#ubuntu-server 2006-01-16
<msh> hi
<mr-clark> Hi guys. So how ready is Ubuntu server for production use? from a security perspective specifically?
<infinity> mr-clark: You can use breezy on servers now, if you like.  Our commitment to security is the same as always.
<mr-clark> And the support for EM64T is good too?
<infinity> With an amd64 install CD, sure. :)
<infinity> (And perhaps the xeon kernel, if those are Intel Xeons you've got)
<mr-clark> Okay. I'll have to give it a try tomorrow.
<mr-clark> Having a hell of a time finding a good, secure, server distro.
<mr-clark> That properly supports EM64T.
<infinity> mr-clark: Well, that should be us, in theory.
* ..[topic/#ubuntu-server:irc.freenode.net] : ubuntu-server discussions and support | for general support see #ubuntu | U. S. (stable) at http://tinyurl.com/b3jek | U. S. (Devel) at http://tinyurl.com/cllfu | U. S. dapper specs: http://tinyurl.com/aen9b | U. S. forums at http://tinyurl.com/b77qg | ubuntu-server@lists.u.c is up and running | searchable packages list: http://packages.ubuntu.com
#ubuntu-server 2006-01-17
<maswan> Hey, one thing that would be nice on an ubuntu server would be to have gnomey programs like evince installed without pmount and similar stuff (minimizing the number of +s binaries)
* ubijtsa might have fixed a silly problem with ffingerd and ipv6
<ubijtsa> patch submitted to maintainer :)
<lapo> hi
<spike> 'morning
<Set> good morning
<Set> spike is da man
<Unfun> anyone know where i can pick up rrdtool 1.0.x for breezy?
<derekS> so, i am trying to figure out what I want to do with my newly setup ubuntu-server (it was a spare machine)... i setup as a samba server, and have a bunch of console apps running via ssh, what other fun things can i do that i haven't thought about?
<fabbione> derekS: mail server? spamfilter server?
<derekS> fabbione: i was going to set it up as a mail server, but my internet connection isn't good enough, so its just the home network
<derekS> spamfilter, not bad idea
<derekS> i had an old box, so i thought i would put something fun on it
<fabbione> dhpcd? ipv6 tunnel server? radvd?
<derekS> i already have dhpcd done, and ipv6 using one of those free services
<derekS> there is like nothing fun to do with a horrible i-net connection
<derekS> oh well, i am sure i will think of things
<derekS> ultimately I am going to setup an ldap server to handle user accounts (maybe even remote /home directories)
<derekS> what are the odds of ubuntu-server one day settign it up so that it automatically sets up an ldap server at install
<derekS> so oyu can't really have local users/et
<derekS> c
<fabbione> derekS: probably dapper+1
<derekS> fabbione: ok, so it was already thought about, i wasn't sure
<fabbione> derekS: yeps
<derekS> would there be a difference to authenticating (how it does it now) and authenticating via ldap that listens on 127.0.0.1 (or blocks anything other than localhost)
#ubuntu-server 2006-01-18
<tepsipakki> fabbione: hi! I still haven't mailed mdy (about Netvault etc), but that's because I haven't found his email address, so what is it? :)
<fabbione> mdy@canonical.com ?
<tepsipakki> oh, _that_ easy
<fabbione> it would have been easier if you did /msg mdy here on IRC the same moment i told you too :)
<tepsipakki> hmm, true, true
<tepsipakki> perhaps easier for me to explain things on an email, though ;)
<[A] ndy80> hi a little question about creating a samba PDC...
<[A] ndy80>  if I configure Samba as PDC, then I configure win 98/2000/xp clients to join the domain and to authenticate with the PDC, how can I configure linux clients to authenticate to the PDC?
<lionelp> Hi [A] ndy80
<lionelp> In that case, the easiest solution is to use Winbind
<[A] ndy80> lionelp: isn't winbind only to authenticate against ActiveDirectory?
<lionelp> not against an active directory, against a windows authentication system, which can we an ActiveDirectory or a samba PDC
<lionelp> more generally a PDC, not necessarily an ActiveDirectory
<[A] ndy80> ah ok...
<[A] ndy80> thanks!
<lionelp> You have a good documentation here : http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
<GheRivero> hi everyone!
#ubuntu-server 2006-01-19
<Gorii> hi there
<spike> hi Gorii
<Gorii> I wan wondering, can anyone enlight me about the possibility that Ubuntu-server might work on an IBM xSeries 226 ?
<spike> Gorii: not me sorry, but there was *lots* of talking about zSeries and IBM machines a few days ago, so I'd definitely assume some in here knows.
<Gorii> great ! Is there a searchable log of the channel somewhere ?
<maswan> Gorii: it should probably work out of the box on most normal servers
<Gorii> I am only worried about the scsii drivers and raid-1 out of the box...
<maswan> what scsi chip is in there?
<Gorii> just onse sec, lemme find the link...
<maswan> I've only done hp stuff on current hardware though
<Gorii> This guy : IBM xSeries 226 Xeon HT, EM64T-2.8GHz 512MB U320-SCSI CD 2x514W
<Gorii> http://www5.pc.ibm.com/europe/products.nsf/$wwwPartNumLookup/_X80BYxx?OpenDocument
<Gorii> Thats the machine I was considering to buy ... having Ubuntu on it would be fantastic !
#ubuntu-server 2006-01-20
<ttaulman> i've lost sound on thinck client, server ubuntu 5.10, client's edubuntu/ubuntu 5.10. any ideas?
<ttaulman> nfs file shares?
<KZ> hi
<ttaulman> hi
<KZ> i'm interested how will linux affect if i have XP already?
<KZ> will it share files, or have it's own
<spike> KZ: see the topic, for general support ask in #ubuntu, this channel is dedicted to the server edition
<KZ> oh
<KZ> sorry
<spike> np
<ttaulman> i'm losing sound when using ubuntu breezy as server and ubuntu breezy client, ldap authenticate and nfs shares for /home. any ideas?
<lionelp> ttaulman: it's a problem of rights on sound devices
<lionelp> you have two solutions (i am not realy fond of one of the two solution, but i have not found another one that satisfies me until today)
<lionelp> or you add the user of the workstation to the correct groups (audio, video, etc.), or you change the files in /etc/udev.d the rights in order that everybody can write on the devices
<lionelp> you will have the sames problem if your users want to use usb keys
<ttaulman> lionelp, the user are members of the audio group and they still don't work
<lionelp> hum... that's strange
<lionelp> the local audio group ?
<ttaulman> lionelp, i haven't tried the other option
<ttaulman> mot the local audio group because they are only on the server
<lionelp> ah...
<lionelp> you can add a ldap user to a local group
<ttaulman> oh..
<lionelp> (ok, that's a bit strange but...)
<ttaulman> do i need to?
<lionelp> if you don't want, the LDAP audio group and the local MUST have the same gidNumber
<ttaulman> wouldn't that mean i would have to add all users that might use the computer to local also to make it work?
<lionelp> yes, if you use the first solution, you have to do it
<ttaulman> so the second one, change the /etc/udev.d will work?
<lionelp> yep
<lionelp> you have to change the rights on the /dev/audio/*
<ttaulman> ok, what exactly do i change, i'll have to bring it up and look at it, and do i change it on the server or the client?
<lionelp> let me have a kick look, i don't know it by heart :)
<lionelp> in the file /etc/udev/permissions.d/udev.permissions
<lionelp> where the group "audio" figures, change the permission from 660 to 666
<ttaulman> ok, i see that, client or server?
<lionelp> on the client
<ttaulman> hold on, don't see that on the client, it just says audio, no permission number like others have
<lionelp> it's a breezy on the client ?
<ttaulman> yep, only have /etc/udev no permissions.d just a permissions.rules file
<lionelp> you're right
<lionelp> i look on a computer that have been updated
<lionelp> ok, it's int the permissions.rules
<ttaulman> that is where i don't see numbers for audio, just says subsystem=sound and group=audio
<lionelp> yes, add a MODE="0660" before GROUP="audio"
<ttaulman> i'll give it a shot within the next 30 minutes and let you know, thanks
<ttaulman> lionelp, got it by using a mode="0666". now why does it take almost 2 minutes to log on?
<lionelp> i think that there is no link, but....
<Xoritor> how well does ubuntu handle lvm during install?
<Xoritor> i want to install but not loose some of my data on my server... ie databases and webdocs
<spike> Xoritor: if u're doing an installation how can u lose data? or did I miss something?
<Xoritor> spike, i will be installing ubuntu on a server that is running FC4 right now
<Xoritor> hence the install part of it
<Xoritor> and the loose data part of it
<Xoritor> spike, not a "new install" on a bare disk, but a "new install" over a diff distro
<Xoritor> on a working server
<Xoritor> i guess i should try it on my workstation fist
<Xoritor> s/fist/first/
<spike> Xoritor: and you have LVM on FC4?
<spike> Xoritor: testing is of course given as backups
<Xoritor> spike, yes i have lvm on FC4
<Xoritor> spike, FC4 defaults to using lvm
<spike> in general questions about "losing data" shouldnt happen because u must have backups, tho
<Xoritor> spike, i always try to use lvm if possible
<spike> I c, don't know FC4, wanted to give it a try, tho
<spike> expecially the Directory thingie they put together, looks very interesting
<Xoritor> FC4 is not bad, but i want to give ubuntu a shot
<Xoritor> its nice
<Xoritor> i worked for RH for 3 years
<Xoritor> just recently switched jobs
<Xoritor> the the directory server should run in ubuntu
<Xoritor> there is a tarball of it, sources too
<Xoritor> its very nice
<Xoritor> i have it running, and it really makes directory management easy
<Xoritor> and fast
<spike> cool, it's on my todo list, hope to get the time soon
<Xoritor> but my question was more along the lines of "does ubnuntu" support lvm during installs?
<Xoritor> i have not seen anything saying one way or the other
<spike> regarding ubuntu and lvm at install time: I never had a single prob with it, the installer isnt wonderful imho, tho
<Xoritor> do i have access to a shell?
<Xoritor> if so i can do it all at the cli if the tools are there
<spike> yes, but busybox hasnt got lvm tools, so it doesnt really matter
<Xoritor> and it is lvm2?
<spike> yes, it's lvm2
<Xoritor> cool
<spike> evms tools are available too
<Xoritor> so the lvm command works for the "lvm shell" during install right?
<Xoritor> never used evms
<Xoritor> much difference?
<spike> no, see above "but busybox hasnt got lvm tools<--------, so it doesnt really matter"
<spike> differences are in the management tools
<Xoritor> i understand about busybox not having them, FC and RHEL use busybox but the shell during install and rescue modes have access to the lvm utility
<spike> lvm hasnt got one, official I mean, then things like SLES and RHEL of course have got their own tool
<spike> evms offers 3 different interfaces, from GUI to ncurses based
<spike> it's really handy
<Xoritor> all i need is the cli one
<Xoritor> heh
<spike> at low level both rely on dm, and have the same set of features
<Xoritor> if i can do things like "lvm vgscan" and "lvm vgchange -ay" during the install i will be fine
<spike> Xoritor: bah, I might be wrong, check out what's on the cd, but iirc last time I looked at it lvm tools werent there
<Xoritor> they have to be there to install it into lvms
<spike> with the busybox shipped I mean
<Xoritor> can it be installed into an lvm?
<spike> sure
<Xoritor> then the tools have to be there
<Xoritor> if they are not you cant install cause you cant create and activate the volumes
#ubuntu-server 2006-01-21
<ttaulman> lionelp, was gone for a while picking up my daughter, wondered if you had any thoughts on that 2 minute login?
<ubijtsa> moin moin
<Micksa> hah
<Micksa> maybe this'll work
<Micksa> anyone here manage to get imap over ssl working with uw-imapd?
<ubijtsa> no, but dovecot works..
<Micksa> dovecot eh
<Micksa> hmmm
<spike> hey ubijtsa
<ubijtsa> lo spike
<Micksa> I'm going to have issues
<Micksa> I just know it
<spike> courier-imaps works too
* Micksa tries
<spike> do does cyrus for what it matters :)
* ubijtsa has been using dovecot since he switched to debian, some two years or so ago..
<ubijtsa> and since dovecot was available in ubuntu....
<ubijtsa> when I migrated to breezy, I kept using it :)
<Xoritor> spike, as to my questions... you were right there are no tools for lvm on the "install" cd
<Xoritor> spike, i dont know how the vg's and lv's are created without them though
<Xoritor> spike, but the "live" cd has them... so everthing is golden between the 2
<ubijtsa> surely the lvm tools are in the install system..
<Xoritor> ubijtsa, nope
<spike> oh, hello Xoritor
<Xoritor> ubijtsa, you drop to a shell and it says no lvm
<Xoritor> lol
<Xoritor> but it does create and use them
<Xoritor> i really liked the installer
<ubijtsa> hmm. maybe it pulls in a udeb if you say you want to setup lvm
<Xoritor> i dunno
<ubijtsa> what command did you try?
<Xoritor> ubijtsa, but the live cd has everything
<Xoritor> lvm
<Xoritor> lv
<Xoritor> vg
<Xoritor> pv
<Xoritor> first
<Xoritor> vgscan
<Xoritor> not found
<Xoritor> ok, vgchange -ay
<Xoritor> nope
<Xoritor> lvm vgscan
<Xoritor> nope
<Xoritor> lvm vgchange -ay
<Xoritor> nope again
<Xoritor> none of them were there that i saw
<ubijtsa> uhm, could be that it uses the lvm shell, so you may have to run /sbin/lvm2 or summat
<Xoritor> i did not try lvm2
<Xoritor> hmmm
<Xoritor> interesting
<Xoritor> im used to RHEL and FC systems where its named lvm not lvm2
<ubijtsa> do an ls in /{,s}bin and see if there is any lvm tools there :)
<Xoritor> and its named lvm in the distor also
<Xoritor> on the install cd
* spike has never seen lvm2 on any deb/ubuntu system
<spike> lvm2 binary I mean
<ubijtsa> to create the lvm pv/vg/lv's you more or less need the lvm tools..
* spike curses his pix
<ubijtsa> unless there is some super-script twiddling device-mapper at a *low* level
<Xoritor> ubijtsa, thats what i said!
