Ubuntu (since trusty or even before)
<randymarsh9> yes it works for me even though i never defined it
<sdeziel> was on Red Had/CentOS before that
<jrwren> sdeziel: my most used install is much older than that ;]
<randymarsh9> well there ya go
<jrwren> where is it defined? I still don't have it in /etc/skel
<teward> jrwren: ~/.bashrc
<teward> typically, as a commented out in a defauolt
<teward> default*
<sdeziel> hmm, even done in Precise
<jrwren> ~/.bashrc isn't from a package though
<teward> ^ that, though it was never enabled on mine
<teward> jrwren: no, it's not.
<teward> 'll' doesn't exist - it's as a common alias
<teward> and an alias isn't set up by a package
<jrwren> that is what I'm trying to say.
<teward> [2016-04-22 15:56:43] <sdeziel> jrwren: it's now defined by default in Ubuntu (since trusty or even before)  <-- is it?  None of my trusty server installs from recently have it defined as default alias
<jrwren> ah, /etc/skel/.bashrc as part of the bash package.
<sdeziel> teward: the alias is enabled by default
<jrwren> teward: yup, /etc/skel/.bashrc its enabled by default as part of bash package.
<teward> huh, so it is now
<teward> interesting
 * teward shrugs
<teward> TBH I use zsh
<teward> and my own zshrc :P
<jrwren> lol
<teward> no 'll' there :P
<jrwren> i use my own .bashrc, which is why I never knew.  no ll here. :p
<teward> mine has it commented out
<sdeziel> http://paste.ubuntu.com/15990388/
<jrwren> looks like its been enabled by default in ubuntu for a long time.
<sdeziel> time to spin a Xenial VM to try out nginx with h2 ... thanks teward!
<randymarsh9> anybody here use pscp
<sdeziel> used it some time ago and preferred psftp as it was easier to script
<randymarsh9> when i pscp a file from my desktop to server then what directory does it go to?
<sdeziel> randymarsh9: if you don't specify a remote path like this: "pscp foo randy@ubuntu:" it will end up in your home directory on the "ubuntu" machine
<randymarsh9> sdeziel: can i say "pscp foo randy@ubuntu/tmp"
<randymarsh9> would that send it to the tmp folder?
<sdeziel> randymarsh9: seems like you are missing a ":" between ubuntu and /tmp
<jrwren> user@host:dir
<sdeziel> but yeah
<randymarsh9> sdeziel: good catch ty
<jrwren> iirc pscp /? shows that
<jrwren> also, http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter5.html
<randymarsh9> sdeziel: that will be the easiest way
<randymarsh9> been trying to figure out how to get wget to do what i want but downloading the file to my desktop and transferring via scp is going to save me a headache
<randymarsh9> 8^)
<sdeziel> randymarsh9: this worked for me: wget "https://doc-00-74-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/jdp6263dg5t2ued33rgv8pa6raaa863v/1461355200000/00610532175993983158/*/0B4acymQTOxqhb3V6OHU2T0pmRUk?e=download" -O pwm_v1.7.1.zip
<sdeziel> randymarsh9: by I cheated. I copied the expanded URL using Firefox
<sdeziel> s/by/but/
<randymarsh9> sdeziel: when i tried it i get a forbidden
<randymarsh9> part of the url probably got cut off or something
<sdeziel> randymarsh9: good luck. I gotta go
<randymarsh9> sdeziel: ty
<genii> biosdevname=0 seems not to work anymore
<Aison> hello, just tested ubuntu server xenial. But there is some problem with my webserver now, I guess it is related to php7
<Aison> I get this error: https://www.alvhaus.ch/   ^^
<Aison> so something is not loaded
<Aison> any hints?
<sarnold> check the logs? there may be something to indicate why it thinks this is content rather than something to be executed
<Aison> for me it looks like php7 is simply not used
<Aison> a2enmod php7 does not exists, but php5 exists
<Aison> but if I enable php5, apache2 no longer loads
<hallyn> dannf: hey - do you have corresponding libvirt patchset for the gic-caps qemu branch?  or should we just get that from the next libvirt merge?
<Aison> ok, something is weired, apt-get update shows just 4 sources with xenial
<hallyn> teward: ^ php7 xenial ?
<sarnold> he mostly knows nginx
<sarnold> nacc may be better placed to fix apache php7 issues
<Aison> ok, found the problem
<Aison> apt-get install php  does not install libapache2-mod-php7.0
<Aison> therefore php7 was not available for apache2
<sarnold> did it install the fpm mechanism instead?
<Aison> sarnold, yes, what's that? :P
<sarnold> Aison: mod php runs the php interpreter in the apache address space, which imho borders on lunacy
<sarnold> Aison: fpm runs php in a different process, and apache sends data to the fpm process, and reads responses from it, and then sends results to the client
<Aison> ah, ok
<Aison> other question: can I also install php5 in xenial? I guess not, at least I cant find it
<sarnold> i'm pretty sure it's entirely gone
<Aison> sarnold, managed to install php7 and php5.6 :-)
<sarnold> Aison: how'd you get 5.6 on there? o_O external ppa or something?
<Aison> yes, external php, no I installed both
<Aison> -no +now
<sarnold> Aison: it might be worth filing bugs with the projects you use to ask them to support php7 :) by all accounts it's a less crummy language
<Aison> yes yes, one after the other :)
<sarnold> \o/
<Aison> lol :P
<Aison> n8
<sarnold> tschuess
<Aison> :)
#ubuntu-server 2016-04-23
<tdelam> Hey, I am running Ubuntu Server 14.04 LTS, we require Apache version > 2.4.10 current in apt I only get 2.4.7-1ubuntu4.9. How can I install Apache>2.4.10 via apt? or is this not possible?
<tarpman> tdelam: is there a specific 2.4.10 feature you require?
<sdeziel> tdelam: 16.04 ships with Apache 2.4.18
<tdelam> tarpman: PCI compliance :/
<tdelam> mv compliance annoyance
<tdelam> sdeziel: oh?
<sdeziel> tdelam: out of curiosity, why is PCI requiring a specific version for Apache?
<tdelam> sdeziel: I've been through this already, they're idiots, sorry, but it's frustrating. I showed them all CVE's for the current Apache and how their concerns are already patched in this current version
<tdelam> in one ear and out the other.
<sdeziel> oh
<tdelam> yep.
<tdelam> is it safe to go from 14.04 to 16.04/
<tdelam> ?*
<sdeziel> last time I had to mess with PCI, they were asking for TLS 1.2 but they didn't care about software versions
<tdelam> yea, quite annoying
<sdeziel> tdelam: the distro upgrade isn't yet offered/supported but you can do a fresh install if that's feasible
<sdeziel> 16.04 is pretty new (got released yesterday) but I've been happily running it since months and love it
<tdelam> I'd have to reconfigure the server, took a lot to get to the current state and passing PCI. This recently came up so I am trying to do this upgrade
<sdeziel> tdelam: how do those PCI auditors deal with RHEL boxen? those ship ancient apache (httpd) versions
<tdelam> It sounds like I'll need to reinstall apache from source if I can't find a repository for it.
<tdelam> sdeziel: I don't know, heh.. they'll be lost
<sdeziel> tdelam: maybe switching to nginx would be an easy out?
<tdelam> no, this is a bandaid solution. This server is actually a proxy server with mod_security rules configured specifically for this site, which was built in 1996 and neglected... It's a bandaid while we rebuild a new one.
<tdelam> Funny thing is, the company is absolutely massive, how it ever got this state we'll never know. =/
<sdeziel> tdelam: OndÅej SurÃ½ has a PPA with fresh Apache: https://launchpad.net/~ondrej/+archive/ubuntu/apache2?field.series_filter=trusty
<tdelam> :o
<tdelam> this may be what I need!
<sdeziel> as always with PPA, be careful :)
<sarnold> tdelam: maybe your auditors can be convinced with this instead? http://people.canonical.com/~ubuntu-security/cve/pkg/apache2.html
<tarpman> ondrej is decently trustworthy, as ppas go
<sdeziel> I trust OndÅej but I never tested this PPA personally
<sarnold> tdelam: .. and out of curiosity, do they perchance also sell services to keep self-compiled apache up to date? :)
<tdelam> sarnold: I tried :(
<tdelam> sarnold: hah no, only internet, tv, phone, mobility, etc
<sarnold> hah
<sarnold> I've got a feeling the only people who run self-compiled apache are (a) clients of pci compliance firms (b) apache developers
<tdelam> yea, if this doesn't work then I'll be doing that next, rebuilding all modules too, probably a pain
<maxb> I run lots of self-compiled apache at work. If you actually care about tracking the latest version, it's a pretty easy thing to script the usual configure-make-install for it
<maxb> Less so if you depend on more than one or two separate modules, granted
<sdeziel> feels a bit like Gentoo at this point ;)
<tdelam> heh
<sarnold> heh okay (a) clients of pci firms (b) apache devs (c) maxb :D
<sdeziel> tdelam: looking at the 2.4.10 changelog, I'm not sure what they want specifically? The ability to use large DH params?
<tdelam> sdeziel: nope, not feature specfic either, just version; nothing more... it makes no sense, I have pleaded my case and provided many CVE's that clearly show that our current Apache version addresses ALL their issues.
<tdelam> they rather spend more money on us upgrading to the latest than reading the CVE's provided
<tdelam> like the old saying goes; more money than brains.
<sdeziel> oh well
<sarnold> I wonder, sometimes you hear about pci firms that can be convinced "running most recent packaged version" is sufficient; maybe we ought to go to some effort to promote them and publicly chastise the ones that want you to compile and run the webserver yourself
<tdelam> sdeziel: thanks, this solved the problem. I now have 2.4.20 installed
<tdelam> sarnold: yea, I don't even know either.
<sdeziel> tdelam: thank OndÅej then :)
<tdelam> it's bonkers. Why would a PCI place want you to run non-stable software when clearly the stable version consists of the patches that they're concerned about.
<sarnold> I mean, all due respect to ondrej, but you've just gone from running a package that's potentially reviewed by millions to a package potentially reviewed by hundreds; and from "ubuntu security team fixes bugs" to "ondrej fixes bugs"
<sdeziel> trying to understand their logic is probably drive you insane
<tdelam> sdeziel: I will donate some money to him, he has a link on the link you gave me.
<sarnold> indeed
<tdelam> sarnold: exactly my point :/ so weird
<tdelam> they're so enamoured with a version number that they're probably not even considering the fact that 2.4.20 might have issues, unknown security issues.
<sdeziel> the safest way might be to patch the Ubuntu sources to s/2.4.7/2.4.10/
<sdeziel> but I wouldn't risk cheating like that
<tdelam> yea, I am ok with this, 2.4.20. Fine by me, if they want to downgrade yet again they'll send thousands our way again and mayb realize the stupidty with this
<tdelam> restore from an image, and rinse repeat.
<tdelam> so silly.
<tdelam> .
<tdelam> woops
<tdelam> hmmm https://deb.sury.org/pages/ No such thing as that, sorry Page Not Found. I can't donate :/
<tdelam> found it
<tdelam> thanks for all your help guys
<sdeziel> you are welcome
<tjbenator> Anyone having a problem with Ubuntu Server 16.04 booting to a blank screen? I can manually switch to tty[1-6], but it would be nice if it would boot to one of them
<FarhaadN> how to disbale apt-check?
<FarhaadN> no response?
<FarhaadN> 483 people and anyone know about that?
<SupaYoshi> I have a VPS with Ubuntu Server, and am running a few websites on it. The host says I exceed theyre CPU load policy / CPU abuse, according to them the values are as following: We allow a CPU load average of no more than 0.9 constant and bursts up to 2. You regularly exceed this.
<SupaYoshi> Should I switch to another VPS? or offload some websites of this VPS to anothre VPS?
<SupaYoshi> Also, how can I determine which website is causing the high cpu load most likely?
<SupaYoshi>  11:07:34 up 20:30,  1 user,  load average: 8.07, 7.52, 7.25
<SupaYoshi> Im obviously doing somthing wrong, but not sure what processes are causing such an high cpu load
<SupaYoshi> my apache seems to be always on top of the list in process usage
<fm76_italy_ba> Ciao a tutti from Italy. I installed on my ubuntu mate apache2 but i cannot create a folder or a document in the var/www folder. can anybody help me? thank you ... grazie
<vbotka> fm76_italy_ba, apache2 is running with UID www-data; you might want to check the permissions
<fm76_italy_ba> I'm a newbie about linux are you willing to help me step by step? also in PM
<devster31> so I have USERGROUPS enabled in login defs, the default umask is 022 which gets relaxed to 002, however when I sudo -i the umask for root is still 022, why is that?
<kurt_> When using conjure-up to deploy openstack on a single node, it keep telling me lxd is not configured when using a created bridge (`br0`) and launching `sudo lxd init` like in this blog post: https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/
<kurt_> Anyone having done something similar at home?
<m-hussain> I am from an SME in the Maldives. I want to deploy a Ubuntu-OpenStack setup with 5 x virtual nodes for openStack components, 5 x physcal nodes for compute (nova) and 2 x HP iSCSI storage. So, will the Ubuntu Advantage **Essentials** subscription allow me to do this?
<Aison> how do I use php fpm?!? what do I have to add to my VirtualHost section in apache2
<inyourgroove> h
<inyourgroove> hello folks
<inyourgroove> are there known issues with the phpmyadmin package on 16.04?
#ubuntu-server 2016-04-24
<ShaRose> Anyone know if there's a sane way to entirely disable dnsmasq-base with lxd? I pretty much want all of my containers JUST going to my existing DHCP server.
<kurt_> Sharose: https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/
<ShaRose> yeah, the problem with that is that apparently LXD's DHCP server is still running and trying to assign IPv6 IPs
<ShaRose> unless lxd just randomly decides to assign them for fun
<ShaRose> ... or apparently when I did it I forgot to disable the lxc bridge.
<ShaRose> :P
<ReScO> hey people
<ReScO> i'm wondering, is there any way to add public keys from a webserver, say, by storing them in a DB?
<misza222> Hi Folks, when is 16.04 going tol be officially available on AWS?
<ReScO> i'm wondering, is there any way to store public keys for ssh auth in a postgres DB or something?
<ReScO> trying to make a webpanel to manage users on my server
<Walex> ReScO: you can write an agent to do that.
<Seveas> ReScO: using an AuthorizedKeysCommand, you can fetch keys from wherever you want. LDAP is common, but postgres is possible too :)
<ReScO> Seveas, might have to look into it, wanting to make a webpanel to manage users on the server
<Seveas> ReScO: it's pretty simple to do. Your command will be called with a username as argument and is expected to output the users keys to stdout :)
<GeekMan1222> heh
<GeekMan1222> http://www.ebay.com/itm/Texas-Instruments-TI-Keyboard-with-I-O-Cable-New-Opened-Box-/130630143144?hash=item1e6a29cca8:g:u1sAAOSwo6lWLXoZ
#ubuntu-server 2017-04-17
<__Yiota>  hey guys I need urgent help, my CTO rebooted both of our google cloud engine nodes, all the data appears to have dissapeared (I can only see my user + ubuntu user), I checked df -h and the result is: /dev/sda1        49G  1.1G   48G   3% /, it should normally be at ~20 gigs or so,
<qman__> did you have persistent disks attached for your data?
<mybalzitch> sounds like the CTO's problem
<qman__> I'm not that familiar with google cloud engine specifically, but I assume it works like most other cloud providers and gives you ephemeral instances, and that you need to attach persistent storage to them to store your data
<qman__> the marketing page jibes with this assumption
<__Yiota> qman__ yes, I did have persistent disks
<__Yiota> I can see them with ls -l /dev/disk/by-id/google-*
<qman__> ok, so were you storing your data there, and is it still there?
<qman__> are those disks mounted where you expect them?
<__Yiota> I was storing data there, the data is gone
<__Yiota> the disks are unmounted
<__Yiota> sorry, they are mounted
<__Yiota> but in the wrong places
<c0mrade> WriteLn.Console ( " Hello " ) ;
<c0mrade> Some weird thing happened to my server running Ubuntu 16.04.2 LTS 64bit Server on an HP ProLiant G6 server. So once I've done setting it up, I've configured a static ip, restarted the server and it worked fine, next day I wake up and can't ssh into it, I connect directly and see that the IP address is some other one assigned by DHCP.
<c0mrade> Well I flushed the interface and restarted the networking service and it's back to the static one. But why did this happen, well actually when I physically logged in I saw some error like freezed or something and related to ata3 maybe a disk problem but anyway, even if it was why would the IP change if it's already statically configured?
<adityaduggal> Hi I am unable to run my cron job in my server, they seem to be missed every time, can anyone help me on that?
<adityaduggal> my cron job is this ```0 13 * * 0 sudo service nginx stop && /opt/certbot-auto renew && sudo service nginx start >> /home/frappe/log/certificate.log 2>&1 # Renew lets-encrypt every week ```
<adityaduggal> But there is no log created and hence i am assuming that the cron job did not run, how can I test it?
<c0mrade> adityaduggal: Hey well instead of sudo service nginx start try sudo /etc/init.d/nginx start etc...
<ahasenack> adityaduggal: check /var/log/auth, maybe your sudo isn't working, or prompting for a password
<mason> c0mrade: Have you looked at /etc/network/interfaces to see what's set up there for your NIC?
<mason> c0mrade: Also, you'll want to make sure
<mason> ...that you don't have it controlled by NetworkManager or somesuch.
<c0mrade> mason: Um, it's not graphical.
<mason> c0mrade: I didn't suggest that it was graphical. You still want to identify what it was that decided that it liked DHCP.
<mason> NetworkManager is usable on text-only systems via nmcli and nmtui.
<mason> (This is the default for RHEL 7, for instance.)
<thebwt> also: why are you using sudo ina  cron job?
<thebwt> just have the cron run as the system, and if it's a newer server you should use systemctl
<thebwt> `/opt/certbot-auto renew` - if the other two commands need sudo, this should too since I assume. But we don't know about where your cert files are.
<Dave654> Hi, I have a server with hetzner with Ubuntu 14.04.4 and Linux 4.2.0-36-generic on x86_64 the kernel never seems to update, just the dev part is this normal?
<Dave654> its quite cool as I never boot the darn thing like all my others but...
<nacc> Dave654: 'hetzner'? Is that a vps provider?
<Dave654> alsorts
<Dave654> hetzner.de
<nacc> Dave654: the 14.04.4 hwe kernel is not supported any longer
<Dave654> or com
<Dave654> for English
<nacc> Dave654: so it won't be getting updates, you should fully update to 14.04.5 hwe kernel
 * Dave654 confused
<nacc> Dave654: schedule is at: https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<Dave654> ty, you would think they would tell me
<nacc> Dave654: who is "they"? also, i think the utility hwe-support-status will tell you
<Dave654> been like it for years tho
<Dave654> I thought it was this modern no need to boot kernel!
<nacc> Dave654: well, 14.04.4 only came out in feb 2016 and went eol in aug 2016
<Dave654> they are the engineers at hetzner
<nacc> (the kernel)
<nacc> you would still need to reboot for security fixes, etc
<nacc> aiui, only 16.04 has the livepatch facility
<Dave654> never no fixes tho
<nacc> Dave654: well, even being on 4.2.0-36 is wrong, afaict, trusty-updates has 4.2.0-42
<Dave654> nacc does it do what it says on the tin
<nacc> Dave654: so... just all around busted it seems :)
<Dave654> lol thanks
<nacc> Dave654: and probably means your system is missing some security updates
<Dave654> ouch
<nacc> (4.2.0-42 is in the security pocket too)
<Dave654> never a dull moment
<nacc> Dave654: but the correct choice is to switch the 14.04.5 hwe kernel (linux-generic-lts-xenial) and then remove the old metapackages (to save space)
<Dave654> usually when a provider offers a OS its supported
<nacc> Dave654: well, then ask the provider, not ubuntu server :)
<nacc> Dave654: providers can make very poor choices :)
<Dave654> did all I got was intense engineering waffle, stopped listening after 2 mins, basically told me do not worry
<Dave654> will ask them again in a ticket rather than a phone call
<Dave654> thanks
<Dave654> what php -v does 16.04 use
<nacc> Dave654: yeah, they should review the above page -- it seems odd they would say 'not to worry', unles they are providing their own security support on top of ubuntu's
<nacc> !info php xenial
<ubottu> php (source: php-defaults (35ubuntu6)): server-side, HTML-embedded scripting language (default). In component main, is optional. Version 1:7.0+35ubuntu6 (xenial), package size 2 kB, installed size 11 kB
<nacc> !info php7.0 xenial
<ubottu> php7.0 (source: php7.0): server-side, HTML-embedded scripting language (metapackage). In component main, is optional. Version 7.0.15-0ubuntu0.16.04.4 (xenial), package size 1 kB, installed size 9 kB
<nacc> Dave654: and i'm going to be SRU'ing 7.0.17 to 16.04 once 17.10 opens
<Dave654> lol 7 is out, not sure is software is up to speed
<nacc> Dave654: hrm? sorry, i used the wrong trigger at first -- we are at 7.0.15 currently (with some backports on top)
<Dave654> got one site not liking 5.5+
<Dave654> cannot checkout to paypal
<Dave654> Deprecated: mysql_escape_string():
<Dave654> thank goodness for people like centos eh
<Dave654> eol 2025 and good
<Dave654> btw, sad to see 12.04 go, best OS I have ever used
<Dave654> made a fortune off it
<Dave654> and given back to opensource
<nacc> Dave654: deprecated is not an error, unless you set it to be one
<Dave654> I can fix it I think
<Dave654> need to use mysqli
<kotMatroskin> hi
<kotMatroskin> - Mount snap "core" (1577) ([start snap-core-1577.mount] failed with exit status 1: Job for snap-core-1577.mount failed. See "systemctl status snap-core-1577.mount" and "journalctl -xe" for details.
<kotMatroskin> what should I do?
<nacc> kotMatroskin: what do the commands indicate is wrong?
<kotMatroskin> nacc, sudo snap install nextcloud
<nacc> kotMatroskin: right, not what i asked
<nacc> kotMatroskin: it tells you to 'see' two commands
<nacc> kotMatroskin: what do those commands say?
<kotMatroskin> nacc, sorry, i speak very bad english
<nacc> kotMatroskin: it's ok, if you can, run those two commands and use a pastebin to share the output
<nacc> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<kotMatroskin> nacc, it is not bin-file, this is a command -> sudo snap install nextcloud
<dpb1> kotMatroskin: run: systemctl status snap-core-1577.mount  and  journalctl -xe
<dpb1> kotMatroskin: use pastebin to show us results of those commands
<kotMatroskin> pastebin
<dpb1> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<dpb1> kotMatroskin: ^^
<kotMatroskin> what is pastebin?
<nacc> kotMatroskin: please read the response from ubottu
<kotMatroskin> results of those commands: Failed to mount Mount unit for core.
<kotMatroskin>  
<nacc> kotMatroskin: there will typically be more output than that
<nacc> kotMatroskin: please run the command don't select what put on paste.ubuntu.com
<nacc> kotMatroskin: but copy & paste the entire output
<nacc> kotMatroskin: or use pastebinit directly from the terminal
<kotMatroskin> result of systemctl status snap-core-1577.mount:
<kotMatroskin> root@vps24182:/home/alex# systemctl status snap-core-1577.mount
<kotMatroskin> â snap-core-1577.mount - Mount unit for core
<kotMatroskin>    Loaded: loaded (/etc/systemd/system/snap-core-1577.mount; enabled; vendor preset: enabled)
<kotMatroskin>    Active: failed (Result: exit-code) since Mon 2017-04-17 16:35:00 EDT; 1min 29s ago
<kotMatroskin>     Where: /snap/core/1577
<kotMatroskin>      What: /var/lib/snapd/snaps/core_1577.snap
<kotMatroskin>   Process: 690 ExecMount=/bin/mount /var/lib/snapd/snaps/core_1577.snap /snap/core/1577 -t squashfs (code=exited
<kotMatroskin> Apr 17 16:35:00 vps24182 systemd[1]: Mounting Mount unit for core...
<kotMatroskin> Apr 17 16:35:00 vps24182 mount[690]: mount: /snap/core/1577: mount failed: Unknown error -1
<kotMatroskin> Apr 17 16:35:00 vps24182 systemd[1]: snap-core-1577.mount: Mount process exited, code=exited status=32
<nacc> kotMatroskin: please use a pastebin, as asked
<kotMatroskin> Apr 17 16:35:00 vps24182 systemd[1]: Failed to mount Mount unit for core.
<nacc> kotMatroskin: you're flooding the channel
<kotMatroskin> Apr 17 16:35:00 vps24182 systemd[1]: snap-core-1577.mount: Unit entered failed state.
<kotMatroskin> what is pastebin?
<nacc> !pastebin | kotMatroskin: please read this, again, as asked
<ubottu> kotMatroskin: please read this, again, as asked: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<kotMatroskin> bash: pastebin: command not found
<nacc> kotMatroskin: a pastebin is just an online service for sharing pastes
<nacc> kotMatroskin: yes, *read* the blurb from ubottu.
<kotMatroskin> ok, must back in the morning. thank you
<rizonz> this is weird only my  boot chainload into bootloader on the first disk - alternative for pxe boots from disk
<nacc> kotMatroskin: you might, in the morning, ask in #snappy -- as the core snap failing is not really a server issue
#ubuntu-server 2017-04-18
<fishcooker> how to disable/blacklist a package to be installed permanently?
<patdk-lap> pinning
<craig_> hello all
<dpb1> fishcooker: https://askubuntu.com/questions/75895/how-to-forbid-a-specific-package-to-be-installed
<cpaelzer> good morning
<jamespage> morning cpaelzer
<cpaelzer> hi jamespage
<cpaelzer> jamespage: as much as I like a greeting I'm afraid there is more coming - is it?
<cpaelzer> jamespage: and a good morning to you as well
<jamespage> nope just good morning ;)
<fishcooker> noted dpb1, thanks
<trippeh> hm. not having much luck in getting Network Manager to push actual upstream dns servers to resolvconf after 17.04. /run/resolvconf/interfaces/NetworkManager is only getting 127.0.1.1
<trippeh> borking the unbound integration.
<trippeh> dns=unbound in NetworkManager.conf + dnssec-trigger seems to work better. hmm.
<cpaelzer> jamespage: coreycb: if one could check if you have seen bug 1583009 that would be kind
<ubottu> bug 1583009 in Ubuntu Cloud Archive "Error starting domain since update" [Undecided,New] https://launchpad.net/bugs/1583009
<cpaelzer> zioproto: you had an update to this bug recently ^^
<cpaelzer> zioproto: was your update Trusty+UCA-Mitaka -> Xenial (no UCA) ?
<coreycb> cpaelzer, i've not seen that one
<coreycb> cpaelzer, that's the release where group name etc were changed i think
<cpaelzer> coreycb: thanks for checking
<cpaelzer> coreycb: and yes it is the libvirt->libvirtd switch
<coreycb> cpaelzer, seems suspicious that this started to occur in 1.3.4 and 1.3.3 changed the group
<cpaelzer> but still why only in some cases
<cpaelzer> actually no, xenial already was the one changing IIRC
<cpaelzer> checking
<coreycb> cpaelzer, i'd guess a race
<cpaelzer> the last report of zioproto was T->X which is to 1.3.1
<cpaelzer> which was prior to the rename
<coreycb> cpaelzer, oh ok.  any log messages?  seems like init fails the first time around for libvirtd and virtlogd, but starting them again works.
<cpaelzer> coreycb: I haven't seen more than what is in the bug
<cpaelzer> coreycb: I mainly wanted to do a check if this showed up with you
<cpaelzer> The more related changes are more likely all the renamings of libvirt services in 1.3.1, but then without any better repro or data it can't be debugged for now
<coreycb> cpaelzer, it looks like a fix may have been provided to yakkety but not yet backported to xenial for upstart and sysvinit
<coreycb> cpaelzer, maybe not a race but depends on upstart vs systemd?  just guessing.
<cpaelzer> I wish hallyn would still be around as he was already context switched into this
<cpaelzer> maybe he is atm
<zioproto> cpaelzer: sorry I am in a meeting. Yes I have seen 1583009
<cpaelzer> zioproto: the question was more on the exact versions you upgraded from/to - but take your time ro report after the meeting is over
<zioproto> cpaelzer: version that works for me is qemu-system-x86_2.5+dfsg-5ubuntu10.11_amd64.deb and qemu-block-extra_2.5+dfsg-5ubuntu10.11_amd64.deb
<xpistos> Hey all, I logged into my server this morning and it says my boot partition (300 mb) is at 89%. Not sure why  or what to do with it
<simosx> xpistos, there is a script to clean up the older kernels. If you install "byobu", you can then "sudo purge-old-kernels". More at http://ubuntuhandbook.org/index.php/2016/05/remove-old-kernels-ubuntu-16-04/
<xpistos> simosx: Thanks. That worked like a charm! Book marking it now.
<hallyn> cpaelzer: i'm afraid i'm not context switched into anything :) bug#?
<cpaelzer> hallyn: bug 1583009
<ubottu> bug 1583009 in Ubuntu Cloud Archive "Error starting domain since update" [Undecided,New] https://launchpad.net/bugs/1583009
<c0mrade> how to let mongodb automatically start if my server reboots (Ubuntu 16.04.2 LTS 64bit Server)
<c0mrade> How to let mongodb automatically start if my server reboots (Ubuntu 16.04.2 LTS 64bit Server)?
<sarnold> c0mrade: if you don't already have a systemd unit file or sysv-init script for your mongodb then you should write one
<Ussat> There are examples on the net all over
<axisys> how do I find duplicate in sources.list
<patdk-lp> vi
<patdk-lp> how would there be duplicates in there?
<axisys> patdk-lp: i know .. sort | uniq did not find duplicates///
<axisys> patdk-lp: previous guy.. :-)
<patdk-lp> sort | uniq will NOT find duplicates
<axisys> patdk-lp: I had to stop him for a sec..
<axisys> pasting it..
<dpb1> axisys: did you get a message printed at apt-get update?
<axisys> http://dpaste.com/399TSGB
<axisys> dpb1: yep
<dpb1> axisys: paste that please?
<patdk-lp> line 21, remove main
<axisys> with the message http://dpaste.com/07CBN6Q
<axisys> patdk-lp: ah
<patdk-lp> only thing I see
<dpb1> universe in there too
<dpb1> duplicated
<patdk-lp> where?
<patdk-lp> oh, line 21 is just a whole dup
<patdk-lp> remove line 21
<dpb1> right
<axisys> fixed.. thank you guys..
<axisys> mutliple pair of eyes :-)
<axisys> W: There is no public key available for the following key IDs:
<axisys> 3B4FE6ACC0B21F32
<axisys> showing 4 times..
<axisys> no external repo.. just ubuntu
 * axisys looking for the previous guys 
<axisys> heh
<c0mrade> I provide free hosting on my home server :P full root account, up to 2GBs of RAM and 200GB of HDD.
<patdk-lp> c0mrade, why do we care?
<c0mrade> patdk-lp: I don't know.
<nacc> !ot | c0mrade
<ubottu> c0mrade: #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please register with NickServ (see /msg ubottu !register) and use #ubuntu-offtopic for other topics (though our !guidelines apply there too). Thanks!
<nacc> well, for #ubuntu-server, i guess :)
<nacc> and !spam
<nacc> !spam
<ubottu> Please don't spam
<dpb1> axisys: basically this: https://askubuntu.com/questions/235880/how-to-fix-gpg-in-updater
<axisys> dpb1: yes I know the answer.. thanks anyways
<arooni> trying to ssh from mac mini ==> ubuntu server; seeing; What does untrusted X11 forwarding setup failed: xauth key data not generated .... i have xquartz set up;  what do?  delete ~/.xauthority?
<dpb1> arooni: did you ssh -X
<arooni> dpb1: sure did
<dpb1> arooni: try -Y ?
<arooni> so i have a scrip (letsencrypt cert renewal) that apparently first searches via apt-get update then upgrades itself before it runs.  i'd like to invoke via cron; but if i do that; i'm not going to be around to manually hit the 'YES' when prompted.  is there a way to run the script that will auto answer y for me in my absence?
<sarnold> the yes(1) tool can emit an endless stream of 'y\n'
<sarnold> this might be enough for the script in question
<compdoc> you probably dont want it to be an endless stream
#ubuntu-server 2017-04-19
<darkzek> Hey, anybody know how to make my 16.04 Ubuntu Server auto-login? Its a test server in vmware.
<YankDownUnder> darkzek: Did you read what I posted in #ubuntu?
<darkzek> YankDownUnder Yes, I would really prefer not to install a dm to save server resources.
<YankDownUnder> darkzek: There is going to be no real logical or practical solution to having Ubu server "automagically login" - as it's not part of the "model" of the whole. However, that being said - and as I've had to do in the past, I've installed a very lightweight DM (XDM) and set it up for autologin...only had to install something nice and small like WindowMaker or twm or olvwm or such...which was nothing, really.
<darkzek> So my options are install a dm, use a super hacky method that will take ages to configure. Or have to copy my very long password each boot
<YankDownUnder> So, again, that being said, you're not the only one that has wanted to accomplish this task...trust me...
<YankDownUnder> darkzek: Actually, it takes minutes...at the most...
<YankDownUnder> On a VM over the weekend (Ubuntu Server 16.04.2) I got Dovecot/IMAP/POP3, lightdm and WindowMaker setup in, er, what, 10 minutes tops?
<darkzek> YankDownUnder Haha ok, I guess i'll install xfce then :)
<darkzek> Thanks for your help :)'
<YankDownUnder> XFce is actually heavier than WindowMaker, AfterStep or whatever...HOWEVER, that being said, it's your VM, not mine. I prefer "less than" on servers...XFce *USED* to be very light, but it's grown a bit "thick" around the edges...ahem...
<darkzek> YankDownUnder Yeah im not the best with Linux knowledge so I don't really feel comfortable installing my own window manager right now. Thanks again :)
<YankDownUnder> darkzek: Fair enough. Just remember - it's EASY if you THINK IT'S EASY. Otherwise, it's a nightmare. Simple stuff: apt-get install -y lightdm && apt-get install -y xfce-desktop => pretty much all there is to it.
<YankDownUnder> After you get lightdm installed, you can check the /etc/lightdm/lightdm.conf and edit it to suit for your autologin schmutz
<darkzek> YankDownUnder I'll do that then, time to get out of my shell haha.
<YankDownUnder> darkzek: Cool bananas...it's not so bad "outside the box" you know...
<cpaelzer> nacc: rbasak: actually do we have another USBSD today or next week?
<cpaelzer> Since it seems to work to encourange community and to get a grip on more issues I think we should give it a wiki page with like "next date" people can always check
<cpaelzer> announcing on ML is fine, but as me being away last week I just missed it in the truckload of mails - so a page to check just as we have with the IRC meeting would be great IMHO
<cpaelzer> let me know what you think about that
<lordievader> Good morning
<zioproto> hello all. I have a question about neutron-server ubuntu packaging. I had to do an ugly hack to /etc/init.d/neutron-server
<zioproto> in xenial
<zioproto> because I have some plugins, I had to hardcode more --config-file options
<zioproto> I have an ugly line that looks like
<zioproto> [ -n "$NEUTRON_PLUGIN_CONFIG" ] && DAEMON_ARGS="--config-file=$NEUTRON_PLUGIN_CONFIG --config-file=/etc/neutron/l2gw_plugin.ini --config-file=/etc/neutron/neutron_lbaas.conf"
<zioproto> but this variable $NEUTRON_PLUGIN_CONFIG
<zioproto> I dont understand it
<zioproto> it is not like we have a file with all the configs for all the plugins
<zioproto> is this a bug in the packaging ?
<zioproto> what would be the clean way to start the daemon with these extra --config-file statements ?
<cpaelzer> zioproto: the variable lives in /etc/default/neutron-server
<cpaelzer> zioproto: by default it points to /etc/neutron/plugins/ml2/ml2_conf.ini
<cpaelzer> zioproto: I don't know nova enough would it allow to list them comma separated, or create amaster conf file that includes multiple others?
<cpaelzer> zioproto: I'd consider any of those "cleaner" if they are possible
<cpaelzer> rbasak: is not finding /var/lib/libvirt/dnsmasq/default.leases a known uvtool issue?
<cpaelzer> any bells ringing?
<cpaelzer> rbasak: bug 1420142 seems like what I see, yet it is closed as dup of a fixed bug
<ubottu> bug 1428674 in uvtool (Ubuntu) "duplicate for #1420142 uvt-kvm: error: no IP address found for libvirt machine" [High,Fix released] https://launchpad.net/bugs/1428674
 * cpaelzer checking versions
<cpaelzer> seems my trusty version is too old to work with UCA level libvirts, looking for the uvtool backports now
<cpaelzer> rbasak: going to ppa:uvtool-dev/master fixed it
<cpaelzer> rbasak: imho as far as I see this is broken for e.g. Trusty+UCA-Mitaka - would it be reasonable to ask the UCA Team to get Xenial version of uvtool into the UCA as well to let it work?
<cpaelzer> jamespage: ^^ thoughts?
<jamespage> cpaelzer: context?
<cpaelzer> jamespage: the lines above, TL;DR I've found that with Trusty+UCA-Mitaka uvtool fails
<cpaelzer> jamespage: not sure on the exact details to trigger, but the the root cause seem on old uvtool vs newer libvirt behaviour
<cpaelzer> newer uvtool has it fixed already
<jamespage> cpaelzer: is this something that we want to support?
<jamespage> cpaelzer: UCA is really for OpenStack support, rather than just picking up a new virt stack
<cpaelzer> jamespage: true, and people can - as I did - pull in the backport ppa that exists to get going
<cpaelzer> I'll update the bug thou to help anyone else running into that case
<cpaelzer> jamespage: thanks for quickly tihnking this through, I updated the bug and agree that there is no reason to pull into UCA
<jamespage> cpaelzer: yw - we've had similar breaks in the past (newer django broke MAAS for example) and decided that was outside of the scope of the UCA purpose
<kotVaska> hi, Why not installed ubuntu server on fujitsu celsius w370? Installation hangs..
<cpaelzer> kotVaska: what way are you installing (ISO, Maas, ...) which release and at what point is it hanging?
<cpaelzer> kotVaska: depending on that you likely have to select the right entry on https://wiki.ubuntu.com/DebuggingProcedures#Installation_and_Upgrades and provide further info than "hangs on install"
<kotVaska> thanks
<patsToms> morning
<patsToms> someone have any idea why could screen have some artifacts?
<patsToms> it renders Ubuntu 16 server terminal randomly
<patsToms> oh, it works well on different monitor
<cpaelzer> jamespage: do you (without rereading the code) remember how DPDK_OPTS in openvswitch init handling are read&passed to the ovs-ctl script?
<cpaelzer> jamespage: I try to test something on T+UCA-Mitaka but the lack of systemd kind of lets me stumble
<cpaelzer> most seems fixed, but the path from init -> ovs-lib -> ovs-ctl -> ovs_vswitch isn't exatly straight :-)
<cpaelzer> so I miss the DPDK_OPTS to be set for now
<cpaelzer> jamespage: I'll read through the scripts, but if you happen to remember let me know
<cpaelzer> ok, so theory confirmed DPDK_OPTS are not set while ovs-ctl is running in that system setup
<cpaelzer> jamespage: found the issue, as FYI on trusty it is running the upstart bits pre-start and that lacks an export of DPDK_OPTS
<cpaelzer> jamespage: not a real issue as it was never meant to work ther I'd guess right?
<jamespage> cpaelzer: no I think we agreed that the baseline was xenial right? due to kernel feature requirements
<cpaelzer> jamespage: yeah I think we agreed on that
<cpaelzer> jamespage: I'm running hwe-x anyway
<cpaelzer> so the kernel dep won't kill me for now, but still I think it is not meant to run on T - so the fixes I make for my tests won't become your bugs
<cpaelzer> jamespage: that is what I wanted to check
<cpaelzer> jamespage: wow after understanding the whole picture the fix is super-easy since the /etc/default/openvswitch-switch is sourced
<cpaelzer> jamespage: it comes down to add "export DPDK_OPTS" in that config file
<cpaelzer> no "code" change needed
<ahasenack> cpaelzer: $1 to add the oneliner
<ahasenack> cpaelzer: $999 to know which one liner and where
<cpaelzer> ahasenack: exactly
<cpaelzer> ahasenack: but it already is in a git commit to be found by the search engine of your choice some day
<cpaelzer> so price drops from $999 to just $499 for the next 5 hours
<ahasenack> it's like a zero-day
<Aison> why do I get a network interface name p22p1? I expected that ethernet devices are prefixed with en?
<Aison> so why not enp22p1
<teward> this will sound like a stupid question, but I have a server on a subnet of my network that uses a VPN tunnel outbound.  I need to route traffic from my local networks via the local network and not send them across the VPN tunnel; is there any way to setup such custom routing?
<compdoc> dont assign a gateway to the tunnel
<nacc> cpaelzer: argh, it should be this week, but with everything else, i dropped the ball
<nacc> cpaelzer: i'll set it up for next week and maybe every two weeks after that, with a header thing and link to a wiki page describing it
<dpb1> nacc: the bug party?
<dpb1> err
<dpb1> bug squashing day
<nacc> dpb1: yeah
<dpb1> k
 * dpb1 was looking forward to that
<nacc> i mean, there's nothing preventing us from doing it today :)
<nacc> just forgot to announce it on the ML
<dpb1> I can look forward to it next week too
<dpb1> :)
<nacc> dpb1: true )
<nacc> :)
<ahasenack> teward: you need to look up "source routing", the "ip" tools can do that just fine
<ahasenack> teward: something like this: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html
<ahasenack> there may be ubuntu docs about it too
<ikonia> win 14
<teward> ikonia: confirmed: LOSS 14 recorded.  (Just kidding, and poking fun, sorry)
<teward> ahasenack: thanks, I'll take a look.
<teward> got a question for the server team people.  NGINX in 14.04, a request came through to have the 'geoip' module added to the nginx-naxsi flavor.  Unlike in Xenial and later we can't just use dynamic modules, that'd be a feature change that I'd need approval to get in, what're your thoughts?  Noting of course that nginx-naxsi is deprecated and no longer supported in any other releases, except maybe Precise and I that'll die soon enough.
<teward> how would you suggest I proceed?
<nacc> teward: just tell the user no? :)
<teward> lol
<nacc> teward: without knowing more about nginx, how would you add geoip support without dynamic module support?