<Xoritor> heh
<Xoritor> ubijtsa, i was thinking that same thing
<Xoritor> i dunno though
<ubijtsa> evms can twiddle lvm2 as well, but I doubt the install cd uses that
<Xoritor> im not too worried about it
<Xoritor> i got it done with 0 data loss
<ubijtsa> good stuff :)
<Xoritor> kept all my stuff in tact
<Xoritor> yea it was really freakin cool
<Xoritor> and very little time
<Xoritor> one issue i did have was the disk ordering
<Xoritor> my normal sda drive became sdc
<Xoritor> i have 3 sata drives in this machine
<Xoritor> and the raptor usually is on sda... but ubuntu sees it as sdc
* ubijtsa would like a proper scsi raid5
<Xoritor> not a big deal, but it caused a headache between grub and the bios and ubuntu booting ;-)
<Xoritor> i want a multi channel pci express scsi ultra 320 setup on a 4-8 way opteron doing software raid
<Xoritor> heh
<Xoritor> so i would get full speed to each channel for each part of the raid
<Xoritor> no pci bottle necks
<Xoritor> not that they are that bad mind you... just im a freak
<ubijtsa> get a fastt600 ;)
<Xoritor> fastt600?
<Xoritor> i am thinking of getting one of those "ram drives" from gigabyte
<ubijtsa> ibm storage array, fibre channel
<Xoritor> aah
<Xoritor> well... there is that
<ubijtsa> 50MB/s sustained xfer rate
<Xoritor> one of my friends works at netapp
<Xoritor> ;-)
<Xoritor> i am trying to get her to send me a filer for "testing" ;-)
<Xoritor> ahahahahaha
<Xoritor> but i dont wanna pay the power bill
<maswan> Xoritor: You'd probably be better off on a 2-way opteron, IIRC. Not as much locking overhead in various linux io layers.
<Xoritor> maswan, hmm you think so? i have a 2 way.. (well when i buy the second 246 i will) ;-)
* Xoritor needs more $$$
* Xoritor passes around the bum hat
<maswan> Xoritor: I think so, but I'm not sure. Also, for just pushing bits, that's plenty of overkill cpu-wise
<Xoritor> heh
<Xoritor> trying to figure out if i want to upgrade to dapper
<Xoritor> any of you running it?
<Xoritor> of course this is for my workstation not my main server
<maswan> tried it out at flight-2, reported a half-dozen bugs, now running breezy with custom kernel
<Xoritor> maswan, hmm
<maswan> Xoritor: nothing really serious, but kind of annoying. and mostly quickly fixed
<Xoritor> still dunno what i want to do
<Xoritor> i think ill stick with this for a while
<Xoritor> learn more
* Xoritor is new to ubuntu
<Xoritor> im not new to linux by any means
<Xoritor> but new to ubuntu
<Xoritor> so im not 100% sure where everything is, and how it all plays together
<beanz> Hello. Does gfs in Breezy US contain the DLM?
<GheRivero> his!
#ubuntu-server 2006-01-22
<[A] ndy80> hi
<[A] ndy80> I've this configuration: a server with samba as PDC and with /home exported via NFS, a linux client that authenticate correctly to the DOMAIN using winbind and that mount /home remotely via NFS.... the problem is: when I login using DEBIANDOMAIN+claudio using client I can see the files on remote /home but I cannot write on it. Look at this strange thing: http://paste.ubuntu-nl.org/7265 the linux client doesn't know who 101
<[A] ndy80> 0 UID is.
<[A] ndy80> how can I fix this problem?
<lionelp> what does an "id claudio" on the client tell you ?
<[A] ndy80> lionelp: id: claudio: No such user
<[A] ndy80> lionelp: claudio is only present on the server
<lionelp> do you add a winbind source in the /etc/nsswitch.conf on the client ?
<[A] ndy80> lionelp: the authentication is centralized on the server and the client uses winbind to autenticate on the PDC
<lionelp> Ok
<lionelp> You have three *diffrent* things that are necessary for what you want
<lionelp> - files sharing : done via nfs, ok
<lionelp> - authentication : done with PAM probabily, and with pam_winbind i suppose
<[A] ndy80> yes pam_winbind
<lionelp> - identification : your user must be known by the system. That is the job of libnss
<lionelp> so you have to configure your nsswitch.conf in order to get your users via winbind
<[A] ndy80> lionelp: I configured it to do it... wanna check my nsswitch.conf ? I can paste somewhere....
<lionelp> http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
<lionelp> check the Configure nsswitch.conf and the Winbind Libraries on Linux and Solaris section
<lionelp> yeah, paste your nsswitch.conf somewhere :)
<[A] ndy80> lionelp: I used that howto. Look here http://paste.ubuntu-nl.org/7266
<[A] ndy80> :)
<[A] ndy80> idea!
<[A] ndy80> passwd:         files winbind
<[A] ndy80> maybe I've to change the order!   passwd:         winbind files
<lionelp> yes, i saw
<[A] ndy80> what do you think about it?
<lionelp> no, it is correct
<[A] ndy80> ah ok...
<lionelp> do you just modify your nsswitch.conf ?
<lionelp> (i mean few minutes ago without rebooting)
<[A] ndy80> no no... it is the same as two days ago :)
<[A] ndy80> I didn't change it
<lionelp> Ok, so that's not a cache problem
<lionelp> just shut down nscd in case where (/etc/init.d/nscd stop)
<lionelp> you do not have any informations in auth.log or syslog ?
<[A] ndy80> lionelp: you want to see auth.log on the server or on the client?
<lionelp> on the client
<[A] ndy80> ah ok... on the server I've: Jan 17 15:34:09 localhost pam_winbind[7973] : user 'DEBIANDOMAIN+claudio' granted access
<[A] ndy80> no no!!
<[A] ndy80> sorry
<[A] ndy80> this is the client!
<lionelp> yes, pam is ok
<lionelp> you dot not see any information on libnss ?
<[A] ndy80> where do I have to see them?
<[A] ndy80> on wich log file?
<lionelp> auth.log
<[A] ndy80> lionelp: http://paste.ubuntu-nl.org/7268
<[A] ndy80> a module is missing but I don't think it's related to my problem...
<lionelp> no, it's not  a problem
<[A] ndy80> lionelp: I'm reading this http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html in particular "Technical Issues"... I cannot understand if this matches my problem... wanna give e look if you can?
<lionelp> did you shut down nscd ?
<lionelp> it seems to be a big probem with winbind
<lionelp> (i can't remember if it is  on the default install or not)
<[A] ndy80> what is nscd?
<lionelp> it is a cache daemon
<Nafallo> Description: GNU C Library: Name Service Cache Daemon
<[A] ndy80> lionelp: Do I have to stop it? How can I know if is it on?
<[A] ndy80> thanks Nafallo
<lionelp>  check if you have it : dpkg -l nscd
<lionelp> but i think it is not installed by default
<[A] ndy80> No packages found matching nscd.
<[A] ndy80> it's not installed on the client
<[A] ndy80> bingo!
<[A] ndy80> look what getent passwd gives me on the client:
<[A] ndy80> DEBIANDOMAIN+claudio:x:10002:10000::/home/DEBIANDOMAIN/claudio:/bin/bash
<[A] ndy80> while on the server claudio is 1010
<[A] ndy80> could it be the problem?
<lionelp> hum... yeah !!!
<[A] ndy80> client resolves claudio to 10002 not to 1010, using winbind...
<[A] ndy80> :)
<[A] ndy80> well.... how can I fix this situation :P ?
<lionelp> sure :)
<lionelp> can you check what you have in your smb.conf (on the server) in idmap uid =
<[A] ndy80> lionelp: there is this line:  idmap uid = 10000-20000 but it's commented!
<[A] ndy80> do I have to decomment it?
<lionelp> decomment and do 1000-10000
<[A] ndy80> and idmap gid?
<[A] ndy80> same values?
<lionelp> yep
<[A] ndy80> lionelp: done... still same error...
<[A] ndy80> lionelp: getent passwd executed on server gives me this: claudio:x:1010:1010:,,,:/home/DEBIANDOMAIN/claudio:/bin/bash
<[A] ndy80> -__-
<[A] ndy80> grrrrrr :\
<[A] ndy80> one moment....
<[A] ndy80> isn't it normal that local "claudio" user is 1010 and DEBIANDOMAIN+claudio is 10002? it could be that I've to set the owner of /home/DEBIANDOMAIN/claudio to DEBIANDOMAIN+claudio user not to claudio user... is it possible?
<[A] ndy80> bingo! another time :)
<[A] ndy80> lionelp: on server I did: chown -R 10002:10000 /home/DEBIANDOMAIN/claudio
<[A] ndy80> now client "claudio" can write to that folder :)
<lionelp> cool !
<[A] ndy80> I'd like them to be the same.... :\
<[A] ndy80> lionelp: I'm reading the winbind documentation.... winbind is not started on server! And I get an error trying to start it.
<[A] ndy80> how can I check for error log?
<[A] ndy80> I only see: Starting the Winbind daemon: winbind failed!
<lionelp> look in /var/log/samba
<[A] ndy80> no sorry... now is running....
<[A] ndy80> O_o
<[A] ndy80> I'm getting crazy -__-
<lionelp> :)
<[A] ndy80> lionelp: if I change the nsswitch.conf what Do i have to restart?
<lionelp> nothing
<[A] ndy80> ok....
<[A] ndy80> don't know...
<[A] ndy80> thanks anyway, I've to go now :(
<[A] ndy80> see ya next time!
<[A] ndy80> thanks again!
<Pygi> join #fama
<Pygi> bah :/
<Pygi> o, welcome valandil
<spike> anybody with experience running openswan+26sec|KLIPS and Kame that can spend a few words on it? besides the known stuff, KLIPS creating vpn devices, 26sec problems history and similar
<spike> mostly I'm curios if any of the two offer advantages in terms of interoperability with appliances like cisco pix
<spike> I was reading up on openswan, and NAT-T interoperability with ciscos is unknown
<Pygi> o, chara :P
#ubuntu-server 2007-01-15
<spasticteapot> Anyone here?
<spasticteapot> Earth to Space Station Alpha. Earth to Space Station Alpha. Asking for report.
<[miles] > morning guys
<[miles] > ok, I have a problem with Ubuntu Server 6.06LTS ... postfix and cyrus-sasl
<[miles] > due to postfix being jailed, I have to place the sasl socket in:
<fabbione> [miles] : there is an how to that explains that
<[miles] > /var/spool/postfix/var/run/saslauthd/
<[miles] >  /var/spool/postfix/var/run/saslauthd/
<[miles] > hi fabbione 
<[miles] > well, I've got it running
<[miles] > thats not the problem..
<fabbione> check in /usr/share/doc/postfix and or /usr/share/doc/sasl2 something
<[miles] > the problem is that init script
<[miles] > I changed the /etc/defaults/saslauthd vars
<[miles] > PIDFILE="/var/run/saslauthd/saslauthd.pid"
<[miles] > PWDIR=/var/spool/postfix/var/run/saslauthd
<[miles] > to override the vars used in the init script
<[miles] > however, the daemon refuses to start
<[miles] > I see that it's using start-stop-daemon
<[miles] > I've checked as much as I can check, but it refuses to start if I declare the pid in the alternative directory
<fabbione> can the daemon write that in that dir?
<[miles] > as my daemon starts (with the following in /etc/defaults/saslauthd) PARAMS="-O /etc/saslauthd.conf -m /var/spool/postfix/var/run/saslauthd"
<[miles] > the pid is forced to that base dir
<[miles] > so when running /etc/init.d/saslauthd stop, it's looking for the pid in the wrong place
<[miles] > fabbione, yeah, the daemon works fine
<fabbione> strace it
<fabbione> check what's trying to open and where
<[miles] > aye
<[miles] > ok one sec
<[miles] > ok.. right
<[miles] > I set the /etc/defaults/saslauthd with the following two lines:
<[miles] > PWDIR=/var/spool/postfix/var/run/saslauthd
<[miles] > PIDFILE="/var/run/saslauthd/saslauthd.pid"
<[miles] > to override yeah
<[miles] > root@spamwall:/etc# /etc/init.d/saslauthd start
<[miles] > root@spamwall:/etc# ps aux|grep sasl
<[miles] > root      4220  0.0  0.0   1508   128 pts/0    R+   10:22   0:00 grep sasl
<[miles] > root@spamwall:/etc# 
<fabbione> i don't use that stuff.. i am jsut trying to show you a path to see what you are doing wrong
<[miles] > it dont start
<[miles] > but
<[miles] > if I take those two out
<[miles] > root@spamwall:/etc# /etc/init.d/saslauthd start
<[miles] > Starting SASL Authentication Daemon: saslauthd.
<[miles] > root@spamwall:/etc# ps aux|grep sasl
<[miles] > root      4227  0.1  0.1   6020   988 ?        Ss   10:23   0:00 /usr/sbin/saslauthd -O /etc/saslauthd.conf -m /var/spool/postfix/var/run/saslauthd -a ldap
<[miles] > root      4228  0.0  0.1   6020   588 ?        S    10:23   0:00 /usr/sbin/saslauthd -O /etc/saslauthd.conf -m /var/spool/postfix/var/run/saslauthd -a ldap
<[miles] > root      4229  0.0  0.1   6020   536 ?        S    10:23   0:00 /usr/sbin/saslauthd -O /etc/saslauthd.conf -m /var/spool/postfix/var/run/saslauthd -a ldap
<[miles] > root      4230  0.0  0.1   6020   536 ?        S    10:23   0:00 /usr/sbin/saslauthd -O /etc/saslauthd.conf -m /var/spool/postfix/var/run/saslauthd -a ldap
<[miles] > root      4231  0.0  0.1   6020   536 ?        S    10:23   0:00 /usr/sbin/saslauthd -O /etc/saslauthd.conf -m /var/spool/postfix/var/run/saslauthd -a ldap
<[miles] > root      4233  0.0  0.1   2880   800 pts/0    S+   10:23   0:00 grep sasl
<[miles] > root@spamwall:/etc# 
<[miles] > disco
<[miles] > alive
<[miles] > but as u can see, the socket is in /var/spool/postfix/var/run/saslauthd
<[miles] > root@spamwall:/etc# ls -l /var/spool/postfix/var/run/saslauthd/saslauthd.pid 
<[miles] > -rw------- 1 root root 5 2007-01-15 10:23 /var/spool/postfix/var/run/saslauthd/saslauthd.pid
<[miles] > root@spamwall:/etc# 
<[miles] > and the pid is there
<[miles] > now
<[miles] > I can't stop the daemon
<[miles] > cos it looks in /var/run/saslauthd
<[miles] > lol
<[miles] > I'm buggered
<[miles] > LOL
<[miles] > I don't want to physically alter the init script, due to package breakage
<[miles] > root@spamwall:/etc# /etc/init.d/saslauthd stop
<[miles] > Stopping SASL Authentication Daemon: (not running).
<[miles] > root@spamwall:/etc# 
<[miles] > and of course, it says it's not running, cos it can't locate the pid
<[miles] > :)
<[miles] > great eh
<fabbione> [miles] : if it's a bug in the init script, please file one in malone, It might be worth fixing it in dapper
<fabbione> adding a patch to make that generic will help too
<[miles] > fabbione, aye
<[miles] > fabbione, I'm a little lost as to why it's not working... weird
<[miles] > cos to my logic, and after looking at the bash
<[miles] > it loads the /etc/defaults/saslauthd file just after hard setting the vars in the init script
<[miles] > and I echoed the values, and exited...