<teward> nacc: change the build rules to static-compile
<teward> we already static-compile in Trusty
<nacc> teward: ah ok
<teward> we just have to change what modules are included
<teward> the old style way of things, though we had to do that for Xenial and still do
<nacc> teward: i'm not sure the request satisifies the SRU rules
<nacc> teward: maybe in backports?
<teward> nacc: i'm not sure it does either, and the backports team has too much of a backlog on their plate
<nacc> yeah :/
<teward> i would know i've had three backport requests sitting for two years gathering inordinate amounts of dust
<teward> they're so old I don't even have the packaging for them anymore lol
<teward> nacc: Won't Fix'd the bug, and referenced that it doesn't meet SRU criterion
<teward> i'm so tired lol
<teward> nacc: send me $450 worth of allergy meds and solve my misery for the next six months lol
<nacc> teward: i think that's totally reasonable
<teward> (allergies *suck*)
<nacc> teward: and sorry for your allergies!
<teward> if it were economically feasible I'd have a O2 container here, or at least a respirator that filters out the allergens.
<teward> too bad i'm in debt.
<teward> and too bad i can't afford a new computer, this one's startin to fall apart
<teward> I'd *like* to get this $3000 business line workstation grade laptop from Dell, but I'm poor :P
<teward> (yay for fifty simultaneous build envs if i had it lol)
<drab> hi, just trying my hand at running kvm manually
<drab> I'd like to use iommu and eventually use pci passthrough
<drab> vt-d is enabled on the machine and iommu option loaded in grub
<drab> [    0.000000] DMAR: IOMMU enabled
<drab> however when I run sudo qemu-system-x86_64 -enable-kvm -machine type=pc,accel=kvm -device intel-iommu ....
<compdoc> kvm is awesome, but Ive never found a good use for passthru
<drab> I get an error,  qemu-system-x86_64: Option '-device intel-iommu' cannot be handled by this machine
<compdoc> some motherboards are better than others at that
<drab> I was planning on giving it a harddisk to write through directly and a network card. Is not the expected way to use it to speed things up?
<compdoc> see if theres a bios update
<drab> I'm enw to it so maybe misunderstanding basic concepts still
<drab> also I'm having a really hard time on figuring out how to run it manually, the entirely web just talks about libvirt
<drab> but I don't want to run libvirt/virt-manager/virsh
<nacc> yeah, runnnig qemu manually is a PITA
<nacc> drab: any reason why not?
<sarnold> xml phobia? :)
<nacc> heh
<drab> heh, in part
<drab> also compelxity-phobia, it looks like a lot of stuff to learn to do right, and I just want *1* instance
<drab> everything else is lxd containers
<drab> might need one more later, but to deploy libvirt to a node just to run one container seems not a good idea
<drab> especially since it seems to want to do its own thing
<nacc> i don't think you'd see a huge bump from hard disk passthru, but not sure
<drab> ie create its own bridge etc
<nacc> and the network card could be solved (better) with SR-IOV if you have it
<nacc> (or more naturally, i mean)
<drab> I have the host pretty "clean" with the main bridge for containers and I'd like to just add 1 kvm (for nfs)
<drab> nacc: I'll look into SR-IOV, thanks for the tip
<compdoc> I find qcow2 files are easier to copy, etc
<nacc> drab: it requires hw support on the NIC
<drab> so yeah, I'm trying to figure out how to spin up just this instance with pure qemu, but having a hard time especially since I need to pxe boot and have output to console...
<drab> the host has a ZFS pool for lxd and planning to carve out a ZVOL to feed to kvm
<drab> as root device
<drab> but need to figure out the booting part first...
<drab> can't even get it to start and give me output in console to run through installation right now
<nacc> drab: so does `qemu-system-x86_64 --device help 2>&1 | grep intel-iommu` list it as supported?
<drab> nacc: name "intel-iommu", bus System
<nacc> drab: ok
<nacc> drab: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg03548.html maybe?
<__Yiota> how do I check disk read latency?
<__Yiota> I'm trying to figure out why our reads on aws are slower
<nacc> drab: fwiw, this is where libvirt can be handy
<nacc> drab: as the XML is the same regardless (ideally) of qemu parameters
<nacc> drab: i also believe libvirt can use existing bridges, etc.
<sarnold> __Yiota: I understand that's basically aws's business model. iops are slow enough that people want to pay for the faster backends
<sarnold> __Yiota: there's a huge load of measurement tools at https://github.com/iovisor/bcc
<drab> nacc: I'm absolutely sure it can, and I don't question its usefuless, but I've tried to look at it and it struck me as *really* complex
<drab> nacc: so I thought maybe it was gonna be quicker/simpler to just do straight qemu since I don't plan more tha a  couple instances
<drab> but maybe not
<drab> given how much of a nightmare it's been to figure qemu out so far
<nacc> drab: right 'simpler' in that there are fewer layers
<nacc> but those layers make the end-user experience sane :)
<teward> sarnold: nacc: rbasak: just to keep you in the loop, once 17.10 is open (and after I get off my lazy butt) we're going to be putting nginx 1.12.* in.  That's been released, by the way :P
<teward> i would have said this at the meeting yesterday but i was otherwise detained in a meeting
<sarnold> teward: nice :)
<nacc> teward: np, thanks!
<__Yiota> sarnold thank you
<ppetraki> __Yiota, hdparm -tT [bdev] isn't a bad place to start. Cached number tells you how fast your line speed is and the bufferred read from disk should be pretty close to what it says in the spec sheet.
<__Yiota> bdev?
<ppetraki> __Yiota, /dev/sda
<__Yiota> ah
<__Yiota> gotcha
<teward> note to self: set up a script to initiate LXD containers with the standard utility sets lol
<teward> (no `ping` on the LXD container that got started for Xenial o.O)
<ppetraki> it's easy and it's always there, so quick example
<nacc> teward: are you not using the cloud images remote?
<ppetraki> __Yiota, http://pastebin.ubuntu.com/24415194/
<teward> nacc: i was, but i think something fubar'd in the download lol
<nacc> teward: yeah, i just checked and `lxc launch ubuntu:xenial` definitely has ping :)
<ppetraki> __Yiota, That's a micron M600 attached to a 7 year old thinkpad
<teward> *shrugs* it's working now.
<teward> nacc: well, I still need to 'configure' the container with what I need on a standard system.  So a utility script will still be useful DO NOT JUDGE ME
<__Yiota> thank you so much ppetraki now I have something to show my CTO
<ppetraki> __Yiota, it has a 3G link, which is what I'm getting for cached reads. The drive can do almost 500 MB/s ... so my system's bus is the problem.
<teward> standard utils for Ubuntu and "standard Ubuntu utils for teward's container" aren't the same ;)
<nacc> teward: heh,sure :)
<nacc> teward: cloud-init them?
<ppetraki> sarnold, that's a sweet set of utilities . Thanks!
<c0mrade> How can I make mongodb automatically start at boot time on Ubuntu 16.x ?
<__Yiota> c0mrade system d?
<sarnold> ppetraki: it's wonderful stuff. if you haven't found brandon gregg's homepage yet, it's worth finding. there's days of wonderful reading there ;)
<c0mrade> Yiota: How?
<nacc> c0mrade: didn't you ask this yesterday and were answered?
<ppetraki> sarnold, I have not :)
<sarnold> c0mrade: where did you get stuck?
<c0mrade> I asked but I either didn't get an answer or I didn't see the answer.
<dpb1> c0mrade: https://askubuntu.com/questions/61503/how-to-start-mongodb-server-on-system-start
<nacc> c0mrade: specifically by sarnold :)
<sarnold> ppetraki: oh bother I knew I'd butcher his name http://brendangregg.com/
<c0mrade> One more thing which is a bit more complex, see if the server restarts, there's a script that I want to run when it boots first cd to a dirctory that I want then run ./bin/dev once that command executes it puts me into another shell where command 'run' has to be run.
<c0mrade> How could I go about that?
<teward> nacc: I will make one note: Debian's images, they have *nothing* on them lol
<teward> (cross-OS testing lol)
<nacc> c0mrade: you can't run the first script with an absolute path?
<nacc> c0mrade: write a wrapper script for the wrapper for the wrapper
<nacc> teward: yeah, they are very different
<c0mrade> nacc: I can...
<teward> oh hey exactly nine days to precise EOL.
<ppetraki> sarnold, oh, he wrote the dtrace toolkit. ok :)
<c0mrade> I mean would it run like ./lila/bin/dev ?
<teward> guess I can go delete the nginx PPA packages now lol
<Aison> is there a way to use systemd 233 on ubuntu 16.04?
<nacc> teward: :)
<nacc> !info systemd xenial
<ubottu> systemd (source: systemd): system and service manager. In component main, is required. Version 229-4ubuntu16 (xenial), package size 3713 kB, installed size 18844 kB (Only available for linux-any)
<dpb1> Aison: sounds painful!
<nacc> Aison: not in  supported way
<c0mrade> nacc: wrapper script for the wrapper fo the wrapper o.O ?
<nacc> Aison: and i don't know why you'd want to do that?
<nacc> c0mrade: you said you needed to run a script at a given path at boot
<Aison> nacc, I can life if it is unsupported :P
<nacc> c0mrade: so write a script that cds to the path and runs the script
<Aison> it's for a testing machine
<nacc> Aison: ok, build systemd yourself :)
<teward> c0mrade: how about a wrapper script for all the wrapper scripts which are wrapping for another wrapper script which are wrapping for more wrappers which wrap for backends..  *shot*
<nacc> Aison: and enjoy that fresh hell
<teward> sorry i couldn't help it :)
<nacc> teward: :)
<sarnold> ppetraki: yeah. he's an insanely productive guy. :)
<teward> (hey we all need a little silliness sometimes :P)
<c0mrade> nacc: Guys can you give me an asnwer with some code, I don't know what a wrapper script is anyway.
<nacc> c0mrade: wrapper script == a script that calls something else
<nacc> c0mrade: so a trivial shell script
<Aison> nacc, I have a strange problem here. Systemd is not starting the network device exactly on one ubuntu server
<nacc> c0mrade: i'm not going to write it for you
<nacc> Aison: 'starting the network device' -- kernel sees it, but not getting an IP?
<Aison> I always have to login locally and systemctl stop systemd-networkd.service  and then start
<nacc> Aison: and then it works?
<Aison> yes
<nacc> Aison: 17.04?
<Aison> no, 16.04
<Aison> LTS
<nacc> Aison: what is the error, if any, in the logs when it doesn't work at boot?
<Aison> there is nothing in the logs. All errors I can see come from network drives that cant be mounted
<nacc> Aison: 'nothing' in the logs? So it isn't indicated as failing?
<nacc> systemd-networkd is a unit, so it has logs
<c0mrade> But the thing is that when I execute the first command I get into another shell, how would that shell accept commands using that script?
<Aison> hmm, how do I show the isolated systemd-networkd logs only?
<ppetraki> __Yiota, have you used fio?
<nacc> c0mrade: you need to interact with commands?
<nacc> Aison: something like systemctl status systemd-networkd
<Aison> nacc, that was always monitored as started, even though there was no network device up
<nacc> hrm
<nacc> Aison: ok, that's what i was asking before -- so systemd doesn't detect there is any issue?
<c0mrade> nacc: Interact? How's that, your answer is very broad, can you be more specific?
<nacc> c0mrade: i know nothing about your scripts
<nacc> c0mrade: let's say you could start your scripts automatically at boot
<nacc> c0mrade: do you need to send input to them?
<__Yiota> ppetraki never
<ppetraki> __Yiota, OK :) let's start with my cheatsheet
<ppetraki> __Yiota, http://tfindelkind.com/2015/08/24/fio-flexible-io-tester-part8-interpret-and-understand-the-resultoutput/
<rharper> Aison: journalctl -o short-precise --unit systemd-networkd
<nacc> rharper: thanks, i knew there was a journalctl version too, but couldnt find it
 * rharper knows it all too well 
<rharper> =/
<nacc> heh
<sarnold> ppetraki: holy cow
<ppetraki> __Yiota, he does a really good job of explaining what all the fields mean. In your case. I would devise a test that did 100% reads with a queuedepth of 1 and note where the latency histogram is accumulating the most hits
<c0mrade> nacc: That's what I need to do, after system reboot execut the following: cd lila; ./bin/dev when I execute ./bin/dev I get a specific shell where I type 'run' and hit enter and that's it
<ppetraki> sarnold, he nailed it
<nacc> c0mrade: can't you just adjust to run the commands that are in ./bin/dev (I'm not sure why it spawns a shell) and run the 'run' command there?
<Aison> rharper, nacc that's all what I get: systemd-networkd[296]: eth0: Renamed to enp2s0
<Aison> then I restart this service
<nacc> and then what does it say after restart?
<c0mrade> nacc: I don't know.
<rharper> networkd doesn't apply network config if the interface is already up or touched
<ikonia> c0mrade: you said you had this all working and %90 automated
<ikonia> it seems that you don't have the first step automated at all
<nacc> ikonia: glad you have more context than I :)
<ikonia> read up on "how to write a systemd unit"
<Aison> rharper, the network device is not up after reboot. ifconfig  lists only the lo device. just ifconfig -a lists the device correctly
<ppetraki> __Yiota, http://pastebin.ubuntu.com/24415321/
<ikonia> nacc: sadly yes, he's been asking this for days how to build a lichess server on an ubuntu EC2 instance
<nacc> ikonia: ah i see
<nacc> Aison: how is your network device configured? /etc/network/interfaces?
<ikonia> however he's screwed the install putting it under root account and the root directory which adds complexity, and doesn't understand the difference between say a cloud-init step and an systemd unit, so it's all a bit pointless
<c0mrade> Should I put my script at /etc/rc.local?
<ikonia> no
<rharper> well, on 16.04 systemd-networkd isn't enabled by default, so that's going to be a problem;  if you want to use networkd then you need to enable it via systemctl enable systemd-networkd;  you'll need to write networkd configuration files (.link .network) files in /etc/systemd/network/* for your interfaces
<ppetraki> __Yiota, save that to a file like config-fio-100-read.ini. and run it like this: $ sudo DISK=/dev/XXXX fio  config-fio-100-read.ini
<ikonia> look at writing a systemd unit c0mrade
<rharper> learn how to apply the Match parameter to target the interfaces you want
<Aison> nacc, no, in interfaces there is only the lo device. Else I use systemd/network
<rharper> and disable ifupdown networking
<c0mrade> ikonia: systemd unit?
<rharper> if you're still using /etc/network/interfaces then you won't be using systemd-networkd; rather only the 'networking' service script which calls out to ifup and friends (from the ifupdown package)
<nacc> rharper: is all tht documented somewere (wiki?) or is that one of your tasks for the release notes?
<ikonia> c0mrade: yes, as you've been told quite a few times
<Aison> rharper, how can I disable network/interfaces completely?
<rharper> nacc: no, we've not released an Ubuntu with networkd enabled by default
<rharper> remove them from /etc/network/interfaces ?
<c0mrade> ikonia: Also I've read this "To execute a script at startup of Ubuntu, simply edit /etc/rc.local, and add your commands. " at this link http://ccm.net/faq/3348-execute-a-script-at-startup-and-shutdown-on-ubuntu
<Aison> rharper, I did that (except the loopback device)
<c0mrade> ikonia: I just don't know what a systemd unit is.
<nacc> rharper: ah right
<ppetraki> __Yiota, so most of my 4K ios complete in just under 764us
<ikonia> c0mrade: so that would be the first thing you research
<Aison> the funny thing is, on two other ubuntu serveres it is working perfectly this way
<rharper> Aison: and reboot; next reboot any interface that's not in /etc/network/interfaces won't get configured
<c0mrade> ikonia: okay, i'll research that
<Aison> rharper, yes, I tried, but it is still not configured by systemd
<rharper> you have to write systemd network configuration
<Aison> rharper, I did, that's why it is working after restart the netword service
<ppetraki> __Yiota, also... I'm going straight to the block device, no middle man :) you can tell file to use a file and just point it at the mount point you're interested in. You want to start from the bottom up, how fast is my backend, *then* introduce the filesystem and see how much performance you loose.
<ppetraki> er lose
<rharper> and then disable ifupdown service 'systemctl disable networking';  write your new configs and enable networkd 'systemctl enable systemd-networkd'
<Aison> ok, maybe that's the problem
<c0mrade> ikonia: Just for your information, I've installed lichess on my home server, it's a physical server with 8GBs of RAM and a 2.4GHz Xeon 4 core CPU. It's online at http://www.instagramika.com/ and it's up and running.
<Aison> I did not disable networking
<ikonia> c0mrade: I don't care
<nacc> Aison: ah yes, so maybe they are competing
<c0mrade> ikonia: I know you don't care but you just made a comment up there that sadly I've been trying to install it on EC2 and this time that's not the case so I just wanted to correct things.
<ppetraki> __Yiota, I don't know how big your reads are, you'll have to find that out. In the meanwhile, you can sweep the range using fio from 4K to say 512K and compare the completion times, see where they blow up
<ikonia> c0mrade: you have - there is nothing incorrect in what I said, you've just told me it's running on a physical server, I said you've been trying and failed to get it running on an ec2 instance for days
<__Yiota> ppetraki thank you so much
<c0mrade> ikonia: Yeah but just to let you know it's no longer the case, it's not like am still doing that. I have it on my server now and trying to improve things.
<ppetraki> __Yiota, you're welcome. performance instrumentation is hard work, just hang in there.
<ikonia> c0mrade: and you've already told me days ago you had it running on your own server, and I explained I wasn't interested
<c0mrade> ikonia: Yeah you know that but not everyone in here.
<ikonia> I suspect no-one is that interested, they just want your problem solved so you stop asking the same thing every day
<c0mrade> ikonia: I am like everyone else trying to ask a normal question, yes I asked this yesterday and waited a long time until I gave up and asked in another channel and also didn't get an answer, maybe after some long time someone answered I don't know, by that time I turned off my system and fell asleep hehe.
<ikonia> c0mrade: it was answered for you yesterday, and the day before, and in multiple channels
<ppetraki> __Yiota, If reads are your problem, I would also run htop and turn on the R/W bandwidth column to see who the big contributors are. It could be something as dumb as too much competition for the same volume.
<ikonia> really try to focus on the information people are giving you, rather than the information you think you want
<c0mrade> ikonia: This exact question? I told you maybe it was but after half a day?
<ikonia> c0mrade: the exact question
<__Yiota> ppetraki it's insane, the amazon SSD is slower than my google standard persistent disk
<ppetraki> __Yiota, how slow is slow?
<sarnold> c0mrade: I know I explained that you ought to investigate writing a systemd unit file yesterday
<compdoc> somethings wrong with that
<sarnold> c0mrade: .. and today you appear to have not done any reading about systemd unit files.
<sarnold> c0mrade: therefore it's hard to want to help you any further. I hope you can understand this.
<c0mrade> ikonia: All right, maybe I just missed it, but I didn't just ignore some answer on intention, that's the first time I get an answer quickly, I will be reading about systemd units and thanks for that.
<sarnold> c0mrade: this explains ikonia's frustration
<__Yiota> ppetraki https://bpaste.net/show/38df3b69ca01
<c0mrade> sarnold: I really didn't see any answer yesterday, I told you I didn't like ignore it on intention, I just totally missed it by accident.
<ikonia> sarnold: not fully as he's cross-posting it in about 4 other channels at least that I'm in, and ignoring the same info there too
<ppetraki> __Yiota, so if it fits in cache you're basically on a 12G SATA link, if not... you're getting spinning disk sata perf
<sarnold> c0mrade: that helps, a bit. time to investigate /lastlot -hilight in your irc client, too. :)
<ppetraki> __Yiota, I found your problem :)
<sarnold> ikonia: cross-posting is a quick way to exponentially grow frustration. :)
<__Yiota> can you expand on that?
<ikonia> hence why I'm tired of it
<c0mrade> ikonia: First time I asked my question on here I assure you 100% that many hours passed without it being answered.
<ikonia> you've just been told you asked it yesterday and was given the answer
<ikonia> so how can it be "the first time"
<ikonia> you're even telling yourself lies now
<c0mrade> That's why if someone maybe answered my question I could've totally just missed it after waiting for hours I thought it won't even be answered.
<ppetraki> __Yiota, if you have a cache miss you're going to pay for it dearly. I don't know how big the cache is, apparently big enough to move 10GB/s easy
<ppetraki> I meant 20G
<c0mrade> ikonia: You said I've been asking this for the past two days, I am not talking about yesterday but the day before that. The first time I asked it.
<ikonia> so "days" then
<ppetraki> __Yiota, so what application is the problem? Do you have htop setup?
<__Yiota> yes, I have htop
<c0mrade> All right thanks for the hint about systemd I'll be checking that out and see where I can get.
<__Yiota> ppetraki, we haven't pinpointed the problem yet
<__Yiota> we have comparable speeds to our google cluster
<c0mrade> multi-user.target specifies what?
<ppetraki> __Yiota, when you get into fio, enable the disk_read, disk_write, io_rbytes, and io_wbytes columns. and just sort by disk_reads for starters.
<ppetraki> __Yiota, I meant htop, so many tools!
<__Yiota> yeah no kidding
<ppetraki> duh even simpler
<ppetraki> dstat
<ppetraki> __Yiota, sudo dstat -d[bdev]
<nacc> c0mrade: `man systemd`
<sarnold> c0mrade: the main systemd boot 'goal', most of the time
<ppetraki> __Yiota, and it's stupid it just wants the name e.g. "sdb" not the whole path
<c0mrade> Okay thanks.
<ppetraki> __Yiota, if it looks like you're sinking a total of 100MB/s of R and W then you're probably out of bandwidth, if you're within 80% of that you still have a problem
<ppetraki> __Yiota, "SSD" doesn't mean crap in the cloud. If you're app really does have a random IO pattern, this fake SSD may not have what it takes to give you uniform completion times, it could actually perform like a spinning disk.
<c0mrade> Pfff systemd documentation seems complicated
<nacc> c0mrade: well it's an init system for your entire macine, so it's complicated )
<nacc> :)
<ppetraki> __Yiota, ugh, it's -D not little d
<ppetraki> __Yiota, http://pastebin.ubuntu.com/24415455/
<c0mrade> I only need a couple of lines of code to make this thing work and am ending up reading complex stuff, which is a bit of pain :P
<sarnold> c0mrade: chances are really good that your systemd unit files will just be one or two files, ten lines long. but knowing what to put in those files means you have to know what you want the file to accomplish.
<sarnold> c0mrade: and that means reading.
<c0mrade> Oh I found this useful link http://www.tecmint.com/create-new-service-units-in-systemd/
 * c0mrade reading..
<c0mrade> Someone with a similar issue like mine.
<sarnold> most of that looks alright but he goes off the deep end writing a new unit for bringing up a specific network interface
<c0mrade> sarnold: He's wasy of explaining is pretty cool, he makes it look pretty easy.
<nacc> yeah systemd blog posts are almost always ... misinformed it feels like
<nacc> or out of date at this point
<c0mrade> I mean okay...It could be easy for someone working with linux everyday but for someone who might stumble upon this like once every half a year that's a problem, it's like there's no light you're in total darkness.
<c0mrade> nacc: The link I mentioed is not good or incorrect?
<nacc> c0mrade: i haven't read it, so i don't know
<nacc> c0mrade: i'm sorry, but setting up a process to start at boot to spawn a service at every boot does require you to educate yourself
<nacc> c0mrade: you're making a choice to do that in the first place
<nacc> c0mrade: so just pay the cost of learning how to do it right :)
<c0mrade> nacc: It'll take 10 seconds with you, just tell me how to do it :P
<c0mrade> Gemme them codes and lines... :P
<nacc> c0mrade: right, not my job )
<nacc> )
<nacc> i'm not used to using my laptop keyboard clearly!
<c0mrade> you can understand that the booting procedure reaches the targets with a defined order. so how do I know the order, the example shows to execute the script after network.target which is when the boot process reaches the network service and starts it, but I need the boot process to complete and start my script
<c0mrade> Oh, it looks easy to me now :P from what I read...
<c0mrade> first step is to create a file.service in cd /etc/systemd/system/multi-user.target.wants/
<c0mrade> Write some code in that ExecStart= specifies what to execute and WantedBy= specifies multi-user.target (runlevel or whatever)
<sarnold> no, just /etc/systemd/system/
<Aison> rharper, still not working, so old networking service was not the problem
<nacc> c0mrade: you use symlinks in each target to specify what should run for that target
<rharper> and what does networkctl show ?
<rharper> are you sure your .link and .network file are accurate?
<nacc> c0mrade: e.g., (iirc) systemctl add-watns <target> <service name>
<nacc> *add-wants
<Aison> rharper, I have no .link file, only .network and .netdev (for vlan)
<Aison> rharper, networkctl show enp2s0 degraded
<c0mrade> sarnold, nacc: Yeah I got it, I thought it's going to be difficult, because I've read some documenation about systemd and got overwhelmed but it looks pretty easy :)
<rharper> ok and what's your device section in .network look like, are you matching via mac or some other property ?
<c0mrade> But all I gotta do now is just worry about how am going to sun the command 'run' after I execute the first script...
<c0mrade> Maybe use expect?
<c0mrade> The prompt will look like (lila)$
<c0mrade> So I would just use 'expect' with that stuff and send 'run'?
<sarnold> where does the prompt come from?
<c0mrade> sarnold: After I execute ./bin/dev which I think executes a JVM with -Xms and -Xmx args, that's what's inside the file some long command with many arguments related to java.
<ThiagoCMC> Hey guys... Under MaaS Next (fully upgraded and recently installed), my PXE subnet have 0% "Available IPs"! But the subnet is a /23 and I only have 11 baremetal servers! How to clean it up?
<sarnold> ThiagoCMC: iirc maas brings up nodes into a 'holding tank' of some sort, that also needs some spare ips -- do you have a network or a zone or something set aside for this? does it have enough ips?
<sarnold> c0mrade: is '(lila)$' coming from bash? or from the java program?
<ThiagoCMC> yes, O have other fabrics / subnets...
<ThiagoCMC> I mean, /O/I/
<c0mrade> sarnol: From the java.
<sarnold> c0mrade: eww.
<ThiagoCMC> I also have an extra DNS zone
<c0mrade> sarnold: But how do I make sure, maybe am mistaken.
<c0mrade> sarnold: But won't my idea of using 'expect' work?
<sarnold> c0mrade: maybe you can just do "echo run | ./bin/dev"
<sarnold> but that sounds like really gross software
<c0mrade> sarnold: Heard of sbt?
<sarnold> no
<c0mrade> something used for building apps
<c0mrade> http://www.scala-sbt.org/
<sarnold> c0mrade: oh. hrm. https://en.wikipedia.org/wiki/Sbt_(software)#Example_use
<sarnold> c0mrade: try "sbt run" as the command rather than using the interactive thing.
<ThiagoCMC> Never mind... Figured it out! It was reserved for some reason...
<c0mrade> sarnold: What about ./bin/dev ?
<c0mrade> ahh you mean inside ./bin/dev script add that line?
<c0mrade> sbt run?
<sarnold> c0mrade: maybe. I have no idea what that tool does.
<c0mrade> But I think I'll hit something a loop hh.
<c0mrade> something like a loop*
<c0mrade> sarnold: After= should be what? Most of the examples use network.target but what do you recommend using?
<sarnold> c0mrade: do you need to wait for your mongo server to be up first? or just networking?
<c0mrade> mongo server should be up before executing that command yes
<sarnold> then be sure to put its unit in there too
<c0mrade> I've already made mongo start automatically without doing any of this manual stuff
<c0mrade> just executed systemctl then something and mongo.service
<c0mrade> I forgot the command
<c0mrade> yeah
<nacc> c0mrade: yes, because mongo ships a unit already
<c0mrade> systemctl enable mongo.service
<nacc> c0mrade: so all you did was 'enable' it
<c0mrade> sorry
<c0mrade> systemctl mongod.service
<c0mrade> systemctl enable mongod.service
<c0mrade> :P
<c0mrade> After=mongod.service ?
<c0mrade> But then the question is that is that accurate? What if it needs some other services to be running? Is there a way that I just don't specify after= and just wait for boot process to complete and then run the script?
<sarnold> c0mrade: you've got a few choices.. https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires=
<sarnold> c0mrade: Requires= if it just requires it and startup order doesn't matter; Requires= and After= if you have to wait
<bindi> how come I have to do 'sudo iptables-apply' each time I reboot to have my rules take effect?
<bindi> Applying new iptables rules from '/etc/network/iptables.up.rules'... done.
<bindi> 16.04
<c0mrade> bindi: I know how to fix this now :D create a systemd unit file! :D
<c0mrade> Hehe kidding there should be anothe way.
<c0mrade> another*
<axisys> got a alert on cve-2009-2410, but do not see anything on ubuntu usn
<ikonia> c0mrade: you understand that "the run" part is an interactive shell
<axisys> any suggestion how to address this
<nacc> axisys: https://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-2410.html
<c0mrade> ikonia: Yeah it's some sort of shell but I don't know if it's created by java or what... So I want a script that will execute ./bin/dev then execute 'run', that's why I mentioned to use expect. But I think I didn't get what you're trying to say?
<axisys> nacc: hmm.. i could not find it..
<axisys> nacc: thanks though.. so I will just answer that
<nacc> axisys: i usually start at https://people.canonical.com/~ubuntu-security/cve/
<nacc> axisys: and go off the cve itself
<axisys> nacc: thanks for the tip.. I will just create a function with that lookup..
<c0mrade> ikonia: I know that everyone might get annoyed from be because of my noobness but yeah...
<c0mrade> from me*
<nacc> axisys: yw
<sarnold> axisys: a moment..
<axisys> sarnold: k
<sarnold> axisys: when we triaged that initially sssd wasn't in ubuntu https://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-2410.html
<sarnold> axisys: so there's a really good chance that it was fixed before sssd was added
<sarnold> axisys: but I'd like to double-check when we triaged that
<sarnold> .. and bzr log is sooo slow. heh.
<nacc> sarnold: ah! yeah, i wasn't sure on the message format
<nacc> sarnold: if it was "not present in ubuntu's sssd" or "sssd is not present in ubuntu"
<sarnold> nacc: in this case, sssd wasn't present in ubuntu at the time
<sarnold> nacc: in the case of 'not present in ubuntu's sssd' the report would look more like https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10249.html
<axisys> sarnold: so how do I check if it is present on 12.04 LTS ?
<nacc> sarnold: ah right
<sarnold> axisys: apt-cache search sssd or dpkg -l sssd
<sarnold> axisys: sorry I've got to run and this bzr log hasn't gotten to the check in that added that cve yet :/ back in an hour or so
<ikonia> c0mrade: created by java ?
<ikonia> c0mrade: it IS scala
<ikonia> c0mrade: no-one is annoyed because you are new, people get frustrated because you don't listen, you admit you're too lazy to even describe problems properly and you spam channels with no respect for their rules and then try to evade bans
<ikonia> c0mrade: thats why people get annoyed with you
<ikonia> c0mrade: the bottom line is you need to understand the scala environment and not just cut and paste the commands blindly from lichess wiki into a script
<ikonia> you need to understand how to setup the environment needs, how to launch non-interactive and how to trap and manage errors
<ikonia> I suggest you focus on that
<ikonia> then once you understand how to do this, you can then translate that into a systemd unit file
<axisys> un  sssd                    <none>                  (no description available)
<c0mrade> ikonia: Thanks for the info.
<c0mrade> That will require some time. To run the lichess app two commands are required, the ./bin/dev then inside the interactive shell running 'run'.
<c0mrade> Only these two, now I do agree with you that I'd have to dig deep into understanding the scala environment but I'll leave that for another time which won't be too long.
<c0mrade> But for the time being am thinking of a simple (might be dirty) solution which is just run this ./bin/dev then send it the word run and put it in a systemd unit file.
<Aison> hello, anybody an idea what can cause smbd to use almost 100% CPU usage (one core)?
<Aison> smbstatus says "No locked files" and just two users
<nacc> Aison: you could strace it, maybe?
<sarnold> axisys: sure enough CVE-2009-2410 was added in 2009. Debian agrees that it was fixed before being added https://security-tracker.debian.org/tracker/CVE-2009-2410
<Aison> nacc, 10s strace of smbd generates 4mb log file
<nacc> Aison: :) yeah sounds busy! -- i'm guessing it's in a loop somewhere
<nacc> Aison: can you pastebin it?
<sarnold> maybe strace -c
<sarnold> or .1 seconds of strace :)
<nacc> yeah, less of it woould be fine, esp. if it's repetitive
<dpb1> | head -500 :)
<Aison> direct link to the 3mb log file https://people.alvhaus.ch/~ivost/smbd.log
<Aison> :P
<sarnold> does /var/run/samba/msg.lock exist?
<nacc> it appears like it can't grap a lock
<nacc> *gravb
<nacc> /var/run/samba/msg.lock/*
<Aison> no, does not exist
<sarnold> Aison: do you have any apparmor DENIED messages in dmesg or auditd logs?
<Aison> no, just this one (but that's mysqld): audit: type=1400 audit(1492628668.583:17): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/5983/status" pid=5983 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=102 ouid=102
 * nacc thinks you could try creating that directory and seeing if smbd calms down, but you'd need to make sure to get ownership/permissions right. I think it'd match /var/run/samba but not sure
<sarnold> the mysqld issue is probably 1658239
<sarnold> yeah, I think i'd pick the same owner/group as /var/run/samba and set mode to 755
<sarnold> I got the 755 from lib/param/util.c in one of the samba sources
<nacc> yeah, i think that should be fine
<nacc> i'm not sure why that directory doesn't exist, it seems like it should by default
<nacc> Aison: what version of ubuntu?
<sarnold> yeah, I can't figure out why it doesn't exist either. I half-expected an apparmor denial to explain it..
<nacc> or i guess i would have expected the service wrapper to ensure it exists, or a postinst, or something ...a though if it's in /var/run ... that a tmpfs, so it needs to be a runtime thing
<nacc> (iirc, /var/run is by default -> /run which is by default a tmpfs)
<Aison> now these files exists (/var/run/samba/msg.lock/*)
<Aison> but still high cpu load
<sarnold> try a new strace?
<Aison> samba is still trying to lock some files inside /var/run/samba/msg.lock/
<sarnold> does this mean anything to you Aison?
<sarnold> accept(36, {sa_family=AF_INET, sin_port=htons(45332), sin_addr=inet_addr("10.1.1.1")}, [16]) = 17
<nacc> Aison: you might need to restart smbd as well, if it's trying to use existing lock file it couldn't create before
<Aison> nacc, ok
#ubuntu-server 2017-04-20
<bindi> how come I have to do 'sudo iptables-apply' each time I reboot to have my rules take effect?
<bindi> On ubuntu server 16.04. "Applying new iptables rules from '/etc/network/iptables.up.rules'... done."
<drab> what's the magical boot parameter that will get me the ubuntu installer in text mode? I'm still trying to get qemu to install mini.iso from PXE
<drab> I got it to boot and fetch the kernels, but when the installation starts I get "640x480 VGA mode" and I can't see jack anymore
<drab> (I'm in a terminal)
<drab> bindi: do you have iptables-restore ?
<drab> I'm using a fw manager so I don't quite know what the "vanilla" setup does, but iirc it's all about iptables-save and then iptables-restore at boot time
<drab> bindi: are you using ufw?
<bindi> drab: not using ufw
<bindi> drab: yes there is iptables-restore command if you mean that
<sarnold> dpkg -L iptables doesn't show any systemd unit files, sysv-init files, or upstart files.
<bindi> drab: got it. sudo dpkg-reconfigure iptables-persistent
<bindi> it saved the current rules to /etc/iptables/rules.v4
<bindi> and claims they'll be loaded on boot
<drab> bindi: see sarnold's question, if you do a dpkg -L does it show any systemd stuff?
<drab> if it loads things at boot it must have something running at boot, either a systemd unit or an older style sysv-init
<drab> otherwise it's lying to you :P
<drab> sarnold: any clue about forcing the ubuntu installer into text mode through some kernel boot param?
<bindi> The iptables-persistent package causes the following to run on reboot:
<bindi> iptables-restore < /etc/iptables/rules.v4
<bindi> ip6tables-restore < /etc/iptables/rules.v6
<sarnold> thanks for tracking that down bindi :)
<sarnold> drab: maybe novga? It's been years since I've had to fiddle with kernel command line parameters for video ..
<drab> I have vga=text and that works to get me the text stuff until the ubuntu installer loads
<drab> then I get a 640x480 video mode message and don't see abnything else
<drab> so it seems to me the ubuntu installer isn't getting the hint about text...
<drab> I also tried nofb and no joy
<sarnold> oh there we go, kernel command line parameters moved to Documentation/admin-guide/kernel-parameters.txt
<drab> sarnold: yeah, I think I tried most of them
<drab> holy cow, it finished... blind preseed
<drab> only thing is, somehow it's broken and not running sshd by the time preseed finishes late_command
<drab> and I can't see why
<sarnold> maybe give it a minute or something
<drab> but at least I have a pxe'booted and installed qemu image that boots fine
<drab> I waited for a bunch and it actually saw the port as open
<drab> ssh_exchange_identification: read: Connection reset by peer
<drab> that's what I was getting
<sarnold> vm instances often have rubbish entropy available so the key generation on first boot cna take forever
<drab> this was even first boot, it was at the end of the preseed
<drab> what I'm trying to do is install mini, then chroot into /target, run sshd
<drab> and then use ansible to complete the installation
<drab> and only then reboot
<drab> it works on baremetal and even virtualbox actually
<drab> not sure what's going on with qemu
<drab> the preseed must have worked since ssh was up, hence the above error
<drab> during install I was just getting connection refused
<drab> ok, found the problem
<drab> well, what's wrong, not quite sure why it's happening in qemu and not on baremetal...
<drab> but the chroot is weird and it needs some helping to set up and somehow that setup fails on qemu
<fishcooker> how to audit the processes running on sar log on range time 02:31:09 PM - 02:45:11 PM  when i have sar snip like this http://vpaste.net/d1O98 ?
<grv> hi
<grv> I have lots of process running with same name on task manager ,consuming lot of memory
<grv> https
<grv> httpd sry
<grv> i want to stop this httpd populating my ram
<grv> anyone??
<grv> wht d hell
<cpaelzer> good morning
<cpaelzer> grv stop/restart/rconfigure your apache?
<cpaelzer> ah no more here
<fishcooker> httpd that's must be a non ubuntu servers right, grv?
<fishcooker> let's say i want to point user to view http://stackoverflow.com/questions/4480304/how-to-set-http-headers-for-cache-control but on specific solution on date answeredÂ Oct 5 '11 at 15:55 how to point to the page directly
<cpaelzer> fishcooker: there is a little "share" button on the bottom left of each answer
<fishcooker> cool thankyou cpaelzer
<lordievader> Good morning.
<Pjusur> Good morning, should I go with the default openvpn packages i Xenial?(5 y support) or should I get the ones from openvpns repo? Stability and security is my main concerne(bug fixes etc.)
<Aison> how can I limit the console resolution of ubuntu server to 1280x1024
<Aison> now, it is 1600x1090
<Aison> sorry, i'm sleeping, it is hd: 1920x1080
<Aison> d
<adac>  https://gist.github.com/anonymous/c8ac84e861d0bcd93337a2926acccce1 this is hwoing me the docker installations. However when I do:  apt-get remove docker-engine it says:
<adac> Package 'docker-engine' is not installed, so not removed
<adac> any ideas on how to remove it?
<zioproto> hello all
<zioproto> Is anyone interested in a nova newton refresh >
<zioproto> ??
<zioproto> I need 14.0.5
<zioproto> to upgrade from Mitaka
<zioproto> because this thing here is only in 14.0.5 https://review.openstack.org/#/c/438630/
<zioproto> and the current Ubuntu package is 14.0.4
<zioproto> coreycb: is anyone working on refreshing the nova package for newton or I can submit a merge request ?
<coreycb> zioproto, you might want to check with jamespage on the nova newton refresh
<zioproto> jamespage: ping ?
<jamespage> zioproto: I'll put it on my list
<jamespage> I have some other backlog to clear first, and then I'll look at the set of newton minor version updates
<zioproto> jamespage: I will send you a Merge Request on LP. I am building the package right now
<zioproto> it is a easy refresh, non of the debian/patches have been merged
<smoser> rbasak, https://code.launchpad.net/~smoser/uvtool/+git/uvtool/+merge/322217 any comments ?
<rbasak> smoser: sorry, I'd forgotten all about that. Looking now.
<drab> moin
<drab> anybody around familiar with what it takes to force the installer into text mode? somehow the boot process is text, but when the debian-installer fires off it seems to switch to 540x480 vga mode
<drab> this is not a problem on baremetal, but it means no output on qemu running in text mode
<drab> for whatever reason passing novga, nofb, nomodeset, text on the kernel command line makes no difference
<drab> also, and sarnold maybe here you have some input/historical data point, /usr/lib/qemu/qemu-bridge-helper seems to be setuid on other distros to allow users to start a kvm instance and get a valid tap device
<drab> however on ubuntu it's not setuid and so I get an error starting the instance if I try to use that helper to get the tap interface going
<drab> I'm wondering if that was a deliberate choice at some point
<drab> Aison: it's the vga parameter in grub cmd line, forgot if it's 791, just check the modes
<drab> Aison: http://pierre.baudu.in/other/grub.vga.modes.html
<drab> looks like it's 793-795 depending on color depth you want
<Aison> drab, i found many solutions, like video= or also vga=  somehow grup enters into this resolution, but while booting, it suddenly changes to 1080p
<Aison> brb
<drab> Aison: ok, so maybe we're having the same problem after all... I thought it was the installer triggering something but maybe not
<drab> in my case there's no grub tho, it's booting a kernel directly specified in the pxe menu
<zioproto> jamespage: I found a new nova bug, fixing it with nova-devs, looks like there will be a new nova release in newton soon
<zioproto> jamespage: wait to refresh the package
<zioproto> jamespage: https://bugs.launchpad.net/nova/+bug/1684861
<ubottu> Launchpad bug 1684861 in OpenStack Compute (nova) "Database online_data_migrations in newton fail due to missing keypairs" [Undecided,New]
<zioproto> this bug has roots in the kilo to liberty upgrade
<zioproto> https://bugs.launchpad.net/nova/+bug/1511466
<ubottu> Launchpad bug 1511466 in OpenStack Compute (nova) "migrate flavor data impossible" [Medium,Confirmed]
<zioproto> because this one is still open I assume most operators used that workaround to upgrade
<ppetraki> __Yiota, how goes the battle?
<__Yiota> good, not sure how to optimize the cache on AWS
<hallyn> there's no maas packages for centos yet right?
 * hallyn rolls up his sleeves to try out oVirt
<hallyn> rharper: if you were stuck with centos hosts, what would you use for something where you want to quickly spin up vms?
<hallyn> on my own hosts i use uvt-kvm;  elsewher ei'd use openstack...  but on centos...
<hallyn> i suppose i *could* just use libvirt and virt-install
<hallyn> but i'm hoping you'll tell me i can install maas :)
<ppetraki> hallyn, ovirt is still a thing?
<sarnold> 185 folks in #ovirt on oftc
<sarnold> I guess it's still a thing :)
<hallyn> ppetraki: i wondered that too :)
<hallyn> sarnold: suppose i should make that 186.  if i must
<rharper> hallyn: hrm, virt-install with isos I suppose
<rharper> hallyn: but I Think there are centos cloud-images, in which case, you could look at our xkvm wrapper for qemu cli;  xkvm is inside the curtin project
<scottjl> there's a lxd image for centos
<Aison> i'm making a test installation of ubuntu 17.04 and I notice quite some differences in the sshd_config compared to the previous versions of ubuntu
<Aison> is there anything to consider?
<tomreyn> Aison: to consider regarding what?
<drab> what's the deal with ubuntu and libvirt? libvirt seems "production ready" on RH land, but ubuntu seems to be heavily invested in containers (and lxd)
<Aison> tomreyn, e.g. the hostkey stuff is disabled like: #HostKey /etc/ssh/ssh_host_rsa_key
<drab> are ubuntu server ppl using libvirt in prod? and does anybody run containers with it?
<sarnold> drab: afaik the only real missing piece for libvirt on xenial is lack of making new zfs zvol pools
<Aison> is it disabled because it is not in use, or is it disabled because it is the default value
<drab> Aison: default value
<drab> sarnold: ah, ok, that I can live with
<sarnold> drab: almost no one in ubuntu-land uses libvirt-lxc; but libvirt-qemu is used all the time
<drab> what really holds me back is the container stuff, which seems second class big times
<drab> ok
<drab> that's the impression I had, yeah
<sarnold> yeah; for containers ubuntu folks use lxc or lxd
<sarnold> depending upon taste
<Aison> drab, thx
<sarnold> I guess there's loads of folks who use docker too, but i'm more familiar with people using lxd
<drab> and that's what's kind of throwing me off... I don't quite want to invest to learn both frameworks
<drab> yeah, no docker here, thanks
<drab> also it seems that to make those play along (libvirt and lxd) could be potentially troublesome
<drab> sharing bridges, pools, etc, would prolly have to separate everything
<drab> which means running a kvm instance and a bunch of containers on the same host trouble
<drab> but then running qemu manually is being a real pain too...
<nacc> drab: libvirt-lxc is sadness
<nacc> drab: just an fyi
<drab> there doesn't even seem to be any provision to strt qemu guests at boot other than hacky home-baked scripts
<drab> nacc: yeah, like I said, that's the impression I got
<drab> hence staying away from libvirt and investing in lxd
<nacc> drab: i'm stating it as more than your impression :)
<drab> hah, ok
<nacc> libvirt is still very reasonable to use for kvm guests
<drab> point taken
<nacc> and i think there are many folks that use libvirt and lxd
<drab> but then I have all this nfs-kernel-server which containers are no good for
<drab> mmmh ok, I have not see much if any of that
<nacc> they can probably even be on the same bridge
<tomreyn> Aison:  yes, /etc/ssh/ssh_host_rsa_key is generated by default (unless present) on sshd startup
<drab> ie blogs or docs mixing the two, sharing bridges and pools etc
<Aison> drab, tomreyn thx
<drab> also for some reason I don't seem to be able to get taps created without sudo even after setuid'ing qemu-bridge-helper
<hallyn> rharper: ... or maybe i'll just wait for someone to install ubuntu on the hosts :)
 * hallyn looks for the cloud images
#ubuntu-server 2017-04-21
<rharper> hallyn: nothing wrong with adding a second disk, using curtin to install ubuntu to the second disk, and updating grub to boot into the second disk
<hallyn> not a bad idea
<hallyn> curtin works with kboot or something?
<rharper> I think you could just dd the cloud-image to the second disk; and then have main grub chain-load to the target disk
<rharper> the cloud-image auto expands the rootfs to the size of the disk on first boot
<hallyn> can't get an actual second disk.  maybe i can just chroot into a tree with ubuntu installer
<hallyn> well that won't *quite* work...   hm.  turn the huge /home into an installer disk maybe
<hallyn> yeah that should work
<hallyn> chuckle.  so i just extracted a lxc zesty rootfs into the home device.  tweaked it.  pointed grub at it.  will it work?
<hallyn> nah.  i skipped a step.  oh well.  nothing to do but wait for reinstall now
<moneylotion> hi all, i have two identical servers... running netatalk (afp)... one can clear gigabit speeds, the other 50 MB/s (max)... any ideas
<moneylotion> running zfs... both systems, have very little fragmentation
<moneylotion> fresh install on the slow system within the month
<moneylotion> slow afp and smb
<qman> identical hardware? identical disk layout?
<sarnold> identical ashift?
<moneylotion> qman - i just noticed something in my pfsense router.... now im getting full bandwidth over afp - huh - sorry
<moneylotion> using vlans, and routing things over vpn... needed to local lan route
<moneylotion> still only clearing 50 MB/s
<moneylotion> the ashift is identical - the drives were migrated from an old install, where I was clearing full gigabit
<moneylotion> just realized im running short lengths of cat 5e - would one machine be effected, even though they're right next to one another????
<moneylotion> ** 5e isn't certified for gigabit speeds
<masber> hi
<masber> how could I rename a bond interface?
<cpaelzer> rbasak: hiho
<cpaelzer> rbasak: any idea why ppa:uvtool-dev/master is rejected on some of my systems as ppa?
<cpaelzer> I just started debugging, but it seems not to trigger always
<cpaelzer> e.g. a local trusty container works
<cpaelzer> while one on horsea has this
<cpaelzer> rbasak: fyi not uvtool repo specific
<cpaelzer> it seems something (lxd?) sets up and sets http proxy - but that is on a format that is failing
<cpaelzer> on the "good" systems there is no http_proxy set at all
<cpaelzer> http_proxy=http://[fe80::1%eth0]:13128 seems wrong isn't it?
<cpaelzer> ping6 likes it, wget not
<cpaelzer> Error parsing proxy URL http://[fe80::1%eth0]:13128: Invalid IPv6 numeric address.
<cpaelzer> and apt key doesn't like it either
<cpaelzer> ?: invalid HTTP proxy (http://[fe80::1%eth0]:13128): bad URI
<cpaelzer> stgraber: maybe another change that came in by 2.0.9-0ubuntu1~16.04.2 ?
<cpaelzer> that seems to be the diff between good/bad systems
<cpaelzer> or .1 more likely given the change in .2 is so small
<rbasak> I suspect various things will attempt to validate the address and not pass through the %eth0
<rbasak> I'm not sure there's an easy answer to this. I think it probably makes sense to treat the %eth0 thing as valid in http_proxy, but that would mean fixing all the upstreams and fixing all the different parsers out there.
<rbasak> cpaelzer: ^ might be worth starting a bug in LP saying "cannot parse %eth0 in http_proxy IPv6 numeric address specifications" or similar and then adding tasks.
<rbasak> stgraber: ^ any opinion?
<Zero090> does anyone have experience with the self hosted analytic platform piwik?
<cpaelzer> rbasak: stgraber: I found it goign deeper with brauner
<cpaelzer> it turns out that (recently?) a not "lxd init" install will have LXD_IPV6_PROXY set
<cpaelzer> and if set all this cascade of things happens: lxd configs the proxy, sets http:proxy in a format that many tools hat and eventually my apt-add-repository fails
<cpaelzer> it is in some sense broken setup, but since proxy seems to be on after lxd install (but off after an all-enter lxd init btw) more people might run into it
<cpaelzer> stgraber: not sure it really is a bug or a config issue, let me know if you want a  bug to e.g. change the defaults of  /etc/default/lxd-bridge
<cpaelzer> FYI - some related discussion with brauner going on in #server (to somewhat be able to track down logs for you later)
<rizonz> does anyone know why I cannot ifdown a nic ? it's specified but it replies with...
<rizonz> ifdown: interface eth1 not configured
<rizonz> but eth1 is configured
<rizonz> it is also up
<Aison>  rizonz maybe eth1 is configured by some other service
<Aison> rizonz, is it listed in /etc/network/interfaces? or is it configured by systemd?
<rizonz> Aison: yes, it's some double setting
<drab> trying my luck again, anybody knows what would trigger a graphical mode for the ubuntu installer?
<drab> I'm installing from mini.iso,but it still goes into a graphical mode (not GUI tho)
<drab> and I can't figure out what does that or who would know/where to ask
<drab> other than trying to look at the source code...
<tsglove2> Good morning everyone o/
<drab> moin tsglove2
<tsglove2> hey yah drab !
<tsglove2> How's it going over there?
<drab> let's say it's 5:53 and I've been working for 1hr already :)
<drab> how's things on your end?
<tsglove2> Superb! 8:55am over here
<tsglove2> Eager for today's projects.
<tsglove2> Plus working on a side project - virtual lab, trying to setup FreeIPA
<tsglove2> I like Canonical's Landscape... yet would like a 100% free solution/alternative.
<tsglove2> I think that is missing in order to have a big competition to Microsoft's Active Directory.
<ikonia> tsglove2: foreman or katello
<tsglove2> ikonia, thanks!  I had not heard of Katello... checking it out now.
<tsglove2> Foreman, I read about it... yet... didn't follow through.
<ikonia> totally open source, more advanced functions than landscape
<tsglove2> I have no "actual" deployment at the moment for this FreeIPA install... (or foreman/katello)... yet would like to know the possibilities out there.
<ikonia> designed for the enterprise
<tsglove2> Which one? Foreman? Katello?
<tsglove2> oh wow... it's the same project
<tsglove2> Katello was moved over to Foreman
<tsglove2> ok, got it
<tsglove2> https://theforeman.org/
<ikonia> sort of
<tsglove2> This is good.
<hateball> That looks neat :o
<tsglove2> This is what I want to try.  Foreman says it's for servers... yet I want to use it for servers and workstations (to do simple things like --> map user's network drives, coporate-mandated wallpapers, etc etc)
<tsglove2> I am going to setup the FreeIPA lab, play with it, then will do the same with Foreman
<ikonia> tsglove2: works great for workstations
<tsglove2> ikonia, Foreman?
<ikonia> tsglove2: I have it managing 15000 workstations, and another 8000 servers
<tsglove2> damn
<drab> tomreyn: fwiw the answer was fb=false
<tsglove2> ikonia, then let me shoot you a question: What I want, is to not have to touch Microsoft Active Directory.   I have a small client (12-13 workstations), which they want to move over to Linux.
<ikonia> ok ?
<ikonia> tsglove2: are these 12-13 workstations stand alone or part of a bigger network
<drab> ikonia: can foreman work with preseeding and ansible?
<tsglove2> Oh no... sorry, just shooting talk.
<ikonia> drab: it can
<drab> I briefly looked at it, but it seemed more complexity than I needed and I already have most of it automated with preseed and ansible
<drab> so wasn't sure what it'd buy me
<drab> but we kinda need a ui to give to junior admin
<ikonia> drab: depends what you want,
<drab> and I'm still lacking an inventory
<ikonia> drab: it's much more than a gui
<ikonia> is full lifecycle management with public API's for external automation
<drab> ikonia: well the provisioning part I have, pxe boot, configs, etc and ansible takes care of settings up hosts as they shuold be
<drab> and I have nagios for monitoring of the nodes
<ikonia> drab: so that takes approx 90 minutes to port into foreman
<drab> but it's all a tad fragmented
<ikonia> as foreman just overlays ontop of the pxe process to manage the lifecycle
<tsglove2> wow now I want to finish with my FreeIPA lab, so i can jump into Foreman
<drab> ikonia: will it be able to kickoff jobs too? one of the things I was looking at that I'm missing is implementing rundeck or similar
<drab> to kick off ansible job through an api
<ikonia> drab: yup
<drab> ok, that sounds interesting
<drab> do you know of anybody using it with ansible? homepage says puppet, chef, salt, but no ansible
<ikonia> use the katello components and you get things like package lifecycle process etc
<ikonia> drab: I have many clients, I have it running with ansible, puppet and chef
<ikonia> (as in many differnt client using it in different ways)
<drab> good to know, thank you, will try to set it up and maybe hit you up if you don't mind
<drab> glad I ran into this convo
<ikonia> sure
<ikonia> the next release has a terrform extension to the api - so you can call foreman functions from terraform
<ikonia> (to give you context)
<drab> so the monitoring is also done with external tools? no wheels reinvented?
<drab> does it like import data ala pnp4nagios?
<ikonia> reporting is internal, but "monitoring" is normally an external service
<drab> ok
<ikonia> however monitoring tools such as zabbix/nagios/datadog (just examples) all have functions that plugin to it
<drab> I was also looking at influxdb, migrating to that from nagios pnp
<ikonia> eg: if a host goes down, replace it
<ikonia> or scale two more
<drab> ok, cool, I don't need anything that fancy, just trying to give ppl here something esier to work with so I don't need to do it all myself
<drab> and some cohesive view and admin point is sorely missing
<ikonia> I can't give you numbers, but I've used it to create a tiered support system that reduced costs massively
<drab> I can believe that, I've seen the benefits of stuff like that before, just not specifically foreman, hence trying to find a solution
<drab> most places I've been at before had something custom due to size/internal stuff
<drab> so never really looked into it
<ikonia> you could look at maas too
<ikonia> I don't think it's as advanced/mature/feaure rich though
<drab> and from the old days I had the impression it was a provisioning tool for RH... but I guess that was its very beginning
<drab> I'll take a look, thanks
<ikonia> it's hard to be dissapointed by it, being honest
<tsglove> darn it... now I want to try Foreman
<smoser> rbasak, upload uvtool
<smoser> ?
<smoser> to artful. as in.. would you upload uvtool to artful ?
<rbasak> OK
<rbasak> Oh
<rbasak> smoser: artful isn't open yet.
<rbasak> But yes, I should when it is.
<smoser> oh. i thought it was
<stgraber> cpaelzer: that's nothing new, http_proxy being set that way has been happening since before LXD 2.0
<stgraber> cpaelzer: and the value we set it is absolutely valid, even a lot of software indeed don't parse it properly
<stgraber> cpaelzer: starting with LXD 2.3+ we don't have that proxy anymore, instead just not providing the container with an eth0 if the user didn't configure networking, but for the 2.0.x series we won't be doing any change to that behavior
<smoser> bug 1
<ubottu> bug 1 in Ubuntu Malaysia LoCo Team "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1
<drab_> ikonia: do you know if there's anything to use foreman with qemu (without libvirt) and lxd (for which there's no frontend really)?
<drab> also, urm, just read through the katello page, this is why I guess I stayed away from it... it just soudns like RH/puppet/yum/ruby stuff
<drab> does it actually integrate with ubuntu in any decent way? katello's home page starts with "yum and puppet repositories" and continues on that line
<smoser> rbasak, why did you not think artful was open ?
<nacc> smoser: #ubuntu-release says archive: closed
<nacc> smoser: artful has been created but not yet active aiui
<Ussat> drab, it is very much RH centric
<smoser> xnox, ^
<nacc> smoser: i assume there's some latency for the release copy?
<smoser> nacc disagrees with you too
<nacc> heh
<nacc> it's possible /topic just hasn't been updated yet
<drab> Ussat: yeah, definitely looks like it, just found a thread where ppl are even asking if katello will ever support debian and it's from last year so not terribly old...
<drab> not sure how ikonia has it going
<Ussat> drab, I work with it a lot at work
<drab> Ussat: so is it like hammering a sqaure peg through a round hole?
<drab> to make it work with ubuntu that is
<Ussat> a very small round hole
<drab> lol
<xnox> nacc, .... dude irc topic doesn't matter.
<xnox> yes, it is in pre-open freeze, but that simply means the uploads land into unapproved queue, and they will be accepted by hand at the moment.
<Ussat> drab, even getting it to work with RHEL involves ancient banned black arts
<xnox> or once britney is up, they will accept everything pending there.
<nacc> xnox: i wasn't saying it as fact, tbh -- i was just trying to answer smoser's query, as rbasak may not be around
<xnox> thus one can upload things into artful.
<drab> Ussat: ok, thanks for your input
<smoser> nacc, i just like to have people fight :)
 * xnox is building artful packages in my ppa, and uploading things into unapproved shortly
<drab> Ussat: I guess I'll try it in a VM and see what happens, I'm not wanting too much, just trying to get some central inventory and place to trigger ansible
<smoser> and now we all have more info on what is open and such, so end result is good.
<nacc> smoser: +1
<Ussat> drab, ya it IS doable, because we have some Ubuntu here also that I need to pound it into
<Ussat> but not something I am looking forward to.
<rbasak> smoser, xnox, nacc: yeah, I was going from the topic in #ubuntu-release. I always considered it polite to wait until the customary "it's open" announcement.
<xnox> rbasak, since proposed migration there is no need to wait for anything. because things are appropriately shoved into unapproved; and archive team flush it when things are ready.
<xnox> rbasak, we care about developer velocity, and everyone should be able to develop all the time =)
<xnox> (and e.g. upload to `devel` even if the name is not known yet)
<rbasak> xnox: perhaps then the archive should never be "closed"? :)
<drab> ok, this is really weird
<drab> it's like a service started inside the chroot is creating stuff in /run outside of the chroot...
<drab> I'm trying to get ssh going in the chroot after an install, I do an mkdir /var/run/sshd but the dir isn't there when I look
<drab> but there's a sshd dir and sshd.pid in /run on the host/installer
<sarnold> can you paste your script?
<drab> sure, sec
<drab> sarnold: http://dpaste.com/0T71JHF
<sarnold> crazy :/
<drab> ppl tell me that a lot, yeah
<drab> :)
<drab>   Apr 21 12:50:24 sshd[8778]: fatal: Missing privilege separation directory: /var/
<drab>    run/sshd
<drab> that's in sshlog
<drab> eeer, syslog
<drab> the thing is, if I get a shell, chroot /target bash
<drab> and mkdir /var/run/sshd it works
<drab> I don't even have to restart sshd
<sarnold> drab: normally /var/run/ is a symlink to /run, which is a tmpfs..
<tarpman> that wouldn't be systemd's shared mounts thing again, would it?
<sarnold> tarpman: oh hell. it might be.
<sarnold> drab: read this see if it feels irght https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739593
<ubottu> Debian bug 739593 in systemd "systemd makes / shared by default" [Important,Open]
<tarpman> I was pleased to note schroot's latest upload finally started unsharing mounts automatically
<tarpman> uh, debian upload
<drab> so I need to do mount --make-rprivate /var/run/ ?
<drab> but yeah, it sounds like something is going on, because I thought I saw the symlinks in the root host
<drab> then chrooted, came out, and they are gone... I swear they were there
<tarpman> I think it'd be --make-rprivate /run if anything. but I don't remember clearly
<drab> ok, testing that to see what happens
<ikonia> drab: I don't think you can use qemu without libvirt, you can use it with lxd with the docker plugin
<sarnold> ikonia: oh?
<ikonia> sarnold: ?
<sarnold> ikonia: I'd love to know more about using qemu via lxd rather than libvirt
<ikonia> sarnold: you are missing a bit of backscroll / history there, sorry, it's also a bit off topic for here, but I drab was asking about a differnt tool and I was saying you "can't" use qemu without libvirt using that tool, but you CAN use it with lxd via the docker plugin
<sarnold> ikonia: oh. dang. :/ thanks for the explanation
<ikonia> sarnold: yeah, I've just re-read what I typed and without the history it does look like an interesting setup
<drab> sarnold: the mount rprivate made no diff
<drab> still same error
<drab> on the host /run has the sshd dir
<drab>  /run inside the chroot does not
<drab> I've no idea why mkdir is doing nothing when ran from the late-command script
<drab> it works just fine if I run it manually
<drab> unless there's some sort of namespace thingie that bug was referring to that I don't get
<drab> and it exists when I run ssh from the late command, but is delete when the script finshes
<drab> in which case... wait... maybe I can move the mkdir to the preseed file
 * drab goes to test that
<drab> \o/
<drab> so adding a "mkdir /target/run/sshd" from the late-command line worked
<sarnold> that makes me question everything else in that script
<tarpman> you're running an sshd inside d-i? o.O
<drab> sarnold: I think it's just because /run is special
<drab> and a symlink to a tmpfs
<drab> everything else in the script works
<drab> tarpman: yes
<drab> so the workflow is reboot the box -> pxe boot -> mini.iso install with defaults -> ansible run
<drab> ->reboot
<drab> this way by the time the host comes back it's fully configured
<tarpman> interesting
<drab> I've had too many problems with post-reboot being wonky
<tarpman> I tried to do a similar thing in the past, with puppet
<drab> especially around interfaces and other stuff due to "predictable naming" and netcfg bugs etc
<tarpman> run a puppet agent in late-command
<drab> yeah, the thing is, I wanna push to the new instance, not pull
<tarpman> never got it working reliably, all sorts of weirdness :\
<drab> because pulling implies that I have to make the repo available to each instance and that's more problems
<drab> tarpman: fair enough
<drab> my very first ansible role completed :)
<drab> so end-to-end success \o/
<drab> sarnold: why would you question the rest of the script? I guess it all makes sense, the sshd was the only service running
<drab> and the only thing touching a fs on a tmpfs
<sarnold> drab: if a mkdir in the script didn't do what you expected why would anything else in the sciprt/
<drab> so per bug you pointed out I guess there's something going on with namespaces and ssytemd maybe, I don't claim to understand it
<drab> sarnold: because the mkdir was making ad ir in a "special fs"
<drab> like I said everything else touches things that are on the actual device mounted at /
<drab> ie the installed system
<drab> while that mkdir was touching a symlinked path to a tmpfs location
<drab> that is shared with the host
<drab> so it was special in respect everything else
<drab> s/was/is
<drab> to everything*
<drab> brb
<imightbestupid12> so i set the chmod 777 / for my webserver running as root and i was wondering what do i need to do to revert those changes?
<sarnold> chmod 755 /
<imightbestupid12> thank you
<imightbestupid12> so 755 is the default always right/
<sarnold> yes
#ubuntu-server 2017-04-22
<tomreyn> no, there is no 'default - always right', also the bits differ for files vs. directories
<sarnold> I interpreted his question to be about / specifically
<tomreyn> (it is totally possible that 755 on files is what you want, though)
<tomreyn> oh, right, i didnt
<tomreyn> iif it's just about the uppermost directory on any ubuntu system (which also happens to serve web content) then i agree
<drab> tomreyn: I don
<drab> whups
<tomreyn> oh he left
<sarnold> if he ran chmod -R 777 / then the eeasiest way out is going o be renting a new server and moving over the files you care about :)
<drab> I don't know if you saw the previous msg, but just to loop back
<drab> I had to set fb=false
<drab> nofb doesn't work for whatever reason even tho it's an official kernel parameter
<tomreyn> drab: alrighty, thanks, and glad you found out.
<drab> any tips on must do tweaks for qemu performances?
<sarnold> it might be useful to pass in the 'current cpu' as the cpu type; that way all the instructions you -do- have can be used
<sarnold> I think the defaults are conservative so you can migrate from one compute host to another
<drab> k, thanks
<drab> two things I've seen is the use of virtio in disk devices and network devs
<drab> but still not clear how those work
<sarnold> instead of emulating ten-year-old hardware
<sarnold> they just shove bytes around :)
<drab> :)
<tomreyn>  i.e. use whenever you can
<drab> well that's part of the thing, how do I know if I can? I don't get what's special about them that makes it possible or not to use them
<tomreyn> you need guest support
<drab> ah, ok, that's one bit I missed
<tomreyn> linux has it, but windows doesn't until you install drivers
<sarnold> most non-terrible OSes have support for virtio of differentl flavors
<drab> oh, that's np, I'm just doing linux
<drab> even, just ubuntu xenial (for now at least)
<drab> so nothing special to install there? it just works [tm]?
<tomreyn> it should [tm]
<drab> heh :)
<drab> what about virtio-scsi ? I've seen that floating around on a few pages as "better", but in various examples I only saw virtio-blk-pci
<tomreyn> hmm i'm not sure there, maybe sarnold knows which one to prefer. my guess is that scsi is more overhead but more compatible. like a (PCI bus attached) nvme conmpared to a (SCSI controller attached) ssd
<sarnold> I hadn't heard of virtio-scsi before
<drab> it popped up on this guide: https://doc.opensuse.org/documentation/leap/virtualization/html/book.virt/cha.qemu.host.html#kvm.virtio-scsi
<drab> in the recommended host settings
<drab> that guide is actually the most complete I've found
<sarnold> suse invests a -lot- in great docs
<sarnold> aha! scsi passthrough
<drab> that doesn't try to say "oh you wanna run qemu plain? let me tell you about libvirt"
<sarnold> if you -want- scsi passthrough that'll be better indeed. but that's a specific thing.
<drab> :?
<drab> gotcha
<drab> tbh I'm kind of confused by scsi... back in the days you had to have a scsi card and scsi devices... now a usb key seems to go thorugh the scsi layer
<ppetraki> drab, scsi is just a common verb set to move blocks. no sense in reinventing the wheel, again.
<ppetraki> sarnold, I guess virtio-scsi is just more better: https://www.ovirt.org/develop/release-management/features/storage/virtio-scsi/
<sarnold> ppetraki: nice page, thanks
<sarnold> ppetraki: I've never heard of the ~30 device limit of virtio-blk before
<sarnold> that would certainly limit some operations :0
<ppetraki> sarnold, I guess it's a PCI limit of whatever bridge they virtually implemented
<ppetraki> sarnold, now you can do multpath in a vm!
<drab> ppetraki: fair enough, thanks
 * sarnold fails over
<drab> I'm trying to find out why it doesn't let me use virtio-blk, or if it's just a naming problem
<drab> ie when I say "virtio" in the device definition it's really using virtio-blk-pci
<drab> it takes virtio-net-pci for the network card, but not virtio-blk for the img file
<ppetraki> drab, how was the image file built? raw image? qcow2?
<ppetraki> drab, so my favorite thing to do with qemu and the options is to cheat. I configure something using virt-manager the way I think it should look, start it, then look at the qemu args passed to it.
<drab> ppetraki: raw image on top of zfs (hence avoiding qcow2, as I understand that'd be twice copy on write and not worth it)
<ppetraki> drab, ok, good, did you tell qemu format=raw?
<drab> ppetraki: I'm having problems cheating, tried to get libvirt going on my desktops and just got all kinds of fails
<drab> I did
<ppetraki> erg!
<drab> I don't want use libvirt long term so I didn't bother trying to figure out what I was doing wrong
<ppetraki> I don't want to use libvirt long term either, neither did openstack, but dammit it just wont die...
<drab> lol
<ppetraki> drab, ok I cheated for you http://pastebin.ubuntu.com/24430578/
<ppetraki> drab, now you can shove this in a script and parameterize what you need
<ppetraki> drab, I just made it install from whatever iso I could find, create a 4G RAM 2 CPU system with a 20G root
<drab> holy cow, looks more like bad time reading than a command line
<drab> thanks, much appreciated
<ppetraki> drab,  this looks like the line that matters the most "-drive file=/var/lib/libvirt/images/centos7.0.qcow2,format=qcow2,if=none,id=drive-virtio-disk0 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2"
<ppetraki> oh I don't read anymore, my eyes hate me
<drab> lol, bed time reading, Freudian slip I guess
<drab> I hear you
<drab> today I got lucky, I got to spent 4hrs in a basement pulling fiber <3
<drab> spend*
<ppetraki> so the -drive switch creates the vlun and also instantites a label "drive-virtio-disk0" and then attach that to the drive we want in the -drive switch
<ppetraki> I mean -device switch
<drab> yeah, see, you have virtio-blk-pci there, in the device definition
<ppetraki> I would make the boot index lower because this thing is "booting from CD"  and change the format to raw, other than that "its simple"
<drab> somehow that doesn't work on my test machine for some reason I don't get
<ppetraki> are you root?
<drab> yeah, looks ok, also looks like it's got the stuff I was wondering about re monitoring socket, so will check that out too
<ppetraki> drab, sudo kvm-ok for me
<drab> lemme try again with stuff from the example, the onliner I had was clobbering device and drive, maybe shorthand or hold syntax
<drab> yeah kvm is ok
<ppetraki> drab, ok. sounds like a plane
<ppetraki> I mean plan
 * ppetraki is tired
<drab> ppetraki: it kind of worked, I had to append an if=none to the drive which I don't get, but otherwise it went through
<drab> qemu-system-x86_64: -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=d-v-disk0,id=dddisk0: Drive 'd-v-disk0' is already in use because it has been automatically connected to another device (did you need 'if=none' in the drive options?)
<drab> that's the error I got
<ppetraki> drab, its open sore, it's not supposed to make sense
<ppetraki> drab,  that sharp edge is supposed to be there ;)
<drab> open sore, that's gonna stay with me for a while :D
<ppetraki> drab, I got it from engineers way older and saltier than I
<ppetraki> o/
<drab> .o/
<drab> thanks again man, much appreciate the help, have a good rest of the day
<lordievader> Good morning
<kotVasja> hi
<CarlFK> trying to pxe install to a nvme, someone in #u said try here.    onboard nvme ssd thing.  I somehow got xenial to boot last year.  wiped it trying to install zesty.  installer runs, I get these partitioning options:
<CarlFK> the installer gave me 1 big partition.  text mode install screens about partitioning https://veyepar.nextdayvideo.com/static/temp/d.html
<CarlFK> the installer does install files to it, but when I boot: "insert boot media" https://veyepar.nextdayvideo.com/static/temp/d6-0.png
<drab> CarlFK: just to confitm, you said yuo had it working?
<drab> becuase I had that same rpoblem and it turned out the mobo/bios just didn't support it
<drab> (this was a SM server and I chcked with them/bios engineers)
<CarlFK> drab:  yes working.  no idea how.  i play with a bunch of machines.
<drab> but it otherwise exibhited the same behavior as you describe, reason being the boot is done with kernel from pxe, not from nvme, and by the time that's loaded /root can be loaded from nvme
<drab> CarlFK: 100% sure you weren't booting from something else? a usb key, a cd, a small /boot on another disk... etc?
<drab> don't mean to be insisting, but it's kind of crucial :)
<drab> and we'd be all wasting time if it wasn't actually possible and there was something else lost in translation
<drab> possible -> straight boot, indirect is obvious possible
<drab> "no idea how" is the part that kind of worries me :)
<drab> have you checked the mobo's manual, does it say it can boot from nvme? same for bios
<drab> what mobo is it?
<drab> and what bios version
<drab> also what nvme device? is it plugged straight into the mobo or are you using some kind of pcie adapter? or is it a pcie nvme device to begin with?
<CarlFK> /sys/devices/virtual/dmi/id # cat board_name
<CarlFK> H170M-D3H-CF
<CarlFK> http://www.gigabyte.us/Motherboard/GA-H170M-D3H-GSM-rev-10#support-manual
<CarlFK> closest I could find, doesn't matter, pdf wont' dl
<CarlFK> nor the bios
<CarlFK> nvme plugged into slot on mv.  samsung something.  512gig
<CarlFK> mb lists it as a boot option.  I suspect I had the efi stuff setup before, and it listed both efi: and non as 2 boot options
<drab> ok, that was my next thing, nvme support generally is uefi only, not bios. are you booting in bios or uefi mode? and was linux installed in eufi mode?
<CarlFK> I am starting to think the u installer di will do efi if it sees the fat partition.  so maybe I have to create that first?
<drab> CarlFK: ime it does efi if the bios is setup for efi only/the installation is started as efi
<drab> if you're pxe'botting are you passing efi files to it?
<drab> booting*
<CarlFK> oh.. pxe.. no.  I bet thats what I need to find
<drab> yeah pxe needs additional steps/work to boot in efi mode and do an efi installation
<drab> if you're running vanilla pxe you're likely installing in bios mode
<drab> you could try to install with a CD if you can, might be quicker to verify
<drab> and make sure your bios is set to efi or that when the prompt comes up you select to boot the CD as efi
<drab> which will get you an efi install
<drab> at least that's afaicr, my efi foo id generally weak, I'm old and so is my hw :)
<drab> anybody knows a workaround for this bug: https://bugs.launchpad.net/ubuntu/+source/memtest86+/+bug/1564740
<ubottu> Launchpad bug 1564740 in memtest86+ (Ubuntu) "Booting kernel failed: Invalid argument" [High,Confirmed]
<drab> what I don't get is why memtest works fine on both vbox, a bunch of desktops, but not the SM machine
<drab> some of the desktops are also intel
<drab> they are all in bios mode
<ikonia> why would you run memtest in vbox
<drab> pxe booting the memtest image served via tftp
<ikonia> it's virtual memory
<ikonia> but why would you do that in a vm
<drab> ikonia: to test that the pxe infra is working and passing up the right files
<drab> so I test that first, thant est on a couple hw machines/desktops, then test on the server
<ikonia> what happens when you try to boot it for tftpboot
<drab> that why I cover all classess of hw and scenarios, since pxe must work on virtual too to provision containers
<CarlFK> except I don'
<drab> I'm not actually testing the ram
<CarlFK> except I don't have a cd drive.. but leme find pxe efi stuff...
<drab> ikonia: it boots fine on the desktops and the VM, it just fails on the SM server
<drab> like in that bug
<drab> it complains about an invalid argument
<ikonia> SM server ?
<drab> supermicro server
<ikonia> what's an SM server
<ikonia> ok - so thats most likley the pxe setup on the card
<ikonia> the invalid argument is known on some network cards
<ikonia> you can get around it with a setting on the tftpserver
<drab> uhm, ok, interesting, hadn't heard of it
<ikonia> I can't remember which one it is off the top of my head
<drab> great, ok, that's still a useful hint, thank you
<ikonia> I can't remember which way around it is, either some cards don't fully comply and expect an argument that isn't needed, or they are over strict and demand an argument that isn't needed
<ikonia> I can't remember which way around it is
<tomreyn> CarlFK: the bios and manual download work fine from my location. should i store a copy for you somewhere?
<tomreyn> (and have you tried it from a different location, yet)
<CarlFK> tomreyn: I tired a few of the area links.  wget says 2017-04-22 10:45:02 (1.47 MB/s) - Read error at byte 31119/13554428 (Connection reset by peer). Retrying.
<CarlFK> oh hey, 3rd times a charm. got it.
<CarlFK> http://archive.ubuntu.com/ubuntu/dists/zesty/main/uefi/   thats all I see around install stuff
<drab> ikonia: ok, found a workaround
<drab> I don't know why the other wasn't working and what was up with what you mentioned, couldn't google anything about it
<drab> but I changed and instead of trying to boot the memtest binary
<drab> I used memdisk to load the memtest.iso from passmark
<drab> and that works across all environments/hw classes so good enough
<drab> takes a few extra secs to get the iso compared to just the bin, but whatever
<drab> CarlFK: if you don't need to pass preseeding, you could do what I just did
<drab> and load the entire iso from network
<drab> that'd be the same as booting from CD
<drab> vs booting a kernel and going straight into install
<CarlFK> I am a little confused.  not even sure what terms to use any more.  I either boot bios or efi, right?
<drab> right
<patdk-lap> well, what do you use?
<patdk-lap> bios or efi?
<drab> but there's two pieces, both the bootable media and the bios must be on efi/or bios
<drab> you can have an efi that fallsback to bios
<drab> and stuff like that
<drab> so the boot part needs to be configured on efi, boot the install media as efi, and then the install media needs to install efi compatible boot loader
<drab> mostly this magically happens, ie ubuntu install CD will pick up a boot from efi and isntall efi, at least that's my experience on desktops, but with pxe boot is a little more complicated
<patdk-lap> and maybe all has to be signed too
<drab> since you decice what to serve
<drab> that too, le sigh
<drab> brb
<CarlFK> patdk-lap: #ipxe says NiXZe: the rom usually has both efi and pcbios, however the configuration to enable them is confusing to say the least in most bios/firmware implementations
<CarlFK> so I am trying to use efi, but I may not be.
<patdk-lap> heh? it's supersimple in every one I have seen
<patdk-lap> you just go into the settings, and select uefi boot, and disable legacy boot
<patdk-lap> now your in uefi/efi mode
<CarlFK> have you looked at the firmware? ;)
<patdk-lap> enable legacy and you are back to old fashon bios boot
<patdk-lap> no, cause I have no idea what device you have
<CarlFK> #ipxe (05:50:16 PM) Shiz: and sometimes the option is there but the efi rom simply is not
<CarlFK> I pick efi options, but seems I am ending up in legacy
<CarlFK> is there any way to tell from the installer busybox shell?
<patdk-lap> what system is this?
<CarlFK> /sys/devices/virtual/dmi/id # cat board_name  --> H170M-D3H-CF
<CarlFK> http://www.gigabyte.us/Motherboard/GA-H170M-D3H-GSM-rev-10#support-manual
<CarlFK> closest model I could find
<patdk-lap> oh wait
<patdk-lap> you want pxe boot?
<CarlFK> yes
<patdk-lap> it is *rare* for nic pxe boot to work in uefi mode
<patdk-lap> I have seen some the last month
<patdk-lap> but before that, I would have said it wouldn't work at all
<CarlFK> can I chain load ipxe?  (which I guess has efi support)
<jerichowasahoax> isn't pxe that thing for 32 bit systems that lets them access larger addresses
<patdk-lap> jeremy_carroll, heh?
<patdk-lap> a30 enable?
<CarlFK> pxe = load kernen/init from tftp server
<jerichowasahoax> maybe i'm thinking of another acronym then
<CarlFK> nic rom has a little tcpip stack
<patdk-lap> yes, you could boot ipxe, if ipxe has a uefi mode
<patdk-lap> but ya, not the nic rom
<patdk-lap> ya, that board says nic does not support uefi
<patdk-lap> storage boot option set to uefi only
<patdk-lap> csm support set to disabled
<patdk-lap> (csm support is the, if uefi failes, fall back to legacy bios boot)
<CarlFK> btw - I have the box the board came in: ga-h170m-d3h  - no mention of cf
<CarlFK> if I am currently able to pxe boot the installer, do I need to change anything ?
<CarlFK> er
<jerichowasahoax> to accomplish what? my znc buffer doesn't go far enough back
<patdk-lap> if you want to use uefi? you must boot uefi
<patdk-lap> or the installer will not setup uefi install
<CarlFK> (11:22:46 AM) patdk-lap: yes, you could boot ipxe, if ipxe has a uefi mode
<patdk-lap> if you don't care, then don't worry, whatever booted it will install and make work
<jerichowasahoax> if you want to make absolutely sure you're booting in uefi mode, check for the presence of /sys/firmware/efi/efivars
<patdk-lap> I have never uefi booted ipxe before, as the systems I use it on don't have uefi support, only use old systems with it
<CarlFK> can I boot from the nvme? (ssd on the board)
<CarlFK> er, in legacy mode
<patdk-lap> ask your bios
<CarlFK> I couldn't figure that out from the manual.
<CarlFK> or the bios
<CarlFK> currently when it boots the ssd i get  "no boot media"
<patdk-lap> I have booted all my nvme systems without uefi and with uefi both
<CarlFK> i can pxe boot the installer into rescue mode, mount it.  grub-installer it.. no error, but still not boot
<CarlFK> zesty installer BusyBox v1.22.1 (Ubuntu 1:1.22.0-19ubuntu2)   ~ # ls /sys/firmware/ -> acpi    dmi     memmap
<CarlFK> same for /target/sys/firmware/
<CarlFK> so I pxe booted, I am in legacy mode, both the installer shell and what the installer installed.  bios says it will boot the ssd in legacy mode.  what do I do to install grub?
<CarlFK> (pretty sure there is a bug here, but I dont' know what I am doing well enough to just file a issue )
<CarlFK> https://en.wikipedia.org/wiki/EFI_system_partition   "some UEFI implementations immediately switch to the BIOS-based CSM booting..."
<CarlFK> who knows what mode we started in?
<drab> re
<drab> CarlFK: did you manager to get it to work?
<drab> manage*
#ubuntu-server 2017-04-23
<c0mrade> What's the fix for the DCCP exploit Linux Kernal 4.4.0 for Ubuntu 16.04.2 LTS? I just downloaded the latest version and apparently it's vulnerable to that! :D
<ikonia> c0mrade: the ubuntu maintainers will patch and maintain the kernel
<ikonia> you don't need to worry about that
<ikonia> and based on the fact that you are opening up your host to attack from everyone and then wondering why it's crashing all the time, I suggest you adjust your approach to security
<c0mrade> ikonia: It's not crashing all the time...
<c0mrade> Once you execute the exploit it does.
<c0mrade> Which means the latest available version for ubuntu-server available for people online is vulnerable to this attack.
<ikonia> c0mrade> Who's crashing it for real?
<ikonia> c0mrade: bottom line - just trust the ubuntu maintainers to patch and maintain the kernel, they know much better than you
<c0mrade> ikonia: I gave access to my box and am willing to give again, "stryngs" from ##security spent like an hour and couldn't get root or compromise the network.
<c0mrade> I mean is there a fix available online?
<ikonia> fix available on line....what are you talking about
<c0mrade> fix for this issue? like an update...
<c0mrade> ?
<ikonia> c0mrade: the ubuntu developers and maintainers will patch and maintain the kernel for you
<ikonia> updates will be pushed by the ubuntu maintainers, they know and understand bugs better than you
<c0mrade> ikonia: When, how? Will someone from them login to my system and do it? Or will I have to wait until further notice.
<ikonia> c0mrade: the updates are released to the ubuntu pakage repos
<ikonia> have you actually checked if the ubuntu kernel has that vunerablilty ?
<c0mrade> Are they already released? This issue has been for a while and it's a server edition distro, severity and impact should be as 'critical'.
<ikonia> have you actually checked if the ubuntu kernel has that vunerablilty ?
<c0mrade> ikonia: Yeah it does and it the exploit crashed the system, I have to manually reboot it, it freezes.
<ikonia> how do you know ?
<c0mrade> Because the exploit is in the home directory, being put by someone and ran by him, evertime he ran it, the system crashes and I can see all the kernel messages on the screen...