<[miles] > and it shows the correct values
<[miles] > but the daemon just don't start
<[miles] > fabbione, you a Ubuntu developer btw?
<fabbione> yes i am
<fabbione> [miles] : as i said.. it might be a bug in the script that needs to be addressed
<fabbione> like generic path to pid
<fabbione> file a bug in launchpad with everything you found
<[miles] > fabbione, I've had a scout thru it
<[miles] > fabbione, but don't see an error
<[miles] > fabbione, I'll go again and check it tho
<[miles] > fabbione, a question..
<[miles] > fabbione, on Ubuntu Server, the updates to problems and vuns' and timely?
<[miles] > fabbione, this is my first time in a production enviroment with UBS LTS
<fabbione> [miles] : updates for security are done regularlyt
<fabbione> also for critical bugs
<[miles] > fabbione, as good as the likes of RHEL and SLES
<[miles] > ?
<fabbione> timing is usual as fast as possible
<fabbione> we are usually faster then them
<[miles] > fabbione, my background is with SLES
<fabbione> it really depends on the issue
<[miles] > fabbione, but I'm pretty into UBS
<[miles] > ok
<fabbione> some security issues are classified
<fabbione> and released by vendor at the same time
<[miles] > I'll check the script now, be back in a min yeah
<fabbione> so you don't see much of a diff there
<fabbione> but when a security issue is public
<fabbione> we are usually faster
<fabbione> i need to get back to work
<fabbione> please as i said .. file a bug
<[miles] > fabbione, ok
<[miles] > fabbione, thank you kindly for the help yeah
<[miles] > fabbione, yeah, found the problem part
<[miles] > but it's using some commands of Ubuntu/debian, that im not familar with
<[miles] > but I know exactly where the problem lies now
<[miles] >         dir=`dpkg-statoverride --list $PWDIR`
<[miles] >         test -z "$dir" || createdir $dir
<[miles] > those two lines
<fabbione> [miles] : add it the bug report please and explain why
<fabbione> the more you add the faster the fix can be done
<[miles] > fabbione, yeah, I'm just trying to work out how to properly fix it
<[miles] > I see there are missing parms' on the createdir $dir
<[miles] > fabbione, dpkg-statoverride --list /var/spool/postfix/var/run/saslauthd
<[miles] > fabbione, does that make much sense to you?
<[miles] > fabbione, I can understand obviously checking if the dir exists, and if not, create it
<[miles] > but using that?
<[miles] > it always returns an empty string
<[miles] > ok, I've written a fix
<[miles] >         test -d $PWDIR || createdir root sasl 710 $PWDIR
<[miles] > now just gotta find where the fuck to submit it
<[miles] > fabbione, where do I file my report?
<[miles] > bollox the bug reporting is down lol
<fabbione> launchpad.net
<[miles] > yeah
<[miles] > there now
<[miles] > fabbione, just gonna try file one
<[miles] > u think my fix is ok?
<fabbione> i dunno.. as i said i don't use that piece of software
<[miles] > ah ok
<fabbione> somebody that knows about it, will look into it and check
<[miles] > well, to me, it does exactly what the coder of the script ment it to do
<fabbione> BUT if you don't file a bug, it will be lost here on IRC
<[miles] > lol
<[miles] > yeah
<[miles] > im doing it
<[miles] > fabbione, Bug #79371
<[miles] > that ok?
<fabbione> checking...
<[miles] > thank you
<fabbione> looks ok... thanks
<[miles] > np
<[miles] > I tested my fix... works
<[miles] > I spose I could add a couple of lines at the top just to check a sasl group exists
<[miles] > fabbione, who sets the priorty on my report please?
<fabbione> i will once i get it assigned to somebody
<[miles] > ah ok
<[miles] > fabbione, I'm happy I can contribute something, be it so little, back to the distro
<fabbione> [miles] : thanks for the report.. 
<[miles] > morning ivoks 
<ivoks> hi
<ivoks> how are you?
<[miles] > im good
<[miles] > much better for smoking a ciggy and fixing the saslauthd init script :D
<[miles] > anyone got knowledge of Kerberos
<[miles] > never touched it, but I hear good of it
<ivoks> same here
<[miles] > ivoks, u ain't touched it no?
<ivoks> nope
<[miles] > I used ldap
<[miles] > and it ties in nicely with that.. so I read
<ivoks> well, that's not the same
<[miles] > yeah, I know
<[miles] > but for auth
<[miles] > mmm is "universe/mail" in the support area of Ubuntu Server?
<[miles] > I can't remember what repo's I changed
<[miles] > mmm, ok no it's not
<[miles] > :-|
<[miles] > so MailScanner and amavisd-new are not in the default support list
<[miles] > :-\\
<ivoks> if you find a bug, let us know
<[miles] > ivoks, ? 
<ivoks> if it's security bug, i'm sure some one will work on it
<[miles] > ivoks, no bug, .. it would just be good to see Ubuntu Server support one or the other
<ivoks> it is... community supported
<[miles] > but its they are part of universe
<ivoks> just as debian or fedora, except we don't have that much man power in universe (+ some maintainers are lazy, like me)
<[miles] > lol
<[miles] > :)
<ivoks> amavisd-new would be much better option for postfix
<[miles] > aye
<[miles] > but the configuration of it is a joke
<[miles] > messy as hell
<ivoks> amavis?
<[miles] > aye
<[miles] > I don't like it at all
<fabbione> [miles] : there are some reasons why we don't include that stuff
<[miles] > the configuration I mean
<fabbione> we did discuss it extensively
<fabbione> and decided not to for now
<fabbione> let me find a referenve
<[miles] > fabbione, ok... but u agree, they are critical elements more or less to a good mail server?
<fabbione> critical no.. i don't agree
<fabbione> i agree that they are nice to have
<ivoks> not critical, but good stuff
<ivoks> ok, redundancy :)
<[miles] > fabbione, ok, crtical maybe is an over statement
<[miles] > but certainly they're of great use... 
<ivoks> i would rather see postgrey in main
<ivoks> (+ i would like too see mail server for ubuntu.com using it :)
* [miles]  would not run a greylist on his servers
<[miles] > we'd have clients ringing up all the sodding time
<[miles] > :==)
<ivoks> mails only late for first mail
<ivoks> not every time
<fabbione> https://wiki.ubuntu.com/PostfixCandy
<fabbione> [miles] : ^^
<[miles] > cheers fabbione 
<[miles] > fabbione, u in france also?
<fabbione> nope..
<fabbione> i am in denmark
<ivoks> heh, amavisd and postgrey do open ports, but only on loopback
<[miles] > ah nice
<[miles] > cold place I guess
<fabbione> ivoks: they are still open ports
<ivoks> fabbione: i agree
<ivoks> hm, maybe we could work on amavisd to support socket (if it doesn't already)
<[miles] > it does
<[miles] > but not with postfix
<[miles] > exim is the doggies
<[miles] > but
<[miles] > postfix rules the roost, and its pretty sweet 
<ivoks> not with postfix?
<[miles] > I've done more MTA stuff with Exim... im pretty fresh at Postfix
<[miles] > ivoks, nah, u can't use the socket
<ivoks> but you can use procmail
<ivoks> and with procmail...
<ivoks> i think content-filter supports local
<[miles] > # AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
<[miles] > #   (used with amavis helper clients like amavis-milter.c and amavis.c,
<[miles] > #   NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.
<[miles] > $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
<[miles] > #$unix_socketname = undef;        # disable listening on a unix socket
<[miles] >                                   # (default is undef, i.e. disabled)
<ivoks> or pipe
<[miles] >                                   # (usual setting is $MYHOME/amavisd.sock)
<ivoks> i'll take a closer look on this
<[miles] > I prefer unix sockets for stuff like this
<ivoks> maybe i could come up with something
<[miles] > faster too
<ivoks> ok, i see.. performance impact
<fabbione> Out of Office AutoReply: [Bug 79371]  Re: saslauthd init script does not allow movement of PID
<fabbione> [miles] : disable that stuff from mails coming from Launchpad pretty please now.
<[miles] > fabbione, sorry?
<fabbione> [miles] : isn't your name Martin, Jared ?
<[miles] > no
<[miles] > my name is Miles
<[miles] > :)
<fabbione> hmm
<fabbione> sorry
<fabbione> wrong person
<[miles] > jeje
<[miles] > np
<[miles] > the guy who's got the bug is Martin
<[miles] > it would appear
<[miles] > https://launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/79371
<[miles] > fabbione, personally, I would not class this as "low"
<[miles] > fabbione, not on server distro
<fabbione> [miles] : release managers decision. 
<fabbione> anyway somebody is looking at it
<fabbione> so don't worry
<[miles] > ok
<[miles] > it's a quick one to test and fix
<fabbione> it doesn't indicate the priority with which it will be fixed but the impact
<fabbione> not that many people use that setup
<fabbione> so it has a low impact
<fabbione> it will still take about 2 weeks to get it in dapper-updates
<fabbione> the process for QA is long
<[miles] > :-O
<[miles] > wooo ok
<J_P> hi all
<[miles] > yo J_P 
<J_P> [miles] : haha yes!
#ubuntu-server 2007-01-16
<N6REJ> hello, I'm wondering if you could give me some guidance.  I have a Kubuntu server that is for LAMP , quasar and postgres.  My wife also uses it for her desktop machine ( yeah I know bad boy, but her machine died ), anyway, we access it currently from her KDE gui, my KDE machine, and an XP machine.  Most of the time we only use the server for our intranet but sometimes we want certain people to be able to reach quasar from the outside.
<N6REJ>  I have had issues with the servername causing strange behavior.  Like when it was named "ubuntu" sometimes I would get taken to a porn site because ubuntu.iowatelecom.net ( iowatlecom.net is my isp ) doesn't resolve.   My question is exactly how should I configure the server/servername so that it is accessible from all local machines, and still not confuse the browsers?
<somerville32> I don't understand what ubuntu.iowatelcom.net has to do with the hostname
<somerville32> Why would it matter if the subdoamin of your ISP resolves?
<somerville32> You should have a host lists which has the name of the machine which it looks at before querying the DNS server
<[miles] > good morning #ubuntu-server 
<drarem> who is 10.96.240.1  ?
<shwag> how do I change the permissions that my log files are created with ?
<shwag> I can do a  chmod +r /var/log/*    , but then when new log files are rotated in, they dont have the +r.
<drarem> how secure would an apache2 / mysql ubuntu server be?  would a rootkit be installable remotely?  how paranoid do i have to be?
<malix0> hi all
<malix0> yesterday I try to install ubuntu-server on an IBM server, the installation was ok, but grub failed
#ubuntu-server 2007-01-17
* Starting logfile irclogs/ubuntu-server.log
<[miles] > guys
<[miles] > I notice that the clamav package is outdated on 6.06LTS server
<[miles] > it's showing as out-dated on boot and freshclam
<[miles] > this gonna be sorted?
<[miles] > jesus, it's busy here today :-\
* [miles]  dies suddenly
<firecrotc1> Okay, I just started renting a dedicated server and have been given a block of 5 ip addresses, 1 of which is actually set up.  How do I set up my server to work on additional IPs?
<shwag> where can I find some nagios howto's ?
<kupesoft>  When I run "adduser", it collects the following information about a new user: {Name, Room Number, Work Phone, Home Phone, Other} stores it in a comma-delimited fashion in /etc/passwd.  Where can I add or subtract items from that list?  I want to only collect the user's name.
<ivoks> easy
<ivoks> cut -d: -f5 /etc/passwd | cut -d\, -f1
<ivoks> or you could play with sed
<ivoks> god, awk :)
<sharms> ivoks: that isnt the question
<sharms> ivoks: he wants to know how to modify add user to only take their name
<ivoks> right, sorry
<kupesoft> Is there an easy configuration file for this stuff
<sharms> kupesoft: there is an /etc/adduser.conf
<sharms> but it isnt what you need, give me a sec
<kupesoft> I don't that convers it,
<ivoks> maybe you could combine something with adduser --gecos
<ivoks> login.defs
<ivoks>        CHFN_RESTRICT (string)
<ivoks> This parameter specifies which values in the gecos field of the /etc/passwd file may be changed by regular users using the chfn
<sharms> beat me to it
<sharms> I was just going to say CHFN
<ivoks> :p
#ubuntu-server 2007-01-18
<kupesoft> So login.defs is where I should look?
<kupesoft> I guess I could stack trace chfn
<kupesoft> see where it reads and writes
<kupesoft> I have a multi-user environment on a server where I can't trust my users not to hog resources and spawn too many processes (re: fork bomb).  How can I limit resources and processes on a per-user basis?
<J_P> hi all
<J_P> hey all, anyone know if are there tutorial for Configure Apache SSL and Subversion in Ubuntu ?
<[miles] > J_P, I think google will give you more answers than here mate :)
<nexact_> hello all, i've installed libcurl, is there a way to know if static or shared library has been installed? 
<kronus_> hello
#ubuntu-server 2007-01-19
<shwag> when trying to startup network services it says no buffer space available
<tmh__> nexact_: dpkg -L packagename lists the packages. a .so.something is a shared, whereas a .a is a static lib.
<shwag> /etc/init.d/network restart   says   "No buffer space available"   I get no  eth0.  Im at a lose.
<shwag> loss even.
<nexact_> thanks, both are installed. :)
<shwag> has anyone tried to image a machine from an existing ubuntu install before, and end up with failed eth devices ?
<shwag> my eth0  is showing up in dmesg, but  ifconfig -a  it does not exist. Ive never seen this before.
<joejaxx> shwag: you need to change the mac address
<shwag> joejaxx: where ?
<joejaxx>  /etc/iftab
<shwag> joejaxx: OMG THANK YOU
<joejaxx> shwag: you are most welcome :)
<shwag> joejaxx: you are the first person who has mentioned this. I have been looking nonstop for 4 hours.
<joejaxx> the other people in here might just be away from the computer
<joejaxx> or idle :)
<shwag> not sure why  dpkg -S /etc/iftab    says   dpkg: /etc/iftab not found.
<joejaxx> says the same for me
<rance> I need some advice on generating entropy for key generation, every time I try to generate a key, the process stalls when it runs out of entrophy, how do I generate more without going to the less secure /dev/urandom options
<[miles] > anyone know any tool (for eg: konquer can do it) to browse an imap folder?
<vleon> can someone tell me how i disable ppoeconf configurations?