<ikonia> c0mrade: you're giving access to your host to strangers on the internet who are crashing your box...and thats how you maintain security
<ikonia> actually look yourself
<ikonia> look at the CVE - look if it impacts the ubuntu kernel you are using, find the CVE bug in launchpad and look at the fix status
<ikonia> your attitude to security is unacceptable and your expectation is unrealistic
<c0mrade> ikonia: It's a simple exploit, am talking about something else, dont worry about me and my insecurity. I'll handle that myself. My question is that ubuntu latest distro proved to be susceptible to a known exploit. It crashes the os.
<ikonia> c0mrade: you have no idea of that
<ikonia> and you're not asking a question - you're making a statement that may or may not be true as you've not really checked it
<c0mrade> ikonia: I have 100% confirmed it now.
<ikonia> how
<c0mrade> I ran the exploit and my system crashed.
<ikonia> how
<c0mrade> How what?
<ikonia> how did you run the exploit
<c0mrade> ./a.out
<c0mrade> It's a c file
<ikonia> what does a.out do
<ikonia> where did you get it ?
<c0mrade> I gcc compiled it
<ikonia> where did you get the source
<c0mrade> Someone uploaded it to my box.
<ikonia> unacceptable
<ikonia> again - you're letting random strangers put software on your box
<ikonia> that is not how you judge security threats
<ikonia> and this channel will not respond to security issues verified in this way
<c0mrade> ikonia: That's not what our concern is now. Again don't worry about my security. I'll burn in hell why would you care? Again my concern is elsewhere now.
<ikonia> your "report" is not an acceptable test
<ikonia> I've told you how to verify the vunerability and risk
<ikonia> and you're just trusting random strangers on the net to give you random code to run on your host - unacceptable way to test
<c0mrade> ikonia: That's the exact real way for testing...
<c0mrade> It's the real world.
<ikonia> no it's not
<ikonia> and that is so far from the real worl - it's un true
<c0mrade> In the real world there's no one caring about how would you test the system, how would you report an issue, a 0day is developed and tested.. That was a real world scenario.
<ikonia> in the real world people do controlled verified tests
<ikonia> not asking random strangers to upload code to their box
<c0mrade> ikonia: Not if it was a real attack.
<ikonia> enought
<ikonia> enough
<ikonia> I've told you how to verify the bug / risk
<ikonia> do that - or do not ask again
<c0mrade> ikonia: Okay :)
<c0mrade> Um it's not intended to crash the kernel but  to gain root, but the system crashes instead... https://www.exploit-db.com/exploits/41458/
<ikonia> c0mrade: not what I said to do
<ikonia> do that - or do not discuss it again
<c0mrade> Here's the fix for it, how do I install that...
<c0mrade> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
<c0mrade> What's the most stable kernel for ubuntu 16.04.2
<c0mrade> I've got 4.4.0-62-generic
<c0mrade> Is 4.8 the one?
<c0mrade> Looking to run this: "sudo apt-get install linux-generic-hwe-16.04" the problem is that it wants to install some WiFi packages and thermald
<c0mrade> Would it on a server edition?
<andol> c0mrade: linux-virtual-hwe-16.04 is also an option
<c0mrade> andol: What about the link I provided up above?
<c0mrade> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
<c0mrade> I just download it, unzip it and install it?
<andol> c0mrade: The link regarding CVE-2017-6074?
<c0mrade> Yeah
<c0mrade> I've posted it again above.
<c0mrade> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
<andol> Yeah, but from what I can see it is already patched in the Ubuntu 16.04 kernel packages.
<andol> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6074.html
<c0mrade> I've already downloaded the file, what's the next step?
 * andol has no idea what c0mrade is trying to accomplish
<c0mrade> andol: read this
<c0mrade> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
<c0mrade> see you can download a file there.
<c0mrade> what does that file do when I download it, shouldn't it fix that bug?
<c0mrade> If it should, how do I install that thing
<andol> Yeah, you could use that patch to build a new kernel, but I have no idea why you would want that, since the regular Ubuntu kernels have already been patched for you.
<c0mrade> if they've already been patched for me, what should I do now?
<c0mrade> what command should I issue to fix that
<andol> The same you would do for any other (kernel) security upgrade
<andol> apt-get update
<andol> apt-get dist-upgrade
<andol> reboot
<c0mrade> apt-get update already done
<c0mrade> so apt-get dist-upgrade left
<ikonia> c0mrade: I told you what to do
<ikonia> and I told you not to talk about it until you have done it
<c0mrade> ikonia: I am updating the system!
<c0mrade> What am I doing wrong.........
 * andol reads a bit more backlog...
<ikonia> I told you to check if a.) that vunerablility had impacted the ubuntu kernel via the CVE reference and inclusion in the ubuntu kernel package b.) see if a fix had already been applied
<ikonia> you keep just doing / saying random things
<ikonia> you're whole basis for this conversation is because you let a stranger from the internet have full access to your machine and he gave you code that crashes your machine
<ikonia> this means NOTHING and is not a valid test
<c0mrade> ikonia: Full access? It was standard user!
<ikonia> map the CVE to the ubuntu package, then map any possible fix to an update included in the repos
<ikonia> until you have done this - please stop discussing it
<c0mrade> There's no way I will give root.
<c0mrade> It's a standard unprivileged user.
<ikonia> please stop discussing it
<ikonia> you let a stranger onto your machine and upload code and thats how you are now claiming this exploit
<ikonia> verify it how I told you - or stop discussing it
<c0mrade> ikonia: I am updating the system nevertheless, you can ignore my comment about the validity about this exploit. I want my system up to date, once am done I'll test that thing again and see.
<ikonia> c0mrade: I told you at the start of your claim - the ubuntu maintainers will patch and maintain the kernel for you, they know better than you and updates will appear in the ubuntu repos
<ikonia> why is your machine not up to date when I told you this at the very start of your exploit claims
<c0mrade> ikonia: Okay.
<c0mrade> ikonia: I've downloaded the ubuntu 16.04.2 lts from the official ubuntu website like a week ago and I thought it'll already have all the updates.
<ikonia> c0mrade: no, as I TOLD YOU at the start, they will maintain it and push out packages to the reps
<ikonia> repos
<ikonia> c0mrade: if you want to continue to use this channel - pay attention and stop with this silly time wasting attitude
<c0mrade> Ok.
<ikonia> c0mrade: there will be no more warnings or discussion on your channel interactions, use the channel properly, with real problems and pay attention to the information given to you, or don't use it
<c0mrade> ikonia: Ok.
<[1]c0mrade> .
<c0mrade> .
<tomreyn> c0mrade: with most irc clients, you can use the /ping command to ensure you are connected to an irc server / network
<c0mrade> tomreyn: I wasn't making sure of that.
<c0mrade> I just regained my nickname.
<tomreyn> i see.
<hanna> I have a machine that's running out of RAM and swapping, even though absolutely nothing seems to be using that memory.. the only clue I've gotten at all so far is that dmesg was full of NVRM: RmInitAdapter failed spam
<hanna> I already unloaded the nvidia modules but the memory is still gone, apart from a hard reboot is there anything I can do to reclaim it?
<hanna> I just rebooted it, I exhausted all ideas I had
<tomreyn> hanna: capture 'vmstat -s' and 'free -m' outputs when it happens again.
<tomreyn> also "cat /proc/swaps"
<tomreyn> hanna: you can already check this now: cat /proc/sys/vm/swappiness
<tomreyn> can we assume that you are running an fully patched system with an up to date kernel (not just installed but also running)?
<tomreyn> also, which ubuntu release is this
<php> Hey! One of my clients is having an issue with their server (Ubuntu 14.04). It boots but no longer accepts any SSH connections (Connection Refused).
<php> We booted into their rescue OS (it's an OVH server, we used rescue-pro), mounted /dev/sda2 to /mnt, chrooted to that, then allowed port 22 via ufw. We also used update-rc.d to start SSH on boot.
<php> When we went back to the OS, SSH still wasn't accepting connections.
<php> If anyone here has any ideas what could be the issue, please let me know. It's quite weird.
<dannysantos> I have a home web server that is using freedns.afraid.org service for dynamic dns. Imagine my dns is alex.website.net and that is pointing to my home server. Does the traffic that goes to test.alex.website.net also reaches my home server?
<andol> dannysantos: Not unless you explicitly configure it that way.
<dannysantos> ok, thank you andol
<drab> php: from the chroot you should have had acess to syslog from the previous run, ddi you check that?
<drab> antyhing in there about ssh
<tomreyn> syslog but also auth.log
<tomreyn> php: ^
<php> drab, damnit, forgot syslog
<tomreyn> also make sure your client doesn't run a newer version which default to secure encryption / hashing mechanisms which old servers may no support, yet.
<tomreyn> php: if you have OOB access to the server you can still access the log while the server is running
<tomreyn> php: is it an OVH branded or soyoustart / kimsufi system?
<php> tomreyn, kimsufi
<tomreyn> oh, most likely no OOB then
<php> None of their services (ssh/apache/others I think) are listening on boot, which is strange.
<php> Waiting for rescue-pro again so I can check syslog
<tomreyn> you or your customer are doing things wrong if you use those systems for business
<drab> php: ok then the problem is much deeper than ssh
<tomreyn> could be a firewall issue
<php> tomreyn, I uninstalled iptables and it still wasn't working
<tomreyn> okay, it was just a guess
<php> Also, they're using this for personal use. Not a business-related server.
<tomreyn> "sudo lsof -i :22" to ensure sshd is running / listening on port 22
<php> I can't get into the server to run commands like that
<tomreyn> right, sorry, i forgot you dont have oob
<php> Which would be way easier if they picked SYS. SYS offers 24h/1w KVM
<tomreyn> as a costly add-on, which to install, can take a while, increasing your downtime. but i guess it wont matter for this system.
<php> Had they been able to get KVM, I would've had to charge them less and waste less of both of our time. :P
<php> I just wanna play games on the weekend :(
<tomreyn> thanks for reminding me - gonna play a gam enow ;)
<drab> what's this game thing you speak of? :(
<drab> just finished building a new server and fans are spinning like crazy, don't get why
<drab> same build as the others
<php> drab, games are weird things that has mathematical stuff going in the background to draw "pick-sells" or something to my screen?
<drab> ewww maths
<php> tomreyn, https://gist.github.com/1DC/83e305aaa458c0168fd2c4671f1876a1 syslogs
<php> https://gist.github.com/1DC/960a66dd0c949cade567586eb9eb5418 boot.log
<php> ^ potentially has the issue
<php> askubuntu says not to worry about that one
<CarlFK> php: what is rtm?
<php> No idea.
<drab> a more polite invite to reading the manual?
<php> I have my Google open, hold on. :P
<drab> php: where's the ssytem boot log part?
<php> drab, hmm?
<CarlFK> my quick guess is the box has been hacked.   so shut it down, build a new one, restore backups, hope you don't put the exploit back in place.
<php> I might've found an issue!
<php> http://i.imgur.com/yH9LOB1.png
<php> Gonna remove that from fstab and see if it boots
<drab> php: that part of the log you pasted seems about right now
<drab> since you're saying that services aren't starting at boot what you should be pasting/looking at is the boot log part
<drab> to see what happebned then, which maybe also has a hint about the fstab
<drab> the boot log saying everything OK is weird tho
<drab> since everything does not seem to be ok
<php> Issue fixed
<php> It was their /dev/sda3
<drab> cool beans
<drab> I wish my issue was fixed too...
<tomreyn> 'rtm' is OVH (the dedicated server hosting company's) 'real time monitor' https://github.com/wodim/ovh-rtm
<tomreyn> drab: the game i played is in my host mask ( i don't want to advertise it here)
<CarlFK> tomreyn: thanks.  kind like an back door.  maybe a back window ;)
<drab> with qemu, should I dance the hugepages dance? I'm not clear if it's important/recommend to set up hugepages at this point
<drab> most stuff I've read about qemu don't have it listed as steps/tunings on the host, but it seems to make quite a bit of sense
<drab> altho I'm unclear if it really makes most sense when you start to run a larger amount of instances Vs just one or two (my case since I'm mostly on lxd)
<drab> sarnold: fwiw the other benefit I found of virtio-scsi is device naming, which are consistent with what you'd expect, ie /dev/sda
<drab> this makes stuff like preseeding qemu and pre-selecting devices a lot easier without having to maintain differences with qemu installs and using vdX
<CarlFK> http://cdimage.ubuntu.com/releases/zesty/release/    "There are three images available, each for a different type of computer:    arm, ppc and s390x IBM System z
<CarlFK> um.. where is x86_64?
<CarlFK> I am looking for the zesty version of http://cdimage.debian.org/cdimage/stretch_di_rc3/amd64/iso-cd
<JanC> CarlFK: http://releases.ubuntu.com/zesty/
<CarlFK> JanC: thanks
<JanC> CarlFK: that server has the official/supported releases; cdimage.u.c has "non-official" CD images
<ShaRose> anyone here use lxd with raw.idmap? It's not liking me very much at the moment.
<runelind_q> which package contains lxc-attach?
<sarnold> lxc1
<Poster> runelind_q: You can go to http://packages.ubuntu.com/, go down to the section that allows you to search the contents of a package and enter your file name of interest
<sarnold> or install apt-file; no webpages :)
<Poster> There's that too ;D
<runelind_q> hrm, I wonder what value it is looking for with lxc-attach --name.  When I use the name in lxc list it says container not defined.
<sarnold> "lxc list" is probably using lxd instead, in which case "lxc attach" may work better
<runelind_q> hah, apparently it is a bug
<runelind_q> attach is not an option of lxc
<runelind_q> I have a CentOS container that won't let me ssh into it anymore.
<runelind_q> restarting doesn't fix it either. it was after I upgraded openssh
<rbasak> "lxc exec foo bash"
#ubuntu-server 2018-04-16
<ikkuranus> I used the nfs export module of webmin to create an nfs4 share and it created  some kind of link in the filesystem. How do I remove that
<samba35> i am on beta 18.04 ,i wan to configure kvm with openvswitch can some one guide me ,i have created openvswitch and kvm configure but i could not see/add ovs to kvm network
<olivierb-> good morning everyone. I have a situation for which I need your expert help here as digging out how to fix this has been very unproductive for the last couple of days
<olivierb-> I have a ubuntu 16.04 minimal server image with LVM and xfs which boots perfectly well and was generated using OpenStack DIB (disk image builder)
<olivierb-> however when I try to add a package which requires init ram disk rebuild (like overlayroot or others)  I end up not beeing able to reboot the machine
<olivierb-> I have nailed down the issue being the fact that LVM does not seem to be taken into account because tried without LVM on xfs+extX successfully and LVM + any of extX, xfs being a failure
<olivierb-> of course I have added the modules in /etc/initramfs-tools/modules without more success
<olivierb-> what is also very strange is that my initial and working initrd file is 9 Mb big and the failing regenerated one is 32 Mb
<olivierb-> any clue what could be the cause, where to look and how to fix this ?
<olivierb-> one other thing is that my 1st initrd file in the DIB image has been generated using dracut which is also present in my packages list so may be it somehow also interferes with initramfs-tools ? Just a wild guess
<cpaelzer> rbasak: I'd like a monhtly, biweekly or even weekly (fast then) server-next bug scrub
<mojtaba> Hello, I have created a service for autossh, http://paste.debian.net/1020536/, but when I reload systemctl daemon and restart the service, I got the following status: received signal to exit (15)  Do you know what could be wrong?
<blackflow> mojtaba: is anything even wrong? when you restart a (simple) service it gets sent a signal. Does it not start back after service restart?
<mojtaba> blackflow: When I execute the autossh on the terminal it works fine. But using systemd it does not work.
<blackflow> it does not sart?
<blackflow> *start
<mojtaba> blackflow: By not working, I mean I can not ssh back from the other system.
<blackflow> but is the process active? checked with ps or top?
<mojtaba> blackflow: It says, Starting the service, and then next line, services started, and gave me the ssh child pid. But the next line says received signal to exit (15)
<blackflow> Well, two things. First, systemd services are default root unless you specify User= under [Service]. That means autossh will start as root and will look into /root/.ssh/ for config, keys, etc...
<blackflow> so you should put your user's name under User=  in the unit file
<blackflow> the second thing was, as I don't know autossh, does it remain in foreground when you start it? or does it fork and exit?
<mojtaba> blackflow: I see. So I have to define user as my current user? Where should I put it?
<blackflow> I just told you. In the unit file you wrote, under [Service] section. See systemd.exec(5) manpage for more info.
<mojtaba> blackflow: I have used -f flag option, so it is supposed to work in background.
<blackflow> mojtaba: in that case the service can't be simple, but forking.
<mojtaba> blackflow: what is forking and where should I put it?
<blackflow> see systemd.service(5) manpage for Type=
<blackflow> mojtaba: but ideally, you'd not want that. drop -f and have system manage it directly.
<mojtaba> blackflow: Thank you very much. I added the user and removed -f. It is working now.
<blackflow> you're welcome.
<mojtaba> blackflow: should I create another user for the reverse-ssh? I mean do you know how can I make it more secure?
<mojtaba> blackflow: Is there something that I have to consider as a precaution?
<blackflow> mojtaba: can't hurt to run the tunnel as another user. :)
<mojtaba> blackflow: autossh is making the reverse tunnel as root to the remote machine.
<mojtaba> Is that Ok, or should I change it?
<mojtaba> The other machine is a VPS.
<blackflow> depends on the use case. ideally you'd want to not use root account to ssh into, unless you have to.
<blackflow> of course using pubkey authentication and blocking passwords is a must.
<mojtaba> blackflow: I am using public key to log in, but I am logged in as a root.
<mojtaba> I have created a reverse ssh from node A to node B, Do you know any command that I can use to connect to node A through node B, using a third system? I am looking for one command, instead of making ssh to node B and then again ssh to node A.
<blackflow> mojtaba: look into ProxyCommand ssh option
<blackflow> mojtaba: here's an example use case for ansible, that uses one host as a "trampoline" (so called "bastion" host) to automatically ssh through one machine into another: https://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/
<mojtaba> blackflow: thanks. To make the reverse ssh from node A to B, I am using pubkey. But from node B to A I prefer to use password. (I think it is more secure, isn't it?)
<blackflow> you keep calling it "reverse". Aren't you merely creating an ssh tunnel?
<blackflow> "reverse ssh" would be if you initiated the connection from the server to your client...
<blackflow> (reverse from the POV of the client)
<mojtaba> blackflow: No, I am creating reverse ssh using autossh and -R flag.
<mojtaba> blackflow: computer A is behind  the NAT and I am creating the reverse ssh from A to a VPS, and then I use my laptop to ssh to VPS and connect to A.
<blackflow> that's forwarding. not sure why you call it "reverse"
<mojtaba> blackflow: form vps I can connect to node A, using ssh -p PORTNUMBER User@localhost
<sdeziel> mojtaba: password auth is always less secure
<blackflow> mojtaba: @localhost? that just connects to itself, no?
<blackflow> unless you redefined the IP of "localhost"
<sdeziel> mojtaba: if you want more security require both a public key and a password
<blackflow> sdeziel: uh.... AND password?
<blackflow> then what stops someone from ignoring the pubkey and keep bruteforcing the password?
<mojtaba> sdeziel: I am connecting from a VPS, and I don't have physical access to it. I though may be someone would have access to the VPS and could connect to that machine using the keys.
<sdeziel> blackflow: that is if more security is needed
<blackflow> unless you meant the key passphrase?
<blackflow> sdeziel: are you sure? if you allow passwords, then pubkeys can be ignored.
<sdeziel> blackflow: no, I meant both
<blackflow> then you're wrong.
<mojtaba> blackflow: What If I put passphrase on the keys?
<blackflow> password auth must be completely disabled. otherwise pubkey can be ignored and just password (attempted) brute forced.
<sdeziel> mojtaba: a passphrase on the key is only to secure the key itself
<mojtaba> blackflow: No, I connect to 127.0.0.1 with the defined port in system A.
<sdeziel> blackflow: ever heard of two factor authentication?
<blackflow> sdeziel: yes, but ssh password auth ain't it.
<blackflow> 2FA is something different
<mojtaba> sdeziel: Ok, so I can secure the keys using passphrase.
<sdeziel> blackflow: please if you don't know something, don't call me wrong
<sdeziel> blackflow: I've been using TFA with OpenSSH for many years, works well
<blackflow> sdeziel: that's okay. but that's not what PasswordAuthentication for OpenSSH means.
<blackflow> 2FA != PasswordAuthentication
<sdeziel> blackflow: AuthenticationMethods publickey,password
<mojtaba> blackflow: sdeziel: Can I create pub and private keys somewhere else and then scp them later?
<blackflow> sdeziel: that's not 2FA
<sdeziel> mojtaba: yes but why not create it on the target instead?
<sdeziel> blackflow: how so?
<blackflow> This is 2FA: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-two-factor-authentication
<sdeziel> this ^ is another form of TFA
<blackflow> AuthenticationMethods publickey,password is just a list of allowed methods. meaning the client could ignore pubkey and try password.
<mojtaba> sdeziel: Ok, so I have to send the private key to the source?
<sdeziel> mojtaba: I'd advise to simply create the key pair on the destination instead. This way it has the proper perms and all
<sdeziel> mojtaba: otherwise, yeah, send both the key and the .pub
<blackflow> only the pubkey is needed on the server you're connecting to. that's the whole point of "private".
<mojtaba> sdeziel: I want to connect from VPS to node A, which is behind NAT. So I have to create the keys on node A? (just to confirm)
<mojtaba> or VPS?
<blackflow> there is also forwarding of authentication via -A so you can use one keypair for forwarding too.
<sdeziel> mojtaba: if you want node A to ssh to somewhere where you have inbound access, then yes
<sdeziel> so on node A, you'd run ssh nodeB -R9999:127.0.0.1:22
<mojtaba> blackflow: I can connect passwordless to both VPS and node A. Can I use my keys on my laptop? So I don't need to generate extra key for VPS to node A.
<sdeziel> then from your location you could ssh nodeB -p 9999
<blackflow> mojtaba: yes
<sdeziel> and you'd be poking node A's SSH
<blackflow> mojtaba: you generate the private-public key pair on your laptop and upload ONLY the pub key to the servers.
<blackflow> mojtaba: use authentication agent (enabled by default on Ubuntu), and you can use -A for ssh connection to forward the authentication
<mojtaba> blackflow: I have done that before, and I can connect directly from my laptop to both VPS and node A. Now I want to connect from my laptop to node A through VPS. How can I use the keys on my laptop?
<mojtaba> blackflow: Thanks. I will check it.
<sdeziel> mojtaba: but if node A is behind a NAT (without port forward), how why you SSH in for the firts time?
<blackflow> with -A for ssh connection
<blackflow> mojtaba: use the same PUBLIC key on both A and the VPS
<mojtaba> sdeziel: I have configured the router before to do port forwarding. But it might move somewhere else, that is why I am creating the reverse ssh tunnel.
<mojtaba> blackflow: Can I forward  authentication for two different keys?
<sdeziel> mojtaba: the reverse tunnel requires node A to SSH to the VPS (which I assume is the box with stable access for you, right?)
<mojtaba> sdeziel: yes
<sdeziel> mojtaba: OK then yes, ssh -R can do it
<mojtaba> sdeziel: So I have to use flag -A to connect from my laptop to node A?
<mojtaba> sdeziel: Do you know the exact command?
<sdeziel> mojtaba: ssh -A alone
<sdeziel> mojtaba: but that's not related to a SSH reverse tunnel though
<sdeziel> mojtaba: that will simply carry your SSH agent along with where your client goes
<mojtaba> sdeziel: in my laptop I am using config file for ssh, so to connect to VPS I simply type 'ssh vps'
<sdeziel> mojtaba: what's unclear to me though is why would node A be more easily reachable by the VPS than your laptop?
<mojtaba> and to connect to node A, I type 'ssh nodeA'
<mojtaba> sdeziel: VPS has static IP, but my laptop has dynamic IP.
<sdeziel> mojtaba: add "ForwardAgent yes" to the config stanza
<sdeziel> mojtaba: and node A?
<sdeziel> does it has a dynamic IP too?
<mojtaba> sdeziel: That one has dynamic IP address as well.
<mojtaba> But when I connect to node A from VPS, I just simply type localhost.
<mojtaba> sdeziel: I have to add ForwardAgent in VPS settings in config file?
<sdeziel> mojtaba: you mean you "ssh localhost -p SOMETHING" ?
<mojtaba> sdeziel: from VPS I type ssh -p PORTnumber localhost
<mojtaba> sdeziel: from VPS I type ssh -p PORTnumber user@localhost
<sdeziel> mojtaba: OK, so you seem to have the reverse tunnel already setup, which is good
<mojtaba> sdeziel: yes
<mojtaba> blackflow: sdeziel: blackflow helped me for that. (Thanks again)
<sdeziel> mojtaba: instead of using the SSH agent forwarding which has some security ramifications, you may want to use something else like ProxyCommand
<sdeziel> mojtaba: on your laptop, you'd use something like that:
<mojtaba> sdeziel: Thanks. I will look in to it.
<sdeziel> Host nodeA
<sdeziel>   ProxyCommand ssh VPS -W localhost@PORTnumber -l user
<blackflow> what security ramifications? using ProxyCommand, if that command is "ssh" requires authentication again. with -A you just forward your initial one.
<blackflow> that's the whole point of keys and -A. it doesn't lessen the security in any way.
<sdeziel> blackflow: http://manpages.ubuntu.com/manpages/bionic/en/man5/ssh_config.5.html
<sdeziel> "Agent forwarding should be enabled with caution."
<blackflow> okay, and why?
<sdeziel> blackflow: it's the paragraph right after that in the man page
<blackflow> sdeziel: I know. I've read it. that also applies to not using -A
<blackflow> -A merely forwards the auth through the next ssh session. the same "warning" applies regardless of whether you connect to machine A or to B through A
<blackflow> and has nothing to do with -A but with forwarding X11
<sdeziel> blackflow: suppose you "ssh -A foo" and I also have access (with root) to foo
<sdeziel> blackflow: while you are connected to foo, I can abuse your agent to usurp your identity and connect to other destinations as you
<blackflow> you can do it regardless of -A on the first machine as well.
<sdeziel> blackflow: that has nothing to do with X11 forwarding
<blackflow> the warning is only for situations where you forward X11 and connect via proxy thinking the proxy offers extra security. it doesn't.
<blackflow> sdeziel: it does, it also says so in the paragraph which you quoted.
<mojtaba> sdeziel: Is it @ or : before PORTnumber in ProxyCommand ssh VPS -W localhost@PORTnumber -l user
<blackflow> sdeziel: read the warning for "ForwardX11". If you enable it, then you expose your X11 to any machine you connect to.
<blackflow> the warning is there ONLY if someone thinks that using an ssh proxy makes it more secure than connecting to the proxie'd machine directly. it doesn't.
<sdeziel> mojtaba: you are right, it's a ":"
<blackflow> in this case, mojtaba is in control of both machines and uses proxy to bypass NAT. which in itself does not make -A any less secure than connecting to the third machine directly.
<mojtaba> sdeziel: I added this line to the config file:
<sdeziel> mojtaba: something like that: https://paste.ubuntu.com/p/YxcHkBVW32/
<mojtaba> Host NodeA
<mojtaba>       ProxyCommand ssh VPS -W localhost:PortNumber -l UserName
<mojtaba> But it is not working as expected, the command line is asking for the password of the NodeAuser@VPS_IP.
<sdeziel> mojtaba: in the proxy command, make sure that "ssh VPS" matches the host entry you already have for the VPS
<mojtaba> sdeziel: Ok, so I have to remove the -l username part?
<sdeziel> mojtaba: sec, I made some errors, I'll send another paste
<sdeziel> https://paste.ubuntu.com/p/WHGMJW28mm/
<mojtaba> sdeziel: Ok thanks. I removed the -l part and it is sending my laptop's username @ Hostname
<sdeziel> mojtaba: so from your laptop can you simply type "ssh nodeA"?
<mojtaba> sdeziel: It is asking the password of the NodeA user, although I can directly ssh to node A using private key.
<mojtaba> sdeziel: Do you know what should I do to use that authentication key instead of password?
<blackflow> mojtaba: the part I fail to understand is opening another ssh connection, but to localhost. that just.... connects it to itself, doesn't it? did you alter the IP for "localhost"?
<blackflow> or am I misunderstanding what you're trying to do
<mojtaba> blackflow: No, I didn't change it. It is working now with the config sdeziel si suggesting. But it is asking for password instead of using the auth key.
<sdeziel> mojtaba: could you share the output of  "ssh -v"?
<mojtaba> sdeziel: It is generating some output and then asks for the password. How should I grab the output?
<mojtaba> sdeziel: I know pastebinit
<sdeziel> mojtaba: yeah, paste it all (initial command included) and also may your ssh_config?
<mojtaba> sdeziel: How should I paste it? ssh | pastebinit ?
<blackflow> mojtaba: did you set up the pubkey authentication on the third machine? if yes, then you need to -A on your client side, OR set up another key pair on nodeA to connect to nodeB. you also need to disable PasswordAuthentication if you want keys to be effective.
<mojtaba> blackflow: I can connect from my laptop to both VPS and node A using the keys that I have created before.
<mojtaba> How should I use flag -A?
<sdeziel> mojtaba: run ssh on you laptop, let it fail. start pastebinit, copy the SSH output and paste it in pastebinit, then Ctrl-D
<blackflow> mojtaba: yes, but if you do not *disable* PasswordAuthentication then using keys has no security benefit.
<sdeziel> mojtaba: the proxycommand is to avoid needing "ssh -A"
<sdeziel> mojtaba: so it is kind of orthogonal
<mojtaba> sdeziel: It doesn't fail. It asks for the password and when I type password it connects.
<sdeziel> mojtaba: then Ctrl-C it at the password prompt
<mojtaba> sdeziel: The problem now is how to connect using two different keys. one for vps and another one for nodeA.
<sdeziel> mojtaba: as blackflow said, did you add your laptop's public key to node A's authorized keys?
<blackflow> mojtaba: why are you using different keys?
<sdeziel> mojtaba: with the proxy command that will work
<blackflow> yeah.
<sdeziel> mojtaba: with the proxy command, your laptop will ssh to VPS, then SSH to nodeA through the VPS tunnel
<mojtaba> sdeziel: Yes, I have defined those before. I can connect to nodeA using ssh NodeA and to VPS by typing ssh VPS
<mojtaba> But they have two different keys.
<sdeziel> mojtaba: https://paste.ubuntu.com/p/4F5GXky9Vb/
<mojtaba> This is the output of the ssh
<mojtaba> https://paste.ubuntu.com/p/DxmXmbZhKF/
<mojtaba> sdeziel: Thank you very much. It is working now.
<mojtaba> blackflow: thanks a lot.
<blackflow> btw did you have to use -A for the ProxyCommand'ed ssh? Or is -A implied with it?
<mojtaba> sdeziel: Do you know how can I make it persistence? I mean the reverse ssh.
<sdeziel> mojtaba: good, you offered 3 keys to homed but none was accepted. Looks like you are missing some in homed's authorized_keys
<mojtaba> blackflow: No, I used ProxyCommand.
<blackflow> mojtaba: yes, and that just executes a command, in your case ssh. did you have to use -A for it?
<mojtaba> sdeziel: which line?
<mojtaba> blackflow: No I didn't use -A.
<sdeziel> mojtaba: in your paste, the last few line with "Trying private key"
<sdeziel> mojtaba: those are the keys you tried to auth with for homed
<ahasenack> rbasak: hi
<sdeziel> mojtaba: and none was accepted so you ended up asked for a password
<ahasenack> rbasak: could you educate me a bit on git tree objects?
<ahasenack> rbasak: in particular, I'm trying to understand methods like dsc_to_tree_hash() in git-ubuntu
<sdeziel> mojtaba: do you expect on of those key to work or do you use a specially named one?
<mojtaba> sdeziel: that's weird, I don't have those keys in my .ssh directory.
<ahasenack> is that like used like a simluated import, just to get what hash it would have, but without importing it?
<blackflow> mojtaba: and on the laptop side? with or without -A ?
<mojtaba> sdeziel: I have nowhere used -A.
<blackflow> mojtaba: k, thanks.
<mojtaba> blackflow: thank you!
<sdeziel> mojtaba: then how are you using your keys?
<mojtaba> sdeziel: With you latest configuration, it connects using the correct key.
<mojtaba> sdeziel: I define them in the config file.
<sdeziel> mojtaba: please share that config
<sdeziel> or the relevant portions of it
<mojtaba> sdeziel: Ok. Just a sec.
<mojtaba> sdeziel: http://paste.ubuntu.com/p/vWnD2ktPHn/
<sdeziel> mojtaba: line 20 should be identical to line 7, no?
<sdeziel> mojtaba: you are trying to auth to node A with a user named "osmc", is that what you intended?
<sdeziel> mojtaba: that's from your previous paste
<mojtaba> sdeziel: well yes.
<mojtaba> sdeziel: line 20 and 7 are the same
<mojtaba> sdeziel: blackflow: Any suggestion regarding the config file?
<sdeziel> mojtaba: the config looks good
<sdeziel> mojtaba: what logs do you have on node A?
<mojtaba> sdeziel: how can I check it?
<sdeziel> mojtaba: on node A: "tail -f /var/log/auth.log"
<sdeziel> mojtaba: then try to connect again, you should see a bunch of lines printed by sshd
<mojtaba> sdeziel: no such file or directory!
<sdeziel> mojtaba: it seems to be a debian box so that's surprizing
<sdeziel> mojtaba: maybe /var/log/authlog ?
<sdeziel> or /var/log/secure?
<rbasak> ahasenack: sure. What do you want to know?
<ahasenack> what I asked just after? :)
<mojtaba> sdeziel: I have faillog and lastlog
<rbasak> Oh
<rbasak> Sorry
<rbasak> ahasenack: it's not simulated, it's the real thing.
<rbasak> git is garbage collected. So you can create objects that have hashes with no reference to them, and in the short term they will continue to exist.
<ahasenack> what does it mean to have a git tree? I originally thought they were branches
<ahasenack> so a branch is a tree with a name, sort of?
<rbasak> We create the tree object first to examine it, and only after examination of the result do we create a commit that uses it.
<sdeziel> mojtaba: grep -sl sshd /var/log/*
<rbasak> Not quite.
<rbasak> A blob is a binary...blob. It's hashed to get its...hash.
<rbasak> A tree is a list of entries.
<Neo4> Hi
<rbasak> Entries can be references to blogs or other trees.
<rbasak> Entries have some other minimal metadata too.
<mojtaba> sdeziel: dpkg.log
<ahasenack> so this tree is like a temporary scratch area
<rbasak> A tree is also given a hash based on the hash of the list of its entries.
<Neo4> I've installed webmin there exists postfix and dovecot but I don't know how configure that all
<ahasenack> the way we use it
<rbasak> A commit contains some metadata and a reference to a tree.
<sdeziel> mojtaba: that's unexpected
<Neo4> webmin is really nice thing
<rbasak> A branch is a reference to a commit, as is a tag.
<mojtaba> sdeziel: It is raspberry pi
<rbasak> When a commit is created, first the underlying tree is established. The metadata is added, and then the whole thing is stored and its hash retrieved.
<rbasak> Usually the branch pointer is updated to point to the new commit.
<rbasak> All those steps happen anyway.
<mojtaba> sdeziel: https://paste.ubuntu.com/p/pgvJBGXcdd/
<rbasak> The importer performs the first step itself directly so that it can examine the result before it does the rest.
<sdeziel> mojtaba: ah, then I don't know where the authlog would be
<mojtaba> sdeziel: how is that one useful?
<ahasenack> rbasak: ok, I was thinking "simluated" as in, "if it doesn't work, let's discard it"
<sdeziel> mojtaba: dpkg.log is not useful unfortunately
<mojtaba> sdeziel: No, I mean the auth logs.
<rbasak> ahasenack: we could do that. "Discard" in this case would be just forgetting the hash, because git will garbage collect it itself later. In practice, I'm not sure if we do ever discard it.
<ahasenack> rbasak: a developer working with a git repo would normally not use trees like this, right?
<ahasenack> rbasak: right, do nothing, let it be gc'ed
<rbasak> ahasenack: a developer working with a git repo normally never deals with tree objects directly.
<rbasak> They get created implicitly when commits are created.
<ahasenack> ok, we have just broken down one of the interim/internal steps when we create this tree to examine it before creating the commit
<rbasak> (actually that gets optimised and it gets done when "git add" is called, but let's ignore that detail)
<rbasak> ahasenack: right
<ahasenack> ok, thx :)
<sdeziel> mojtaba: the auth.log would have messages from sshd as to why it didn't let osmc in
<sdeziel> mojtaba: looking again at your ssh -v output, I now realize that your client is not proposing to auth with ~/.ssh/nodeA
<sdeziel> mojtaba: as a test, could you copy/move ~/.ssh/nodeA to ~/.ssh/id_rsa? Please make sure you don't have any id_rsa key in the first place
<mojtaba> sdeziel: Ok
<mojtaba> sdeziel: should I change the name of both private and public keys/
<mojtaba> ?
<sdeziel> mojtaba: yes
<skinux> I need help troubleshooting file not found errors to see if it's permissions causing it.
<skinux> I'm using /var/www/html web root, files are 644 and directories are 755
<sdeziel> skinux: the web server's error log should hint you
<teward> ^ that
<teward> sdeziel: stop stealing my words :P
<teward> (just kidding)
<mojtaba> sdeziel: It says next authentication method: password
<sdeziel> teward: strdup
<sdeziel> mojtaba: could you share another ssh -v ?
<mojtaba> sdeziel: https://paste.ubuntu.com/p/ZTnHZFVVVS/
<sdeziel> mojtaba: it's now trying to use ~/.ssh/shutterPI
<mojtaba> sdeziel: Yes, it is the correct key
<skinux> sdeziel: I've seen the log check here https://gist.github.com/skinuxgeek/4d4f86490f87805d1781782670551db9
<sdeziel> skinux: doesn't look like a permission error at first glance
<sdeziel> skinux: maybe lower error_log?
<sdeziel> mojtaba: ls -l ~/.ssh/shutterPI
<skinux> Like what?
<mojtaba> sdeziel: I have that file. This is the original file, which I renamted.
<sdeziel> skinux: the default severity is "error" so I'd try that
<skinux> I just did, same error
<skinux> Primary script unknown. It makes no sense
<sdeziel> skinux: this error seems to be from PHP-FPM
<skinux> nginx uses user www-data, which is part of group www-data
<skinux> Should that be running as as www-data too?
<sdeziel> skinux: by default, PHP-FPM runs with www-data:www-data too
<sdeziel> mojtaba: I'm still thinking about what it could be
<mojtaba> sdeziel: What do you mean?
<sdeziel> mojtaba: I have not thrown the towel yet ;)
<mojtaba> sdeziel: :)
<mojtaba> sdeziel: It is working fine now.
<sdeziel> mojtaba: oh, how so?
<mojtaba> With your last config file.
<sdeziel> skinux: IIRC, PHP-FPM can log errors to syslog or a file, might want to check there
<skinux> All PHP log says is that the log file is re-opened
<skinux> THe log doesn't say anything about any requests, which it did on the 13th. It's got to be an nginx configuration issue then
<teward> rbasak: nacc: Final freeze is in a few days, but we're going to have a headache with nginx - it's going to be on a 'development' branch, unless we can convince the release team and the SRU team to let us jump to the 'stable' release branch directly post-release, which *could* have some blocking problems.
<dpb1> teward: what blocking problems
<teward> dpb1: no guarantee of 'no new features'
<dpb1> teward: doing an MRE to a 'stable' series is usually acceptable
<teward> as it stands a new release of NGINX came out since the last merge
<dpb1> teward: especially for LTSes
<teward> and while I *could* do a merge there, it's still in the devleopment branch
<dpb1> teward: since the one that nacc did?
<teward> yep
<dpb1> ok
<teward> so even if I do that merge
<dpb1> teward: what's the stable target for them?
<teward> between now and LTS release it could be 3 more dev versions before nginx releases a stable
<dpb1> (upstream, I mean)
<teward> dpb1: pick a date between the 20th and the last day of April
<teward> they don't set any final dates
<teward> they just 'release when ready'
<teward> historically it's on or around the 24th
<dpb1> but after, they are going to mark it "stable"?
<dpb1> in some way?
<teward> let's say that the day they make it stable devel was on 1.13.23 - that becomes 1.14.0
<teward> they cut 'stable' from the then-development branch
<dpb1> OK
<teward> in 16.04 this 'worked' because between the version in xenial and post-release there were no changes except a version bump
<teward> which the release team let in
<teward> but I can't guarantee there won't be more features
<dpb1> when that time comes, I think an SRU post release would be an option, more painful than not having to do the sru, but probably preferrable.
<teward> OK
<teward> are bugfix-only things allowed in past FeatureFreeze but before FInalFreeze?
<teward> i forget ;)
<teward> wow there's been *two* releases
<teward> damn
<DammitJim> can one control services with: systemctl on Ubuntu 16 w/o using sudo?
<teward> not safely no
<DammitJim> meaning, right now I have the unit set for a particular user, but it still asks for authentication
<DammitJim> I might need to add a NOPASSWD entry in the sudoers file, huh?
<sdeziel> DammitJim: systemd allows having user services
<DammitJim> that's what I thought sdeziel but I don't know why it's asking for authentication
<sdeziel> DammitJim: might be useful if the said service doesn't require more privilege than the user you want to interact with
<sdeziel> DammitJim: have you tried "systemctl --user" ?
<DammitJim> let me try
<DammitJim> I was logging on as the user and then just doing: systemctl start <service>
<sdeziel> the man page says: --user: "Talk to the service manager of the calling user, rather than the service manager of the system."
<sdeziel> DammitJim: by default --system is implied
<DammitJim> weird... I get an: Failed to connect to bus: No such file or directory
<sdeziel> DammitJim: is the service unit in the per-user config dir? See man systemd.unit for those path
<DammitJim> let me look that up... I just  have the service unit defined in /etc/systemd/system
<sdeziel> DammitJim: I haven't use user services to date so all this is based on assumption/man page reading ... in other words potentially wrong/erronous
<DammitJim> thanks
<sdeziel> np
<arrrghhh> Hello all.  Is there a certain kernel version required to use losetup?  I am trying to create a loop disk and it does not work... basically I just need to carve out some space on my VPS to keep for SFTP space, and I cannot partition the actual disk
<arrrghhh> Or is there another way to make a 'virtual' disk without losetup?
<nacc> arrrghhh: and you never plan on rebooting your vps?
<arrrghhh> nacc, I assume I can set the loop disk via fstab?
<nacc> arrrghhh: i mean, it's not persistent
<nacc> arrrghhh: so every reboot, whatever was in that memory-backed disk is gone
<nacc> arrrghhh: what did you mean by 'SFTP space'?
<arrrghhh> Oh I didn't realize I was creating a ramdisk
<blackflow> nacc: isn't losetup file backed with -j ?
<sdeziel> arrrghhh: you need a device for quota I guess?
<arrrghhh> nacc, bad term I guess.  I basically just need space for SFTP.  The VPS is doing other tasks, and I need someway to 'reserve' ~30gb of space for SFTP purposes
<arrrghhh> sdeziel, basically yes
<nacc> blackflow: i did't see them specify -j :)
<nacc> blackflow: by default, it uses a loop device (iirc)
<arrrghhh> nacc, it would be backed by a .img file
<arrrghhh> this is the guide I was (attempting) to follow http://www.linuxandubuntu.com/home/creating-virtual-disks-using-linux-command-line
<sdeziel> arrrghhh: this guide says to create partitions, that's not needed
<blackflow> ah, it's -f, not -j
<arrrghhh> sdeziel, I was following the 1gb portion of the guide, so single partition...
<nacc> blackflow: i think you were right on -j, -f is for find
<arrrghhh> but yea either way it doesn't make a difference to me, I just need some way to 'reserve' ~30gb of space on the VPS
<blackflow> nacc: no it's the other way around, -j shows, -f associates
<blackflow> had to look it up, it's been a while since I used something like that. Nowadays I just use ZFS and zvols
<nacc> blackflow: ah confusingly written manpage :)
<blackflow> indeed.
<sdeziel> arrrghhh: assuming you run a Ubuntu kernel, the kernel part should let you use loop devices
<lynorian> I think xfs has built in quotas as well
<arrrghhh> sdeziel, it is Ubuntu but the kernel is ancient.  This VPS is .... cheap.  It's Ubuntu 16.04, but I am on some ancient 2.32 kernel
<blackflow> eew
<sdeziel> arrrghhh: sounds like an OpenVZ host or something
<arrrghhh> ^^ yep
<blackflow> xen with host-based kernel
<blackflow> 2.6.32 sounds like RHEL/CentOS 6
<arrrghhh> Description:    Ubuntu 16.04.4 LTS
<arrrghhh> Linux server 2.6.32-042stab125.5
<sdeziel> arrrghhh: if that's indeed an OpenVZ kernel, then I don't think you can use loop devices as is. See https://www.jamescoyle.net/how-to/2132-mount-a-loop-device-in-an-openvz-container
<blackflow> stab, yeah, openvz
<blackflow> CloudLinux actually
<sdeziel>  2.6.32-openvz-042stab128.2 is current, so your host needs maintenance :)
<arrrghhh> sdeziel, doesn't surprise me haha.  so is there any other alternative to achieve what I am looking to do?
<blackflow> get a decent KVM-based VPS service? :)
<arrrghhh> $$$
<blackflow> How much
<arrrghhh> how much is my current setup?  dirt cheap.  like stupid cheap.
<blackflow> yeah, how much
<arrrghhh> I don't really even need a VPS, but damn this was so cheap.  $8/year
<blackflow> omg. that really is cheap.
<arrrghhh> yea I just added 50gb for $5/yr... lol
<sdeziel> arrrghhh: I'm not even sure you are allowed to mount ext4 FS in such containers
<arrrghhh> hmph
<blackflow> arrrghhh: maybe you could use nbd with qemu to mount a file as a block device
<sdeziel> arrrghhh: but it's been ages since I touch OpenVZ
<arrrghhh> yea it is very limited...
<blackflow> no idea if that's possible under ovz but it's a way to get a block device.
<arrrghhh> ok I'll look into it thx
<blackflow> arrrghhh: qemu-nbd, but since it needs to create a device under /dev  I doubt it'd be possible under ovz
<blackflow> but eh.... going back to your orig requirement, are there user quotas available?
<sdeziel> if basic quota works then yeah, no need for a blockdev
<arrrghhh> I have an overall quota for the whole VPS, I guess I'm not sure about user quotas
<sdeziel> arrrghhh: can you by any chance attach other mounts or devices to the VPS?
<arrrghhh> sdeziel, looking at the webUI now, I do not see a way to do that.  When I added the 50gb, it just showed up on /
<sdeziel> arrrghhh: OpenVZ supports multiple quota levels (per VPS and per user/group inside the VPS)
<sdeziel> arrrghhh: https://wiki.openvz.org/User_Guide/Managing_Resources#Turning_On_and_Off_Second-Level_Quotas_for_Container
<sdeziel> maybe you have it enabled in yours
<nacc> rbasak: you don't happen to be around?
<arrrghhh> heh.  seems to be disabled, I'm betting this is why "The value for it should be carefully chosen; the bigger value you set, the bigger kernel memory overhead this Container creates."
<arrrghhh> I'll open a ticket with the VPS provider and see if they have any solutions or if this is enabled... otherwise I might just have to deal with the space getting consumed, maybe I can set a quota on nZEDb
<sdeziel> I don't know how they can offer both a VPS and some support for 8$/year ...
<arrrghhh> Let's just say their response time leaves some to be desired, and I haven't really attempted any 'support' yet.  For example, they took my whole $5 for the additional 50gb - instead of adding it right when they took my money, I had to wait a few days and open a ticket to prod them into getting ti done...
<arrrghhh> it*
<teward> rbasak: nacc: dpb1: release team accepted 1.13.12 into proposed, so we're getting there.  (No more issues to worry about, for now)
<olivierb-> Hello everyone, may be you did not see my message early CET time today: I have a situation for which I need your expert help here as digging out how to fix this has been very unproductive for the last couple of days
<olivierb-> I have a ubuntu 16.04 minimal server image using LVM partitioning and xfs which boots perfectly well and was generated using OpenStack DIB (disk image builder).
<olivierb-> However when I try to add a package which requires init ram disk rebuild (like overlayroot or others)  I end up not beeing able to reboot the machine
<olivierb-> I have nailed down the issue to the fact that LVM does not seem to be taken into account because I tried without LVM on xfs+extX successfully and LVM + any of extX, xfs being a failure
<olivierb-> Of course I have tried adding the modules in /etc/initramfs-tools/modules without any success
<olivierb-> What is also very strange is that my initial and working initrd file is 9 Mb big and the failing regenerated one is 32 Mb. Trying dep instead of most in the conf file make the size got down to 15 Mb which is still twice the initial working version.
<olivierb-> Any clue what could be the cause, where to look and how to fix this ?
<olivierb-> One other thing is that my 1st initrd file in the DIB image has been generated using dracut which is also present in my packages list so may be it somehow also interferes with initramfs-tools ? Just a wild guess
<sarnold> olivierb-: do you have the corresponding -extra package for your kernel installed? I've seen that cause boot failures plenty ..
<olivierb-> sarnold let me check this
<olivierb-> yes it is installed in the image too
<sarnold> dang. there goes the easy solution.
<sarnold> how far in the boot does it get?
<olivierb-> seems like it can not mount rootfs which is in LVM/xfs partition
<mecotri> Lately when I reboot my server several services fail to start with the error cannot bind address in use. I haven't made any configuration changes since everything worked as expected, I've only perform updates.  At first it was just Dovecot that had the issue and today after installing more updates apache and ssh failed to start also because the address was in use.
<sarnold> you can use netstat's -p flag to find out which process already has those sockets bound
<mecotri> sarnold: thanks. Looks like my problem this time is the interface isn't up for some reason. It was just before rebooting.
<sarnold> mecotri: and you got back "address in use" errors for that? o_O
<mecotri> sarnold: I got that for dovecot and got cannot bind address for apache and ssh. I wrongly lumped them together as part of the same issue.  Any ideas on seeing what's keeping the interface from coming up? My static addresses are set using /etc/netplan/01-netcfg.yaml
<sarnold> mecotri: could you file a bug against dovecot? there's a chance its systemd configuration is using the wrong "make sure networking is up" directive
<sarnold> (for some reason systemd seems to have immense trouble with this. :( )
<cyphermox> interface is not coming up, or some dovecot thing is not binding to it?
<mecotri> sarnold: Will do.
#ubuntu-server 2018-04-17
<dunnousernamefn> What are the *actual* memory requirements for Ubuntu Server on ARM? I see 3 different metrics on 2 different wiki pages. I want to install a drupal server with 256MB (the minimum requirement for drupal is 64MB) and I'm not sure what metric to look for
<sarnold> I ran ubuntu on a pandaboard es for a while; that only had one gig. that was fine for a surprising amount of uses..
<sarnold> 256 megs for an interpreted language runtime sounds tight to me
<sarnold> but if drupal thinks they can pull it off...
<dunnousernamefn> They said 64MBs
<dunnousernamefn> But that doesn't consider the actual OS
<dunnousernamefn> I see in different places on the wiki either 256MB, 384MB, or 512MB; which is kind of confusing
<sarnold> if they said 64 megs for their own use, and you don't have unrealistic expectations, it sounds worth a try to me
<sarnold> my little aws machine is only 512 megs and currently has >300 megs cached
<sarnold> it's really only doing ssh, mosh, irssi, plus whatever it does by default
<dunnousernamefn> Hmm, I found 31MB on https://help.ubuntu.com/16.04/installation-guide/arm64/ch02s05.html
<sarnold> woah. I wonder how long it's been since someone tried that..
<dunnousernamefn> It's 16.04 LTS...
<dunnousernamefn> But that sounds pretty theoretical
<dunnousernamefn> Maybe maintenance mode :P
<sarnold> 31 megs sounds like kernel plus sshd plus busybox to me :)
<dunnousernamefn> I could theoretically run it on a microcontroller given external RAM
<dunnousernamefn> If you click the realistic figures link, it says 128MB without a desktop is minimum
<dunnousernamefn> But I'm not sure if it is talking about Desktop or Server at this point
<sarnold> they're close enough to identical if you don't actually *run* the desktop
<dunnousernamefn> I had trouble with the Ubuntu Desktop installer... now I have Server on my laptop... it only breaks when I close the lid
<dunnousernamefn> I only regret it a lot
 * mwhudson looks at the arm64 in that url
<sarnold> it's not like they're different operating systems, just default package selections; apt-get install network-manager unity   and you're 90% of the way to a tolerable desktop...
<mwhudson> can you even get a system with an arm64 cpu and less that, say, 128 megs of ram?
<sarnold> mwhudson: VMs?
<mwhudson> sarnold: true
<sarnold> granted .. the only arm64 VM provider I know seems to go for HUGE systems :)
<dunnousernamefn> I found some cheap clone of the RPI and I'm trying to use that
<mwhudson> sarnold: heh packet.net?
<dunnousernamefn> Is there still a minimal ubuntu iso?
<sarnold> mwhudson: yeah ... now that I'm at their website and trying to find it again, I just don't ...
<mwhudson> sarnold: it's there, just hiding
<mwhudson> or was last week anyway
<dunnousernamefn> Also mwhudson https://github.com/Wunkolo/OakSim
<sarnold> hehe
<dunnousernamefn> Or https://github.com/atrosinenko/qemujs
<sarnold> dunnousernamefn: maybe http://cdimages.ubuntu.com/netboot/xenial/ ?
<dunnousernamefn> I think I can get everything I need if I just have apt and a dhcp client
<dunnousernamefn> Is that provided?
<dunnousernamefn> Oh, but I need openssh
<mwhudson> oh scaleway have armv8 now too
<sarnold> oo
<sarnold> "Formerly the "Type 2a""
<sarnold> sure enough they went to some effort to confuse me
<dunnousernamefn> Packet.net says tiny was "as low as $0.00/hr in the last 7 days."
<dunnousernamefn> Cool
<sarnold> three euro per month for an armv7 and two gigs ram, 50 gigs ssd. wow.
<mwhudson> also thunderx it seems
<dunnousernamefn> Woah I didn't know that there were legitimate relatively-public ARM cpus
<dunnousernamefn> I thought it was all proprietary
<dunnousernamefn> Anyways, I guess I should get 512MB
<sarnold> I expect you'd be far happier  with 512 than 128
<dunnousernamefn> No, 256
<dunnousernamefn> Wait, did I say 128?
<sarnold> you did say 256 ..
<JanC> sarnold: we used to run interpreted language websites using CGI on 64MiB systems 18 years ago, why would that suddenly be a problem...  ;)
<sarnold> JanC: because perl was small and fast and quick and python is none of these things :)
<JanC> and that included MySQL, BIND, Apache, qmail, etc. all on the same server IIRC
<JanC> we actually had Perl & PHP websites on that
<JanC> to be fair, the machine was replaced with a 512 MiB machine the next year
<sarnold> JanC: I still remember the docs saying "you can run linux in 4 megs of memory but if you want to use X11 you really do need 16M"
<JanC> sorry, I forgot, we had Perl, PHP & ColdFusion sites on that same machine
<sarnold> *coldfusion* too? wow ;)
<JanC> I had to write sites in ColdFusion actually...
<JanC> the Perl & PHP stuff was things we hosted
<JanC> of course most people were still on dial-up back then, so slowness was easy to explain (except to the then small but growing number of those on cable)
<JanC> but that 64 MiB linux machine didn't do too badly (it was about comparably with a 384MiB Windows NT machine with IIS, Exchange & MS SQL Server that my employer also had)
<sarnold> let me guess, qmail handled *way* more mail than exchange did ..
<JanC> I'm not sure which one handled more mail (the exchange was used for internal mail), qmail (and some POP server, I forgot which) was used for client's mail
<sarnold> I wonder why we need machines with a thousand times the memory these days :(
<JanC> it wasn't exactly a big company, and it did all sorts of things from selling computer parts to hosting sites...
<JanC> in 2000 that still existed  :)
<sarnold> haha
<JanC> well, I guess Amazon still does all that too  :P
<JanC> at a slightly different scale
<sarnold> and back in 2000 one of the leading ISPs in the area ... was a book store. so.
<JanC> about the extra memory: like I said, dial-up was still common then, and most people didn't have internet yet
<JanC> so the load on a server and the expected speeds were much much lower
<JanC> cable internet started a couple years before in some cities & became more generally available that year
<JanC> and even DSL was often limited to 0.5-4Mbit/s
<JanC> and all of it was horribly expensive (compared to now)
<sarnold> my first isp warned me that he only had a 14.4 uplink to the internet before I joined; that sounded fine by me since I also had a 14.4. :) hehehe
<sarnold> it was so much faster than the 2400 I had been using on BBSes..
<JanC> until you found out the only time you could use all of that was at 5am?  :)
<JanC> funny detail: my current ISP which I switched to half a year ago is the only one which still operates dial-up here in Belgium  :)
<JanC> I wonder who actually still uses that  :P
<JanC> IIRC they said they would operate it until all their dial-in equipment is broken  :)
<sarnold> JanC: heh, he upgraded to a T1 at some point :D
<sarnold> wow
<sarnold> that's gotta be expensive
<sarnold> time for me to bail :) have  agood ... morning? JanC :)
<dpb1> :)
<JanC> sarnold: it's not expensive for them, I guess
<JanC> they just need one system with a couple modems you can call into; I doubt there are many users
<dunnousernamefn> https://www.debian.org/releases/stable/arm64/ch03s04.html.en wow, debian has practically the same html documents as ubuntu
<Sircle> How to make wildfly re run if it gets crashed (this is happening to me a lot I dont know why). Using Ubuntu
<RoyK> Sircle: I guess someone in #java might know - I have no idea myself :)
<Neo4> http://91.227.18.36
<Neo4> I've set up on server LAMP
<Neo4> http://91.227.18.36:10000
<Neo4> webmin is not useful. It is good use when you know how application works and know how to customize using command line
<Neo4> I can install and customize:
<Neo4> 1. create new user, Set SSH key, and install firewal UFW
<Neo4> LAMP + phpmyadmin
<Neo4> it would be good install there webserver postfix, postfixadmin
<Neo4> wait guys, we will together install webserver in realtime
<Neo4> now put postfix, squrelmal and roundcobe on Apache and then will see. wait
<Neo4> I think together we could do this
<blackflow> Neo4: which ubuntu?
<Neo4> 16.04
<blackflow> don't install roundcube from packages. it's unmaintained with lots of security vulns unfixed since the version in the repo.
<Neo4> blackflow: I'll install for test
<Neo4> I've installed postfixadmin
<Neo4> http://kselax.ru/postfixadmin-3.1/login.php
<Neo4> postfix and dovecote
<Neo4> opened ports, 25 and 143,
<Neo4> telnet kselax.ru 143 shows dovecot
<Neo4> and telent kselax.ru 25 seems doesn't work?
<Neo4> when do from localhost it show there postfix
<Neo4> telnet localhost 25
<Neo4> go on, we'll have today mail server :)
<sdeziel> Neo4: I can reach kselax.ru 25
<Neo4> sdeziel: ok, good
<sdeziel> Neo4: maybe your ISP blocks outbound SMTP connections, this is common here
<Neo4> sdeziel: what does it means? I won't able to get mails? How you can reach and I not?
<Neo4> ok, you use differ ISP and my host placed in other ISP
<sdeziel> that ^
<Neo4> my ISP that I use for go to internet block 25 port?
<Neo4> why?
<hateball> To reduce spam is usually the main reason
<Neo4> if somebody will want to send mail?
<sdeziel> but I was just guessing so you might want to test it properly
<Neo4> I can send mails from thunderbird
<sdeziel> Neo4: email is usually send on TCP/587 or TCP/465 for the first hop
<sdeziel> s/send/sent/
<Neo4> sdeziel: see I got this in local computer
<Neo4> neo@neo3:~$ telnet kselax.ru 25
<Neo4> Trying 91.227.18.36...
<Neo4> Ok, port will break down later, I want to install roudcobe and squrelmail now
<Neo4> And then maybe have to rebuild postfix with support mysql
<gpiccoli> Hi folks, I'm facing an "issue" with libvirt and apparmor in Ubuntu. It might be silly, but I'd like to understand if this is my mistake or some bug
<gpiccoli> I've added an image file to my guest through XML, but libvirt cannot start the guest - permission denied
<gpiccoli> It's apparmor blocking it - so how can I circumvent this in a right way?
<gpiccoli> In the old times I've used selinux, and I was able to change the permission of the image file using selinux tools (i guess chcon)
<Neo4> squirrelmail doesn't work, I dont know how to create there new user
<Neo4> http://kselax.ru/squirrelmail-webmail-1.4.22/src/login.php
<cpaelzer> gpiccoli: depends on the image and such, usually guests get a custom apparmor profile based on their description
<gpiccoli> cpaelzer, I was informed that you may know the answer upfront heheh
<cpaelzer> indeed
<gpiccoli> wow, you're fast!
<gpiccoli> I bet you have a highligt for the *virt*
<gpiccoli> hehehe
<cpaelzer> I have
<gpiccoli> so, is there a way to change this profile cpaelzer ?
<gpiccoli> it's a nvme image
<cpaelzer> gpiccoli: well if not a super special awkward case first of all it should just work
<gpiccoli> I'm adding through <qemu:command>
<cpaelzer> aah
<cpaelzer> here we go
<gpiccoli> it is super awkard case!
<cpaelzer> yeah qemu: namespace is invisible to libvirt and due to that not able to be handled by virt-aa-helper
<cpaelzer> gpiccoli: but we can help it a bit :-)
<gpiccoli> great cpaelzer =)
<cpaelzer> gpiccoli: currently the only "problem" is that you have to apparmor-allow that path for all guests, you can not (yet) restrict it to just one
<gpiccoli> it's totally fine by me!
<gpiccoli> not so fine to people running vps services though heh
<cpaelzer> gpiccoli: to do so go with editor of your choice to /etc/apparmor.d/abstractions/libvirt-qemu
<cpaelzer> gpiccoli: we will get per guest includes, I just wait for an apparmor feature to land
<gpiccoli> ok!
<gpiccoli> cool =]
<cpaelzer> in that file add your path with/without wildcards as you want
<cpaelzer> actually
<cpaelzer> which version of Ubuntu are you running?
<gpiccoli> bionic cpaelzer
<cpaelzer> ah we have no user-includes for the abstractions
<cpaelzer> only for libvritd and virt-aa-helper
<cpaelzer> go for the file I said
<cpaelzer> for custom guest overrides it really will be the per guest include (one day)
<gpiccoli> hehehe
<gpiccoli> so cpaelzer, in that file, can I add /var/lib/libvirt/images/* X, where X should be...rw I guess?
<cpaelzer> bug 1745114 for the per guest include btw
<ubottu> bug 1745114 in libvirt (Ubuntu) "Please add guest uuid and guest-generic local include files" [Low,Triaged] https://launchpad.net/bugs/1745114
<cpaelzer> gpiccoli: exactly
<gpiccoli> cool cpaelzer, will be a great addition!
<gpiccoli> cpaelzer, what is rwk ?
<gpiccoli> cpaelzer, partially worked. Seems I don't have the permission issue aymore...or I might be
<gpiccoli> 2018-04-17T14:13:59.811597Z qemu-system-x86_64: -drive file=/var/lib/libvirt/images/nvme0.img,if=none,id=nvme0: Failed to unlock byte 100
<gpiccoli> Could be another type of issue...
<gpiccoli> although the unlock keyword there might be related to permission again
<cpaelzer> gpiccoli: http://manpages.ubuntu.com/manpages/artful/man5/apparmor.d.5.html
<cpaelzer> TL;DR k = lock
<cpaelzer> gpiccoli: so you need k
<cpaelzer> as well
<gpiccoli> hehehe
<gpiccoli> cool, thanks a lot cpaelzer
<cpaelzer> newer qemu locks all images to ensure it is used mutually exclusive
<cpaelzer> have fun gpiccoli
<gpiccoli> worked like a charm cpaelzer
<gpiccoli> makes total sense!
<cpaelzer> might I ask who blackened me that I'd know these things?
<gpiccoli> cpaelzer, some bird...in some place...
<gpiccoli> hahaha
<gpiccoli> kidding,
<gpiccoli> it's jdstrand!
<gpiccoli> from apparmor =)
<cpaelzer> thanks
<cpaelzer> he is "allowed" to point to me :-) I tihnk I still owe a few favors for all the help I got :-)
<gpiccoli> heheh
<ahasenack> cpaelzer: I'm looking at debian policy 5.6.30 Testsuite, where it says that source package control files may have that field "if needed in other situations". No clue what "other situations" might be
<ahasenack> cpaelzer: I grepped existing packages I had lying around, and found XS-Testsuite instead of Testsuite
<ahasenack> do you know what's the difference?
<cpaelzer> I remember discussing that once
 * cpaelzer starts the page in of old memory
<ahasenack> fwiw, I got "Testsuite: autopkgtest" automatically included in the .dsc file
<cpaelzer> ahasenack: XS- ... is old style is what my memory tried to give me
<cpaelzer> does that make any sense?
<cpaelzer> with what you see?
<ahasenack> my sample *only* had xs-
<ahasenack> but it does sound like a prefix to be used with non-official fields
<ahasenack> like in email headers
<ahasenack> I searched for "xs" in the debian policy, found nothing
<cpaelzer> ahasenack: https://webcache.googleusercontent.com/search?q=cache:rTRO6caAUjkJ:https://lintian.debian.org/tags/xs-testsuite-header-in-debian-control.html+&cd=1&hl=en&ct=clnk&gl=de
<ahasenack> my local sample: https://pastebin.ubuntu.com/p/9vFfQ52nFt/
<ahasenack> ah, ok, so it became an official field
<cpaelzer> hmm this page of lintian is gone
<cpaelzer> I think this just is from the far past
<ahasenack> I'll add Testsuite then
<cpaelzer> yes I thnk XS- is hwo it started changing later
<ahasenack> just like it is in the .dsc
<cpaelzer> too much posts exception on this thread https://lists.debian.org/debian-devel/2014/01/msg00040.html
<cpaelzer> if you want to read a lot feel free
<ahasenack> not even vim's syntax highlighting recognizes "Testsuite"
<coreycb> jamespage: can you remind me how to get around the unexpected upstream changes when building ceph?
<jamespage> coreycb: its todo with the checkout in git which translates to local system line-endings
<jamespage> if you patch -R the delta file, and the git add the diff it will sort things out
<coreycb> jamespage: ack thanks
<popey> hello! who 'owns' the ubuntu server armhf images?
<popey> a valiant community member has done some testing...
<popey> http://iso.qa.ubuntu.com/qatracker/milestones/384/builds/169986/testcases/1464/results/
<powersj> popey: those bugs look like linux-* issues
<powersj> I would expect the kernel team to respond on making the proposed changes
<powersj> I know that dannf does a number of arm testing as well
<popey> ok, thanks.
<dannf> powersj: yeah, lots of arm64, but don't have any armhf gear
<ahasenack> cpaelzer: meh, ok, so even Testsuite is a lintian warning now
<ahasenack> N:    You do not need to specify a Testsuite: autopkgtest field if a
<ahasenack> N:    debian/tests/control file exists. It is automatically added by
<ahasenack> N:    dpkg-source(1) since dpkg 1.17.1.
<ahasenack> vim was right, as usual :)
<teward> rbasak: nacc: dpb1: oooh guess what came out today xD  NGINX 1.14.0
<dpb1> teward: and what I want to hear next.... "teward: I've already packaged it and tested it"
<dpb1> teward: :) :)
<teward> dpb1: waiting for them to spin the tarballs
<teward> it's tagged in git.
<dpb1> teward: that's cool
<teward> or rather hg.
<dpb1> right
<dpb1> ya, I found that out when I was digging into your request from a few weeks back
<teward> dpb1: my guess is by EOD it'll be available.
<teward> yep and there's the announcement.
<dpb1> teward: crunch time.
<teward> the tarball should be up soon
<teward> yep I know but hey at least we won't need a post-release update :P
<teward> and i have the base packaging I did yesterday and uploaded so that's pretty much ready to go :P
<teward> just need the **tarball**
<teward> yay it's a no-changes thing too :D
<teward> dpb1: local test builds worked fine, and I got the defaults working.  It's also sitting in the approval queue now, so if all goes well then we won't be scrambling for a post-18.04-release changeset to switch the version numbers over.
<teward> (for once)
<dpb1> teward: well, I'll be.
<dpb1> teward: nice.
<teward> now where's my lunch...
<runelind_q> I have an install of 16.04 on an mdadm mirror as a boot disk and a ZoL pool as LXD storage.  I'm wondering what my chances of a relatively pain free migration of the disks to an entirely different system would be?
<nacc> teward: nice!
<sdeziel> runelind_q: what you could do is set the new system up (maybe skip mdadm if you use zfs?) and then to "lxc move" or "lxc copy" of your containers
<runelind_q> sdeziel: yeah, I was just hoping to re-use the disks that I was using for ZoL
<blackflow> runelind_q: keep in mind that different systems might have issues with different ZFS pool versions. eg, pools created on 0.7.x ZoL are read-only on 0.6.x ZoL systems
<sdeziel> runelind_q: ah, in that case, you could break your mirror and set the new box with half a mirror. It's a small gamble but should work
<blackflow> runelind_q: it's actually about features enabled on the pools, so i'm talking about default features with respective versions.
<sdeziel> runelind_q: with 18.04 almost out, you may also want to use it for your new bo
<runelind_q> blackflow: yeah, but I was going to move the mdadm boot mirror as well.  Complete forklift of the system onto new HW
<runelind_q> yeah, that is a consideration.
<sdeziel> blackflow: that's a good point. If lxc move/copy is used, this should be transparent though
<blackflow> there's also that bug about zfs send-receive between different pool versions, in 0.6.x. it also affects FreeBSD iirc.
<sdeziel> blackflow: but that only affected a release that was never imported in Ubuntu, AFAIK
<sdeziel> err, nvm, I'm referring to something affecting 0.7.7
<blackflow> sdeziel: no it currently affects pre-bionic ubuntus.
<blackflow> yeah, you probably mean the data corruption bug found the other day in 0.7.7
<sdeziel> yup
<blackflow> I think this is the LP issue  https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1733230
<ubottu> Launchpad bug 1733230 in zfs-linux (Ubuntu) "'zfs recv' hangs when receiving from a FreeBSD zfs" [Low,Incomplete]
<blackflow> it's not just about FreeBSD. I had that issue when sending from a pool on Gentoo (0.7.x) to Ubuntu Artful (0.6.5)
<blackflow> otherwise I run ZoL on root in 17.10 (with separate ext4 /boot, but due to LUKS'd volume for ZFS), works like a charm.
<blackflow> eh... root on ZoL :)
<sdeziel> that's something I don't have the balls to try just yet
<blackflow> I have experience from FreeBSD, but was pleasantly surprised how everything just works. Then again I set up the pool manually and use debootstrap for installation.
<ScottE> Yeah, I've been running with ZFS for everything (except /boot, sometimes - for the same LUKS reason). It's great! A bit more work to install via debootstrap, but worth it in my opinion.
<blackflow> I don't know if grub is capable of mounting ZFS pools yet, I know it wasn't on 17.10, so a separate /boot is required even without LUKS.
<sdeziel> what worried me is the rescuability of this root on ZFS
<sdeziel> Ubuntu live CD didn't have the zfsutils-linux package installed last I checked
<dpb1> there is one issue
<ScottE> It is capable - I've done it without a separate /boot on xenial and jessie but it's a bit more finicky about grub version and configuration
<dpb1> the on disk format version.
<blackflow> sdeziel: yeah you have to install it manually on live cd, but if it can mount root, then all the tools are in initramfs. it's basically just two commands, zpool and zfs, with zpool doing all the important work. dunno if zdb is present, not sure if it's needed though. I actually never had to use it.
<blackflow> dpb1: that's the part about different versions I mentioned first. a warning about using systems with ZoL 0.7.x and systems with ZoL 0.6.x, the former pools being only read-only on 0.6.x
<dpb1> ya... you need to set '28' to be compatible with oracle zfs
<sdeziel> blackflow: I want to be able to rescue my box offline so installing packages in the live env is tricky.
<dpb1> or something like that
<dpb1> it's one considering we are thinking about before enabling this as a default option in Ubuntu
<dpb1> *consideration
<blackflow> sdeziel: I've installed ubuntu w/ root on ZFS both from the 17.10 live env, and from debian stretch, in both cases using debootstrap.
<blackflow> sdeziel: in both cases I had to install zfsutils-linux, which in addition had to compile the DKMS on debian (not needed on Ubuntu, it's part of the kernel package)
<sdeziel> blackflow: sure but my main concert is the offline rescue environment so I cannot apt-get install zfsutils-linux so even if the zfs.ko is available, it's useless to me
<blackflow> sdeziel: why can't you use apt?
<blackflow> (unless there's no networking of course)
<teward> blackflow: key words in sdeziel's message: "offline rescue environment"
<teward> no network there
<sdeziel> blackflow: I want offline rescue capabilities
<blackflow> ah, yeah.
<blackflow> I guess you can always prepare a bootable USB stick with all tools needed? I had one for Gentoo.
<sdeziel> or I could fill a bug to have zfsutils-linux added to the live env
<blackflow> or... that, yeah :)  that'd be better.
 * sdeziel doesn't know which package to report the bug to
<nacc> sdeziel: i'd file it on zfsutils-linux first
<sdeziel> nacc: on my way
<nacc> sdeziel: as it sounds like you want it seeded?
<runelind_q> is ubuntu a rolling release?  Like if I download the latest nightly of 18.04, apt will keep me in sync once the final version comes out?
<nacc> runelind_q: that's not what a rolling release is :)
<runelind_q> oh
<nacc> runelind_q: but apt will keep you up to date with 18.04 yes
<runelind_q> I don't need to do dist-upgrade or anything like that?
<sdeziel> nacc: yes, exactly
<nacc> runelind_q: well, you should (in general) be using full-upgrade (IMO) until release
<nacc> and even after, probably
<nacc> sdeziel: it's rather late for seed changes, fyi
<nacc> sdeziel: you may want to file the bug and then bring it up in #ubuntu-release
<sdeziel> nacc: I know but I'm in no rush
<nacc> sdeziel: ok :)
<ahasenack> what is "/usr/lib/triplet" (sic), in the context of the debian policy for shared libraries?
<ddstreet> smoser fyi, remember that isc-dhcp 'wait for DAD' bug (and related follow-on bugs for it)?  It looks like upstream isc-dhcp has "fixed" that by adding a --dad-wait-time param that of course defaults to 0 (and requires the OS script to support it too).  just fyi.  https://bugs.isc.org/Public/Bug/Display.html?id=36169
<smoser> ddstreet: nice. that http redirects you to a https that mozilla doesnt like
<Sircle> How to make wildfly re run if it gets crashed (this is happening to me a lot I dont know why). Using Ubuntu
<smoser> ddstreet: you should link to that in our bug.
<ddstreet> smoser yeah i think their (newly public, as far as i know) bug tracker is not direct-link friendly
<ddstreet> i'll put a note in the bug(s)...and also fyi there's yet another offshoot of this same bug, for 'stateless' dhcp, lp #1764478
<ubottu> Launchpad bug 1764478 in isc-dhcp (Ubuntu Bionic) "dhclient in 'stateless' mode does not wait for ipv6 dad" [Medium,New] https://launchpad.net/bugs/1764478
<ddstreet> maybe we can move off isc-dhcp to something more...maintained...
<ddstreet> especially since ISC appears to be abandoning their isc-dhcp-server in favor of their 'kea' server http://kea.isc.org/wiki
<smoser> ddstreet: well, we kind of have moved off isc-dhcp
<smoser> in fact it is no longer part of ubuntu-minimal in bionic
<ddstreet> oh good, what's the current recommendation?
<smoser> now its replacement ..... systemd-networkd i suspect has its share of issues.
<smoser> https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1717983
<ubottu> Launchpad bug 1717983 in cloud-init (Ubuntu) "replacement of isc-dhcp-client with with systemd-networkd for dhclient needs integration" [Undecided,In progress]
<ddstreet> ah, systemd...one ring to rule them all... ;-)
<ddstreet> smoser i haven't looked, do you know if networkd includes a dhcp server as well, or only client?
<smoser> ddstreet: dont worry, I have a feeling you'll have plenty of opportunity to become more familiar with systemd-networkd's dhcp server via bugs in the coming  months :)
<smoser> ddstreet just a client
<ddstreet> oh, i'm *sure* of that ;-)
<ddstreet> any 'official' recommendation for dhcp server?
<ddstreet> dnsmasq?
<smoser> isc-dhcp-server is still in main as is dnsmasq.
<sdeziel> systemd-networkd supports being a DHCP server (DHCPServer=)
<smoser> wow.
<ddstreet> soon, it will be a battle between emacs and systemd to see who can become the next OS-in-application
<ddstreet> smoser wow i didn't realize you'd already opened a 'stateless' dhcp bug, lp #1633562
<ubottu> Launchpad bug 1633562 in isc-dhcp (Ubuntu) "'dhclient -6 -S' does not bring interface up" [Undecided,Invalid] https://launchpad.net/bugs/1633562
<ddstreet> that's definitely not invalid...oh well i'll work it in my newer bug :)
<MASM> .
<Sircle> My fail2ban bans ip ranges with /32. I want it /24 at least. How can I do it?
<MASM> Sircle i found an example
<MASM> https://github.com/fail2ban/fail2ban/issues/927
<MASM> "subnet.blacklist" > "198.27.100.224/29"
<MASM> or
<MASM> "ip.blacklist" > "198.27.100.224 - 198.27.100.231"
<MASM> or check this
<MASM> https://github.com/XaF/fail2ban-subnets
<Sircle> MASM,  I mean when f2b auto bans anything
<Sircle> not blacklist
#ubuntu-server 2018-04-18
<Neo4> how to install postfix in ubuntu, I use this guide
<Neo4> https://help.ubuntu.com/lts/serverguide/postfix.html
<cpaelzer> good morning
<Neo4> cpaelzer: good
<Neo4> post fix send message and accept, but postfixadmin gets nothing
<Neo4> maybe need to configure postfix with mysql
<Neo4> I've tried a few mails to send on gmail and they didn't get to spam. it's nice
<Neo4> what I need next?
<Neo4> certificate?
<Neo4> SASL?
<Neo4> or ok, better maybe install mysql
<Neo4> I've got this error:
<Neo4> neo@v127722:~$ sudo apt-get postfix-mysql
<Neo4> E: Invalid operation postfix-mysql
<Neo4> oh
<Neo4> install
<cpaelzer> yep
<Neo4> what do next?
<Neo4> I installed postfix with mysql
<Neo4> who know why dovecot doesn't run?
<Neo4> I've configured it using this instruction
<Neo4> https://www.rosehosting.com/blog/set-up-a-mail-server-with-postfixadmin-and-mariadb-on-centos-7/
<Neo4> and it stopped to work :(
<Neo4> I've got error https://paste.ubuntu.com/p/YrkP397tDG/
<ahasenack> nacc: would you know why I started seeing this in the samba repo just now? https://pastebin.ubuntu.com/p/wpWzSFPMyP/
<ahasenack> I've done many samba commits/uploads in the past, even the version that is right now in git, but now is the first time this happens
<ahasenack> maybe a new snap? Or it was reimported?
<nacc> ahasenack: looking
<nacc> ahasenack: dunno, that directory is defintely empty
<nacc> ahasenack: did you see if it was added/emptied in the latest upload?
<ahasenack> nacc: I didn't notice any of that
<ahasenack> nacc: and 4.7.6 was uploaded twice
<ahasenack> ah, no, jus tonce
<ahasenack> but the first 4.7.6 upload came via a debian merge
<ahasenack> meaning, the whole git workflow process was used
<nacc> ahasenack: i only see one 4.7.6 upload, what do you mean by first?
<nacc> ahasenack: i mean i only see 2:4.7.6+dfsg~ubuntu-0ubuntu1
<ahasenack> and I corrected myself above
<ahasenack> there is only one 4.7.6 upload
<ahasenack> but it should have hit this problem then, or so I thought
<nacc> ahasenack: 'first' came after the correction :)
<ahasenack> I am working on the second upload
<nacc> ahasenack: that directory didn't exist in 4.7.4, fyi
<nacc> ahasenack: link to the merge MP?
<ahasenack> not done, because I hit this problem and I don't know what to do
<ahasenack> source packages are here: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-kerberos-method-1761737
<ahasenack> a simple patch
<nacc> ahasenack: ... the one that resulted in the last upload?
<ahasenack> hm, let's see if I can find it
<nacc> ahasenack: you do an MP normally for the new upload, it just won't match the upload tag (so you can upload tag or not, it doesn't matter)
<ahasenack> nacc: this was the MP: https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/341418
<ahasenack> oh, interesting
<nacc> tar -czf samba_4.7.6+dfsg.orig.tar.gz --exclude="source4/heimdal/lib/wind/rfc*txt" --exclude="source4/ldap_server/devdocs" --exclude="*chm" samba-4.7.6
<ahasenack> yes, it's excluded because of dfsg
<nacc> but it wasn't
<ahasenack> but that didn't exclude the directory itself?
<nacc> it's just empty
<nacc> yeah, something seems off in your orig
<nacc> (i verified the orig by untarring it manually and it definitely has that directory)
<nacc> as to why your git commit didn't notice it, i'm not 100%
<nacc> possibly an older git clone?
<ahasenack> could be
<ahasenack> I could repackage it one more time, call it 4.7.6+dfsg~ubuntu1 perhaps
<ahasenack> shucks
<nacc> ahasenack: no, you don't want to do that, i don't think
<nacc> i mean, yes you can, but i don't think you should
<ahasenack> well, it's fine to ignore when committing, we know it was just doc removal that caused it (rfcs essentially)
<Hey> When I commission a node in MAAS, It does not detect the storage.  How do I trouble shoot this?
<dpb1> Hey: best to ask in #maas
<ahasenack> nacc: yeah, I don't know what happened there
<ahasenack> andreas@nsnx:~/x$ tar xzf samba-4.7.7.tar.gz
<ahasenack> andreas@nsnx:~/x$ tar -czf samba_4.7.7+dfsg.orig.tar.gz --exclude="source4/heimdal/lib/wind/rfc*txt" --exclude="source4/ldap_server/devdocs" --exclude="*chm" samba-4.7.7
<ahasenack> andreas@nsnx:~/x$ tar tvzf samba_4.7.7+dfsg.orig.tar.gz |grep devdocs
<ahasenack> andreas@nsnx:~/x$
<ahasenack> it just works
<ahasenack> maybe something during sponsoring
<ahasenack> (didn't find a 4.7.6 tarball, used 4.7.7 which has the same devdocs directory, for this test)
<ahasenack> nacc: maybe this was used: --exclude="source4/ldap_server/devdocs/*"
<ahasenack> that leaves an empty decdocs directory
<ahasenack> devdocs*
<Hey> dpb1: MAAS is dead channel.. I'm sure its not intentional.
<dpb1> apparently not
<nacc> ahasenack: right, i pasted what you said in the MP, which may or may not have been what the sponsor did
<nacc> ahasenack: this is why it's usually good (in the future) to put a hash for the tarball in
<nacc> cpaelzer: --^ fyi
<ahasenack> ok, I have a patch, it fixes the crash, but I won't get a confirmation from the reporter until tomorrow
<ahasenack> and tomorrow is final freeze
<ahasenack> do I upload or not
<ahasenack> patch is from upstream, oneliner
<ProCycle> I'm so confused. I have a script that makes a backup then encrypts and uploads it to S3. It works fine when I invoke it with "sudo -u backup /bin/bash /usr/local/bin/backup-mysql.sh varible1 varible2"
<ProCycle> But when systemd invokes it uploads a 0 byte file (otherwise backup file on server exists and is not 0 bytes)
<ProCycle> The service file: https://pastebin.com/Rx2rk48g
<ProCycle> I've checked all of the script varibles (dumped to output) and they're exactly the same
<JanC> ProCycle: you'll need a shell for the redirection to work
<sdeziel> ProCycle: I'm not sure you can use shell redirect
<JanC> you can't
<JanC> """Specifically, redirection using "<", "<<", ">", and ">>", pipes using "|", running programs in the background using "&", and other elements of shell syntax are not supported."""
<JanC> from the 'systemd.service' manfile
<sdeziel> ProCycle: based on that, maybe it would be better to edit the backup-mysql.sh script to accept an argument
 * ProCycle looks up shell redirection
<JanC> or use "sh -c" when you can't change the backup script
<ProCycle> Oh, uh what do you mean by shell redirection? in my execstart?