<\sh> guys, mii-diag shows the advertised speeds from the switch partner..I do have here a tg3 nic, and mii-diag shows me only 100baseTx-DF 100base-tx 10-baseT-FD and 10base-T ... the switch is a cisco 1000/100/10Mbit switch (catalyst 3750) .. does mii-diag doesn't support speed advertisments > 100baseX
<renato> hello, I'm planning to use ubuntu server with xubuntu-desktop on top of it, for a small lab network of 18 machines to share printers, files and maybe host a little website for internal use. I am not totally computer unsavvy, but I'm no IT expert as well and I was wondering if there's a GUI application for adding users and devices or doing basic maintenance tasks to the network?
<renato>  I'm planning to use ubuntu server with xubuntu-desktop on top of it, for a small lab network of 18 machines to share printers, files and maybe host a little website for internal use. I am not totally computer unsavvy, but I'm no IT expert as well and I was wondering if there's a GUI application for adding users and devices or doing basic maintenance tasks to the network?
<ivoks> there is GUI for adding users
<ivoks> but configuration of services is done by hand
<ivoks> well, there is gui for configuring printers
<ivoks> (http://localhost:631)
<renato> okay, a good guide to do that?
<ivoks> you can't miss
<ivoks> it's very easy, open browser and point it to http://localhost:631
<renato> yeah, for CUPS, but I meant a guide to configure services?
<ivoks> eh...
<ivoks> for web, enter 'apache howto' in google
<ivoks> :)
<renato> thanks
<ivoks> renato: and look for apache 2 version
<ivoks> not 1.3
<renato> and the GUI for adding users?
<renato> sure thing
<renato> the apache documentation isn't very newbie friendly
<ivoks> renato: in ubuntu it's users-admin
<renato> or didactic for that matter
<ivoks> i don't know in xubuntu... :/
<renato> excellent
<renato> I'll just stick ubuntu on the server then
<renato> lol
<ivoks> :)
<rance> I need some advice on generating entropy for key generation, every time I try to generate a key, the process stalls when it runs out of entrophy, how do I generate more without going to the less secure /dev/urandom options
<shwag> http://awstats.sourceforge.net/awstats_security_news.php
<shwag> XSS exploit, unfixed.
<shwag> fixed in 6.6 I mean, but not fixed in   awstats 6.5-1ubuntu1.2
#ubuntu-server 2007-01-20
<rance> can someone help me with the /dev/random device, it doesnt seem to have enough "randomness" (this is a quantity, - NOT quality - issue) whenever I try to generate keys, or something that needs a random seed, the process hangs as if it has used all the "randomness" and is waiting for more.
<rance> how do I generate more "randomness" so that the key generation process can finish
<mralphabet> random/win 2
<mralphabet> ;(
<renato> hello everyone, does anyone know of an opensource GUI suite to managing a small network?
<renato> oh, this is development, I'm sorry, is there a "user" channel?
<DogWater> Howdy, anyone know if ubuntu server does or will include a kickstart feature much like redhat?
#ubuntu-server 2007-01-21
<AnAnt> hello, I have setup bind9 as caching name server, but I need it to lookup the domain xyz.com via a certain name server , how to do that ?
<DrSpin> Can anyone tell me if the default PHP5 packages in 6.10 Server include PDO ?
<DrSpin> The answer to my question is no... Any chance at getting a PHP5-PDO package in the next release?
<DrSpin> And perhaps breaking Pear and PECL into seperate packages?
<phaidros> hi, is there an edgy-xen-verserver kernel image avail ?
<phaidros> hi
#ubuntu-server 2008-01-14
<nealmcb> sommer: haven't tried it yet.  I'm lazy and was waiting for a downloadable image - got one?
 * nealmcb is surprised at the slowness of sugar
<sommer> nealmcb: nope, no image... I'm not really sure how to make one?
<jjesse> hello
<ChuckWagon> I would like to install Zend Framework.
<ChuckWagon> I have a working Apache / PHP / MySQL already.
<ChuckWagon> Naturally, I don't want to mess anything up.  Any hints/tips?
<ChuckWagon> By default, it wants to install Apache for you, but I think I can turn that off.
<thomas_newbie__> my ssh and apache server starts each time i boot up my os. How to disable that
<kgoetz> whats the os and version? ;)
<kgoetz> thomas_newbie__: in direct answer for apache: /etc/default/apache2
<kgoetz> thomas_newbie__: and for ssh touch /etc/ssh/sshd_not_to_be_run
<thomas_newbie__> kgoetz: whats the second one?
<thomas_newbie__> kgoetz: why do I create a file?
<thomas_newbie__> so /etc/default/ is all startup config?
<kgoetz> no its not
<kgoetz> its where some tools put startup settinsg
<kgoetz> look at /etc/init.d/ssh for why you touch teh 2nd file
<thomas_newbie__> kgoetz: but what would that do? that wouuld create an empty file....
<kgoetz> yes it would
<kgoetz> read the init script? 13:27 < kgoetz> look at /etc/init.d/ssh for why you touch teh 2nd file
<thomas_newbie__> kgoetz: ohhh i see
<thomas_newbie__> i just read the script
<thomas_newbie__> kgoetz: dude though how would I know what settings are in each config file....? how do I know where to look for any other services besides ssh?
<kgoetz> thomas_newbie__: depends what you want to know
<thomas_newbie__> kgoetz: so in the future where do I look? look in the init.d/ folders config files?
<kgoetz> thomas_newbie__: depends what you want to know
<thomas_newbie__> :S
<kgoetz> its something you find out with time, mostly.
<thomas_newbie__> i see...its done the hard way :S
<kgoetz> welcome to life :D
<thomas_newbie__> kgoetz: hey btw I was looking to set up UML for a honeypot, what do you think?
<kgoetz> perhaps it could be documented as part of the process installing docs.
<kgoetz> thomas_newbie__: why?
<thomas_newbie__> kgoetz: for learning purposes...that's a good idea right?
<kgoetz> learn to drive your own server, before asking people to screw you over
<thomas_newbie__> kgoetz: no but I would screw myself over....see how to break into my own system
<kgoetz> thomas_newbie__: 'no'. theres constructive ways to learn, which dont involve making yourself a target
<thomas_newbie__> hmm...i mean basically I would be pretending to be a client trying to break into my own server, That can be educational right?
<kgoetz> ah... you want to honeypot yourself?
<kgoetz> seems a somewhat nonsense way to do it.
<thomas_newbie__> lol
<thomas_newbie__> kgoetz: so you disaprove? its stupid, i found the user-mode linux kernel on the ubuntu package search but it diesn't fine it in adept manager
<kgoetz> thomas_newbie__: set a goal, decide what you want the system to do, then work towards it
<thomas_newbie__> kgoetz: i mean i have 2 servers, I just odn't know if they're safe enough....Doubt it....
<kgoetz> thomas_newbie__: first of all what do they do, and what do you want them to be safe from?
<thomas_newbie__> kgoetz: apache2 webserver. I am only using it mainly for learning purposes. I am thinking of maybe setting up an authentication or some kind. My teacher said using PAM and perhaps using it for logging aswell. I also want to be sure that I will be safe from the outside world when experimenting with my server. I don't want to jeopardize my other computer on MY LAN. Also i have an SSH server that is
<thomas_newbie__> just there for now.......
<kgoetz> apache isnt a particularly problem prone bit of software
<kgoetz> its more what you run in apache that will cause issues
<kgoetz> as for pam, yeah, you could backend on it
<kgoetz> i have done it
<thomas_newbie__> what do you man backend
<kgoetz> authenticate against
<thomas_newbie__> kgoetz: I'm thinking of changing default port 80 to something else for security...What is a good port #?
<kgoetz> you wont gain security from it
<thomas_newbie__> kgoetz: most people expect all webservers to be port 80...
<kgoetz> thomas_newbie__: look into 'security by obscurity'
<thomas_newbie__> kgoetz: well i've been reading
<thomas_newbie__> kgoetz: and what exactly did you mean of security through obscurity
<thomas_newbie__> kgoetz: the fact that I'm ignoring everything else and just changing the port # as a quick fix?
<kgoetz> thomas_newbie__: basically, yes
<thomas_newbie__> kgoetz: can i ask you one more question
<kgoetz> sure
<thomas_newbie__> kgoetz: if you don't think I should learn by using UML, then what should i learn next? Conserning my Webserver however
<kgoetz> thomas_newbie__: learn something thats useful to you - make the system do what you want it to.
<kgoetz> as you learn more you can try and make it do different things
<thomas_newbie__> shall I try to use PHP adn PERL?
<kgoetz> what do you want to do?
 * kgoetz doesnt use either
<thomas_newbie__> secure the server
<thomas_newbie__> loggi
<thomas_newbie__> you don't use PHP for your webserver?
<thomas_newbie__> kgoetz:
<kgoetz> not at home, at work we run (eg) mediawiki, an dneed it for that
<XiXaQ> I would appreciate it if someone could have a look at http://wiki.ubuntu.com/CalendarServer and finish it. What's necessary, is making a user for it, scripts for /etc/init.d and scripts to run it at boot and shut it down with the system.
<oly-> hum, i just installed request tracker to try it out, but have no idea what port / address i need to type in to get up the web interface
<oly-> anyone happen to know ?
<jjesse> i thought it was /rt
<jjesse> http://localhost/rt?
<oly-> just tried that nothing
<oly-> this is straight from gutsy repo version 3.6
<oly-> its a real shame they dont put a note in the descriptions of these packages with how to access the web interfaces
<oly-> i hit this problem far to often :p
<sommer> oly-: have you seen this guide: http://wiki.bestpractical.com/view/UbuntuInstallGuide
<sommer> oly-: on my installation I created a vhost and I simply go to the "ServerName" directive
<oly-> nope thxs that looks like it will ansswer my question :)
<oly-> well usually the deb files do all that for you
<sommer> oly-: np, basically create a new vhost pointing the DocumentRoot to /usr/share/request-tracker3.6/html/
<sommer> oly-: ya, but with webapps it's more open to the admins preferences I think
<oly-> okay will do thxs for that info :)
<sommer> welcome
<oly-> i am all for that but a default setup is nice
<oly-> i only want to give it a quick try to see if its any good
<sommer> oly-: I've found it to be great, as a help desk anyway
<oly-> cool, i mainly need ldap support and a simple interface
<oly-> with e-mail support as well for sending in requests
<sommer> oly-: LDAP is a little tricky, but the RT wiki has instructions
<sommer> and email support works great as well :)
<oly-> yeah LDAPs often tricky lol
<pubo> hi everybody!
<pubo> does anyone use ldap + phpldapadmin?
<pubo> I'm getting the message "Could not start TLS. Please check your LDAP server configuration."
<sommer> pubo: is your LDAP server using STARTTLS?
<pubo> uhm, I'm not sure, but if I do "ldapsearch -x -Z" the output is correct
<pubo> sommer, /etc/init.d/slapd starttls?
<sommer> pubo: ah you should be good then... can you login using TLS, I guess should have been my question :)
<pubo> and netstat says: *:ldaps                 *:*                     LISTEN     8017/slapd, so I thought slapd is correctly configurated
<pubo> was
<sommer> pubo: in your config.php do you have: $ldapservers->SetValue($i,'server','tls', true); ?
<pubo> yes, but if I change it to false, then everything goes right
<sommer> pubo: is your ldap server using a self-signed cert?
<pubo> I made my self CA, and then I created a certificate and signed it
<sommer> ah you might try adding 'TLS_REQCERT never' to /etc/ldap/ldap.conf and see if works with 'tls', true
<pubo> with Common Name = server.domain.es
<dthacker-work> Hi,  I'm running postfix on ubuntu-server and I'd like to get reports on the how much traffic is going through.  Are there specific packages that you would recommend?
<pubo> sommer, I'm goin to... :)
<pubo> nothing :"(
<sommer> pubo: MMMmmm... I'm pretty sure that's what worked for me, another thing you can try is run a packet sniffer (like wireshark) and see where the LDAP communication is failing
<sommer> pubo: also try running slapd from the console with a high debug ouput: slapd -h "ldap:// ldaps://" -d -1 -f /etc/ldap/slapd.conf
<pubo> I was doing that xD. Please, take a look at:
<pubo> tls_read: want=5 error=Resource temporarily unavailable
<pubo> TLS trace: SSL_accept:error in SSLv3 read certificate verify A
<sommer> pubo: does slapd have permission to read the cert?
<pubo> yes, I changed the permissions to 755
<pubo> Do you want I post in pastebin the whole auth log?
<sommer> sure
<pubo> http://pastebin.com/m7c399685
<sommer> pubo: I think you have tls started
<sommer> are you running phpldapadmin on the same host as your ldap server?
<pubo> yes, but I'm trying to login from another PC as the server doesn't have any browser installed
<sommer> pubo: gotcha
<pubo> really?!!
<sommer> heh, I understand your setup now anyway... you tried the TLS_REQCERT option on the phpldapadmin server, correct?
<pubo> uhm, don't know xDD. I'm very noob in ldap :)
<pubo> I only want to configure ldap to use TLS, and manage it with phpldapadmin. But I'd like the client-server authentication were through TLS
<sommer> pubo: sure, the TLS_REQCERT option in /etc/ldap/ldap.conf determines whether or not the LDAP client verifies the servers certificate
<pubo> sommer, in both archives (slapd.conf and ldap.conf) I't set TLS_REQCERT     never
<sommer> pubo: and still not working?
<pubo> no :(
<pubo> ufff, that's stressing xD
<pubo> sommer, in login DN should I have something like cn=admin,dc=server,dc=es ?
<sommer> pubo: in your phpldapadmin config.php?
<pubo> no, in the login dialog at phpldapadmin page
<sommer> ah, in my install I do
<pubo> I did not made any change in config.php
<pubo> did make... sorry (spanish) xDD
<sommer> okay, I login to phpldapadmin using the full dn
<sommer> but I also bind with the full dn in config.php
<pubo> ok, I'm going to try it
<citybird> hello. i have a question about pxe servers
<pubo> :'''(
<citybird> i have configured my ubuntu linux install with tftpd and downloaded the network boot image and started the daemon...
<citybird> then i added the servername as the tftp server on my windows dhcp server...
<citybird> problem.. every tutorial i have found say use the dhcp server as your pxe server but they dont say how to configure the dhcp server specificly if your pxe server is somewhere else.
<sommer> pubo: are you using port 389 in your config.php?
<pubo> sommer, nop, 636 :S
<sommer> pubo: you might try 389... TLS works over the default port, 636 is for SSL IIRC
<pubo> Error message from phpldapadmin: "LDAP said: Operations error". And google get no results.. Â¿?Â¿??Â¿
<sommer> pubo: when using 389?
<pubo> every time. Using it and with 636 port :(
<sommer> so you tried 389?