<JanC> yes
<ProCycle> Oh wait I get what you're seeing, that's a red herring
<ProCycle> <s3_space_name> is a placeholder, I have an actual space name there
<ProCycle> https://pastebin.com/QCSTieDa
<sdeziel> ProCycle: could you test with sudo -Hu backup ... ?
<sdeziel> ProCycle: if the S3 key is in your home dir, the backup user wouldn't have access to it
<sdeziel> I'm also not sure you test by forcing /bin/bash as the interpreter but that is another delta with how systemd runs the job
<sdeziel> s/sure/sure why/
<ProCycle> For some reason it won't run otherwise
<sdeziel> ProCycle: is the file executale?
<ProCycle> But I just did sudo -Hu backup and got the same error
 * sdeziel can't type today
<ProCycle> So it must have something to do with the home directory
<ProCycle> Nothing is stored there though
<sdeziel> ProCycle: if you need to specify /bin/bash it could mean 2 things (I think). 1) the shebang is wrong or 2) the file is not executable
<ProCycle> https://github.com/ProCycleDev/debian-ubuntu-mariadb-backup/blob/master/backup-mysql.sh
<ProCycle> checking
<ProCycle> Oh it wasn't set as executable
<sdeziel> ProCycle: I never used s3cmd but I seems possible that it access some files from your home or an env variable. I'd strace it to know
<ProCycle> Hmm it might have something to do with gpg2
<ProCycle> Since it uses that to encrypt the file
<ProCycle> Shouldn't matter since it's only using a symetrical cipher but then again gpg2 is very inistent you use the agent even when not using keys
<ProCycle> It breaks all the same if I run the s3cmd manually with sudo -hu backup
<ProCycle> Problem is the backup user is a system user and has no shell login. Probably need to create a normal user instead
<Sircle> Cannot redirect from http to https, what can be the reason https://pastebin.mozilla.org/9083351 ?
<sdeziel> ProCycle: I use "openssl enc -aes128" for such needs but I think it's not considered very secure
<ProCycle> Sircle, Try doing this instead https://pastebin.com/45ZjSzM3
<Sircle> ProCycle,  I should do it in :80 vhost and :443 vhost as well?
<ProCycle> In my config I'm not using them, but I'd assume you'd do a vhost for your domain instead of the port
<Sircle> can you paste your config
<ProCycle> The rewrite rule just redirects them if they're not using HTTPS, otherwise nothing happens and things proceed normally
<ProCycle> That's literally my entire config (in an .htaccess file)
<ProCycle> I mostly use nginx nowadays
<Sircle> is it inside a vhost of a site or its an open config
<ProCycle> But that snippet is from apache's help site
<ProCycle> I'd make a single vhost for your domain like normal and use that snippet to redirect non HTTPS connections
<Sircle> can you paste?
<ProCycle> Do you only have one site on this apache install?
<ProCycle> Or are there multiple domains?
<ProCycle> https://httpd.apache.org/docs/2.4/mod/core.html#virtualhost
<ProCycle> So something like https://pastebin.com/wJ15shct
<Sircle> ProCycle,  I have many
<Sircle> and each is in its vhost
<ProCycle> Except correct for your site setup (I'm having a hard time making sense of your config file)
<ProCycle> Oh so you'd do <VirtualHost knockcrypto.com>
<ProCycle> Not sure if that applies to www too (probably not)
<ProCycle> Sorry can't be more help, rather rusty on apache
<Sircle> I was missing RewriteEngine on
<nacc> powersj: ping
<powersj> nacc: hey
<nacc> powersj: got a quick pytest question for you if have a sec
<powersj> nacc: sure
<nacc> powersj: could you join the standup HO? I think i can explain it fastest there
<powersj> omw
<nacc> powersj: thanks
<ProCycle> sdeziel, Yep it was a problem with the user, couldn't write to it's own home directory. I ended up making a new user instead and now it works. Thanks for your insight!
<sdeziel> ProCycle: great
<Sircle> ProCycle,   I have made it simpler. Can you see the error. How can I know the reason behind it? https://pastebin.mozilla.org/9083373
<ProCycle> I'm sorry that's out of my scope of knowledge about apache
<compdoc> Sircle, either the proxy portion isnt set up correctly and not working, or the user or path doesnt exist.
<compdoc> or permissions on the path is wrong
<compdoc> could be many things
<Sircle> how can I back trace?
<sarnold> maybe try tcpdump or tshark and see what is being senton the wire?
<tomreyn> Sircle: first of all, just try to nc -vv to the backend hostname and port, to ensure the tcp port is actually open / listening for cxonnections from this host,
<Sircle> tomreyn,  nc -x localhost:50002 -vv?
<sarnold> better use the kryptowhatever.com address here too
<Sircle> k
<Sircle> whats the actual command?
<tomreyn> Sircle: what sarnold says, and i don'T see port 50002 listend in what you posted so far. the error message is about port 80
<tomreyn> *lsited
<tomreyn> *listed
<sarnold> tomreyn: the 50002 is from line 9 https://pastebin.mozilla.org/9083373
<Sircle> nmap localhost says 50002/tcp open     iiimsf
<tomreyn> sorry i'm blind. but why does line 23 refer to port 80?
<tomreyn> we did not ask about localhost
<sarnold> I assumed that the was the apache server doing the proxying
<sarnold> I also assumed that localhost == knockcryptoapi.com
<tomreyn> kryptowhatever.com should not resolve to an ip address which reverse resolves to localhost.
<sarnold> right
<tomreyn> nor knockcryptoapi
<sarnold> which is why I suggested using the knockcryptoapi.com dns name in the nc tests
<sarnold> to make sure it resolves to something that the host itself can reach
<tomreyn> and i agree with this approach
<Sircle> sarnold,  yes. ignore localhost
<Sircle> so why its not proxying well?
<tomreyn> we don't know and cannot speculate since you seem to be withholding relevant information. We suggest you try to have the system which reports "error reading status line from remote server knockcryptoapi.com:50002" to run "nc -vv knockcryptoapi.com:50002" to ensure that tcp conmmunication between it and its backend works properly.
<tomreyn> typo. this should haver been: "nc -vv knockcryptoapi.com 50002"
<Sircle> tomreyn,  https://pastebin.mozilla.org/9083377
<Sircle> oh ok
<sarnold> no colon :)
<Sircle> onnection to knockcryptoapi.com 50002 port [tcp/*] succeeded!
<tomreyn> so tcp connectivity works generally. then you'll want to investigate why "AH01102: error reading status line from remote server knockcryptoapi.com:50002" and "AH00898: Error reading from remote server returned by /cryptoarchid/webapi/v1/person/test " were triggered.
<tomreyn> experiment with curl, tcpdump, firefox / chromium network console, burp proxy... whatever you prefer.
<Sircle> http://knockcryptoapi.com:50002/ is just running fine
<Sircle> its not proxing
<Sircle> Status Code: 502 Proxy Error
<sarnold> then bust out tshark or tcpdump and watch the traffic between the proxy and the :50002 program and try to spot the error?
<Sircle> Remote Address: 107.161.18.128:80
<Sircle> Referrer Policy: no-referrer-when-downgrade
<tomreyn> then do whatever is needed to make it proxy.
<Sircle>  I have made it simpler. Can you see the error. How can I know the reason behind it? https://pastebin.mozilla.org/9083373
<sarnold> does the program on :50002 have logs?
<Sircle> yes
<Sircle> ok, will do rnd and let you know
#ubuntu-server 2018-04-19
<apb1963> Firefox has detected that the server is redirecting the request for this address in a way that will never complete.  mxtoolbox.com says "The remote server returned an error: (404) Not Found. (http://greetonix.com) "  redirect-checker.org thinks its essentially ok.  Config file: https://hastebin.com/rarowejito.py
<axisys> is there a parameter in F6 during ubunut install to say "Do not configure network right now" ?
<axisys> I put the CD in and wait all night and then see it is waiting on to respond to that
<axisys> (I know I can fix all those by extracting the ISO and then fix the preseed)
<sarnold> axisys: iirc I once heard you can unplug the network cable to get past hung networking config
<axisys> but we are building tons of those from the vendor ISO (built on top of ubuntu ISO with their pkgs) and like to just provision the ISO and make a comment in the boot option and let it make build
<axisys> sarnold: except these servers at all over the world..
<sarnold> axisys: ah. the 'f6' gave me the impression you just wanted to move past something immediately. :)
<axisys> sarnold: I provision the ISO over iLO (HP proliant gen 9) and let it build
<axisys> sarnold: that is the only question I need to repond.. I also add the console=ttyS0,115200n8 console=tty0 after the --
<axisys> but I wish there is a parameter to tell it to skip the network
<axisys> it builds just fine without the network except wait for an answer..
<axisys> extracting ISO and fix it would be fine.. but we continuosly get new version ISO which get pushed to certain location.. so somewhat hands free on receiving new ISO from the Vendor
<axisys> and then we just point to it over iLO.. so somewhat automated.. but this last question is kind of annoying manual process
<axisys> I could not find any answer in google yet.. most matches to answer fixing or disabling network from the OS.. that is not what I am looking for
<sarnold> axisys: which installer are you using? debian installer? ubiquity? subiquity? something else?
<sarnold> like those google results, I really only know things once an OS is up and running, heh
<axisys> ubuntu 14.02 ISO default
<axisys> so probly debian installer?
<apb1963> axisys,  is there a parameter in F6 during ubunut install to say "Do not configure network right now" ? <<<<< Possibly netcfg/disable_autoconfig=true will do what you need.  From https://help.ubuntu.com/lts/installation-guide/i386/ch05s03.html for details.
<dpb1> ... 14.04?
<axisys> dpb1: yes
<axisys> apb1963: hmm.. need to test with that parameter for next install
<Neo4> hi
<mike-zal> hi
<Neo4> what is scheme link dovecot + postfix + mysq + postfixadmin + squirrelmail?
<Neo4> I installed postfix, it works, send and accept mails, I'd tried with all other apps and couldn't have done
<Neo4> postfixadmin creates your own table in mysql, In postfixadmin I can create virtual domain and mailboxes, What is this I don't know
<Neo4> real postfix doesn't linked to postfixadmin
<Neo4> what database should be for dovcot postfix squirrelmail?
<Neo4> they all should use one database?
<Neo4> and for support mysql we must install postfix-mysql
<Neo4> and for link something database, there we have to learn how works postfix table lookup?
<Neo4> These is all what I know for a while...
<Neo4> I can't do this :(
<Neo4> guys is it really even set up mail server so difficult?
<Neo4> not everybody could do it...
<Neo4> What I think, Let's little thinking?
<Neo4> squirrelmail it's ordinary MUA (web) for web they called webmail
<Neo4> it means it must have his own separated database?
<Neo4> yes, probably, and then using IMAP mails will delivers there, but there nothing works, one page with login and password, Not understandable where database
<_ruben> as stated several times before, setting up a mailserver without knowing what you're doing is a recipe for disaster
<ahasenack> rbasak: hi, good morning. dep3 question
<ahasenack> rbasak: I have an upstream patch that was formatted by git, and it looks like this: https://attachments.samba.org/attachment.cgi?id=14159
<ahasenack> dep3 has other headers, a different formatting
<ahasenack> yet dep3changelog (my go-to tool to check dep3 syntax) doesn't complain about it
<ahasenack> should I a) reformat the entire header into what we normally use in our dep3 patches?; b) just add some missing bits, like "Bug-Ubuntu"
<ahasenack> c) leave it as is, and mention the ubuntu bug in d/changelog?
<ahasenack> cpaelzer: do you have a preference about the above? ^
<cpaelzer> ahasenack: I'm reading ...
<ahasenack> my adapted patch looks like https://pastebin.ubuntu.com/p/8N5PZnfBgF/
<ahasenack> I added a couple of headers
<cpaelzer> I usually take b) of your options
<ahasenack> so like https://pastebin.ubuntu.com/p/8N5PZnfBgF/ that I just did
<ahasenack> where I added Bug-Ubuntu and Origin
<cpaelzer> take the patch as is and right above the --- to diffstat I add the lines that I tinhk match of http://paste.ubuntu.com/p/23hR56TXJb/
<ahasenack> ah, hm, I added them as additional headers, since that whole thing looks like an email
<cpaelzer> yeah, I usually group them at other lines, but content wise this is fine
<ahasenack> ok, thx
<cpaelzer> I like to separate them down there to be obvious that this is the part not coming out of the git export
<cpaelzer> but you are fine either way IMHO
<cpaelzer> the git export has most already anyway
<cpaelzer> and enriching with some extras just helps on maintenance
<ahasenack> cpaelzer: yours would look like this then? https://pastebin.ubuntu.com/p/tfPJBvYZB9/
<cpaelzer> ahasenack: yes
<cpaelzer> except I once started to list Author (me) and Original-Author (the above) as well
<cpaelzer> but I realized that is unreasonable overkill
<cpaelzer> and I'm gonna drop that soon
<cpaelzer> my name is in the upload
<cpaelzer> his in the git export
<cpaelzer> I think that is good in terms of correct attribution
<cpaelzer> only if I backport it reasonably (modification) I still do that
<ahasenack> yeah, I would only put my name in there if the patch needed significant changes in order to apply
<cpaelzer> see- we are the same :-)
<ahasenack> hm, trying to understand why the diff in https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/343606 is bogus
 * ahasenack makes a fresh clone elsewhere
<Neo4> I've installed dovecot and try check
<Neo4> telnet localhost 143
<Neo4> and got error connection closed
<Neo4> in firewal it allowed
<sdeziel> Neo4: is there a process listening to that port?
<Neo4> connection closed by foreign host, what does it means?
<Neo4> it seems works, only closed for unknown host
<Neo4> sdeziel: https://paste.ubuntu.com/p/m7fwWYRqNt/
<Neo4> continue read
<Neo4> do you know there maybe need to create IMAP server?
<Neo4> MX or something similar?
<Neo4> join #dovecot
<sdeziel> looks like you are trying to connect to a port where nothing listens
<Neo4> I put to rsyslog.conf other data, and remove old, how to get new rsyslog.conf?
<Neo4> if I reboot server what happane?
<Chryzo> Good morning, I am having issues with apparmor and slapd. I put my certs in a custom folder (usr/var/openldap-data). Added /usr/var/, /usr/var/openldap-data and /usr/var/openldap-data/* to the apparmor usr.sbin.slapd file with read permission.
<Chryzo> but when I try to use a cert configured in that folder, apparmor denies the access
<jdstrand> Chryzo: can you paste the denial?
<Chryzo>  apparmor="DENIED" operation="open" profile="/usr/sbin/slapd" name="/usr/var/openldap-data/cacert.pem" pid=55921 comm="slapd" requested_mask="r" denied_mask="r" fsuid=112 ouid=0
<Chryzo> Ok, i restarted the whole stack and it is now working. Sorry about that
<Neo4> who know how to regenerate new /etc/rsyslog.conf?
<Neo4> well, I copy to rsyslog.conf data from my local computer
<Neo4> seems it can't generate after remove, there not file at all
<samba35> how to configure hostdev ,by editing virsh edit guestname and hostdev section and change        <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
<samba35>  ????
<nacc> samba35: are you asking if that is how you edit hostdev?
<samba35> when i edit it give error with  error: XML error: Invalid PCI address 0000:01:00.0. slot must be >= 1
<samba35> yes
<nacc> samba35: there is also a libvirt channel, i expect and #ubuntu-server is probalby more appropriate
<samba35> ic
<samba35> thanks
<ProCycle> I'm having a strange bug where I can't chmod on a file that I have write access to via the group permissions
<ProCycle> Perms on the file is -rw-rw-r-- and www-data is set as both owner and group
<ProCycle> user account I'm trying to chmod with is in the group www-data
<ProCycle> Parent directory is drwxrwx--- and owned by the user account
<teward> just because your user is in the www-data group, doesn't mean that you can chmod the file to change its permissions
<teward> normally that's an owner user priv, or something you need superuser to do
<dpb1> +1
<ProCycle> Oh I see...
<ProCycle> I've always used sudo but now I'm trying to work with a limited account
<teward> ProCycle: at this point you're starting to delve into "Who should own the files"
<ProCycle> Guess I need to muck with the nginx server
<teward> I have a setup where my own user account has user-level ownership of the files, www-data has group level ownership/access, and nobody else does
<teward> and it works fine with NGINX
<teward> because www-data has read/write privs where it needs them.
<ProCycle> But these files are being written by NGINX (well php-fpm)
<teward> (unrelated but probably good to know, as dpb1 knows, I'm one of the primary NGINX people on the Server team)
<teward> ProCycle: so give the *group* read/write
<teward> let's say my user is 'foo'
<teward> ownership is set to foo:www-data
<teward> chmod for directories is 770
<teward> chmod for files is 660
<teward> your user has access, www-data for the web server has access, nobody else has access
<teward> (except superuser of course)
<teward> NGINX runs as `www-data:www-data` by default in Ubuntu, so it will have access via the group-level permissions
<teward> if any other user needs access, then, you're starting to delve into the realm of file ACLs
<ProCycle> aye that's how it's setup, except the server isn't creating files that way
<teward> "except the server isn't creating files that way" <-- explain this
<teward> ambiguous statements are ambiguous
<teward> and make me cringe horribly.
<dpb1> teward: :)
<ProCycle> As in, most of the site files are read only to the server and owned by my user, except it has write access in one subdirectory (web/files/) where php is writing various files
<ProCycle> By server I mean nginx
<teward> no, you mean PHP
<teward> not NGINX
<teward> since PHP is run by php-fpm and not as part of nginx.
<teward> normally.
<ProCycle> So nginx is proxying requests to php-fpm then?
<teward> depends on your nginx setup.. give me the output of `nginx -T` and i'll tell you :P
<teward> (use a pastebin though!)
<teward> ProCycle: in a 'normal' LEMP setup with PHP, you're most likely going to have `php-fpm` running on a local UNIX socket
<teward> and NGINX hands off any PHP-related requests to that local socket for processing
<teward> so PHP is the one writing files at that point
<ProCycle> Yes it's using the socket in the nginx config
<teward> so php-fpm is creating the files.
<sdeziel> the default PHP-FPM pool config has it running as www-data:www-data too though
<teward> sdeziel: more importantly is deciding what "except the server isn't creating files that way" means.
<sdeziel> teward: absolutely ;)
<teward> ProCycle: what is the server *trying* to do when it creates a file?  Is it trying to create something *outside* of `web/files/`?
<teward> if it is, then your site either has system-level permissions not set up properly for it to access things, or your site is infested with malware trying to do things it's not supposed to
<teward> ProCycle: how do you *expect* the server/PHP to be creating files?  With what permission(s)?
<ProCycle> No it's writing files inside web/files/. The issue is that the management account cannot change the permissions (because they're world readable and shouldn't be)
<ProCycle> So I need to fix the permissions so it writes files with the correct umask
<teward> and behold, *now* we know what the core issue is.
<teward> ProCycle: the 'management' account - I presume this is *not* your user, and is www-data.
<teward> insomuch as the files are created as www-data:www-data
<teward> or rather, the way the files are 'created' that is.
<ProCycle> The management account (lets call it manager) is the one with write access to the entire site directory tree
<ProCycle> And the site is updated by pulling from a git repo
<teward> ProCycle: your web server is creating files, correct?  Is it creating them as `www-data` user and www-data group as the owner?
<ProCycle> Yes, it is creating files in web/files/ as www-data:www-data
<ProCycle> https://pastebin.com/jsn27Gkc
<teward> that's because of how PHP is run and how file permissions are.  You state that manager can't change the permissions, and that things can't be world-readale
<teward> you have two solutions: the first is to *not* let non-manager and non-www-data users traverse into the directory (chmod o-rwx web/files)
<sdeziel> ProCycle: if you want to PHP-FPM's umask, I think you'll need a systemd snippet. This way, you could make the umask to make the created files inaccessible for others
<teward> sdeziel: in theory he can use a filesystem level default ACL
<teward> `setfacl -d -m o::000 web/files/`
<teward> sdeziel: the tricky part is to make the umask that way might break other things in the fpm pool which might *need* that level of 'readability'
<teward> (I have a thing about messing with systemd services' runtime umask settings in that they can get 'reset' on an upgrade if the new data clobbers the customized snippet)
<sdeziel> ProCycle: "systemctl edit php7.0-fpm" then put "[Service] UMask=0002" on 2 lines
<teward> ^ that would work
<sdeziel> teward: yeah, I never touch package provided units ;)
<teward> sdeziel: which you'd be doing right there, I think.
<teward> because php7.0-fpm is touched by the system IIRC
<sdeziel> teward: no
<teward> s/system/packages/
<teward> it's *not*?  *new info added*
<sdeziel> teward: systemctl edit creates a local delta stored under /etc/systemd/...
<teward> ahhh, new SystemD info learned.
<teward> sdeziel: they could prevent 'world readability' by denying all 'other' people access to the folder itself
<ProCycle> Hmm that's a good point. If others don't have read access to the web/files directory then they can't access the files under it regardless of their permisions
<teward> and while the perms on the files might still have 'read' for 'other' users, they wouldn't have access to the directory to go into or traverse it then
<teward> and they don't have to mess with umasks
<sdeziel> teward: that might be the most brilliant way to solve this one
<teward> and simple
<ProCycle> I'm going to go with that solution
<teward> ProCycle: I'd consider just doing a `sudo chmod o-rwx` on the web/files dir
<sdeziel> teward: re systemd delta, I use them all the time for "hardening" purposes like here https://paste.ubuntu.com/p/MSJcyxZwPR/
<ProCycle> Rather not mess with php umasks if I can help it
<teward> sdeziel: ah, nice.
<teward> I"ve learned something today xD
<ProCycle> Yeah systemd overrides are useful
<teward> ProCycle: once you make the chmod, though, you might need to 'store' the permissions change if that directory is indexed in git as well.  Just a thought.
<teward> because git *can* change permissions...
<ProCycle> I created a timer template for database backups, then make an override to change the timing for each instance
<ProCycle> git would be running as the manager user, and I'd hope be preserving file perms but I'll keep an eye out on it
<teward> well git *can* remember permissions masks, which is why I said you might have to commit those permission changes on the web/files/ directory in the git repo as well, depending on the type of setup and whether that folder is included in git or not
<teward> (it's done stupid things like that for some of my projects before...)
<ProCycle> Haven't actually created the repo yet so I'll make sure that happens
<teward> but yeah simply denying other users access to the directory in question would solve the 'world readable' problem.
<teward> the other way that doesn't involve SystemD overrides and umask messing with is to do it at the file ACL level, but that's a little evil too.
<ProCycle> I haven't delved into ACL yet but I suspect that's something valuable to learn
<sdeziel> the parent dir chmod is best IMHO, but another way would be to set an env variable in the FPM pool config
<teward> ^ that too
<teward> but yeah, parent dir chmod to prevent traversal any further into the dir tree is the best and most simple solution
<ProCycle> Now if only I could make composer not be stupid and set perms correctly from the beginning
<sudosmurf> I've generated an SSH key using ssh-keygen, used ssh-copy-id to copy it over to the target, set the ssh config to no use passwords for auth, but when I try to SSH in it fails with "Permission denied (publickey)". Adding the -v flag shows that the public key is being offered, but for some reason the server is rejecting it. I've compared the values on the remote host and the local host and they match. what am I missing.
<ProCycle> check the contents of ~/.ssh/authorized_keys
<ProCycle> Your public key should be in there
<sudosmurf> it is
<ProCycle> You could check /var/log/syslog for an error from sshd
<ProCycle> Might have more information
<sudosmurf> nothing that jumps out at me
<ProCycle> Maybe try ssh -i ~/.ssh/keyname -o IdentitiesOnly=yes account@host
<ProCycle> to connect
<sdeziel> sudosmurf: grep sshd /var/log/auth.log
<sudosmurf> ProCycle, I've specified the file in the ssh config
<sudosmurf> the identity file
<sudosmurf> can the -o
<sdeziel> sudosmurf: could you paste your sshd_config if auth.log?
<sudosmurf> yeah, in a bit
#ubuntu-server 2018-04-20
<Sircle> My http site does not redirects to httpS. Is there anything wrong with configs? https://pastebin.mozilla.org/9083482
<Sircle> nevermind ^
<frickler> jamespage: coreycb: maybe one of you can help with investigating why upgrading UCA from pike to queens seems to have broken upstream tests: https://bugs.launchpad.net/openstack-gate/+bug/1765638
<ubottu> Launchpad bug 1765638 in OpenStack-Gate "legacy-tempest-dsvm-full-devstack-plugin-ceph job failing" [Undecided,New]
<lilac> does anyone know why i'm encountering the following error trying to deploy ubuntu openstack?
<lilac> conjure-up hangs on the first image (one sec)
<lilac> and MAAS displays the failure events seen in the second image (one sec)
<lilac> https://my.mixtape.moe/cxerkq.png
<lilac> https://my.mixtape.moe/jwvier.png
<parlos> lilac, are the interfaces on the node correctly tied to the PXEnetwork? I had something similar, the node was discovered/commissioned. But when deploying, the node did the first install (OS), but then it switched the interfaces so, it could not reach the service providing information..
<lilac> could you clarify what you mean by "correctly tied"?
<lilac> PXE boot works fine
<lilac> seemingly DNS, NAT, DHCP, PXE all work fine on the private/pxe network
<lilac> parlos:
<parlos> for instance, maas is on 10.30.0.x fabric0, after 'deploy' during install, the 10.30.0.x address is now assigned on fabric1, on the node..
<parlos> hence, unless fabric 1 routes the 10.30.x traffic its going to timeout.
<lilac> hmm okay
<lilac> i'll take a look
<lilac> thanks
<parlos> this is what happend to me when I did my first juju charms... (afaik conjure-up is just a frontend...)
<parlos> one more hint,. also check storage config. .
<parlos> I had cases where the bios boot was set to PXE, then boot drive b... --> but as the normal installs endup on sda (first drive), the reboot complains data, treating drive as raw...
<parlos> GL & HF
<lilac> thanks parlos
<lilac> parlos: where would i be checking this?  it looks fine in maas
<parlos> I'm doing it in the maas ui, interface and storage tab... ... probably looks fine,
<parlos> if you can check the console of a device as it is deployed/powered on, when your deploying/conjure-up
<lilac> okay so i SSH'd into the node that i presume is being prepared as the juju controller
<lilac> its network interfaces look fine based on MAAS interfaces tab and `ip addr`
<lilac> ohhhhh
<lilac> i think i noticed a misconfigured machine
<lilac> interfaces were connected the wrong way around
<Neo4> Hi guys!
<Neo4> what to read bout dovecot?
<Neo4> is this book good?
<Neo4> https://www.amazon.com/Dovecot-servers-enterprises-Heinlein-2014-09-19/dp/B019NEB3W2/ref=sr_1_2?ie=UTF8&qid=1524226136&sr=8-2&keywords=dovecot+2014
<Neo4> I've got it
<Neo4> Now i have depression, will read for calm nerves... :(
<Neo4> couldn't have install mail server...
<Neo4> dovecot more complex even than postfix
<ahasenack> have you tried mail-stack-delivery? It sets dovecot up for you with postfix
<ahasenack> could be a starting point
<Neo4> ahasenack: no, I think for a while for VPS enough one postfix,
<Neo4> sites will able to send mails and nice
<Neo4> mail server is needed nobody, I want to set up it for myself
<Neo4> and experience
<Neo4> I saw video there guy installed DNS server seems on virtual machine and was able to send massage on mail server
<Neo4> it's not exactly
<Neo4> I want too install DNS server, create two domain on one domain put server and other...
<Neo4> something like real model of internet
<ahasenack> maybe you are trying too much at first. Even with a quickstart package like mail-stack-delivery, you would be able to poke around once it's setup, and see how things are done, and use it as reference when installing a fresh one by hand, package by package
<Neo4> ahasenack: ok, I'll save this mail-stack-delivery in file and will try it too
<Neo4> ahasenack: just don't have common picture about dovecot
<Neo4> but have many questions
<Neo4> after that book, if read it fast you would know all futures
<ahasenack> if you really want to understand things, there are not shortcuts
<ahasenack> each one of these things have their own book to read
<ahasenack> postfix, dns
<Neo4> ahasenack: in #dovecot channel very active support, people very fast react if compare with #postfix :)
<ahasenack> imap/pop, etc
<Neo4> ahasenack: I know IMAP - internet mail access protocil, POP - post office protocol.
<Neo4> yes, books help, but bad that book is written by author of dovecot, and it seems not good because author can write using difficult words. Better when it is written by ordinary users
<pankaj_> I am having problem with keyboard layout I choosed when Installing ubunt-server. It types all the alphabets and alphanumeric characters the same that are given on my keyboard. But when I type symbols they all are different. So,How to change keyboard layout?
<pankaj_> Hello, Is their anybody?
<teward> patience is a vritue you know
<teward> pankaj_: yo might want to look at the answers on https://askubuntu.com/questions/342066/how-to-permanently-configure-keyboard - one of the answers might help.
<Maxel> Hi all, I've run into an issue with ubuntu package manager being able to install packages where a package has a dependency and it doesn't get those packages automatically
<Maxel> I'm trying to install keepassxc right now, but I remember it happening when I was trying to install another package in the past
<qman> that usually happens when you change your sources to ones that have incompatible packages
<Maxel> qman, so the issue becomes whoever is creating the package I'm trying to download?
<qman> if you are using unofficial sources, then either the source is not for the version of ubuntu that you have, or the source is broken
<digs> I am trying to figure out which version(s) of apache solr will be included in the upcoming 18.04 LTS server release. Can someone point in my the correct direction or if you know...?
<teward> digs: if yuo mean solr-jetty or solr-tomcat as listed on https://wiki.ubuntu.com/Solr, then I believe 3.6.2 is the base version with additional package-level specific changes from Debian in it.
<teward> not 100% sure of this being what you need, but that's the closest answer I think to what you need.
<sdeziel> digs: "rmadison $PACKAGE_NAME" will tell you which versions ship with which Ubuntu release
<sdeziel> digs: seems like 3.6.2+dfsg-11, see https://paste.ubuntu.com/p/3sQmvQMdRY/
<ScottE> Maxel: Are you, by any chance, installing a downloaded package via dpkg instead of from a repository via apt or apt-get? dpkg does not install dependencies.
<Maxel> ScottE, no, I am doing an apt-get, granted I had to add a private repository to enable it
<Maxel> this is what I was trying to do: https://keepassxc.org/blog/2017-10-25-ubuntu-ppa/
<rbasak> Then your problem is likely with the third party repository. Ubuntu developers don't support third party repositories.
<rbasak> You should take it up with their support channels.
<ScottE> OK, just checking Maxel as that does come up sometimes
<Maxel> rbasak, I did talk to people on the irc channel for keepass. they wanted me to install the appimage myself, which I could but I like having the management left to the package manager for updates and such
<Maxel> I also ran into this same problem with a different application, eclipse che, and after seeing this sort of thing happen multiple times wanted to understand why it is happening
<rbasak> It's very difficult to maintain external repositories.
<rbasak> It's fundamentally a broken model.
<rbasak> External _apt_ repositories, that is.
<rbasak> Nevertheless, it's often possible to fix, but the fix generally has to be in the third party repository, which Ubuntu developers have no control or say over.
<rbasak> The specific problem is usually different every time.
<rbasak> It's compounded when users add multiple different third party repositories, since they tend to be uncoordinated and the combinations can cause problems.
<rbasak> Ubuntu uses snaps to solve this general problem. AppImage and Flatpak are different approaches to the same general problem.
<Maxel> hmmm, so either manage the applications myself manually or just do without, or convince the developer to go through the approved ubuntu process
<coreycb> jamespage: taking a look at networking-arista. it's not building in bionic b/c it's py3-onlly.
<coreycb> and needs python3-neutron
<rbasak> Maxel: to reach Ubuntu users a snap would be best. Then it'd just be another app in the software center.
<rbasak> (and be visible by default, etc)
<rbasak> I don't know what keepassxc needs from a security sandbox standpoint though.
<dpb1> Maxel: and it's a tractable problem for a single person to ship an assembled app with snaps.
<rbasak> (eg. to talk to a Firefox plugin or whatever)
<teward> rbasak: system access to where the database that it uses to store passwords is.  which in a sandbox can be... tricky... to activate
<teward> there is a keepassxc snap if I remember correctly, but it's got its own set of issues
<dpb1> it's really not for most apps and debs (into the ubuntu archive), or at least will take you a very long time before you get to that point.
<rbasak> teward: a snapped version of this app should store it in the correct XDG directory. So the location of the database should  not be a problem.
<teward> rbasak: by 'database' i mean a flat file
<rbasak> Sure
<teward> so if user is trying to use a db they already have in the snap it's not able to find it on, say, external media or such
<teward> (I had the same issue with keepassxc's snap a long while ago)
<rbasak> There's an external media interface.
<teward> but either way, it's beyond our control to fix issues :P
<waveform> Maxel, or just wait a short while: keepassxc will be included in bionic :)
<waveform> https://packages.ubuntu.com/bionic/keepassxc
<teward> *returns to beating LXD with a pipe to make it behave*
<rbasak> But the "difficulty" is sort of the point. Other snaps shouldn't be able to get to your password database. So making a snap for the password manager necessarily involves putting the database in a special place.
<teward> rbasak: dpb1: nacc: Just to keep you all in the loop: Perl autopkgtests were holding up the nginx 1.14.0 migration out of proposed, those got fixed (I think) and NGINX 1.14.0 is now available in Bionic.  Which means we're on the stable track of NGINX again, for the LTS, without a post-release MRE.
<teward> (yay!  we didn't have a repeat of the 16.04 cycle where NGINX stable was released after we had already released 16.04!)
<teward> many thanks to you guys for helping out with the merge from Debian, that was the biggest hurdle in getting this up to date and ready to go (I was super busy heh...)
<powersj> \o/
<dpb1> great news teward
<Maxels> so I actually tried to just do a apt-get upgrade and I'm getting unmet dependencies error
<Maxels> ahhh shoot, I think it is because my boot mount is full
<sarnold> that one's never fun to debug
<sarnold> but I wouldn't have expected unmet deps to result
<trippeh_> full /boot happens... a lot
<Maxels> yeah, not sure what I should be doing. I used default settings when installing
<Maxels> it looks like it doesn't even have 500mb on there
<Maxels> can I just allocate more space somehow....
<trippeh_> /boot is kind of a tricky special case as it tends to live outside of the volume manager
<trippeh_> so resizing it is not trivial
<sarnold> what I don't understand is why we're still seeing full /boot .. I thought apt grew knowledge how to keep N kernels around, where N was somewhat reasonable, back ~precise era
<trippeh_> I dont think I've seen that working unless I've been doing "apt autoremove" once in a while myself.
<trippeh_> on yum, this just happens with kernels ;)
<sarnold> $ dpkg -l 'linux-image*' | grep ^ii | wc -l
<sarnold> 5
<sarnold> I can assure you I don't go to any effort to manage my kernels manually
<sarnold> I'm a very lazy person
<sarnold> ohhuh. my other rig's got ten installed.
<trippeh_> perhaps it depends on how you update, like update-manager or apt directly?
<trippeh_> I've not looked too closely at configuring this
<sarnold> oh possible, I don't dist-upgrade that machine by hand all that often
<trippeh_> it does seem like a lot of peoples /boot's dont get managed properly for whatever reason
<trippeh_> and my gut feeling is that this is a bigger problem on ubuntu than in redhat/fedora land
<sarnold> heh, apt-get autoremove brought that down to .. six. that still seems like a lot. :)
<trippeh_> it may also depend on how you installed some of the kernels, ie they are flagged manually installed on not by dependency.
<sarnold> ineffable magic. got it.
<trippeh_> s/ on/ and
<qman> yeah, in my experience that has never worked correctly
<qman> I wrote my own script to deal with it
<qman> removes all kernels except the current running one and the latest version
<Maxel_> sorry, my internet seemed to disconnect at the critical time of discussion over boot
<Maxel_> so in my case, am I best off just trying to clean up my boot partition?
<coreycb> jamespage: beisner: xenial-queens-proposed passes smoke tests. i'll plan to promote to -updates first thing monday.
<beisner> ack thanks coreycb
<qman> Maxels: you have to apt-get remove the extra kernel packages that you don't need
<qman> Maxels: if you can't due to not enough space to even do that, you can overwrite some of the files you're about to remove with zero-length files and then apt-get remove them
<qman> Maxels: be very careful doing this, though, as to not overwrite or remove files that you need
<Maxels> is there a guide that describes exactly what I should be doing?
<qman> not that I know of
<Maxels> last time I did this I think I deleted my document that maps drives, can't remember what it's called
<qman> what you should do first is figure out which kernels you want to keep
<qman> you can then compare this against what's installed to know which ones to remove
<Maxels> https://askubuntu.com/questions/345588/what-is-the-safest-way-to-clean-up-boot-partition
<Maxels> this looks like what you're describing
<qman> I typically would keep the actively running kernel and the latest kernel for each type of kernel you have
<Maxels> https://pastebin.com/w4xu4pXj
<Maxels> so there's what I've got
<qman> once you know which ones to remove, you'd apt-get remove linux-image-3.something-generic
<qman> ok
<qman> sudo apt-get remove linux-image-[67]?-generic
<qman> that's regex to remove everything in the 60 and 70 versions
<qman> er
<qman> sudo apt-get remove linux-image-4.4.0-[67]?-generic
<qman> if that works, you'll be okay, and just continue removing kernels that you don't want
<Maxels> yeah must be what you warned about, wont let me because it says it has unmet dependencies
<Maxels> so I should zero out one of these packages bytes?
<qman> how many bytes are free on /boot ?
<Maxels> 0
<qman> ok, yeah
<qman> so, ls -lh /boot
<qman> then zero out some of the files that exist specifically for the older kernel versions you want to remove
<qman> such as
<Maxels> do you mean make a new file with the same name with no content?
<qman> echo "" | sudo tee /boot/vmlinuz-4.4.0-68-generic
<qman> yeah, there's lots of ways to do it
<qman> the key is that the file has to exist by the same name, otherwise apt can't remove the package
<Maxels> ok, now these images don't look like the images listed from the prior command
<Maxels> https://pastebin.com/b0GUu2BD
<qman> ok, looks like some of them have already been removed manually
<qman> which is going to be a problem trying to use apt
<Maxels> yeah that is probably from my failed attempt to do this
<qman> so, pick one of those files with the version in it to do this with to free up some space
<qman> then touch each file that should be there
<qman> so a vmlinuz for each version that's installed, an initrd for each, a system.map for each, etc
<qman> then apt should be able to remove them again
<Maxels> how can I see which should be there?
<qman> they follow the same naming convention
<qman> so you notice there's like 5 files for each kernel version
<qman> so touch files by the same name but with the versions from your earlier paste, the versions that apt sees
<Maxels> the uname -r version is 4.4.0-81 though, which isn't listed here
<qman> the initrd files are the biggest so I'd suggest zeroing one of those
<qman> yeah, it was probably already removed, unfortunately
<qman> so don't reboot
<Maxels> ahh, ok
<Maxels> ok, zeroed out a couple files
<qman> ok, so now you should be able to touch files for each version so that all the filenames are there again
<qman> then you can apt-get remove as above
<Maxels> I have to just touch a file in the boot and it'll recover the image I need?
<qman> it won't recover the image
<qman> it will just create a file that exists by the right name so apt can remove the package
<qman> after you remove the package, you can then install it again
<qman> but only after you free up enough space
<qman> by removing all the ones you don't want
<Maxels> oh, you mean make the placeholder file for each of vmlinuz, system.map etc....
<qman> yes
<Maxels> I see 5 of em in total
<Maxels> does that seem right?
<qman> yeah, 5 different kinds of files looks correct
<Maxels> https://pastebin.com/L6Czpjgv
<Maxels> alright, I think I've got placeholder files for each
<qman> yeah, like that, but you have to do it for all the installed versions
<Maxels> how do I get a list of installed versions?
<Maxels> is it just every initrd.img file here?
<qman> in the apt or dpkg output from before
<qman> https://pastebin.com/w4xu4pXj
<qman> each version in that list
<Maxels> ahh
<Maxels> ok, a bit of work I gotta do here
<Maxels> qman, does this look like what you meant? https://pastebin.com/iUHTaSKs
<qman> yep
<qman> you should be able to apt-get remove stuff now
<qman> if you still can't, might need more apt troubleshooting
<Maxels> can I remove these old versions?
<Maxels> to free up the boot space?
<Maxels> with apt-get I mean
<qman> yes
<Maxels> yeah, still getting the unmet dependencies problem
<qman> ok, paste the apt output
<Maxels> https://pastebin.com/WT5FUFdJ
<Maxels> sorry, that was incomplete: https://pastebin.com/mXtbnaZj
<qman> ok, try the apt-get -f install
<Maxels> getting a couple messages taht say no space left on device that are concerning
<Maxels> still doing stuff though
<Maxels> total output: https://pastebin.com/zBR3phqA
<qman> ok
<qman> so it's trying to install more kernels and failing
<qman> because there's not enough space
<qman> so I'd zero out more of those old initrd files and try again
<Maxels> well it just downloaded some of the ones I had 0'd out before again
<qman> it's trying to install 108 and 119
<qman> so any other ones you zero out shouldn't be overwritten
<qman> hmm, try this
<qman> dpkg --configure -a
<qman> then try to apt-get remove some of them
<Maxels> oh, I tried running apt-get -f install
<Maxels> should I kill this?
<qman> no, let it go
<qman> see what it does
<Maxels> looks like the same output: https://pastebin.com/sq0knzEG
<qman> ok, then I'd wipe out more files and try dpkg --configre -a
<Maxels> and yeah, it re-downloaded those initrd.img files
<qman> ok
<sdeziel> At this point, I'd be tempted to move /boot to the / and fix the apt situation
<sdeziel> then move /boot to it's own partition
<sdeziel> Maxels: it's something you might want to consider ^
<qman> I've run into this problem many times, you don't have to mess with your partitioning to fix it
<qman> but it does take some doing
<Maxels> yeah, I'm not sure exactly how that would work logistically but I can do that
<Maxels> I ahve a like 8tb raid drive attached to this thing, so plenty of space
<sdeziel> qman: I'm not specifically talking about messing with parts, just a temporary way to get some free space then clean /boot proper and revert the hack
<Maxels> looks like basically the same result: https://pastebin.com/aLXkBQdR
<sdeziel> sorry for jumping in ;)
<qman> Maxels: the file it's looking for doesn't appear to be there, try touching it
<qman> /boot/vmlinuz-4.4.0-87-generic
<qman> I see 81 and 89 but not 87 in your list
<Maxels> ahh, I should add that for all of them?