<pubo> I start ldap server with: /usr/sbin/slapd -h ldap:/// ldaps:/// -g openldap -u openldap
<pubo> sommer, yes, I've just tried it
<pubo> maybe group and user should be www-data?
<sommer> pubo: nope openldap is correct user and group
<sommer> try adding the -f /etc/ldap/slapd.conf option
<sommer> just to make sure it's using the correct config file
<pubo> no...
<pubo>  -h 'ldap:/// ldaps:///'  (is this correct?)
<sommer> pubo: yep
<pubo> sommer, do you have installed ldap on your pc? Could you send me the configs?
<sommer> pubo: sure, I'll pastebin
<pubo> http://pastebin.com/m11c956c7
<pubo> this is my TLS config and ldapsearch output
<sommer> pubo: here's mine: http://pastebin.com/m7020400
<sommer> it's migrated from a redhat config so some things may not be 100% the same
<pubo> :O
<citybird> oops, it's working now.
<pubo> no, but...
<pubo> I changed my slapd.conf to TLSCertificateFile /etc/ssl/empresaCA/newcert.pem
<pubo> TLSCertificateKeyFile /etc/ssl/empresaCA/newreq.pem
<pubo> TLSCipherSuite HIGH
<pubo> (Removed CA path)
<pubo> and now, when I do ldapsearch -x -Z, I get:
<pubo>  additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
<pubo> I made a wrong certificate?
<zul> afternoon
<pubo> sommer, are you there?
<pubo> sommer, do you remember the guide you read to made ldap on your network?
<sommer> just got back
<sommer> yep: http://www.oreilly.com/catalog/ldapsa/
<pubo> oki, thanks a million :)
<sommer> pubo: np, it feels like you're really close though
<pubo> I must make a mistake in somewhere. I've just tried to implement ldapserver with phpldapadmin and TLS in a VMWARE virtual machine, and this time everything has gone right, so I think I will start from the beggining :)
<sommer> pubo: ah... sometimes that works best :-)
<poor_man> hi all
<poor_man> how can i list the unfformated newly added drives to my machine?
<poor_man> i tried df command but only shows formated and mounted drives
<sommer> pubo: you can look though dmesg... dmesg | grep -i sda for example
<sommer> woops meant poor_man
<poor_man> dmesg thats the command
<poor_man> and the next command to format and mount it
<poor_man> format it as EXT3, the entire disk and after make a mount
<sommer> poor_man: you'll need to create a partition with fdisk... fdisk /dev/sda (or whatever your drive is)
<poor_man> thanks, lets try that
<sommer> poor_man: you might also take a look at this article: https://help.ubuntu.com/community/Mount
<nxvl_work> soren: now that the alpha3 is out, can you upload Bug #130836
<ubotu> Launchpad bug 130836 in apache2 "Specify OpenDocument icon(s) in Apache2 configuration" [Wishlist,Confirmed] https://launchpad.net/bugs/130836
<ScatterBrain> Anyone running vmware 1.0.4 on Gutsy 32-bit?
<jjesse> ScatterBrain: i'm running vmware server
<jjesse> 1.0.4
<ScatterBrain> jjesse: on 32-bit Gutsy?
<jjesse> ScatterBrain:  yes
<ScatterBrain> jjesse: Any hoops you had to jump through?
<jjesse> ScatterBrain:  1.0.4 build-56528
<jjesse> i followed the isntall guide (google vmware install gutsy)
<ScatterBrain> Or simply d/l the tar ball and install?
<jjesse> i think its from christer edwards
<jjesse> http://ubuntu-tutorials.com/2007/11/17/install-vmware-server-on-ubuntu-710-gutsy-gibbon-updated/
<ScatterBrain> fopund it...reading...thx.
<jjesse> np
<Nafallo> partner has it
<ScatterBrain> Nafallo: the parner repos?  Has vmware server?
<Nafallo> yes. but correctly spelled.
<ScatterBrain> heh  ;-)
<ScatterBrain> hmmm... me goes to check that out
 * emgent hi
<jvargas> hi
<jvargas> let's say i installed subversion in a partition of 100Gb, what if the available space becomes unavailable, can i some way join another partition to supply 100Gb more of space for the same subversion repository directory?
<jvargas> /srv/svn for example is mounted on /dev/hda, can i do something so that the space is merged with /dev/hdb's ?
<mathiaz> jvargas: you need to use lvm to do that kind of partition management.
<jvargas> mathiaz: already using LVS
<jvargas> but the filesystem auto resizes ?
<mathiaz> jvargas: you can resize ext3 filesystem - have a look at resize2fs
<danp> i'm trying to preseed network info from the boot line but i'm having trouble (i think) with sourcing confmodule in my early script. anyone familiar with that?
<nealmcb> XiXaQ: I'm poking at https://wiki.ubuntu.com/CalendarServer  Thanks!!   I would think  that recurring events are possible with webcal also?  Specifying the format of the files (ical?) would help.
<nealmcb> or perhaps a reference to http://en.wikipedia.org/wiki/Webcal
<danp> irissssh
#ubuntu-server 2008-01-15
<kgoetz> XiXaQ: i'll look at the link when i can
<CarlFK> installer is telling me "you need at least 3.2 gig" - (the desktop requirement)
<CarlFK> but, isn't the limit set in initrd.gz, which is the same for both desktop and server ?
<kgoetz> 3.2gig for an install?
<CarlFK> right
<CarlFK> I have a 450mb partition I want to install to.
<kgoetz> bloated a bit since the 1.8gb days :\
<nealmcb> CarlFK: is this a server install?  gutsy?
<nealmcb> I think we've seen some installs at about 500 MB
<nealmcb> nijaba did the tests IIRC
<CarlFK> nealmcb: gutsy, server
<CarlFK> nealmcb: but, I am doing a net install, and that uses the same initrd.gz as the alternate cd (that's what I was told)
<CarlFK> i am guessing server has its own initrd
<kgoetz> does anyone else consider update-alternatives refusing to run with only one option a bug?
<kgoetz> ah thats got it
<kgoetz> for the logs, i needed to `sudo update-alternatives --auto x-www-browser`
<kgoetz> then i could `sudo update-alternatives --verbose --config x-www-browser`
<nealmcb> CarlFK: what exactly are you seeing, at what point in the install?  when I've run into installer problems with space, it was very different (desktop install), and I don't know what would be in initrd.gz that had to do with this
<nealmcb> XiXaQ: is there a bug or other official request to package calendar server?  seems like a good idea.
<nealmcb> XiXaQ: do you know what userid the server runs as on macos?
<XiXaQ> nealmcb, yes.
<XiXaQ> no.
<nealmcb> 42
<nealmcb> :-)
<XiXaQ> I'll call it caldavd in the wiki.
<kgoetz> 6x9
<nealmcb> XiXaQ: a link to the request to package would be a nice addition to the page.
<XiXaQ> that it would. I'll see to it. Thanks.
<nealmcb> I took out the reference about  "should run on desktop" because that seems true to me about everything, and saying it could lead to confusion about other server apps on ubuntu
<kgoetz> can you give me the link again?
<nealmcb> information about feisty, dapper etc would of course be handy
<nealmcb>  https://wiki.ubuntu.com/CalendarServer
<kgoetz> thanks
 * kgoetz will be trying it out on dapper probably
<nealmcb> excellent
<nealmcb> I started following calendar stuff a bit at the ietf  back in the mid '90's and it has been a real slog....
<kgoetz> so is the apple thing open source/free software?
<nealmcb> I also wonder how how emailing appointments fits in to all this
<nealmcb> apache 2 license
<kgoetz> no probs
<CarlFK> nealmcb: boot into the installer, it detects disks, givs me partition options, like "shrink", "use largest space", "use whole disk", II pick "Manual" and it displays a dialog "you need at least 3.2 gig" - which was kinda surprising, given I hadn't picked the 450mb partition yet
<kgoetz> when i looked ~12 months ago at calendaring everything i could find was a monolithic blob or proprietary
<XiXaQ> nealmcb, it isn't necessarily so. You need to install some packages for that software to run. If it isn't present, then the scripts will fail. I'm not 100% sure the desktop variants include it all.
<nealmcb> CarlFK: you said the net installer? from which cd or location?
<CarlFK> nealmcb: initrd.gz is the only file I can think of that would contain the setting for how much space is needed.
<CarlFK>  http://us.archive.ubuntu.com/ubuntu/dists/gutsy/main/installer-i386/current/images/netboot/386/ubuntu-installer/i386/
<nealmcb> XiXaQ: the packages are all available to both server and desktop, so it just requires being specific about all the necessary packages
<XiXaQ> nealmcb, yes, and that would require additional work on the wiki, or at least testing.
<XiXaQ> nealmcb, I have tested using server 7.10, but not with desktop.
<XiXaQ> so I don't _know_ that it works, even though, as the wiki sais, is should.
<kgoetz> XiXaQ: considering teh disclaimer at the top, i think it only sort-of-working is ok ;)
<XiXaQ> the disclaimer is temporary.
<kgoetz> "Installing Apple's iCal Server is fairly trivial once you know what to do" jee thanks :p
<nealmcb> XiXaQ: got it - perhaps a jeos build would uncover everything that could be missing - or are there things in jeos that are not in desktop?
<XiXaQ> kgoetz, try finding a good howto else where :)
<XiXaQ> we had to follow quite a number of blogs and forum posts to get it running.
 * nealmcb cheers for perseverance!
<XiXaQ> nealmcb, I seriously doubt that. Owl is installing it on jeos I think.
<kgoetz> XiXaQ: no, i'll fix anything i find wrong :p
<XiXaQ> oh, and I meant owh :)
<kgoetz> mmm. i'm wondering if i should 'correct' it to not recomend using sudo -s
 * nealmcb nods
<XiXaQ> hmm?
<XiXaQ> why?
 * kgoetz wishes <ubuntu swiki> broke the pages into sections like mediawiki
<nealmcb> advantages of using sudo on each line are for clarity, for preserving shell history across both sudo and non-sudo lines, preserving history of what was done in /var/log/auth.log(?), avoiding dangerous other commands, etc
<XiXaQ> sudo -s is ok when you have alot of commands to issue as part of the same job.
<XiXaQ> that was a few good points.
<kgoetz> sudo -s uses the non-root users environment, which can lead to Bad Things
<XiXaQ> I'll fix that then.
 * kgoetz tries to work out what user_xattr does
<nealmcb> kgoetz: surprising - what env diffs are there for sudo -s and regular sudo?
<kgoetz> nealmcb: not sure - you need -i to get a 'full' root shell
<nealmcb> kgoetz: I think su -i would be even worse
<nealmcb> but does get the full root environment
<XiXaQ> sudo addgroup caldavd; sudo adduser --system caldavd --ingroup caldavd <-- Is that the right way to do it, or can I do it in one command?
<nealmcb> but that shouldn't matter for these commands
<kgoetz> adduser should make a gropu at the same time
<XiXaQ> kgoetz, sudo adduser --system username?
<kgoetz> i'm wondering if you think doing the svn checkout to ~, then svn export >/opt/calendar would be better? the only advantage to checkout in /opt/ is for posable updates
<ma11oc> hi, i'm having trouble getting vnc set up on ubuntu server 6.06, could anyone shed some light?
<kgoetz> XiXaQ: should work
<XiXaQ> kgoetz, no, that'll cause it to be placed in nogroup.
<kgoetz>        By default, system users are placed in the nogroup group.  To place the new system user in  an  already  existing
<kgoetz>        group, use the --gid or --ingroup options.  To place the new system user in a new group with the same ID, use the
<kgoetz>        --group option.
<kgoetz> adduser man page, ~ line 67
<XiXaQ> adduser --system username --group :)
<XiXaQ> right :)
<kgoetz> i cant help package (no skills there), but i can go over that wiki page and try and clean/tidy some stuff up if you want
<XiXaQ> that's nice.
<XiXaQ> I'm connected via ssh. I run sudo -u command & and then I log out. The command will still run in the background, right?
<kgoetz> run it in screen
<kgoetz> -u is user
<kgoetz>        -b  The -b (background) option tells sudo to run the given command in the background.  Note that if you use the
<kgoetz>            -b option you cannot use shell job control to manipulate the process.
<XiXaQ> yes, I know that.
<XiXaQ> I need to run the command in the background as another user.
 * kgoetz waits to load wiki edit page
<kgoetz> try -u user -b
<kgoetz> or screen sudo -u fred -b command
<XiXaQ> ok, what's the difference from using &?
<kgoetz> & will probably background your sudo not the command itself
<XiXaQ> ok.
<kgoetz> XiXaQ: you done editing the ubuntu wiki? its got a lock open
<XiXaQ> no.
<kgoetz> not done? lock expires in 2 minutes. hit 'preview' again is my advice ;)
<XiXaQ> there are other problems. It should be changed to have everything in /opt/CalendarServer too. Now it creates a few more subdirectories in /opt
<kgoetz> what sort of subdirectories?
<kgoetz> and why do we enable user_xattr? i cant seem to find anything useful about what it does online
<XiXaQ> pydirector-1.0.0.0, vobject and Twisted
<kgoetz> hm.
<kgoetz> i'll have to build it tojjorrow
<kgoetz> cant today, wont be hom e until late
<kgoetz> s/jj/mm
<XiXaQ> I've made some changes, so I'll install it and test that it actually works.
<kgoetz> how big is the source checkout?
<XiXaQ> 18-20MB
<kgoetz> oh, very sane
<kgoetz> perhaps meantion that size on teh wiki page btw
 * kgoetz finds 'total amount of downloading for this projhect is 42343mb' quite helpful
<XiXaQ> :
<XiXaQ> :)
<kgoetz> (esp on dialup/shaped adsl/satalite)
<XiXaQ> noted.
<kgoetz> XiXaQ: theres no lock on the wiki now - do i take it you stopped editing?
<XiXaQ> for the time being. I'm installing Hardy server to test that it actually works.
<XiXaQ> cause I know that if it works in hardy, then it works in 7.10 too.
 * kgoetz checks updated version, and might make some edits
<kgoetz> i'm wondering if the filesystem remount will work, because of existing attached processes
<XiXaQ> hmm?
<XiXaQ> I have tested that setup with 7.10 server.
<kgoetz> mount -o remount /home/
<kgoetz> s#/home/#/#
<kgoetz> but are you sure the filesystem change applied?
<nealmcb> XiXaQ: offhand I'd think the svn checkout would be  better as non-root in a different (user?) directory, but I'm only glancing at the emailed diffs :-)
<XiXaQ> nealmcb, you're right about that, though I don't think it matters a great deal. Noted though. :)
<nealmcb> but thanks for the sudo changes and user admin updates!
<kgoetz> Most users will be familiar with apt-get, many with subversion <- probalby need to change this, btw
<kgoetz> download some necessary packages <- and this (what necesary packages?)
<kgoetz> why arnt they installed alreayd? :)
<XiXaQ> hmm?
<XiXaQ> the packages are listed there.
<XiXaQ> they're not already installed because we didn't need them until now.
<kgoetz> thats probably all i can do until i get a chance to build it myself and find out the details of the build/install process
<nealmcb> kgoetz: nice - thanks
<XiXaQ> yey. I'll just take a snapshot of the image, and then installation on hardy server can begin :)
<kgoetz> nealmcb: np ;) getting docs 'more or less' right i'm good at, its making them submitable is my failing ;)
 * kgoetz sets up chroot to try in
<XiXaQ> did you have an edit window open while I was editing?
<kgoetz> i started editing, when i asked and you said you stopped -- if you started editing again while i was then perhaps yes
<kgoetz> are you editing right now? python-pyxattr instead of python-xattr (in the apt-get install bit)
<kgoetz> and i cant find python-dateutil or *dateutil* at all in apt
<XiXaQ> what version?
<kgoetz> 7.10
<XiXaQ> I've had no problems with either 7.10 or 8.04 so far.
<kgoetz> hm. svn checkout doesnt need a sudo while its done in /home/
<XiXaQ> server?
<kgoetz> same repositories
<kgoetz> gutsy[-security,-updates]
<kgoetz> ah, universe is missing
<XiXaQ> it's not done in  home. It's done in /opt, and that should be changed.
<kgoetz> grrr. *mustnt have saved right*
<kgoetz> i changed it
<XiXaQ> please don't change the packages?=!
<XiXaQ> we spent quite some time figuring out what was needed.
<kgoetz> pardon?
<XiXaQ> have you changed the packages for install on the wiki?
<kgoetz> nope. just the formatting
<XiXaQ> <kgoetz> are you editing right now? python-pyxattr instead of python-xattr (in the apt-get install bit) <-- What does that mean?
<kgoetz> i couldnt find  python-xattr (its in universe, which wasnt enabled for some reason)
<XiXaQ> I have to test one thing. I can't test alot of different setups at the same time. I know the packages that were there before works.
<kgoetz> but it appeared after enabling universe :)
<XiXaQ> you didn't change the package installation? Someone has.
<kgoetz> what about it?
<kgoetz> the formatting?
<XiXaQ> I don't know,.
<XiXaQ> I'll have to read all the changes I've received in the mail to make sure all the packages are still the same, unless someone can confirm that they are.
<XiXaQ> it's abit difficult to test an assumption when the assumption is changed while you're performing the test..
<nealmcb> XiXaQ: you can just look at the wiki history online
 * kgoetz logs out of caltry1 chroot and leaves it alone
<XiXaQ> the reason there were two different apt-get commands to begin with, was that someone said that was necessary in a blog, but it should'nt be, so I was about to merge them into a single apt-get command, when there was suddenly three of them.
<XiXaQ> nealmcb, no, I'll just test with the packages that are there now.
<XiXaQ> the guide doesn't work anymore.. :(
<XiXaQ> I'll fix it. Please don't make any edits.
<kgoetz> theres probably not-quite-right stuff from my changes. (i spotted a few after i saved)
<XiXaQ> heh, like being in the wrong directory and such? :)
<kgoetz> i was going to checkout the svn in a user home, then sudo export it to /opt/wherever - i just didnt put that in right :( so yes, you probably wind up in wierd places
<XiXaQ> that's a different installation procedure.
<Kalamansi> hello is there any way to minize setting of pc2 and pc3? like i will not put my isp's dns? pc1 is my server and i have no router. pc2 and pc3 can connect to the internet with assigned ip,gateway,subnet and dns of my isp..how to minimize this without setting my isp's dns? i dont want to expose my dns to the public...
<owh> hi XiXaQ
<XiXaQ> owh, hey :)
<owh> I've been looking at the latest wiki changes, but I have to say that they're making it more and more complicated.
<owh> I mean, svn to your home directory, then move it to /opt. WTF?
<owh> The notion of making each command a sudo makes no sense to me either.
<XiXaQ> yes, and it doesn't work anymore.
<owh> I am in favour of reverting it to NealMc mumble's revision.
<XiXaQ> is there a way to revert to an older version?
<XiXaQ> :)
<owh> Yup, I'm in favour of going back to #36, click on "Info" at the top.
<owh> You should also put a note near the bottom of the text entry field (there's a separate field for it) indicating the nature of the edit.
<owh> You can also see difs.
<owh> +f
<owh> I think the edit from KarlG didn't help the issue. There was a reason we had them as two lists!
<owh> Hey, kgoetz, you're in here, excellent.
<owh> kgoetz: What were you trying to achieve with your edit of the CalendarServer wiki page, revision #41?
 * XiXaQ reverts it to #36
<XiXaQ> let's just hope it's the guide that's faulty and not the svn version that's become incompatible.
<owh> XiXaQ: Actually, #37 is fine, that's before we started the silly sudo stuff :)
<XiXaQ> it's done. :)
<owh> Cool, so how did you figure out that it broke?
<XiXaQ> I've installed it three times the last two hours.
<owh> So what happened?
<XiXaQ> missing files, unknown commands...
<owh> Did you change any steps?
<XiXaQ> I'm making a second attempt with #36 now, so we'll know in a little while if it's the svn version of the guide.
<XiXaQ> yes, quite a few.
<owh> XiXaQ: Uh, but it was working right?
<owh> I'm just trying to understand why you would change steps if the procedure was working.
<XiXaQ> some of them are really necessary, such as giving it its own user.
<owh> XiXaQ: Yeah, but that's after the install succeeds right?
<XiXaQ> the problem is that the guide was changed while I was testing if it was working or not, so I can't say for sure.
<XiXaQ> well, that's part of the install. It's the last step.
<owh> XiXaQ: So, the missing files happened when?
<XiXaQ> no, you're right. run -s succeeds. It's when it's run that the problems occur.
<XiXaQ> when running it.
<XiXaQ> but as I said, I'm installing from scratch now, so we'll know shortly.
<owh> So, this might just turn out to be a permissions issue, which wouldn't surprise me.
<XiXaQ> though it's my turn to have problems with my connections. :)
<XiXaQ> no, I made sure they were set correctly.
<owh> XiXaQ: Hey, hate to bail, but I *have* to go.
<owh> Email me if you need to.
<XiXaQ> that's ok. :)
<owh> later
<XiXaQ> yup.
<XiXaQ> see you later.
<mok0> is there an easy way to remove all the not-needed graphics software from a server?
<XiXaQ> huh?
<XiXaQ> there is no graphics software in the server install.
<mok0> c
<mok0> is there an easy way to remove all graphics oriented software from a server?
<XiXaQ> what?
<XiXaQ> there is none.
<XiXaQ> have you manually installed such software?
<mok0> yes, its a workstation converted to a server
<_ruben> yuck
<_ruben> i'd suggest a clean install .. tho uninstalling the X server *should* take most of the graphical crap with it
<mok0> _ruben: yeah I guess
<XiXaQ> mok0, server uses a different kernel.
<_ruben> and you could always audit the output of dpkg -l by hand
<mok0> XiXaQ: didn't know that
<_ruben> kernel is easy to replace
<XiXaQ> is's PAE-enabled, and it's tickless.
<mok0> XiXaQ: cool
<mok0> XiXaQ: is that on the alternate CD?
<_ruben> then again, clean install sure is the cleanest (duh) way to do so
<XiXaQ> it's on the server cd or the dvd.
<mok0> XiXaQ: ok, thx
<mok0> _ruben: yeah but I've already spent a lot of time configuring t he box
<mok0> XiXaQ: what's the package name of the server kernel?
<_ruben> linux-server
<mok0> duh
<mok0> :)
<_ruben> linux-generic is the default for desktop
<XiXaQ> mok0, I don't know if you're aware of this, but the server install has quite a few helpful tasks.
<_ruben> linux-386 for when you have an ancient/odd/whatever cpu
<mok0> _ruben: It's a Pentium III
<_ruben> -generic and -server should work fine on those afaik
<_ruben> i use -386 on a via c3 cpu .. which lacks some instructions making the -server kernel unusable
<mok0> _ruben: ah, I've never actually talked to someone who uses a via cpu
<mok0> Pentium III is i686
<mok0> XiXaQ: What tasks are you referring to?
<_ruben> LAMP/Print server/etc
<mok0> _ruben: very nice.
<mok0> I just need it for kerberos and ldap
<XiXaQ> mok0, mailserver, lamp, ldap, postgresql, etc.
<XiXaQ> dns.
<XiXaQ> hehe, actually, there is no ldap and kerberos tasks. At least not in 7.10
<mok0> XiXaQ: hmmm. very convincing... but I should be able to manually select that set of packages, right?
<XiXaQ> yes.
<mok0> XiXaQ: I was just wondering whether there existed a meta package, like gnome-desktop and kubuntu-desktop, that converts Ubuntu to Kubuntu and vice versa.
<mok0> XiXaQ: For example, a server-install package, that has dependencies and conflicts etc.
<XiXaQ> I don't understand the question. Yes, there are packages for ubuntu-desktop and kubuntu-desktop, etc.
<mok0> XiXaQ: A package that converts a workstation to a server
<mok0> XiXaQ: By conflicting with X-windows etc
<XiXaQ> no, that'd be very surprising, since almost all software would have to be replaced.
<mok0> XiXaQ: heh, I understand
<XiXaQ> it'd be faster to simply reinstall from a server cd.
<mok0> XiXaQ: Hm, I am almost convinced...
<XiXaQ> alot less work too.
<_ruben> and some ppl do want X on their server (yuck!), so a server package that would prevent X would be bad (for some ppl)
<XiXaQ> _ruben, why are you opposed to having X on a server?
<_ruben> XiXaQ: X isnt a very secure thing, and all configs can be done via commandline .. and there's always remote X, which only requires a few X libs instead of a complete resource hogging X server
<_ruben> resources and security being the main issues here
<mok0> _ruben: I agree
<_ruben> and servers also tend to run headless
<_ruben> rendering X even more usless
<_ruben> useless
<mok0> _ruben: that's what I did to this box... took of monitor, mouse and keyboard and put it in the server room
<mok0> s/of/off
<XiXaQ> I run several small server setups with mailserver, lamp and nx. Xorg is installed, but isn't running. That's fine.
<mok0> XiXaQ: yes it is
<mok0> XiXaQ: But then you may as well uninstall it :-)
<XiXaQ> why?
<mok0> XiXaQ: disk space?
<XiXaQ> the applications I use depend on it.
<mok0> XiXaQ: ok
<mok0> Ah, btw, what is the run level that doesnt start X?
<_ruben> i think 3, for X it is 5 .. but i aint sure
<mok0> _ruben: Ubuntu normally runs at 2
<mok0> _ruben: what you say is true for RedHat systems
<_ruben> arent runlevels deprecated since 'upstart' ? havent looked into that that much, i come from a suse environment, only started experimented with ubuntu recently
<mok0> _ruben: I don't know
<_ruben> mok0: never really looked into the runlevels/sysv init stuff
<mok0> Quick Google search: "Run levels 2 through 5 are full multi-user mode and are the same in a default User Linux (Debian) system. It is a common practice in other Linux distributions to use run level 3 for a text console login and run level 5 for a graphical login."
<_ruben> debian (stable) doesnt use upstart (yet) afaik
<mok0> Never heard of upstart
<_ruben> its ubuntu's replacement of init
<mok0> _ruben: ah, the venerable init
<_ruben> upstart sure looks like a nice project
<mok0> http://upstart.ubuntu.com :-)
<_ruben> more or less combines init and daemontools (by dj bernstein, qmail author)
<mok0> looks pretty cool
<_ruben> yeah
<mok0> wouldn't hurt getting a faster boot...
<_ruben> ubuntu-server boots pretty darn fast i'd say
<jords> heh, I just run my server 24/7 so i don't mind :D
<_ruben> JeOS is probably even fast (Just Enough OS, even more stripped down version of ubuntu-server, designed for virtualization and such)
<_ruben> jords: during deployments (of the server), a fast boot cycle is a pro :)
<mok0> _ruben: is jeos tickless as well?
<_ruben> jords: and i doubt you upgrade your kernel without rebooting
<soren> mok0: Well, you can use kubuntu-desktop to *convert* from an Ubuntu desktop to a Kubuntu one. You just *add* all the KDE stuff. You don't remove the GNOME stuff.
<_ruben> mok0: wouldnt know, have only heard about it in this channel a bit, havent looked into it myself
<soren> mok0: likewise, there's no meta-package for ubuntu-server, as it doesn't add anything that's not in the desktop install. It just doesn't include all the graphical stuff.
<soren> mok0: Also, removing the x server will not do you much good.
<_ruben> might look into jeos once i get some spare time investigating some virtualization opportunities
<soren> mok0: No graphical applications I can think of depend on the presence of an X server.
<mok0> soren: ok, I was looking for a package that would remove all non-server related stuff
<_ruben> soren: hmm .. indeed, thought too simple on that one .. i even suggested the remote X possibility myself :p
<soren> mok0: No such package exists, no.
<soren> mok0: You can remove libx11, for instance.
<soren> mok0: That will likely remove most of the stuff you don't want.
<mok0> soren: I can try it, no harm done :-)
<soren> mok0: Possibly followed by an apt-get autoclean.
<mok0> aptitude is now working on it...
<jords> _ruben: that's true. Hot-puggable kernels is a bit of a stretch
<soren> Yes, the -virtual kernel image (used by Jeos) is also tickless.
<_ruben> what exactly does this 'tickless' mean/impose?
<mok0> ... from the list of files, it seems removing libx11-6 does pretty much what I want... aptitude still working...
<soren> mok0: The problem is that it will only remove libraries and binaries. Not the variuos -common packages, for instance.
<soren> _ruben: http://www.linuxworld.com/news/2007/022807-kernel.html
<mok0> soren: it has around 30 packages left unresolved, mostly data packages that recommend other ones
<soren> mok0: autoclean?
<mok0> soren: hang on...
<mok0> soren: It's going to free 1663Mb
<mok0> what does {a} and {u} mean in the package names?
<_ruben> soren: interesting read
<mok0> soren: it needs to remove 625 packages, it will take probably 10 minutes
<soren> mok0: re: "{a} and {u}"... I have no clue.
<mok0> soren: it's an aptitude thing I think
<acidfire2008> _ruben u around
<_ruben> acidfire2008: more or less
<soren> mok0: I think so, too. Otherwise, I probably would have known :)
<acidfire2008> u remember us talking the other night about pure-ftpd?
<mok0> ... " libxpm4{a} libxrandr2{a} libxrender1{a} .."
<soren> mok0: Perhaps "automatically installed (as a dependency)" ?