<qman> yeah
<Maxels> ok, added
<Maxels> try the dpkg command again?
<qman> yeah
<Maxels> it ran much faster: https://pastebin.com/YHjCbC5B
<Maxels> still missing something though
<qman> it ran out of space again
<qman> what's there now, in ls -lh
<Maxels> I just blanked a couple initrd.img files
<digs> teward and sdeziel - belated thanks re: solr
<Maxels> trying dpkg again
<sdeziel> digs: np
<Maxels> looking better so far
<qman> ok, it's trying to process 4 kernel packages so it looks like it's going to try to build 4 initrds
<qman> so you need at least that much space to get them all fixed
<Maxels> ahh, so close
<Maxels> ran out of space again though... not sure what else I can remove
<qman> if it succeeded on a couple of them, you can blank those ones
<qman> it'll only try to process the remaining ones it wasn't okay with
<Maxels> https://pastebin.com/NUJz7CzG
<qman> 103 104 and 108 should be doable
<sdeziel> 101 too
<Maxels> alright, trying again with those freed
<Maxels> darn
<qman> did dpkg get any further along or is it still the same packages
<Maxels>  linux-image-4.4.0-83-generic
<Maxels>  linux-firmware
<Maxels>  linux-image-extra-4.4.0-87-generic
<Maxels>  linux-image-extra-4.4.0-83-generic
<Maxels>  linux-image-generic
<Maxels>  linux-generic
<Maxels> sorry, didn't meant o post each line
<Maxels> pastebin wont allow any more pastes from me
<sarnold> hah
<Maxels> those appear to be the same ones as before
<sarnold> pastebinit can send stuff straight to a dozen different pastebins
<qman> ok, that's good, it got through some of them
<Maxels> I'll check it out
<qman> there's about 5 more initrds in there, you can probably get rid of some more and try again
<Maxels> I appreciate the help, gotta duck out for a bit. I'll see if anyone is around in 20
<qman> in the 70-90 range
<qman> once dpkg is happy, apt-get remove should work again
<Hey> when creating a boot-resource in maas.  how do I determine the "name="what name?"
<sarnold> Hey: "Although the backend supports multiple boot sources, MAAS itself uses a single source. If multiple sources are detected the web UI will print a warning and will be unable to manage images."  https://docs.maas.io/2.3/en/installconfig-images
<sarnold> oh. that's boot source, not boot resource. never mind...
#ubuntu-server 2018-04-21
<Neo4> hi guys!
<Neo4> I want install nodejs on my vps and put there chat on socket.io
<Neo4> how to deploy node.js apps?
<Neo4> it will always use port with url?
<Neo4> this chat https://github.com/socketio/socket.io/tree/master/examples/chat
<Neo4> well, I prepared my server http://kselax.ru, will put there this files in folder /chat, install node.js and then will see what do ahead
<Neo4> I've put these files and installed node.js, How to run apps?
<Neo4> there all files http://kselax.ru/chat/
<Neo4> I've done it http://kselax.ru:3000/
<Neo4> Jone to my chat guys
<Neo4> :)
<Neo4> I coulnd't have done mail server, but I did chat :)
<Neo4> not everything bad
<gunix> hey Neo4
<gunix> Neo4: try #node.js
<Hey_> regarding adding maas images  in the command maas session boot-resource name=custom/os the name attribute is it simply a label, or does it affect how maas adds the image
#ubuntu-server 2018-04-22
<dpb1> Hey: best to ask in #maas
<Neo4> Hi
<Neo4> what is dns server set up on ubuntu for test how it works?
<Neo4> it seems there exists a few dns reqursive and alteretative
<Neo4> who know what dns use my internet connection and how it works, I get connection automatically using CHDHD
<RoyK> well, google has 8.8.8.8 and 8.8.4.4 - works for me
<RoyK> and *poof* he went
<mojtaba> Hello, I have defined a systemd service and I have enabled it using systemd enable serviceName; but when I restart the computer it does not run again, and I have to run systemd start serviceName. Does anybody know what is going on and what should I do?
<RoyK> mojtaba: if you pastebin the systemd config file, it might be easier to help you ;)
<mojtaba> RoyK: sure, just a sec.
<mojtaba> RoyK: http://paste.debian.net/1021487/
<Neo4> guys which is webmail the best?
<Neo4> squirrelmail is written to be old for now and better to use roundcube, it's the most popular webmeiler, isn't it?
<RoyK> Neo4: I beleive roundcube is the preferred atm, yes
<RoyK> Neo4: personally, I use zimbra, but that's a PITA to manage in terms of upgrades across distros etc, but then, mostly it works very well - but still - use a dedicated vm for it
<fishcooker> after do $ sudo ifconfig eth0 mtu 1200 should i restart the networking on 14.04... how to restart the network safely?
<fishcooker> is # ifdown eth0 && ifup eth0 ... safe ?
<Neo4> RoyK: yes, its written in book 2014 yesr that roundcube better and modern than squirrelmail, Maybe now doesn't have sens set up it. Will try roundcube, Ok we can try both for experience
<Neo4> there eixsts also hord
<Neo4> about zimbra have never heard
<RoyK> it's more of a groupware system than a webmail frontend
<_KaszpiR_> fishcooker http://bryanapperson.com/blog/restarting-network-interfaces-in-ubuntu-14-04/
<RoyK> fishcooker: better use iproute2, as in the command 'ip' - ifconfig is outdated https://baturin.org/docs/iproute2/#Change%20link%20MTU
<RoyK> fishcooker: doubt you'll even need to restart the network
<_KaszpiR_> you forget it's ubuntu ;)
<RoyK> fishcooker: out of interest, why mtu 1200? it's rather on the low side
<RoyK> _KaszpiR_: no, I didn't ;)
<_KaszpiR_> I'm too used to 'nuke and create new server' with ubuntu
<RoyK> _KaszpiR_: are you a windows sysadmin? ;)
<_KaszpiR_> not really
<RoyK> well, I've only used linux since 1994 or so, but I rarely nuke a server instead of fixing issues
<_KaszpiR_> I'd say most windows sysadmins are more towards 'pets' in  'cattle vs pets' principle
<_KaszpiR_> I'd say it depends on the cluster scale
<RoyK> it does
<_KaszpiR_> with 2 servers it's sometimes not worth to kill a cow ;)
<RoyK> well, we have some 300 servers at work, 60% linux, 39% windows (or thereabouts)
<_KaszpiR_> let's say add two zeros in my case
<RoyK> ok
 * RoyK just works for a smallish university
<_KaszpiR_> thankfully no windows, which makes life much easier
<RoyK> indeed
<_KaszpiR_> but whatever server number, the number of server roles counts more
<RoyK> but with that amount of servers, do you use ubuntu?
<_KaszpiR_> because you can have like 300 servers with 100 roles, while I can have 30000 servers with 4 roles ;)
<_KaszpiR_> do I use ubuntu? depends on the role ;D
<RoyK> most of our machines are quite dedicated
<RoyK> the old thought about one server to rule them all is somehow outdated
<_KaszpiR_> not realy
<_KaszpiR_> *not really
<_KaszpiR_> having a cerntral server to manage other helps
<_KaszpiR_> but it's more toward a service and keeping it HA accoring to SLO/SLA
<RoyK> sure, but keep that pretty safe, and don't let it run too much stuff
<_KaszpiR_> exackly
<RoyK> 7-factor authentication and so on :D
<_KaszpiR_> uh not what I ment by 'exackly' :D
<Neo4> RoyK: you have 300 comps server in one university?
<RoyK> comps?
<Neo4> servers?
<Neo4> one server is one computer?
<RoyK> not physical servers - most of them are virtual - we're at 90% virtualisation or thereabout
<Neo4> _KaszpiR_: and you said there 30000 and it's as well virtual servers?
<_KaszpiR_> mixed
<_KaszpiR_> bare metal and vm
<_KaszpiR_> most vm
<Neo4> RoyK: ok, I though you said small university and so many computers, it looks like one server one computer...
<Neo4> _KaszpiR_: understood
<_KaszpiR_> like 95% or more
<_KaszpiR_> some bare metals are pets, oh so furry pets ;)
<_KaszpiR_> some metals are cattle
<_KaszpiR_> but we have also some pet vms
<RoyK> generally, physical servers are good for three things, virtualisation, storage and for very specific things that need to be independant of everything else, but then, well, you can setup a small virtualisation cluster for them as well
<_KaszpiR_> it's just unaviodable or making proper ha/ft or cluster setups is overkill
<_KaszpiR_> now bare metals are very simple hosts just for virtualization or storage layer
<Neo4> RoyK: one server equal one IP? if servers is placed on one physical coputer they are all will have equal IP?
<Neo4> I'm interesting how digitalocean works, there each VPS has unique IP
<RoyK> Neo4: no, each server has its own address, like always
<RoyK> we're moving more servers to plain IPv6 atm, because we don't want to use NAT unless we have to, and there aren't enough IPv4 addresses left
<Neo4> ok, anyway I don't understand what difference between ipv4 ipv6 and what is NAT, doesn't matter
<RoyK> the anti-NAT thing is mostly about logging, since we do it on the edge
<Neo4> If virtual servers place on the same coputers, coputer has one IP and it should be all server have the same one IP?
<Neo4> it should be so
<RoyK> Neo4: google ipv6 - you'll need to learn it some day ;)
<RoyK> Neo4: in linux/kvm or something similar, you just setup a bridge and attach it to a nic and then add virtual interfaces connected to that bridge
<Neo4> ok, in one day will learn :)
<RoyK> in vmware, you have a virtual switch and just assign a nic or two to a vm and give them whatever VLAN tag they would need
<Neo4> RoyK: see it means that physical computer should be include many others IP ( something like many other wires)
<RoyK> same applies to anything else - depending on how big your system is
<RoyK> erm - wires are connectors, below layer 1 in the osi protocol, IP is on layer 3 - you can have a ton of IP addresses over a wire, and you mostly have
<Neo4> ok
<RoyK> https://www.youtube.com/watch?v=LANW3m7UgWs, perhaps
<RoyK> just learn it
<Neo4> RoyK: I added to bookmarks
<Neo4> will watch later
<Neo4> RoyK: do you know what is DNS? https://www.youtube.com/watch?v=72snZctFFtA
<Neo4> it's nice explanation
<RoyK> I know DNS, yes ;)
<Neo4> RoyK: I badly even after vide, how many total number of IP? 255.255.255.255 ? it means mre that this number can't be
<Neo4> other words it's 255255255255
<Neo4> each country has her own ip range...
<RoyK> no, please spend some hours on youtube or something
<Neo4> ok :)
<themoonisshining> is 14.04 trusty the latest version of ubuntu server
<Seveas_> themoonisshining: no, 17.10 is. And 16.04 is the latest LTS version. Ubuntu 18.04 LTS will be released in 3 days time
<compdoc> there any difference between Ubuntu desktp and Ubuntu Server, except the gui? is anyhing tuned differently?
<RoyK> compdoc: the gui
<compdoc> yeah, seems everything is the same with the kernel
#ubuntu-server 2019-04-15
<amazoniantoad> I just installed ubuntu server and why is virb0 my network interface? How can I replace this?
<lotuspsychje> amazoniantoad: ususually -server gets more active on USA wakeup
<amazoniantoad> lotuspsychje, i see
<cpaelzer> good morning (where it applies)
<yossarianuk> hi - I am trying to setup xseveral bridges (over a bind) in netplan - some of the bridges should be setup with no IP - i.e if I were using rhel/centos I would use 'BOOTPROTO=none' -
<yossarianuk> what is the equivalent of BOOTPROTO=none in netplan config ?
<yossarianuk> is there a better IRC room to ask for netplan questions ?
<blackflow> yossarianuk: iirc just don't set the "address" property (and disable dhcp)
<blackflow> sorry, "addresses"
<yossarianuk> blackflow: thank you - should I do -  addresses:
<yossarianuk> then leave the next line clabk
<yossarianuk> or just miss off the 'addresses:' part completely ?
<yossarianuk> Sorry that should have read ' then leave the next line blank'
<blackflow> I think you can omit them completely, by default they're empty. also, dhcp is by default off, so I guess you just have to not set them
<blackflow> yossarianuk: no. if you set "addresses" entry, it's a list, so you must set an empty list:    adresses: []
<blackflow> or just omit it completely
<yossarianuk> thank you
<yossarianuk> i am liking netplan - just seems bit alien to me right now.
<blackflow> yossarianuk: I think it's an unnecessary add-on complexity that doesn't solve any problems, and does create new ones (as it is not a complete, does not fully encapsulate what teh backends can do).
<blackflow> but totally cool if you like it and it works for you :)
<frickler> yossarianuk: https://bugs.launchpad.net/bugs/1763608
<ubottu> Launchpad bug 1763608 in netplan "Netplan ignores Interfaces without IP Addresses" [Undecided,New]
<blackflow> ah there we go. "new problems created". yeah.
<ahasenack> good morning
<Ussat> o/
<yossarianuk> ok - I have another netplan issue - I have one bridge  - using a bond - already with attached VLAN and its working .
<yossarianuk> however if I want to add another bridge to add a different vlan I can't as both bridges are using the same bond
<yossarianuk> i.e -> Error in network definition /etc/netplan/50-cloud-init.yaml line 20 column 16: test-databases: interface bond0 is already assigned to bridge br0
<yossarianuk> any way around this ?
<rbasak> ahasenack: any comment on bug 1824638?
<ubottu> bug 1824638 in samba (Ubuntu) "[SRU] samba 4.10 for bionic" [Undecided,Won't fix] https://launchpad.net/bugs/1824638
<yossarianuk> ah I think I have it...  can someone sanity check this  please ? -> https://pastebin.com/KTTTGpDu
<ahasenack> rbasak: it's a lot of work, in this case we would have to build both py2 and py3 packages
<ahasenack> rbasak: it's doable, but not something I should start without approval probably
<ahasenack> rbasak: that being said, py2.7 being EOL is a larger issue, not just about samba, and I don't think ubuntu 18.04 will switch to py3 as a whole because of that
<ahasenack> so while py2.7 might be eol, ubuntu 18.04 isn't
<rbasak> ahasenack: that matches my opinion then, thanks.
<ahasenack> rbasak: oh, I hadn't read your comment in the bug at all before I wrote the above :)
<cyphermox> yossarianuk: yes, vlans first on the bond before you add each vlan to the right bridge
<Encrypt> Hello everyone
<Encrypt> I'm coming here on the advice of people from #ubuntu
<teward> Encrypt: regarding...?
<teward> (It'd help to know the problem you're facing)
<yossarianuk> cyphermox: thanks for confirming !
<Ussat> I would be very scared taking advice there but ok
<Encrypt> I wanted to do a minimal install of Ubuntu so that I could only have i3wm and xorg as desktop environment. So I had downloaded the "minimal" image. However, since I'm in a corporate environment, we have a DEB repository which requires credentials.
<yossarianuk> and yes its working..
<Encrypt> I haven't found a way to give the credentials in the installer, not a workaround. Do you know if that's possible?
<Encrypt> I tried adding the credentials when it is asked to input the repo url, but since it gives that input to wget to get the Release file, it fails... :S
<Encrypt> As wget uses the --user and --password options
<Encrypt> I finally had a look at the "choose-miror" binary which corresponds to that screen but it's indeed a binary and not a BASH script as I was hoping
<tomreyn> Encrypt: wget actually does support passing username and password on the url (at least for http servers, have not checked other) according to its man page, see the --http-password description.
<vahnx> Hi all. I'm attempting to install osticket on Ubuntu 18.04 but I've been struggling quite a bit. I'm at a point where all the tutorials seem pretty outdated. Can anyone here assist me in getting this up and running?
<rbasak> vahnx: you're welcome to ask here, but I think you'll probably be able to get more help for osticket community support channels
<vahnx> ok thanks. i'll check there first.
<Encrypt> tomreyn: Indeed
<Encrypt> The issue I'm actually pointing out is that it's impossible to set a private mirror that requires authentication at install time
<Encrypt> Only setting a proxy is available, not setting the credentials for an APT repository
<rbasak> Encrypt: is that with the new installer? Feel free to file a Wishlist bug.
<Encrypt> rbasak, Hum... possible
<Encrypt> I'll file a wishlist bug, sure :)
<tomreyn> Encrypt: for now, run the advanced installer from your mini.iso and add these credentials into the server name field, before the hostname
<tomreyn> so if the hostname was archive.ubuntu.com, make it user:password@archive.ubuntu.com instead
<Encrypt> tomreyn, I tried, that didn't work :S
<tomreyn> i see
<tomreyn> it did the accept the input when i tried.
<Encrypt> Since that is given to wget to download the Release file
<Encrypt> And wget doesn't interpret it correctly
<tomreyn> why so? since we seem to have worked out that wget does accept specifying username and password on the url?
<jdstrand> the problem is the parser is not loading anything
<jdstrand> meh
<AvidWolf43> hi guys
<AvidWolf43> Can anyone assist me with troubleshooting a landscape installation on azure vm that is not cooperating
<AvidWolf43> I beleive it is a cert error
<AvidWolf43> after running "apt install landscape-server-quickstart" it goes through everything but errors out in the post install saying "problems making certificate request"
<sarnold> AvidWolf43: are there any more details in any logs?
<Mead> I made a post about configuring ubuntu server are part of my own personal learning process.  Can anyone find any wrong information?  https://stubbedhomelab.blogspot.com/2019/04/the-headless-server.html
#ubuntu-server 2019-04-16
<sarnold> I skipped all the bits about serial cables, but the rest looked decent :)
<Mead> sarnold: thanks, yeah. I know it serial cabling is old and busted, but I'm stoked about having console access. It means I can really fuzz with it in my lab without worrying about lossing network connectivty breaking my SSH access.
<sarnold> Mead: yeah, and it's often the only way to get a handle on some specific kernel problems
<sarnold> Mead: quite often server gear will have BMCs on board that can do serial over network and save you the hassle of the serial cable itself :)
 * Mead googles BMC serial over network
<Mead> looks like a potential security problem
<sarnold> Mead: yeah, the usual implementation of BMC devices is poor enough that they are almost always given their own networks
<mwhudson> also because ipmi sol is based on udb so is really fun to use on a congested network :)
<mwhudson> *udp
<Ham62> what kinds of things would I need to worry about breaking if I upgrade a system I've been running for 5 years on 14.04 to 16?
<lotuspsychje> Ham62: i would say a clean apt without issues, and no ppa's enabled
<lotuspsychje> Ham62: for services you running, best to ask specificly so volunteers can think along
<lotuspsychje> a backup is also a good idea
<Ham62> well the most important things I have running right now are nginx, apache for some CGI stuff, and a gopher server
<Ham62> the CGI stuff was mostly done with FreeBASIC and x86 assembly
<Ham62> nasm
<Ham62> I'm mostly worried a bunch of packages won't support my CPU properly
<Ham62> it's running on an Athlon XP
<Ham62> and I have a couple services I have are started using the rc.local file
<lotuspsychje> what about init Ham62
<Ham62> are those going to break?
<lotuspsychje> from 15.04 and higher its systemd now yeah
<Ham62> oh darn
<Ham62> yeah the gopher server is launched with socat at boot and I have a custom remote compiler server which is started through there on one of the user accounts
<lotuspsychje> !systemd
<ubottu> systemd is the default init system for Ubuntu 15.04 onwards. For information on transitioning from upstart to systemd, see https://wiki.ubuntu.com/SystemdForUpstartUsers For a guide to basic service management with systemd, see https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units
<Ham62> neither of those are real services though
<Ham62> they're just processes I have running as a user in the background constantly
<lotuspsychje> Ham62: you might also wanna read up https://wiki.ubuntu.com/XenialXerus/ReleaseNotes
<lotuspsychje> Ham62: anything allright there with the upgrade plan?
<Skyrider> Greetings everyone
<Skyrider> In a pickle and need some help ^_^. I hope this is the right channel to ask, seeing it's nginx/www-data user related, but also linux related. What is the best way (with vsftp) to give access to a specific /var/www directory, with it running under www-data user/group? As I assume nginx requires both user/group to be www-data.
<blackflow> Skyrider: so as I was saying, I'd make the dirs owned by the v/s/ftp user, and then put nginx in that user's group
<Skyrider> That I saw, wanted to reply to that :D
<blackflow> by default dirs and fils are group readable so nginx's www-data user, being in that separate user's group, will have read access.
<Skyrider> Wouldn't that mess up with file/directory permissions though seeing the owner/group gets changed?
<Skyrider> Ah
<Skyrider> I assume the owner/group differs then though?
<blackflow> as long as you keep the dirs and files readable to their group, and www-data is in that group, all is fine
<Skyrider> owner by whomever creates the files, while the group remains www-data.
<blackflow> no, you don't change file/dir ownership to www-data
<blackflow> example:    chown myuser:myuser /var/www/some-website-dir ;           chmod -R g+r /var/www/some-website-dir ;       usermod -a -G myuser www-data ;
<Skyrider> I know the last part adds the user to the group, what does g+r do.
<blackflow> the chmod is just for example here, g+r is default
<blackflow> makes the files and dirs readable to the group they belong to (in this case, myuser's, if that user is used to place the files via v/s/ftp)
<Skyrider> Should I use mount though? Currently their FTP is set to the home directory.
<blackflow> so as you upload files they will be owned by myuser:myuser  assuming that's the user you logged into v/s/ftp with
<blackflow> no need to mounts, you can symlink the website dir under myuser's home somewhere
<blackflow> no need *for
<Skyrider> Better to symlink, or directly set their directory to the specific /var/www/xxx directory.
<blackflow> I'm assuming this is for the v/s/ftp acccess? those daemons running on the same machine, and this is not some nfs export
<Skyrider> Just FTP access to give specific access to a specific site/sub-domain, ya.
<Skyrider> **specific user
<blackflow> Skyrider: I'm old school, and I'd symlink under myuser's  ~/public_html/somesite.com
<blackflow> though really... uh depending on what this is excactly, you can omit /var/www completely and use only the home dirs?
<blackflow> I mean, if it's some packaged web app that installs under /var/www/ then yeah. if it's not, then just keep it all under ~/
<Skyrider> oki, that's set... now to symlink it :D
<blackflow> or whatever you want. point is, if I understood your problem correctly, you want v/s/ftp uploadable files to be readable to nginx?
<Skyrider> Merely creating an ftp so users can edit, add, etc web files through the ftp.
<Skyrider> Seeing I have multiple domains/sub-domains, need to create multiple FTP users for that.
<blackflow> then you don't want users to log in as www-data. you want this instead, nginx in those users' groups so it can read their files. separation of concerns and least privilege principle.   and this covers only static sites.
<Skyrider> They don't need a /home/ directory though
<Skyrider> as the current ftp server requires that ( 500 OOPS: cannot change directory:/home/xxxx )
<blackflow> they DO need A "home" directory. why not /home/<username>
<blackflow> that doesn't sound right
<Skyrider> The directory does not exist, hence the error :p
<blackflow> ah so you created users without -m ?
<Skyrider> Indeed. I like being organized.
<Skyrider> If I have users like test-web, test-forums, test-dev .. like weird in my eyes :p
<blackflow> well having users have a home is wise. you contain them there. you can also configure sftp with chroot to their homes, instead of insecure (vs)ftp
<Skyrider> For having a home directory that is.
<Skyrider> I tried SFTP before, bit weird. They kept having access to the / directory, even though it isn't for writing, they had read.
<blackflow> yeah because you need to explicitely chroot them for sftp access
<Skyrider> That bad though to use FTP over SFTP? Even though not secure, can make it more secure by altering the port / whitelist.
<blackflow> google up "chrooting sftp users". in essence, you have, say, /home/<username>/   as their home and thus chroot. that dir needs to be owned by root and not group writable. dirs _under_ it (like, say, ~/public_html) can be normal user owned dirs they write into.
<blackflow> Skyrider: problem with FTP is that the data channel is never encrypted. while the control channel is (where log-in happens), data isn't.
<Skyrider> What about FTP TSL.
<Skyrider> I never really had to create multiple users over (S)ftp before, hence I'm asking all this :D
<blackflow> anyway, in addition to root owned chroot, you need to set up sshd for them to force the chroot and internal-sftp command only so they can't ssh in
<blackflow> FTPS (FTP over TLS/SSL) is exactly what I was talking about. control channel encrypted, data channel isn't.
<blackflow> with pure FTP, not even control channel is, so you get plaintext passwords over the wire
<blackflow> FTPS = FTP over TLS/SSl;   SFTP = FTP over SSH.
<blackflow> sftp is really superior. it's well supported by programs like filezilla if your users are windowsites. you can force keys instead of passwords, and everything is nicely encrypted.
<Skyrider> Is it a hassle to properly set up sftp with proper rights / access only to specific /var/www/ directories with no ssh access over ftp? :P
<blackflow> no. three lines of confg in sshd_config, and a chown+chmod when you create their home dirs.
<blackflow> but then you make the /var/www/ dirs as their homes. personally I'd just go with /home/ . /var/www/ is primarily for packaged web applications.
<Skyrider> and at the end symlinks, got it.
<Skyrider> Guess I'll remove this ftp package and go with sftp
<blackflow> no, I'd go with /home/ period. no symlinks
<blackflow>  /home/<username>/public_html/website-dir.com
<Skyrider> I thought you said you were oldskool
<blackflow> yes, and this is it with public_html
<Skyrider> .. /var/www/xxx -> symlink /home/user
<blackflow> the old school part was about public_html :)
<Skyrider> ah ^^
<Skyrider> I do prefer having things in /var/www though for all web related stuff.
<blackflow> well you can do in reverse. symlink from /var/www/ to their /home/user/public_html/site.com   dirs :)   look, that part is really whatever you feel most comfortable with. the important thing is that the dirs/files are _user_ owned and that nginx is in their groups for read access.
<blackflow> but again, that's for static sites. with php it becomes a bit more tricky if you want it properly secured.
<Skyrider> All php stuff :p
<blackflow> the rabbit hole deepens then :)
<blackflow> what I do in this case is run a php-fpm pool per user, as that user, with apparmor policy that prevents _writing_ except in specified dirs. that I can do becuse we control the application and know exctly what those dirs are.
<blackflow> if that's not an option for you, then php-fpm pool per user, as that user, is the best you can do, but then php can change its own code and you're vulnerable.
<Skyrider> Interesting.
<blackflow> at any rate, you _will_ want to chmod o-rwx their homedirs -- forbid listing and read access to other users, otherise they can upload PHP code that will scan and sniff other users files
<Skyrider> Good to know, thanks. I'll look into that. As for your last line, I do trust this user :)
<Skyrider> I have to go for now, but I'll stick in this channel until I set up my irc bouncer again. I appreciate your time in helping me out, gotta pick up my wife. I'll be back soon :), again, thanks!
<blackflow> so combined with sftp chroots, you have   chown root:myuser  /home/user-home-dir ; chmod 750 /home/user-home-dir/   and precreate a "public_html" or whatever the name,  dir in which they will have write access in their home (As their home roots aren't writable to them)
<blackflow> "I do trust this user"   -- famous last words, aka. "pics taken 5 seconds before disaster"  :)
<oskie> when is "apt-get update" run automatically?
<tomreyn> "depends"
<tomreyn> on several factors, such as your ubuntu version
<oskie> bionic
<oskie> no..wait.. xenial
<tomreyn> oskie: systemctl list-timers apt-daily*
<oskie> tomreyn: awesome, that's what i've been looking for for a while
<tomreyn> it's been there all the time, whispering your name!
<ahasenack> good morning
<AvidWolf43> sarnold: which logs? I believe the error has to do with azure really long dns names maxing out. https://feedback.azure.com/forums/216843-virtual-machines/suggestions/10197480-the-azure-vm-internal-dns-domain-names-are-too-lon
<Skyrider> blackflow: Back
<Skyrider> Wow this is confusing.
<Skyrider> No matter what I try to add in sshd config, I always get "Network error: Software caused connection abort" when trying to connect with the user.
<rbasak> Skyrider: check auth.log
<rbasak> Skyrider: another deeper approach is to run sshd manually in debugging mode on a high port.
<Skyrider> " bad ownership or modes for chroot directory component "/var/www/"" that explains it.
<blackflow> well, I did mention a few times the chroot dir needs to be owned by root :)
<blackflow> and mustn't be group/other writable
<Skyrider> That's the odd thing, it is owned by root.
<Skyrider> And I believe the chmod is set to .. 755? Somewhere according to the internet.
<Skyrider> Do you have a tutorial I can follow by any chance?
<blackflow> you'd have to paste the full sshd_config in question
<Ussat> that statement scares me --> Somewhere according to the internet
<blackflow> indeed.
<Skyrider> I'm running the cmds in a test directory Ussat
<Ussat> still
<Skyrider> And I know what the cmds do :p, plus.. I have a backup ready just in cae.
<Skyrider> ***case
<Ussat> fair nuff, still
<blackflow> I'd like to stay and help, but there's a mtb trail with my name on it. bbl.
<Skyrider> For example, I ran the tutorial: https://45squared.com/setting-sftp-ubuntu-16-04/ - Yet doesn't work properly.
<Skyrider> No worries bf :)
<Skyrider> There is something I noticed.
<Skyrider> Whenever a directory's role is not www-data, I get "errors" / warnings like "The $cfg['TempDir'] (./tmp/) is not accessible."
<Skyrider> I could of course alter the permissions of the directory to fix that, but how would user/group stay as www-data, regardless the user adding/altering files?
<teward> anyone ever run into a case where even if you have installed everything and disabled cloud.cfg's preserve_hostname module by setting it to false, the system still resets its hostname every time?
<teward> 18.04.2 server from the SUbiquity installer
<Skyrider> I give up >_>
<teward> Skyrider: you wouldn't be able to set the user of the file
<teward> but you COULD set the group with stickybit on the directories
<teward> anything created in a directory with the group stickybit would get group www-data
<teward> but that's just a 'hack'
<Skyrider> Yea, I'm familiar with the group cmd. Though how would I best fix this issue? The only thing I want is to create a sftp user under a specific /var/www/ directory, but if the owner www-user is changed to someone else, file permissions on the web application will start to appear unless file permissions is changed.
<Skyrider> Apparently the www-data has the "proper" rights to auto solve that issue right away.
<cryptodan> Skyrider: what are you trying to do with sftp in /var/www?
<tomreyn> teward: during the past two or three days there were two people around on irc who reported that the system hostname they configured got reset. i don't think they knew about "cloud.cfg's preserve_hostname"  (i don't, or didn't), though. one of them determined cloud-init to be the source of this issue.
<tomreyn> also i think there's a related open bug report
<teward> tomreyn: yeah i had preserve_hostname set to false though
<teward> tomreyn: and it STILL reset it
<teward> i just got angry at it and yoinked cloud-init out of the equation
<teward> apt-get remove'd it and it worked
<teward> tomreyn: got a link to the bug per chance?
<tomreyn> that#s what the other user did, too
<tomreyn> i was afraid you'd ask this
<teward> tomreyn: i also think it's intermittent
<teward> because two servers were both deployed with the same ISO
<teward> one had this happen
<teward> the other didn't
<teward> only difference was a really short hostname for the one
<teward> and that's the one where cloud-init was being derp
<Skyrider> cryptodan: Setting up 3 different SFTP users to access 3 sub-domains.
<tomreyn> teward: ugly. :-/ ok, i'll look for this bug report, but no promises
<teward> tomreyn: never expect any promises :P
<Skyrider> I saw somewhere last week on the internet that there's a package that checks a directory at all times and changes the user/group if it has changed.
<Skyrider> Any idea what it might be called?
<tomreyn> teward: bug 1780867
<ubottu> bug 1780867 in subiquity "hostname unchangeable / some daemon changes and resets /etc/hostname" [Critical,Fix committed] https://launchpad.net/bugs/1780867
<tomreyn> also bug 1770451 might be related (but that' sjust a random find while searching for the other)
<ubottu> bug 1770451 in cloud-init (Ubuntu) "hostname not set: Failed to create bus connection: No such file or directory" [Undecided,Incomplete] https://launchpad.net/bugs/1770451
<tomreyn> hmm 1780867 isn't really new though (nor its dupe), nor was it updated during the past 3 days. but i think this is what i had in mind.
<blackflow> Skyrider: nginx won't create such dirs, so that must be some PHP app. of course, the dir must be writable the to the user php-fpm is running as. for such random dirs you can't know in advance, you should run php-fpm as the user owning the dir, not as www-data.
<teward> blackflow: though... in a default setup, php-fpm *is* running as www-data
<blackflow> yes but the dirs must be owned by the sftp user in order to freely upload php apps
<blackflow> that's the use case Skyrider has
<blackflow> so, nginx as www-data, in supplement group of the sftp user. php-fpm running as that user in full.
<blackflow> (if there's need for both PHP and sftp user to write files)
<Skyrider> sftp chroot is weird.
<Skyrider> The main directory has to be root, I get that. but in that main directory, no one can create directories or files, because that specific directory is owned by root.
<Skyrider> All the other sub-directories inside the root directory can be altered.
<blackflow> Skyrider: it's not once you  understand why the (ch)root must be root owned. one way to escape chroot is to double-chroot with symlinks, so openssh enforces no-write, no-ownership of the (ch)root
<Skyrider> So instead of /var/www/testwebsite/subdomain I need to have /var/www/testwebsite/domain/subdomain
<Skyrider> Because root is messing up the main directory's permissions
<blackflow> Skyrider: well see, that's why I recommended you to use /home/user/ as (ch)root, and then have ~/public_html/ for all their sites.
<Skyrider> I'll consider it ^^
<blackflow> but you wanted your way, so... :)   you'll just have to do the same. a "base" chroot dir/home for the sftp user, and a dir they can upload their sites to
<Skyrider> the base is the var/ww :D
<blackflow> just for one user?
<Skyrider> Each domain/subdomain its own user.
<Skyrider> Fake the sake that not a single user has access to all.
<blackflow> well I really recommend you to use /home/ . /var/www was never meant to be used by random sftp user accounts. it's default place to put packaged web applications, root owned, www-data accessible, and not via sftp.
<blackflow> standard for decades has been ~/public_html, from early apache years, carried over by shared hosting industry, all the commercial and non-commercial hosting panels, etc...   /home/<username>/ as home dir, sftp chroot, and then public_html   aka htdocs on some platforms, as "docroot" for apache
<Skyrider> I'm actually using icron :D
<blackflow> and if you _do_ insist on /var/www/ you will _still_ need to replicate the structure.   /var/www/<user>/sites/www.somesite.com/
<blackflow> name the "sites" subdir as you wish.
<Skyrider> replicate the structure?
<blackflow> you need one extra user-owned dir under chroot
<blackflow> IF you want to allow them to create subdirs for sites. I don't know how you intend to configure nginx to run with that, you'd still need root to add a server {} stanza for each domain
<blackflow> do yourself a favor and don't reinvent the wheel, do what the industry has been doing for many years now.   /home/<username>/public_html-or-sites-or-htdocs-orwhatever/{somesite.com,anothersite.com,foobarbaz.com}
<adac> I have locked my docker-ce packages. But now I want to do a release upgrade to 18.04
<adac> but I do get: Please install all available updates for your release before upgrading
<adac> But I do not want to upgrade this package
<adac> it should stay on the same version
<Skyrider> blackflow: : To make things simple.. dont really want to bother with it much anymore, I've made a single user to access a single domain with all its subdomains.
<Skyrider> I got it to work, though all sub directories appear to be empty when I log into the user.
<Skyrider> setfacl appears to be the cause
<Skyrider> I give up -_-
<Skyrider> Not sure why it's such a bothersome to simply add a sftp user access to a specific directory, having the ability to read/write and maintain the original user/owner..
<Skyrider> I'm not even sure why it's displaying 0 directories/files right now.
<teward> adac: chances are you will have to upgrade the docker packages anyways because of new libraries/dependencies for build and runtime that Docker has to build against (outdated ones won't work)
<adac> teward, I have running this docker version also already with bionic (I think need to check really)
<teward> maybe the same *version* of the Docker codebase but it still has to build against *newer* libraries in Binoic vs. Xenial.
<teward> so it's *different* at the binary level
<adac> teward, thing is the newest docker version wll not work with my kubernetes version
<teward> but not the code level
<adac> kk I see
<teward> for do-release-upgrade it'll still complain, yes.  You might have to disable your Docker repository you're using to get it and do a full `apt-get update && apt-get dist-upgrade` afterwards then install the newer docker package version for the newer Ubuntu.  However I can't guarantee this'll work
<teward> Kubernetes is a little tricky.
<teward> adac: the other thing is, what are you on now, 16.04?
<teward> why upgrade to 18.04 if things're just working?
<adac> teward, I'm re-setup my whole infrastrucutre and I have this one single host that is part of this new infrastrcuture already but still has 16.04
<adac> and I would really like to have the same versions everywhere
<teward> i'm assuming you don't want to upgrade kubernetes then :P
<teward> which you'd probably end up having to do
<adac> teward, actually I'm using Rancher. Rancher supports 1.13.5 which at most supports docker 18.06.3
<adac> yes at some point I will upgrade kubernetes anyway that is true
<adac> :)
<adac> teward, I'm trying now out what you have suggested
<adac> this host can be down a bit no problem if somethign is not working
<teward> backup first
<teward> just in case :P
<adac> :)
<adac> teward, backup is running
<blackflow> Skyrider: I'm sorry but it's not bothersome at all. it's very, very simple. User owns files. nginx's www-data is in user's group (supplemantal!). php-fpm runs as user (one pool per user). User's home dir is root owned and there's a subdir (or more) where the user can upload stuff. Very, very simple.
<blackflow> Skyrider: no idea why you invoked ACLs, that will just unnecessarily complicate matters to no end.
<sarnold> it's amazing the flexibility you can have with the simplicity of unix acls
<blackflow> yes but it's rather hard to maintain, the ACLs are not immediately obvious, not visible in ls, you have to know they're there. personally I prefer to put a nice, auditable apparmor profile, instead of fiddle with ACLs
<blackflow> MAC > DAC and ACLs are DAC on steroid.
<blackflow> *steroids. still DAC tho.
<sdeziel> blackflow: I've yet to try php-fpm Apparmor hat support, do you have some experience with it?
<blackflow> Skyrider: btw, just so we're on the same page, the approach I'm preaching here, been doing that for many years and currently I have tha very setup for hundreds of clients and their websites.
<blackflow> sdeziel: nope. My setup is simple enough where "owner" is the only variation among pools. for more complex stuff I intend to have custom named profiles via systemd units, and one pool master per user, per unit, per profile.
<blackflow> in other words, I wouldn't go with one process changing hats, but statically fix processes to profiles.
<sdeziel> blackflow: OK. The hat thing is a per-pool thing
<blackflow> yeah. I disliked hats even with apache and selinux, years ago. I prefered MLS instead
<sdeziel> oh I see, you want multiple masters
<blackflow> uhuh.
<blackflow> the masters themselves don't really add any overhead and I can individually restart pools, unlike when with one master
<sdeziel> interesting idea and side effect. Too bad I was looking for a reason to try Apparmor hats
<Skyrider> blackflow: Can I undo the acls?
<blackflow> Skyrider: sure, -b flag to setfacl
<Skyrider> Thanks :)
<Skyrider> Just curious.. You say to set it to the users home directory instead.
<Skyrider> How is the user/group with this exactly with the web files?
<Skyrider> web files owned by the user, and as you mentioned, www-data in their group?
<blackflow> Skyrider: web files must be owned by user so that the default ownership (755 dirs, 644 files) allows them to write. with PHP in the game, you need to drop access to "others", so 750 and 640. In that case nginx (www-data) loses access, so you need to add www-data to users groups, so nginx can read the files.
<blackflow> that's also the least privilege principle in action. and of course, php-fpm process must run as the user, in order to have exclusive access to user/site files, and in order to write them (uploads).
<keithzg> Hmmm, so postfix rejects mail if the domain is in the virtual_alias_domains but the TO address isn't listed in the virtual alias map, even if there's CC's on that email that are? That is surprising to me!
<blackflow> postfix doesn't care about CC. and the alias map is really the authoritative here, just the domain won't work
<dlloyd> envelope to or message to?
<blackflow> has to be envelope, postfix doesn't care about To header either
<dlloyd> yeah, thats where i was leading to
<keithzg> Hmm I wonder how it was working *before* I set up the virual_alias stuff, that certainly seems to have been when these emails started getting rejected rather than passed on.
<paulatx> anybody happen to know how long the Ubuntu 16.04 EC2 images will support new hardware? The first graphic on this page: https://www.ubuntu.com/about/release-cycle makes it look like hardware support has already stopped for 16.04 but I'm not sure if that also applies to the AWS specific kernels which are also based off of the 4.4.0 GA kernel, not the 4.15 HWE kernel
 * keithzg is having a hard time digging through it all and figuring out what's going on since the verbosity for amavis is set so high, heh, still failing to understand why it dies from time to time
<blackflow> keithzg: postfix has its own rahter verbose logs, you shouldn't consult amavis at all. theres #postfix here on freenode if you need more help with it.
<keithzg> blackflow: Well it's /var/log/mail.log I'm looking at, and `journalctl -u postfix` doesn't have anything
<blackflow> keithzg: wrong unit, postfix.service. you need postfix@ for the instance running iirc?
<blackflow> neway, can you pastebin the problem entries? though really, I recommend #postfix for this particular issue, probably isn't specific to ubuntu defaults
<tomreyn> paulatx: so did you read this?  https://wiki.ubuntu.com/Kernel/LTSEnablementStack#Ubuntu_16.04_LTS_-_Xenial_Xerus
<tomreyn> paulatx: oh yes, according to what you wrote you probably did.
<tomreyn> so the aws images can't be used with the HWE kernel?
<tomreyn> i mean, you can't just install it like on regular ubuntu?
<keithzg> blackflow: Literally none of the postfix@ instances show anything, went through them one by one, but bizarrely postfix@* works, so apparently tab completion for journalctl leaves out whatever one I actually need to use?
<blackflow> keithzg: postfix@-.service
<paulatx> tomreyn: well the AWS images obtained from https://cloud-images.ubuntu.com/locator/ec2/ have the AWS tuned kernel enabled by default as detailed here: https://blog.ubuntu.com/2017/04/05/ubuntu-on-aws-gets-serious-performance-boost-with-aws-tuned-kernel.  I'm trying to figure out when the support for new hardware will stop on those AWS tuned kernels
<blackflow> keithzg: that's the default template instance
<blackflow> unless of course you have something else set up, this should be the default
<keithzg> blackflow: Huh. Yeah, that works. Just weirdly isn't one of the many things listed when I try and tab-autocomplete `journalctl -u postfix@`
<blackflow> keithzg: WorksForMe(tm) :)
<keithzg> blackflow: Hah!