<_ruben> acidfire2008: i dont recall your nick, but do recall some pure-ftpd stuff
<acidfire2008> well u showed me how to set port etc on it
<mok0> soren: yeah that's probably it... "auto" and "user"
<acidfire2008> i saved where to allow fxp
<soren> mok0: Makes sense.
<acidfire2008> but cnat remember how to change port haha
<acidfire2008> remember we had to add a file in the conf directory
<_ruben> acidfire2008: Bind was the filename iirc
<acidfire2008> thats right or something like that
<acidfire2008> how did u do that command with echo?
<_ruben> echo ",PORTNUMBER" | tee /etc/pure-ftpd/conf/Bind ... the path might be slightly off, doing this from top of my head
<_ruben> oops
<_ruben> echo ",PORTNUMBER" | sudo tee /etc/pure-ftpd/conf/Bind ... the path might be slightly off, doing this from top of my head
 * mok0 goes off to get a cup of coffee
 * _ruben goes off for lunch
<acidfire2008> ty
<acidfire2008> all day i could not remember that
<acidfire2008> and he comes online and bam its fixed in 2 mins
<acidfire2008> _ruben when u get back plez let me know i got one more ? to ask u
<_ruben> back
<acidfire2008> k im looking into being able to change permission
<acidfire2008> i cant write or delete etc to a folder
<acidfire2008> but i can on my home folder
<_ruben> probably not pure-ftpd related, just standard file permissions
<acidfire2008> k
<acidfire2008> then how can i set that?
<acidfire2008> ./usr/local/torrent/acidphyre/
<acidfire2008> like i would like to be able to edit that directory
<acidfire2008> its a directory
<acidfire2008> not file btw
<acidfire2008> do i can upload to that directory
<acidfire2008> so*
<acidfire2008> and woudl u possible nkow how i could change my home directory when i login?
<acidfire2008> im making note of all this so i wont ever have to ask again
<acidfire2008> sorry to bother u man
<_ruben> several ways to accomplish that .. one would be: sudo chown YOURUSERNAME /usr/local/torrent/acidphyre/ -R
<_ruben> im not aware of any method to change the homedir for just ftp, afaik it just takes your homedir from /etc/passwd
<_ruben> you could do smth like : ln -s /usr/local/torrent/acidphyre /home/YOURUSERNAME/torrent .. then after logging in with ftp you can just go into the torrent folder and up in the /usr/local/.... one
<acidfire2008> dude u rule
<acidfire2008> that was the prob
<acidfire2008> i can just point myself to that dir via ftp
<acidfire2008> so its all good
<acidfire2008> ty so much man
<acidfire2008> _ruben there is no way i can point the home folder to /var/cache/torrentflux/
<acidfire2008> ?
<_ruben> acidfire2008: not that im aware of without diving into the docs
<_ruben> acidfire2008: well .. one way would be to use virtual users instead of the ones in /etc/passwd .. but that complicates things quite a bit
<acidfire2008> Transferred 108 files totaling 1.39 GB in 11 minutes 44 seconds (2.37 MB/s)
<acidfire2008> nice i had 4 threads at that speed
<acidfire2008> ohh wow
<acidfire2008> so to make new user accounts on the ftp i can use any of the user accounts on ubuntu i got setup?
<_ruben> by default pure-ftpd uses the pam database, so each user on the machine will have ftp access
<acidfire2008> thats bad ass
<acidfire2008> so that file thing u had me set i gotta set for every user then?
<mok0> Is there a way to see if the current kernel runs in tickless mode?
<sommer> mok0: you can find the kernel options in /boot/config-kernel-number
<mok0> sommer: thx
<sommer> mok0: I'm not sure which ones have to do with ticks though, np
<mok0> If it has "CONFIG_NO_NZ=y" it is tickless...
<mok0> s/NZ/HZ/
<zul> morning
<acidfire2008> _ruben u around?
<acidfire2008> anyone else around/
<acidfire2008> ?
<soren> Just ask your question.
<acidfire2008> sudo chown creative /var/cache/torrentflux/creative -R
<acidfire2008> well i did that and now i need to undo it
<acidfire2008> i need to be able to write to that dir
<acidfire2008> but when i did that command now torrentflux cant write to the directory
<Gargoyle> acidfire2008: set the group to one torrentflux can see and give group write permissions
<acidfire2008> i just set 777 on the dir
<acidfire2008> it worked
<Gargoyle> acidfire2008: that gives everyone read/write and execute permissions
<acidfire2008> its only me on the dir
<acidfire2008> so its no biggy
<acidfire2008> i mean its only me on the pc
<RainCT> Hi
<sommer> hello
<sommer> can you point an mx and an A record with the same name to two different IPs?
<sommer> without it causing problems that is... seems to me like it would :)
<Nicke_> sommer: sure, no problem. However, the MX should point to a hostname, not an IP
<sommer> Nicke_: gotcha
<Nicke_> I think it's pretty common to have a separate server handling the mails for a domain
<sommer> I'm working on setting up mailman, but want the emails sent through a gateway
<sommer> Nicke_: what if it's a subdomain (lists.example.com)
<sommer> for example
<Nicke_> sommer: shouldn't matter
<sommer> Nicke_: cool, thx
<Nicke_> (although my experiences with mailman is pretty limited)
<Nicke_> are*
<sommer> Nicke_: so all I need is an MX lists.example.com pointing to another hosts?
<sommer> basically
<Nicke_> yeah.. like lists.domain.tld  IN MX 10 mail.domain.tld
<zul> or you could setup a smarthost in the postfix or email server to send all the email to you email server
<Nicke_> mail.domain.tld IN A 192.xxxx
<sommer> zul: ya... that's what I'm wanting
<sommer> but how do outside domains know to send through my "normal" mail server?
<sommer> I think I'm confused about the subdomain part
<zul> through the mx record so if you have mail.domain.com all email from lists.domain.com will be sent from mail.domain.com
<zul> and your mail server should know where to deliver the email to the local users
<sommer> zul: sure I understand that part, but if gmail sends a message to user@lists.domain.com it'll know to go through mail.domain.com?
<zul> it should
<sommer> that is without receiving one first
<sommer> ah... just needed to check the logs it is working, thanks zul and Nicke_
<Nicke_> np : )
<zul> no worries
<nxvl_work> isn't going to be Server Meeting on half an hour?
<zul> wednesday
<nxvl_work> oh right
<nxvl_work> it is tomorrow
<zul> the day and time has been switched so more people can come
<nxvl_work> yes, i knew it, but i don't know why i put it for today on my calendar
<nxvl_work> sometime it happends
<nealmcb> soren: is anyone from ebox coming tomorrow?
<nealmcb> reminder: server team meeting a day from now:  https://wiki.ubuntu.com/ServerTeam/Meeting
<dantalizing> why cant i create a debootstrap for hardy?
<ScottK> dantalizing: Are you on Gutsy?
<dantalizing> scottk: yes
<ScottK> dantalizing: Get the version from gutsy-backports and then you'll be fine.
<dantalizing> hmm...thought i had that enabled...thx i will check it out
<ScottK> It worked last time I tried anyway.
<dantalizing> scottk: you used debootstrap?
<dantalizing> scottk: nevermind, its working...thx
<jetole> hey guys, I know this isn't ubuntu specific but I am looking for a remote kvm/ip interface, a card that I can stick into the computer and will allow me to access not only kvm but also remote media etc so I can even install an OS in a machine that is in a rack elsewhere
<jetole> I was wondering if anyone could recommend something
<kraut> jetole: look for peppercon cards
<kraut> eric II for example
<jetole> kraut: thanks
<sommer> is it correct to say that do-release-upgrade recommended over apt-get dist-upgrade ?
<kraut> sommer: or aptitude
<nealmcb> sommer: I've heard that do-release-upgrade is better also
<sommer> cool, just wanted to make sure
 * jetole prefers apt-get 
<kraut> indeed, but aptitude is more intelligent to solve conflicts
<nealmcb> but I would love to see some details on the differences, with examples from real upgrades.  I mainly heard about apt-get problems during upgrades to edgy
<nealmcb> and with the uncharted territory of upgrading to hardy from dapper looming around the corner, this is a good time to start focusing on that...
<corporeal> hello, i have a question about postgresql installation
<corporeal> i did an apt-get instlal postgresql-8.2
<corporeal> but the service wont start
<corporeal> there arent even any logs
<corporeal> what am i doing wrong?
<LeChacal> hello, any one know what file system abbreviation to use in the mount command for a partition that fdisk marks as 'Linux raid autodectect', or just how to access this partition so that i can get files off of it. The drive came out of an old Gentoo web server that only had one drive in it so I don't know how it did RAID.
<mok0> corporeal: what do you mean, it wont start?
<mathiaz> nealmcb: IIRC, apt-get dist-upgrade cannot do stuff like remove a package during the upgrade.
<mathiaz> nealmcb: for example, evms has to be removed when upgrading to gutsy (IIRC) - that cannot be done with a dist-upgrade
<mathiaz> nealmcb: do-release-upgrade is made for that kind of one-time things to do
<mok0> corporeal: if you want help, you need to specify
<corporeal> i figured it out
<nealmcb> mathiaz: ahh - that helps!  Will evms cause problems if it isn't removed?  Should we disable or add caveats to apt-get dist-upgrade?
<mathiaz> nealmcb: yes. you cannot start if you don't remove evms
<mathiaz> nealmcb: I ran into that situation.
<mathiaz> nealmcb: but it's just an example. the release-upgrader does other things (mainly on the desktop for now)
<mathiaz> nealmcb: That's why the supported way to upgrade a server is to use do-release-upgrade
#ubuntu-server 2008-01-16
<emgent> keescook, hi
<AussieHatter> 2 of my ubuntu servers with completely different hardware have network speed problems *slow*
<hatter> can ipv6 enabled nics have an effect on samba within a network ?
<ScottK> amavisd-new MIR (and the 8 dependencies) are finally done!
<sommer> ScottK: party!
<kiggaz> hey there everybody
<kiggaz> I gotto question: in mysql replication, how can I ignore replication of a table in the replication db?
<kiggaz> replicate-ignore-table=db.table3 statement in the slave mysql my.cnf doesn't help
<kraut> moin
<XiXaQ> can someone look at http://wiki.ubuntu.com/CalendarServer and add a way for it to start and stop with the system?
<ewook> cron it?
<ewook> or, simply just add it to init.d
<soren> XiXaQ: init script?
<XiXaQ> yes.
<XiXaQ> I have no idea how to do that.
<soren> XiXaQ: You can base it off of /etc/init.d/skeleton
<XiXaQ> should it be sufficient to change the values between PATH and SCRIPTNAME, or must I do more?
<XiXaQ> I can't read sh-script very well.
<soren> XiXaQ: That depends on what you're trying to do.. I haven't read the wiki page.
<XiXaQ> would you mind doing so? I think it'd be useful for many people.
<qman> hello, I'm having some trouble with software raid...the raid works and all, no failed disks or anything, but at every reboot, it says the raid is not clean, and then gives me "could not bd_claim sde1"
<qman> and starts rebuilding the array
<qman> I have a 6-disk raid 5, and my dmesg output is here: http://qman.strangled.net:8080/dmesg.txt
<ivoks> are you sure there are no failed disks?
<ivoks> it looks to me that it's doing syncing
<ivoks> check cat /proc/mdstat
<qman> it says it's about 40% through a resync
<qman> but the thing is, all the disks are new, and I just installed the system and created it
<qman> and it does this on every reboot
<ivoks> well, syncing does need time
<ivoks> sometimes more than 24 hours
<qman> hmm
<ivoks> attach output of 'cat /proc/mdstat' somewhere
<qman> ok
<qman> http://paste.ubuntu-nl.org/52122/
<ivoks> well, wait for 3 hours and it will finish
<qman> I suppose I probably didn't let it finish building, thanks for the help
<_ruben> qman: have you ever actually seen the raid finish building?
 * _ruben guesses not
<_ruben> indeed
<qman> I just assumed that since the md process was no longer in top that it was done
<qman> but obviously not
<ivoks> you can use your disk
<ivoks> but it still isn't synced on all disks
<qman> yeah, it kept data after the reboot even
<qman> it's mounted at /home
<qman> so not much on it yet
<ivoks> soren: i need your opinion
<soren> Chocolate is good.
<ivoks> soren: we agreed on doing MIR for drbd, but it requires kernel module
<ivoks> there is a upstream progress on integrating drbd into vanilla kernel
<ivoks> and, reading lklm, there are some issues which need to be resolved before merging
<ivoks> so, i'm not quite sure it's a good idea to merge it into hardy, since there is a big chance code will have partial rewrites
<ivoks> what do you think?
<soren> Well, if it's being actively rejected by upstream, I'm not very keen on it.
<ivoks> i can't say actively...
<ivoks> http://lkml.org/lkml/2007/7/21/255
<ivoks> but it's quite long discussion :)
<soren> I'm on my way to (a long) lunch. We can talk later?
<ivoks> enjoy your meal ;)
<mok0> how come the stupid NIS slave server decides to serve it's own /etc/hosts??
<jdstrand> mathiaz_, soren: I just migrated a gutsy server to using raid1 on /, and discovered that the server kernel's initramfs does not have raid1 included.
<jdstrand> I had to add to /etc/initramfs-tools/modules 'md' and 'raid1'
<jdstrand> is there a reason this isn't included?
<mathiaz_> jdstrand: no reason... You should file a bug.
<jdstrand> mathiaz_: will do
<c1|freaky> hi all. does someone know of a online, web based addressbook or contact management software, preferably also with a calendar. one with a good quality?
<jetole> hey guys, I notice ubuntu does not include apt-spy in gibbon and netselect-apt doesn't seem to work for me (complains about my firewall when I disable akk iptables rules and host is not behind router)
<jetole> is there another package I should be aware of to help me find the fastest mirrors?
<jetole> or... even better, I just want to simply test a host on a 100Mbps net connection, can anyone tell me anywhere where I can download a file and see close to that speed
<_ruben> hmm .. ages ago i read about a method to install debian using a tool similar to (or possibly even using that) debootstrap .. cant seem to find it, nor any docs on an easy 'migration' from one linux distro to ubuntu
<_ruben> ah .. found the debian docs .. lets see if i can make this work for ubuntu
<jetole> _ruben: did you try apt-cache search debootstrap because I found it pretty quickly on 7.10 server
<jetole> and then of coarse you just run apt-get install debootstrap
<_ruben> jetole: well .. the goal is to migrate one of my fileservers from opensuse to ubuntu
<jetole> might want to comment out the CD in /etc/apt/sources.list
<jetole> _ruben: well good luck with that buddy but all IO would expect is to move the files and then see what software configuration files are still compatible, most should be
<jetole> but don't expect it to run out of the box
<jetole> you are trying to upgrade from one OS to another in a system that was never designed to do so
<ScottK> Particularly from an RPM based distro to a Debian based distro.