<keithzg> I'm pleasantly surprised the wildcard approach worked, too; that's a bit more user-friendliness and standard unsurprising handling than I normally expect from the systemd gang
<tomreyn> paulatx: hmm, sorry, that's indeed beyond my horizon. i suggest you ask the same question here again tomorrow during UK business hours
<keithzg> blackflow: Funny enough, on another server it *does* work fine!
<blackflow> keithzg: patience and they will find a way to disappoint ;)
<keithzg> blackflow: haha, true taht
<blackflow> keithzg: so, can you pastebin the error, reason for NOQUEUE?
<paulatx> tomreyn: ok will do, thanks
<keithzg> blackflow: https://paste.ubuntu.com/p/2mSSGcyNfY/ is the paste
 * keithzg is trying now heeding that warning and changing the relay_domains to be more strict
<blackflow> keithzg: also address that warning in lines 2 and 3
<keithzg> blackflow: Yeah that's the warning I'm talking about, heh
<blackflow> ah k
<keithzg> There was an overlap, with the emails coming from phabricator.gmcl.internal, and the relay_domains being gmcl.com and gmcl.internal
<blackflow> 'sfine :)
<keithzg> (The central issue here is, some emails, but not all emails, from our Phabricator instance aren't making it to users)
<blackflow> well you'll have to investigate on a per-case basis. in this case, if you have a domain in virtual_alias_domains, you need to have the address in the virtual_alias_maps too. the postfix virtual readme has full explanation with examples.
<blackflow> keithzg: http://www.postfix.org/VIRTUAL_README.html
<keithzg> blackflow: Yeah, the weird thing is, in theory the emails are being sent to multiple users, and *one* of them is noreply@phabricator.gmcl.internal. But others are normal users, and they receive email from Phabricator fine in most circumstances. It's just this one subclass of email that's being rejected this way.
<blackflow> normal users as in they're "mailboxes" (virtual_mailbox_*) ?
<blackflow> aka destined for the virtual transport
<keithzg> Well, as in they're someguy@gmcl.com
<keithzg> (which this mailserver is the endpoint for, and they have "local" accounts (actually LDAP, but valid as real users on the system))
<keithzg> Hmm. Everything's still being rejected.
<keithzg> Time to specify an alias for noreply@phabricator.gmcl.internal and get some of these emails, see what they're actually trying to do
<adac> guys when rebooting my ubuntu  server 16.06 I get:
<adac> *16.04
<blackflow> I thought we established that first. if you want to treat this envelope recipient as alias, you need it in the map. alias = forwarder, btw, so it has to forward to (alias for) a valid address too, which can be a virtual mailbx, or an external relay'd transport
<adac> device not accepting address 36 71
<adac> -71 actually
<adac> any ideas what that problem might be and how to solve it?
<adac> actually there should be no USB dongle on that server. is a hosted server
<keithzg> blackflow: Yeah but the thing is, noreply@phabricator.gmcl.internal is in theory only *one* of the recipients; the others are all valid. And merely receiving emails for noreply wouldn't be terribly helpful, since that wouldn't then get the emails to the actual users.
<blackflow> keithzg: there's always just one recipient. if your sending MUA had CC, then it ran a RCPT TO for each of them. CC has no meaning for postfix.
<blackflow> one recipient as in one RCPT TO envelope recipient.
<keithzg> blackflow: Well exactly, which is why I'm wondering if Phabricator is doing something terribly silly in this case.
<blackflow> int _this_ case, you simply don't have the address in virtual alias maps, as the error is stating
<blackflow> and it's not checking anything else it seems which means you do have the domain, hence the expectation to consult the map
<keithzg> Particularly because of the very suspicious nature of there theoretically being three recipients (noreply, and two cc's) and the postfix log shows three copies being sent to noreply
<keithzg> Receiving noreply's emails wouldn't actually solve anything per se
<blackflow> irrelevant. your postfix has no idea where noreply@phabricator.gmcl.internal is, and how to deliver to it.
<blackflow> (according to the log you pastebin'd)
<keithzg> blackflow: Sure? But if as you say Postfix has no idea of "TO", then it shouldn't be seeing three copies sent to noreply; and of course any emails to noreply go nowhere, that's actually desired.
<keithzg> Hence I'm thinking maybe Phabricator is doing something wrong.
<blackflow> keithzg: I have no idea what your setup is. I'd really recommend you to pop into #postfix. read the /topic and prepare the logs and configs as specified by the !getting_help factoid.
<blackflow> but on the face value, from that log entry, it's very simple. postfix has no idea how to deliver to that address. it's not defined in the virtual_alias_maps (to have an alias'd destination), but the domain is, hence postfix looking for it there.
<blackflow> keithzg: where do you want mail RCPT TO that address, be sent instead?
<keithzg> blackflow: Nowhere!
<keithzg> The emails shouldn't be going to noreply anyways, and emails to noreply should indeed be rejected. It should be seeing emails to actual users, and most of the time that's how Phabricator sends email, but for some reason here it's sending all three copies to a single TO, which is noreply, instead of the actual Phabricator users with their valid @gmcl.com addresses
<blackflow> well it IS going nowhere. postfix will either accept and deliver, or respond with NOQUEUE like it is now
<keithzg> Sure, exactly.
<keithzg> And hence why I'm thinking the problem at very least involves the Phabricator side of things too, since it shouldn't be just sending to noreply
<blackflow> uhm, so why are we chasing hte postfix red herring then :)  you should check the MUA that's apparently trying to send to that address
<blackflow> "23:32 < keithzg> Hmm. Everything's still being rejected."  <-- implies you don't want it rejected.... you should really get your story straight and start at the beginning, but in #postfix :)
<keithzg> Well that's why I'm trying to receive the emails, so I can be sure of their exact actual headers :)
<blackflow> yeah, no, sorry. please pop into #postfix and prepare all the details as explained by the !getting_help factoid there. thnks :)
<keithzg> I mean, but as you say it's looking like Postfix is probably a red herring
<blackflow> (you'll get better postfix support there, and this isn't ubuntu issue per se ;)
<blackflow> keithzg: well it's rejecting which is apparently what you do want it to do.
<keithzg> blackflow: Yeah exactly, *postfix* seems to be acting according to design and intention, it's just somewhere beforehand where something's going wrong.
<keithzg> (Probably Phabricator, maybe nullmailer)
<blackflow> keithzg: "trying to receive emails" -- then just create the alias entry for a local or any other address.
<blackflow> receive it, see what's in it.
<keithzg> blackflow: Yup, that is *precisely* what I've done
 * keithzg now waits on the automated stuff that finds some files and commits a record of them via git-annex, which is then noticed by Phabricator's Diffusion, and then Herald rules send out the emails . . . it's all very Rub Goldbergian ;)
<keithzg> s/Rub/Rube
<blackflow> held by Canonical's duct tape :)
<keithzg> One of my favourite brands of duct tape :D
<keithzg> Things seem to be working well enough now and I have enough info to dive in and try and unpick the specifics myself; many thanks, blackflow :) And apologies for broadly ignoring your entreaties to bring my problem over to #postfix instead :D
<blackflow> keithzg: np, it's just it looked all the way as if you wanted the alias to actually work :)
<keithzg> blackflow: Yeah naw, as usual for me it's a subtlely weirder problem with more moving parts involved, haha
<gislaved> anyone still using local mirrors these days ?
<sarnold> yeah I've got on
<sarnold> one
<gislaved> so much install traffic ?
<gislaved> will be prettu big I guess ?
<gislaved> &pretty
<gislaved> *
<sarnold> gislaved: ~1.5 terabytes would probably do; mine's at 1.27 TB used at the moment: http://paste.ubuntu.com/p/KdKfBDMbts/
<gislaved> sarnold heh, share storage I believe ?
<gislaved> *shared
<sarnold> ?
<gislaved> or single disk ?
<gislaved> or VM disk ?
<sarnold> ah that zfs pool is on a nine-disk array: three vdevs of triple-mirror spinning metal drives
<gislaved> :)
#ubuntu-server 2019-04-17
<blackflow> sarnold: you showoff :) triple mirror stripes for volatile (easily replaceable) data! :)
<sarnold> blackflow: well, the intention is to some day power on the big stack of hard drives that have music and photos and consolidate decades of stuff into one place
<sarnold> blackflow: funny thing is, now that there's special vdevs, I've got a vague feeling of replacing both my pools. currently 3-three way mirrors on one, 2-two way SSDs on the other... a 9-drive raidz3 plus two mirrored special vdevs from the ssds...
 * blackflow faints
<blackflow> I never found any need to go beyond any-2 failure margin of a raidz2. once, in past 10 years, I had one two-disk mirror fail when the other drive failed mid-resilvering of the replacement for the first one.
<sarnold> juggling two pools is slightly annoying, and Big Files are probably fast enough from a raidz3 vdev .. metadata and smaller files from the ssds..
<lordievader> Good morning
<ZZlatev> Hey guys
<jamespage> sahid, coreycb: I've added openstack notes to https://wiki.ubuntu.com/DiscoDingo/ReleaseNotes
<jamespage> we should make sure we keep doing that
<sahid> jamespage: ack
<jamespage> sahid: also prepped a release email for the UCA which I shared with your and coreycb - pending a successfull smoke I'm running will send that shortly!
<sahid> jamespage: ok i'm reviewing it right now
<sahid> jamespage: ack for me thanks for it
<jamespage> np
<jamespage> its a bit of a copy/paste/search/replace exercise
<jamespage> but useful non-the-less
<sahid> :)
<shubjero> You have to download a total of 416 M. This download will take about
<shubjero> 52 minutes with a 1Mbit DSL connection and about 16 hours with a 56k
<shubjero> modem.
<shubjero> Still providing estimates using 56k modem :)
<shubjero> (do-release-upgrade for 16.04 > 18.04)
<tomreyn> there is IoT
<blackflow> Soon bases on the moon, the BDP there will kill! jumbo frames ftw.
<shubjero> PING moon (moon): 56 data bytes
<shubjero> 64 bytes from moon: icmp_seq=0 ttl=122 time=2.849 s
<shubjero> 64 bytes from moon: icmp_seq=1 ttl=122 time=2.995 s
<shubjero> 64 bytes from moon: icmp_seq=2 ttl=122 time=2.933 s
<shubjero> "low ping bastard!"
<blackflow> uhm.... moon will be ipv6 only. so yeah, fake ping output! busted!
<shubjero> https://www.theverge.com/2019/4/17/18411843/uk-porn-block-delayed-start-date-july-15th
<shubjero> well thats interesting
<shubjero> anyways
<lotuspsychje> shubjero: please keep offtopic chat in other channels, like #ubuntu-offtopic
<shubjero> yeah not gonna lie that was a wrong-window paste
<shubjero> my apologies
<adac> guys on one of my server I have this file
<adac>  /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal
<adac> on the other however not
<adac> where is this coming from which package? How can I create it?
<sdeziel> adac: the kernel or one of the modules create it
<tomreyn> adac: this is not a file, it is just presented as such. read the sysctl man page.
<adac> ok thanks
<adac> would need to know how this is being ativated this module
<sdeziel> adac: I'd guess nf_conntrack_ipv4 or nf_conntrack_ipv6
<sdeziel> or maybe the generic one nf_conntrack.
<adac> I try to execute this ansible task due to some kernel issues with ufw
<adac> https://github.com/ansible/ansible/issues/45446
<adac> but the file is not found
<adac> So that emans the module is not enabled
<tomreyn> documentation on this setting https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
<adac> makes me just wonder why on my other server it is enabled
<adac> maybe ufw with some command enables it
<sdeziel> (those are the modules I load to get a different but related sysctl key: net.netfilter.nf_conntrack_tcp_loose)
<tomreyn> sdeziel: copy / paste bug?
<adac>  tomreyn sdeziel how can I activate this modul?
<tomreyn> adac: that's a possible explanation. compare the 'lsmod' output of both systems
<sdeziel> tomreyn: no but maybe I wasn't clear. I'm trying to explain that I load nf_conntrack_ipv4 & nf_conntrack_ipv6 so that I have those proc files (also available as sysctl keys)
<sdeziel> adac: you can add those to /etc/modules-load.d/nf-conntrack.conf
<tomreyn> sdeziel: oh, yes, i misunderstood.
<sdeziel> adac: this will have them loaded on boot
<adac> would this only temporary enable it?
<adac> https://github.com/ansible/ansible/issues/45446#issuecomment-467829815
<sdeziel> adac: no, that would be permanent for the module load
<adac> sdeziel, ok thanks
<sdeziel> adac: the manual module loading is to make the sysctl command work reliably
<adac> sdeziel, guess this ansible module would work
<adac> https://docs.ansible.com/ansible/latest/modules/modprobe_module.html
<adac> to enable the module in first plance
<sdeziel> adac: normally the conntrack modules are loaded on demand based on your ip{,6}tables rules
<adac> sdeziel, yes but that only happens later in time when ufw is setup
<sdeziel> adac: but sometimes this on demand loading is too late for the sysctl to happen reliably
<adac> I need to do this first
<sdeziel> adac: hehe, I ran into the same issue and my workaround was to manually load the modules on boot
<adac> So mayb i can via ansible just enable the module, then enable this liberal tcp thingy
<sdeziel> (gee, took me way to many words to explain that one... sorry not fully awake it seems)
<adac> and then do the ufw stuff
<adac> sdeziel, welcome to the club :)
<sdeziel> adac: IIRC TCP liberal is for when you want to accept an ongoing connection you see for the first time. In otherwords it removes some of the stateful checks
<sdeziel> adac: have you tried "iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT" as a workaround instead?
<adac> sdeziel, I need it beause of this issue: https://github.com/ansible/ansible/issues/45446
<adac> sdeziel, would that be better option?
<adac> mean your workaround?
<sdeziel> adac: dunno, it looks like the connection states are reset so possibly my workaround wouldn't work.
<adac> sdeziel, for me the question is simply also what are the effects of setting this liberal TCP thingy
<sdeziel> adac: if it was my machine though, I'd probably do the TCP liberal thing before and undo it after, assuming you have that flexibility with ansible
<adac> on ohter connections
<adac> ok that sounds good yes
<sdeziel> adac: that's where tomreyn's link becomes handy, look at what it says under nf_conntrack_tcp_be_liberal
<adac> sdeziel, hmm loading the module does not automagically create this "file"
<adac> is this the module nf_conntrack or is this a own module as well: nf_conntrack_tcp_be_liberal
<sdeziel> adac: hmm, I'm assuming that you checked "lsmod | grep nf_conntrack" ?
<adac> the latter should be a variable right?
<sdeziel> more or less yes
<sdeziel> it's a pseudo file under /proc and is also available as a sysctl key
<adac> sdeziel, this is what ufw enable or a similar command enables:
<adac> https://pastebin.com/MDzNvWy6
<sdeziel> adac: I'll try to reproduce on a local VM
<adac> sdeziel, kk thanks
<sdeziel> adac: so loading nf_conntrack_ipv4 is what created /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal
<adac> sdeziel, ohh thanks so much!!
<sdeziel> adac: np
<adac> sdeziel, i will set this to 0 again after the ansible task is finshed
<adac> thank you as well for this good advise
<paulatx> anybody happen to know how long the Ubuntu 16.04 EC2 images (https://cloud-images.ubuntu.com/locator/ec2/) that use the AWS specific kernel will support new hardware? The first graphic on this page: https://www.ubuntu.com/about/release-cycle makes it look like hardware support has already stopped for 16.04 but I'm not sure if that also applies to the AWS specific kernels which are based off of the 4.4.0 GA kernel and not the 4.
<paulatx> I'm trying to figure out when the support for new hardware will stop on those AWS tuned kernels.  I spoke with tomreyn yesterday about this and he said I should try again today during UK business hours
<tomreyn> paulatx: it looks like you hit the late part of this day (very understandable if you're on the U.S. west coast). maybe we can try together to get a clearer picture. by the way, i'm just a volunteer here, don't work for canonical or anything.
<tomreyn> paulatx: also, i assume commercial support is available for those EC2 instances also, if you need a fully reliable response to this question.
<tomreyn> i run only 'standard' (non EC2) ubuntu installations myself (including 16.04 LTS) but those should be similar to EC2 instances apart from the kernel and some of the packages installed by default.
<tomreyn> i see that there is a linux-image-aws package available in 'xenial' (16.04 LTS), currently at version 4.4.0.1079.82
<rbasak> paulatx: what do you mean by new hardware in the context of EC2? New virtual hardware?
<tomreyn> in ubuntu 18.04 LTS, there is also this package (currently version 4.15.0.1035.34) as well as a linux-image-aws-edge package (in case one would need to use the very latest hardware, mostly for testing purposes, currently at version 4.18.0.1012.11, and in the community supported 'universe' section)
<sarnold> paulatx: there's an #ubuntu-kernel channel that may have more folks specifically aware of hardware support on amazon clouds
<rbasak> In general, hardware enablement, which includes virtual hardware in the case of EC2, is permitted until end of standard support, which for 16.04 is April 2021. However I don't know of specific intentions in the case of these particular images.
<paulatx> sarnold: ahh it sounds like #ubuntu-kernel is where I should be asking.. they may have a better pulse on what the deal is with support of the AWS specific kernels/images
<rbasak> rcj: would you know the answer to paulatx's question above please? I don't see fginther or gaughen in here.
<tomreyn> paulatx: can you discuss the use case? based on your hostname, i assume this may be graphics hardware related?
<paulatx> tomreyn: the quick and dirty is that AWS is always announcing new hardware so we want to know how long the Ubuntu maintained 16.04 LTS EC2 images will support new hardware.  If they will support new h/w through April 2021 then we may put off upgrading to 18.04 LTS but if support for new h/w ends sooner then we will upgrade sooner
<tomreyn> thanks.
<rcj> rbasak: thanks for the ping.  I'm
<rcj> rbasak: thanks for the ping.  I'm seeing who from the kernel team is here to answer that completely (rather than bumping paulatx to #ubuntu-kernel)
<paulatx> rcj: thanks
<rcj> The short answer is that the linux-aws custom kernel was created to allow for AWS specific tuning and for new AWS instance/feature support that would not be possible with the generic kernel.
<paulatx> rcj: right.. so are there details somewhere on the support / lifespan for the linux-aws custom kernel?
<lotuspsychje> fresh from the press: https://blog.ubuntu.com/2019/04/17/ubuntu-server-development-summary-16-april-2019
<bjf> rcj, paulatx, what's up?
<teward> assuming rcj summoned you, bjf, questions re: linux-aws custom kernel.  trying to find the exact original question in the scrollback though.
<teward> ah here it is.
<teward> bjf: sent you a small number of lines in PM of the original question :P
<bjf> teward, got them
<bjf> teward, so .. in general we don't backport new support for new HW back to earlier releases
<teward> paulatx: ^
<bjf> teward, however
<teward> bjf: mishighlight, targets -> paulatx :)
<teward> i'm just helping :)
<bjf> teward, paulatx, however if Amazon asks us for specific support and that support isn't too intrusive (low risk of regressions) then we will do it
<bjf> teward, paulatx, it's not a simple rule .. in general, the idea with an LTS every 2 years is that you have time to plan for your upgrade
<paulatx> bjf: interesting.. ok.  So it sounds like the new hardware support essentially boils down to how hard it will be to add support for the h/w, if it is simple it will be added and if level of effort / risk is high then no dice
<bjf> paulatx, yes, that's basically it
<bjf> paulatx, if you are a Canonical customer then you can raise your specific request through our support org. otherwise you can create a launchpad bug and point us at it and we will look at it
<paulatx> bjf: no I think this answers my question, thank you very much.  Sorry for pulling in so many people.. didn't realize this was going to be a hard question to answer!  :)
<sarnold> part of the beauty of aws is not caring much about the hardware :)
<bjf> paulatx, no problem
<blackflow> I don't know how anyone can use public clouds/VMs in the post-Meltre (Meltdown+Spectre) world.
<sarnold> meltre :D
<blackflow> mmmh-hmm. :)
<blackflow> I stopped using them after I saw with my own five eyes, cross-VM ssh pubkey injection via rowhammer and non-ECC host side RAM. yes, 'sright, one VM injecting ssh keys into another's memory.
<paulatx> sarnold: haha.. but when they come out with <insert cool new tech here> that is AWS specific and you can only take full advantage if you have kernel support then we have to care
<blackflow> I haven't yet seen personally Meltre exploited like that in public clouds, but I've heard stories.
<paulatx> anyway, thanks for the help everyone
<sarnold> blackflow: wow. crazy. it feels almost criminal that They still sell non-ecc ram on new machines. (Lookin at you intel.)
<blackflow> well all hetzner's non-enterprise baremetals are non-ECC and they're used a lot by the eastern bloc for VMs and games.
<sarnold> I hadn't heard that about hetzner before :(
<blackflow> I've seen a few offers at lowendtalk dot com that were non-ECC too
<blackflow> sarnold: their entire EX line, the oldest, is non-ECC corei7 https://www.hetzner.de/dedicated-rootserver/matrix-ex
<blackflow> only with PX they started offering ECC
<sarnold> blackflow: seems silly to have dual nvme in those things but no ecc
<blackflow> they're aimed at companies offering cheap shared hosting and VMs, and for games.
<DammitJim> man, I have to say that I am very happy with Canonical support
<OerHeks> :-)
#ubuntu-server 2019-04-18
<lordievader> Good morning
<cpaelzer> jamespage: coreycb: can you do me a favor and check a few openstacks we have deployed and check if openstack ends up constructing the cpu out of features
<cpaelzer> meaning a CPU name and a long list of feature enable/disable in libvirt
<cpaelzer> I think we talked about that in the past and it was that way (trying to create the common denominator for migration)
<cpaelzer> and if so could you please check if the openstacks we have defined the feature "osxsave" or "ospke" ?
<cpaelzer> (this is a re-ping from yesterday)
<cpaelzer> jamespage: coreycb: the above is most likely if you every used cpu type host-model on x86
<axino> cpaelzer: https://pastebin.canonical.com/p/vyfG2mfgR8/ random instance I'm wokring on
<axino> cpaelzer: https://pastebin.canonical.com/p/5K5GDfTpWR/
<cpaelzer> thanks axino
<cpaelzer> axino: that matches what I found on other systems - thanks!
<geodb27> People : hi ! I wanted to try out nova-lxd on a brand new vm with ubuntu-18.04 LTS server, so I followed what I found over here : https://javacruft.wordpress.com/2019/04/17/openstack-stein-for-ubuntu-18-04-lts/ (installed the repository and did a apt update). However, "apt-get install -y nova-lxd" fails with : "E: Unable to locate package nova-lxd" . What am I doing wrong ?
<cpaelzer> geodb27: I think it is called nova-compute-lxd
<geodb27> Thanks for your answer cpaelzer. I'll give it a try. However, I thought I had understood that nova-lxd was a meta package to ensure that, as stated on the page I linked to : "The 'nova-lxd' package ensures that the nova-compute daemon is started with the correct hypervisor driver for LXD;"
<cpaelzer> geodb27: src:nova-lxd builds binary nova-compute-lxd (and others)
<cpaelzer> maybe there was a rename at some point - I don't know details
<geodb27> oh, great ! Then I'll see how it works when it is all installed !
<neildugan> I am having trouble with a remote login using Remmina ... I can log into various account on the server but one gives me trouble... when I give the correct username & password. After a while I get the a "Connection Log" dialog with the message "login successful for display 10" "starting connecting" "connection problem, giving up" ... anyone know what is wrong with this account
<tomreyn> neildugan: which protocol are you using for the remote connection?
<tomreyn> remmina supports several, so this can make quite the difference
<neildugan> tomreyn, RDP
<tomreyn> neildugan: so the remote system runs which OS?
<neildugan> tomreyn, Ubuntu 18.04
<tomreyn> neildugan: and the client runs ubuntu, too?
<neildugan> tomreyn, yes
<tomreyn> and you use RDP rather than VNC there because?
<tomreyn> maybe Windows / OS X clients also access this remote system?
<neildugan> tomreyn, it works (at least for the other accounts)
<tomreyn> have you tried to connect from a command line rdp client such as freerdp?
<tomreyn> i think this is what remmina actually uses, too
<neildugan> tomreyn, I am using Ubuntu exclusively
<tomreyn> personally i'd prefer VNC then, but surely the protocol choice is up to you.
<tomreyn> so using freerdp may provide better info on what is failing, and surely you should also inspect the server side RDP server logs.
<neildugan> tomreyn, any ideas on why only one account doesn't allow login... all the others do, there are 5 or 6 of them
<tomreyn> neildugan: sorry, my crystal ball is currently in repair.
<tomreyn> neildugan: check the rdp server and system logs (the latter about authentication), try logging in from the remote system to itself.
<neildugan> tomreyn, ha ha ... ok ... do you know where the rdp server logs are
<maeud> for Windows neildugan ?
<sarnold> lsof on the server may show the log file locations
<sarnold> maybe they go through journalctl?
<tomreyn> neildugan: there is no rdp serve rinstalled by default, so one of your admins must have installed it. maybe start with    dpkg -l | grep rdp
<tomreyn> rdp is tcp 5390 isn't it?
<tomreyn> ah no 3389
<tomreyn> so     lsof -i:3389    will also tell you the process accepting those connections
<tomreyn> and once you have the process you find its installation path using "which processname". and once you got this, you can "dpkg -S installationpath" to get the package providing this command.
<greyboop> just noticed live-installer/net-image as an option for preseeding. I tried it out using the hwe-netboot kernel/initrd to pxe boot it but its not downloading the squashfs file. Any ideas what I need to do to get the live-installer running?
<null_r3f> Does server 18.10 come with fail2ban or a firewall on by default? Scanning this server with nmap is leading to a lot of no responses on live services.
<RoyK> null_r3f: apt install fail2ban ufw
<RoyK> ufw allow ssh ; ufw enable
<RoyK> take it from there
<RoyK> then configure fail2ban
<RoyK> null_r3f: very few distros come with these things enabled by default, for good reasons - they make it harder for newbies to setup things and make them work
<RoyK> and it can be enabled in seconds
<null_r3f> RoyK, just trying to do some troubleshooting. Wanted to make sure these features weren't enabled out of the box
#ubuntu-server 2019-04-19
<OerHeks> morning, another postgresql-11 issue, databases gone, https://bugs.launchpad.net/ubuntu/+source/postgresql-11/+bug/1825476
<ubottu> Launchpad bug 1825476 in postgresql-11 (Ubuntu) "Postgresql databases all gone after dist-upgrade to 19.04" [Undecided,New]
<qwebirc79363> I have a server at home ( ubuntu 18.04 ) there have two nicks ( have a connection in two networks ). How do I set wich nick there should be default route for it
<qman__> qwebirc79363: you set a default gateway on the one you want to use for default route, and not on the other one
<qwebirc79363> qman__: the issue is that the network that dont shall have gateeway there is it not posible to set static lease because of the router does not reserve ip's there is static and that router is out of my control. But I have maybe found another solution so I'm trying to figure out what interface is what card in the server
<qwebirc79363> qman__: because I just noticed 5 min ago about dhcp4-overrides in netplan examples and that should be able to force default gateway to the interface it has to be on
<qman__> yep, should be an option in the DHCP settings, if not, you can fix it yourself with a script in the dhclient-exit-hooks
<qwebirc79363> qman__: so yeah I'm able to test it as soon I have found out wich interface there is onboard and wich there is pci-e
<qwebirc79363> unfortunally both are intel and I have only the model number to work out from
<qwebirc79363> qman__: btw as a side note I have also found out that for some reason then I should not ask questions on askubuntu another time. Because for some reason it gets down voted there even that there is no answers
<qwebirc79363> qman__: okay this is weird new when I tried with dhcp4-overrides from the examples on netplan.io then I actually got this error "Error in network definition /etc/netplan/config.yaml line 5 column 6: unknown key dhcp4-overrides"
<qwebirc79363> qman__: Just found out that its a bug in netplan and it looks like they are only going to patch it in cosmic and disco but not in the lts
<qwebirc79363> how do I change metric on a route manuelt just to work around it atm
<tomreyn> qwebirc79363: https://askubuntu.com/questions/1008571/#answer
<tomreyn> this doesn't answer the metric question, but explains how to set the default gatzeway on just one interface, which  may be what you want to do
<qwebirc79363> thanks tomreyn well the gateway/routing options for dhcp clients does not work in ubuntu sadly and there is no eta because the netplan is so old. So this was just as temporary fix until I get the time to format the server and go back to debian
<tomreyn> i can't follow the reasoning there - older supported releases also receive fixes, you can also choose to not use netplan and configure the network directly via systemd-networkd or network-manager.
<tomreyn> qwebirc79363: ^ this said, you can also use the 'ip' command to modify the mtric.
<tomreyn> *metric
<tomreyn> you'd first delete a route, then add it again with the proper metric.
<tomreyn> example: ip route add 192.168.100.0/24 via 10.0.0.1 metric 100
<tomreyn> "ip route" prints the current routes
<qwebirc79363> actually no because CanonicalLtd has refused the fix about DHCP override options and it still does not work https://github.com/CanonicalLtd/netplan/pull/73
<qwebirc79363> even here several month after
<cyphermox> wat?
<cyphermox> that has nothing to do with refusing the fix; I rejected the pull request because it's entirely the wrong way to go about it, and the changes were in fact in progress
<qwebirc79363> well its still not fixed here several month after
<cyphermox> it is fixed in 19.04, and the backports are in progress
<cyphermox> https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.10.2
<cyphermox> https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.04.3
<qwebirc79363> and that backport still reports error
<qwebirc79363> I have tried to install it
<cyphermox> ^ those are in proposed right now, and about to land in bionic and cosmic except someone noticed something unrelated being off
<qwebirc79363> well even after that 0.96 installed from launchpad then it still report this in bionic "Error in network definition /etc/netplan/config.yaml line 5 column 6: unknown key dhcp4-overrides"
<cyphermox> then either you are not really using 0.96, or you have another error in your yaml that breaks this
<qwebirc79363> I have followed the guide from netplan.io and I have the 0.96
<qwebirc79363> I installed this one netplan.io/bionic-proposed 0.96-0ubuntu0.18.04.3 amd64 [upgradable from: 0.40.1~18.04.4]
<cyphermox> how about you put your yaml in a pastebin so I have have a look?
<qwebirc79363> 2 sec
<qwebirc79363> https://pastebin.com/jfkuSzZ0
<qwebirc79363> cyphermox: should we take it here or in netplan channel
<codefriar> greetings folks. I'm having some IPTables rules issues. I've setup my vps host as a bastion host, with Tinc to my home based server. From the bastion host, I can ssh into my home box via the Tinc vpn. Likewise, I can ssh into my bastion box from my home server via the tinc link. I think it's safe to say Tinc is working. However, I'm trying to use iptables rules to forward requests received by the bastion host to my home server
<codefriar>  via the tinc  link. https://gist.github.com/codefriar/9b60517ecaa8b6de62174a0d59913531 is a listing of my existing iptables rules. From the internet, I can hit my bastion host on port 443, but it never seems to return any data from the home server. Anyone had any suggestions?
<cyphermox> qwebirc79363: doesn't matter
<qwebirc79363> cyphermox: btw the pastebin I posted that is my config file
<RoyK> codefriar: I'd recommend using ufw if youdon't have any particular needs other than just a firewall
<RoyK> !ufw
<ubottu> Ubuntu, like any other Linux distribution, has built-in firewall capabilities. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | GUI frontends such as gufw and ufw-kde also exist. | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo
<codefriar> RoyK I'm using iptables to forward traffic from one interface to my vpn interface
<RoyK> ok - I see
<SomeT> in ubuntu server I have the following active screen, in screen: https://i.gyazo.com/1db666e2bd97073d88183f0bad64c52b.png its running in the background and I want to stop it, how do I switch back to it?
<tomreyn> https://askubuntu.com/questions/302662/reattaching-to-an-existing-screen-session
<tomreyn> SomeT: please don't cross-post
<SomeT> I wont now
<SomeT> sorry
#ubuntu-server 2019-04-20
<set_> Hello!
<sarnold> hi set_
<set_> Where should I look to view tutorials on making my server run outside of my servers?
<set_> I have ubuntu server.
<set_> For instance, should I use Bind9?
<sarnold> what problem are you trying to solve?
<set_> Oh.
<set_> I can only view my web page online on my network for some reason.
<set_> I want to view it outside of the network.
<sarnold> alright .. there's a lot of moving parts to that one :)
<set_> Yea!
<set_> I am using apache2 for now.
<set_> I plan on using nginx later but for now, I would like to stick w/ apache2.
<sarnold> so .. is your network NATted? (probably yes)
<set_> No.
<sarnold> ohho
<sarnold> alright then :)
<set_> Yep!
<sarnold> what IP addresses is apache bound to?
<set_> an ip address w/ :443 only.
<sarnold> you need to make sure that it's bound on a routable address, not just a lan-local address or localhost
<set_> Oh.
<sarnold> you need to make sure any firewall in place on the network or the machine allow network connections from the world
<set_> Right. I got that idea.
<set_> The routable address needs to be from a service or can I use free addresses?
<set_> See. I own this website and I am thinking of getting dynamic dns services for a static ip.
<sarnold> whatever IP addresses you've been allocated by your ISP ought to work
<set_> I learned how to use netplan but the Ubuntu server is/or netplan is complaining. So, I went w/ another idea = apache2.
<set_> Okay.
<set_> I have 18.04 and netplan loves to complain. Are you having trouble w/ this issue or netplan in general?
<sarnold> netplan has worked well for me so far
<set_> sarnold: Oh.
<set_> Okay.
<set_> No issue.
<sarnold> but I've got a really simple network: the laptop is just using network manager, the big machine in the basement is just doing one IP behind a nat firewall..
<set_> Oh.
<set_> See. I was going to host a website from my own server but the ideas are vast and I am only one person. It takes an age to get things done.
<set_> ...
<set_> This is why I thought a service might help out.
<set_> Anyway...I appreciate your help.
<set_> I guess I do not know the correct way to ask just yet. I will have to read more.
<set_> I read this book, "Mastering Ubuntu Server, (LaCroix 2018)," and the ideas are beating my brain senseless.
<set_> I have not been able to reproduce the steps this person took w/ Ubuntu Server.
<set_> sarnold: Have you read this book?
<sarnold> set_: sorry, no. but that's not too much of a surprise ..
<sarnold> set_: so, where are you currently stuck?
<sarnold> set_: like, is your apache bound to a routable IP?
<set_> Okay.
<set_> Yes.
<set_> The website comes up and it is live, I have https for my site, and the site is not live outside of the network.
<set_> I tried to view it elsewhere and it just keeps circling.
<set_> No reponse.
<set_> reponse = response
<set_> My apache2 server works. Ubuntu Server works. I am missing something.
<sarnold> set_: so, from a host off your network, what do you get when you run openssl s_client -connect ipadress:443  ?
<sarnold> try it against google if you want to see what success looks like, openssl s_client -connect www.google.com:443
<set_> I would have to look tomorrow when I travel.
<set_> If I am not using openssl, does that command still work?
<sarnold> if you don't have an aws instance or similar to use for testing, you could also try the qualys checker, https://www.ssllabs.com/ssltest/analyze.html?viaform=on&d=
<sarnold> this is just using openssl's s_client interface to talk tls to a service and then do nothing else
<set_> Okay.
<sarnold> it's great for testing web servers, mail servers, irc servers etc
<set_> Aw.
<sarnold> it's a lot like a netcat that understands TLS
<set_> Yea. sarnold: You are talking out of my league still. I am a fresh-off-the-boat user for ubuntu server.
<set_> I used openssl but stopped b/c I did not self-signed certs.
<sarnold> okay, a quick intro to netcat then :) try "echo hi | nc localhost 22" to see your openssh login banner
<set_> Anyway sarnold: I have a lot to learn and tonight might not be the night. I need to learn more to discuss things w/ this crowd (obviously).
<set_> Thank you, anyway. Maybe another time, sorry.
<sarnold> alright, have fun :)
<set_> I appreciate the effort and help.
<Haris> hello all
<Haris> I'm having trouble with mod_ruid2 mod for apache on 14.04. The user group I set in vhost configs, apache is not writing new files with its ownership. Also, is this issue resolved in 16.x, 18.x? this is an amazon aws instance, running from the freely available images on amazon
<tomreyn> Haris: 14.04 is almost end of life, upgrade now!
<Haris> yes, I know. but still need a way to keep things running meanwhile
<tomreyn> Haris: what do you use / need mod_ruid2 for?
<Haris> for anything uploaded or any file/folder created by web scripts to be with ownership, permissions of the configured u/g
<Haris> processes apache runs for that specific vhost run with perms/ownership of that u/g
<tomreyn> which languages are those web scripts in?
<Haris> php
<tomreyn> why don't you use php-fpm?
<Haris> don't want to use php plugin independent of web server
<Haris> no significant benefit from it
<tomreyn> have you ever used it?
<Haris> yes
<tomreyn> then i'm surprised you see no benefit
<tomreyn> i never used mod_ruid2, though. but if it's anything like suexec...
<Haris> it works ok on centos
<Haris> doesn't work on ubuntu's implementation
<Haris> not like suexec
<Haris> its inline, included plugin in apache
<Haris> doesn't run separate
<tomreyn> sure, it's a module, this can probably improve handling. on the other hand it means it needs to have authority to change ownership of files to any users, i guess, which effectively means root.
<tomreyn> but i'll need to read up more
<Haris> its good because it works as an inline, included plugin. removes all headaches like suexec
<tomreyn> i'm assumign you're doing shared hosting there, in which case per customer / user process control and isolation is important. does it do this well?
<xedniv> im encountering issues with the 18.04.2 live cd. when installing using lvm and a custom partition layout, the fstab mountpoints use UUIDs only, and during first boot, /usr cannot be mounted. same for root, more or less. lvm vgchange -a y fixes it.
<tomreyn> xedniv: can you show the custom partition layout?
<tomreyn> by "18.04.2 live cd" you mean the 18.04.2 live-server installer, right?
<lotuspsychje> pabed: ask your issue here mate, volunteers might help think along with you
<pabed> lotuspsychje: in this path "/etc/network/if-pre-up.d/ i see https://termbin.com/0f0g not iptables
<pabed> I followe this https://paste.ubuntu.com/p/sjpxf9FdGD/ for persistent iptables , but there is no such file there
<RoyK> pabed: iptables-persistent, perhaps?
<pabed> RoyK: how should I use this command?
<RoyK> apt install iptables-persistent
<RoyK> then read the manual
<xedniv> tomreyn, yes
<pabed> RoyK: I installed but it is not found
<xedniv> tomreyn, https://pastebin.com/K9sqi7qg
<xedniv> the fstab
<xedniv> tomreyn, the ubuntu-vg mapper entries: https://pastebin.com/KyjXCM3i
<RoyK> pabed: it was just a suggestion - personally, I just use ufw
<tomreyn> xedniv: thanks. i'll try to reproduce this. have you filed a bug report, yet?
<xedniv> not yet, i havent got my launchpad account in order in ages
<xedniv> :(
<xedniv> (but will do)
<tomreyn> xedniv: would you post it here when you did, please?
<xedniv> tomreyn, in a couple hours, yes
<xedniv> are you trying to repro it now?
<xedniv> the dirty workaround I used in one guest was to add a initramfs script
<xedniv> that just calls lvm vgchange -a y
<xedniv> but thats tricky, it could definitely mess things up in other installations
<xedniv> by activating groups not needed at boot
<xedniv> tomreyn, https://bugs.launchpad.net/bugs/1573982
<ubottu> Launchpad bug 1573982 in lvm2 (Ubuntu) "LVM boot problem - volumes not activated after upgrade to Xenial" [Undecided,Confirmed]
<xedniv> tomreyn, https://askubuntu.com/questions/551446/cant-find-lvm-root-dropped-back-to-initramfs
<xedniv> seems im not alone
<tomreyn> xedniv: i'd say file a new bug against subiquity (server live-installer) and curtin. unless you did btrfs?
<xedniv> ext4
<tomreyn> this bug report is old, centers on unsupported versions
<tomreyn> that's unless oyu know it's axctly your bug
<tomreyn> i.e. this commit makes a difference for your use case.
<xedniv> not so old if it applies to current
<tomreyn> hmm yes maybe you're right
<tomreyn> i think this Tag fginther added is actually a reference to a cnonical internal ticket, suggesting there may be someone planning to work on this.
<tomreyn> (after comment 25)
<tomreyn> xedniv: the issue i take there is that the bug title describes an upgrade, whereas your issue is a fresh installation (different, and more serious).
<tomreyn> rewriting the first title (and maybe the first post, too) may be an option, if it doesn't break context.
<tomreyn> i won't try to reproduce it then, though.
<xedniv> yup
<xedniv> you might eb able to repro faster than i can file the bug though
<xedniv> swamped atm
<xedniv> i already had the issue with two separate installs fyi
<tomreyn> if you're looking for a solution, use the alternative server installer, it may work better.
<xedniv> what are the main differences?
<xedniv> (lazy question, i know!)
<tomreyn> the alternative server installer is the old "debian-installer" (also still in use for mini.iso). is both enables and forces you to configure a lot more, whereas the new server-live installer comes not only with a nicer GUI, but also asks a lot less questions, and installs as soon as it can. the live-server (subiquity) installer is also an image-based installation just like the (ubiquity) desktop installer, i.e. a tarball of the completed
<tomreyn> installation is produced when building the installer and shipped with it, and just pushed to the disk during the installation, which is a lot faster than actually installing all those debian packages one by one.
<tomreyn> xedniv: ^
<tomreyn> this said, the server installer still has several relevant bugs (from the perspective of this non cannoical affiliated volunteer)
<Pyro_Killer> What do ya'll know about the funky version of Ubuntu 16.04 every VPS provider seems to use
<Pyro_Killer> *VPS providers seem
<whislock> Define "funky"?
<whislock> Oh, he's gone. Oops.
<teward> whislock: they probably meant the preinstalled 'images' :P
<whislock> Oh, yeah. A lot of them are terribad.
<whislock> Linode: "Here, you need wifi support." What?!
<JanC> seems like the main thing my VPS provider's new cloud infrastructure adds (in addition to adding their own APT mirrors & optionally injecting your SSH keys) is Qemu guest agent