<_ruben> the idea is to end up with a clean ubuntu install .. without me getting out the screwdrivers and all to hook up a cdrom drive ;)
<jetole> ubuntu uses all different package names and neither OS is aware of the other ones packages
<_ruben> so 'upgrade' or 'migrate' is a bit of an overstatement
<jetole> was SuSE rpm?
<ScottK> SuSE uses rpm.
<jetole> _ruben: if you want a clean install that would be a little more likely and easier
<jetole> ScottK: huh, been a decade since I used it
<jetole> didn't like it then and don't want to try it now *cough*microsoft*cough*
<ScottK> There are scripts for booting off of a USB thumb drive out there.  You could perhaps boot Ubuntu off one of those and install from there.
 * ScottK used opensuse, but got tired of being thought of as an SLES beta tester who had no right to expect stuff to actually work.
<_ruben> ScottK: hmm .. hadnt thought about that one
<jetole> "linux violates our patents, we won't tell you which ones but if you use our linux, I mean our partners linux, then we won't sue you for the patents that we won't admit exist"
<_ruben> we actually are using SLES9 at work currently .. working on migrating to ubuntu tho ;)
<ScottK> :-)
<jetole> _ruben: you can install a clean system from debootstrap, I have done it but it has been a few years since so I don't remember how
<jetole> look up a readme on it
<jetole> a clean system from deboo strap can usually be done, although you may require a temp partition
<jetole> or you can just install the CD Rom, that takes about 5 minutes
<_ruben> got a nice start here: http://www.underhanded.org/papers/debian-conversion/remotedeb.html .. tho i dont think i have any spare diskspace to repartition :/
<_ruben> jetole: the install would go fast .. that is, once i have the cd in cdrom drive in that box .. it currently doesnt have one :)
<jetole> _ruben: right but installing a CD ROM drive has always seemed easy to me
<jetole> then again, I am the only person I know who was building computers as an after school job when I was a freshmen in high school
<_ruben> jetole: hehe .. the technical part aint the problem .. its the physical side of it .. its currently tucked in nicely between some other boxes with a fair share of cables hooked up and stuff like that :)
<_ruben> huh .. since when is /dev/sda1 etc used for pata disks? just upgraded another fileserver from feisty to gutsy
<jetole> _ruben: for a while now
<jetole> I had a feisty box with a jmicron sata controller and HDD hooked up to both sata and pata and a sata cdrom, all disks appeared as sdX
<_ruben> hmm .. hadnt noticed before .. then again, havent been playing with ubuntu much, yet
<ScottK> _ruben: Since the kernel migrated to the new PATA code that's in the same module as the SATA/SCSI code.
<ScottK> It's a general kernel change, not Ubuntu specific.
<jetole> that sounds about right, I remember reading up on it some time ago
<jetole> anyways, hd = sd;
<_ruben> ScottK: figured as much .. suse being quite behind on the kernels, makes it a new feature for me on ubuntu ;)
<jetole> what is the package I need to install to provide server kernel headers?
<_ruben> hmm .. 50 euros for external dvd writer .. not too bad
<_ruben> jetole: the source is the same for server and desktop
<jetole> I never said it wasn't
<jetole> I asked what is the package I have to install to provide server kernel headers
<jetole> since the two use different kernels and there is a header specific package
<_ruben> hmm .. actually .. i might be wrong
<_ruben> indeed .. never looked at it this closely .. the source package is identical from what i gathered .. so i guess it'd be linux-headers-server
<jetole> _ruben: I can type apt-get source <package> to install source for any package on either version of the distro
<jetole> I am trying to install vmware-server atm and it is looking for /usr/src/linux/include
<jetole> now I know that is the default spot for the raw kernel source headers but like I have done this a while ago and there is another package that provides this I beleive
<jetole> unless...
 * jetole tries sym linking /usr/include/linux to /usr/src/linux/include
<_ruben> that usualy doesnt work .. tho that's gathered from the few times i tried to get away easily that way .. havent tried on ubuntu tho
<_ruben> linux-headers-server it seems to be .. would require a symlink to /usr/src/linux tho .. or tell vmware to use the actual path
<jetole> actually neither one has worked so far, I am installing linux-source atm
<jetole> back to my initial question, does anyone in here know what tool would work well for finding the fastest mirrir to you?
<_ruben> that was actually my first thought, since vmware probably requires more than just the headers
<_ruben> i recall a tool from that from my own early debian days, but have no clue about the name .. for me any dutch (me being dutch) mirror gives me full speed
<jetole> _ruben: not in this case but the kernel headers that are provided here are different then the ones it needs
<_ruben> odd
<jdstrand> jetole: netselect (but haven't used it on ubuntu)
<jetole> _ruben: apt-spy worked for me in the past and ended at feisty, netselect-apt seems not to work at all with firewall issues being reported when it is not behind a firewall, iptables, or a router
<jetole> _ruben: there are actually two sets of kernel headers but I forget the difference
<jetole> one is used for the active kernel and one is used to compile programs against it
<_ruben> ic
<_ruben> hmm .. my gutsy machine just kernel panic'ed on sudo halt
<_ruben> most of the backtrace scrolled away .. power down it is
<XiXaQ> Where is IMAP mail stored? I've been trying to reset a users mailbox structure, but I can't find out why.
<XiXaQ> how. :)
<soren> XiXaQ: IMAP servers look wherever you tell them to look. IMAP doesn't dictate the structure.
<XiXaQ> well.. I deleted the user on both the server and the client, then recreated it. Still, the folder structure is fubar
<ScottK> lamont: Got a moment to discuss Postfix plans?
<lamont> ScottK: if it's convenient, about 2.5 hours from now would work better.
<ScottK> lamont: Should be fine.
<lamont> poke me then pls
<ScottK> lamont: Will do.
<fishor> i working on Bug 183485 , and found it will be nice to have wiki hovto debug kvm/qemu guest. any ideas about it?
<ubotu> Launchpad bug 183485 in linux-source-2.6.22 "kvm can not boot Ubuntu guest" [Undecided,Confirmed] https://launchpad.net/bugs/183485
<fishor> ubuntu-bugs team think it will be better organice it with ubuntu-server
<fishor> dendrobates: any thouts?
<dendrobates> fishor: we do handle kvm
<dendrobates> fishor: will it not install, or not boot after install.
<fishor> see Bug 183485
<ubotu> Launchpad bug 183485 in linux-source-2.6.22 "kvm can not boot Ubuntu guest" [Undecided,Confirmed] https://launchpad.net/bugs/183485
<fishor> i mean it will be usefoul to have wike: debugging kvm/qemu guest
<fishor> dendrobates: wiki..
<soren> fishor: It's not much different than debugging a real machine. Do you think so?
<fishor> olmost... jast explaine: "kvm -serial file:debug.log" and in grub "earlycon=ttyS0 console=ttyS0" and any other usefoul info if guest can't start
<fishor> espessially for kvm. kvm on intel will give mach more not complete reports
<soren> I usually don't find that any easier than just using the console that kvm usually pops up.
<soren> fishor: Feel free to start a wiki page though. If you find it useful, there's a good chance someone else will, too.
<fishor> ok. i'll try
<ScottK> Server team meeting is in ~30 minutes, right?
<soren> That's the idea, yes.
<ScottK> It doesn't appear to be on the schedule for #ubuntu-meeting.
<ScottK> Nothing conflicts, so I guess we can just be squatters, but thought I'd mention it.
<soren> I think mathiaz has already told the relevant people to update the schedule?
<mathiaz> ScottK, soren: I've sent an email to fridge-devel about the new schedule
<ScottK> OK.  I just wanted to make sure we could have a peaceful meeting in ~15 minutes or so...
<soren> ScottK: Oh, sure. We sorted out any conflicts before we proposed the new time.
<fishor> soren: please can ypu check it, https://wiki.ubuntu.com/DebuggingKVM
<ScottK> Glad to hear it.
<fishor> soren:  any other suggestions ?
<soren> fishor: About what?
<fishor> any other info, we need from user with crashed gust or kvm host
<soren> Than what? I don't know what you have now?
<fishor> i initiated wiki about debugging KVM/qemu guest or host
<soren> Where?
<fishor> wee tolked  about this to   for 1 hour .. https://wiki.ubuntu.com/DebuggingKVM
<InSearchOf> PING: Question for anyone working for Canonical (ubuntu) on the server team...
<InSearchOf> Is the position for the Server Dev still open?
<somerville32> InSearchOf, I believe so, yes.
<InSearchOf> somerville32, Alright, thanks!
<zul> why not send your resume and see?
<ScottK> somerville32: You don't work for Canonical do you?
<somerville32> ScottK, unfortunately not
<somerville32> ScottK, you're welcome to recommend me for employment though :]
<ScottK> somerville32: He specifically asked the question to someone working for Canonical.  That's why I mention it.
<nealmcb> ToyKeeper: #ubuntu-meeting....
<ScottK> lamont: Ping
<lamont> ackage
<ScottK> I sent you a patch in Debian BTS today.
<ScottK> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345047
<ubotu> Debian bug 345047 in postfix "Please add [::1]/128 to the Default mynetworks setting" [Normal,Open]
<ScottK> I was thinking about how to handle the Postfix 2.4/5 transition in Ubuntu and I have a proposal for you.
<ScottK> On postfix-users, Weitse said today that he's going to release another update to 2.4 right after he releases 2.5.
<lamont> ok
<ScottK> I was thinking it would be nice to get that last 2.4 bugfix uploaded to Hardy (either directly or via Debian) and then backported to Dapper/Edgy/Feisty/Gutsy and then we upgrade Hardy to 2.5
<ScottK> So that the 2.4 backports are as bug fixed as we can get them.
<ScottK> Also, about the patch, I think Hardy is going to be around long enough that it'd be really good if it assumed IPv6 exists.
<ScottK> I tested that on my test server and I think there's no performance downside to it.
<ScottK> What do you think?
<lamont> I like that idea
<lamont> in the case where v6 doesn't exist (which means you can't install in debian-installer yet...), it already strips v6 - we _should_ make sure that it installs on a machine with no v6
<lamont> and yet assuming that v6 is there when it is is certainly the way to go
<mitchp> is 8.04 going to be LTS?  I had heard that, but I wasn't sure what the schedule was
<ScottK> Yes.  It's planned for LTS
<lamont> 8.04 is LTS for ubuntu et al
<mitchp> ok that's what i was told, thanks
<lamont> kubuntu is planning to not do LTS with 8.04
 * ScottK grumbles.
<mitchp> kubuntu is jerks
<ScottK> lamont: My Ubuntu boxen have IPv6 enabled, but no IPv6 connectivity.  Having the added values in mynetworks seems to cause no hard in that case.
<ScottK> mitchp: Please don't make me argue with you.  I'm a Kubuntu developer too.
<mitchp> lol sry
<ScottK> No problem.
<lamont> ScottK: mv ipv6.ko out of lib/modules/$(uname -r) for the acid test
<ScottK> OK.  I'll do that.
<ScottK> This would be why I have a test server, right?
<lamont> and you'll need to reboot...
<ScottK> Yah.
<ScottK> Only 15 sets of modules on that machine ...
<ScottK> Rebooting.
<InSearchOf> zul,  I did... a week or so back :-)
<ScottK> lamont: If there's a difference it's in milliseconds.
<lamont> ScottK: it was more a question of 'does it bitch' :-
<lamont> ifconfig or ip addr show lists no v6 addrs?
 * ScottK looks
<ScottK> lamont: ifconfig shows no ipv6 addresses
<lamont> woot!
 * ScottK puts the kernel module back now...
<ScottK> lamont: Anything else before I reboot again?
<lamont> I'll get the change tested again today/tomorrow (I'm assuming we want this in 2.5 certainly, what about 2.4)?
<ScottK> I think it matters most for 2.5.
<ScottK> Up to you where you drop it in.
<lamont> given that we want to backport 2.4 to warty-1, I'm inclined to make the change start with 2.5....
<ScottK> From an Ubuntu perspective and future 2.4 work would be very unlikely to see this code in a new install.
<ScottK> Dapper actually, but yes.
<ScottK> Agreed.
 * ScottK reboots again.
<ScottK> lamont: Did you see my core-dev application?
<lamont> saw the mail, haven't actually gotten that deep in my mailbox today (or was it yesterday...)
<ScottK> Please send a nice vote of confidence real soon....
<ScottK> It was yesterday.
<lamont> will do today.
<ScottK> Just think, if I'm approved, I won't need to bug you for the source backport for Dapper
<ScottK> Thanks.
 * lamont needs to run into town and do a couple things, then will be working through the email glut
<ScottK> See you later.
<ScottK> lamont: After rebooting, I confirmed that ifconfig does in fact show an IPv6 loopback, so that we for sure had no IPv6 when it said we had no IPv6.
<nealmcb> !ebox
<ubotu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See the plans for Hardy at https://wiki.ubuntu.com/EboxSpec
<nealmcb> !webmin
<ubotu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<nealmcb> :-)
<Nafallo> any issues moving from feisty to gutsy?
#ubuntu-server 2008-01-17
<levander> Is there a page that documents the advantage of running Ubuntu Server over regular Ubuntu?  I mean, can't you just 'sudo apt-get install apache2' yourself?
<kgoetz> afaik theres not one per-se
<levander> kgoetz: Careful, you'll get banned from the channel.
<kgoetz> levander: because?
<levander> Your dissing the product, man.  There's got to be some advantage.
<dendrobates> there is more to a server distrobution than apache
<levander> dendrobates: Is there any page explaining to me what these differences are?
<dendrobates> uch smaller.
<kgoetz> levander: wtf are you going on about?
<dendrobates> there is a different kernel, no gui, and the package list is much smaller
<levander> I'm just doing a small DNS server, apache2, a mail server, mysql.  Maybe I'm not the target candidate for Ubuntu Server?
<levander> Why do they have a different kernel?
<dendrobates> there are different needs for server and desktop.
<levander> dendrobates: What kernel do they have?
<levander> dendrobates: What are these differences?
<dendrobates> different config
<levander> ah, yeah
<dendrobates> upstream version, but a different congih
<levander> I guess I'm just in a weird situation, because this is actually just a small home server, not a production server.
<dendrobates> it is fine to use the server packages in ubuntu desktop if you feel more comfortable with that
<levander> dendrobates: I'm just trying to decide what's better for me.  I'd be comfortable with either.
<dendrobates> is it on server hardware?
<levander> No, it's just an old AMD 1800+ that I want to run the above listed server software on.
<levander> On thing I'm wondering is how much trouble it's gonig to cause my booting this machine without a monitor attached.
<dendrobates> ubuntu server has a smaller memory footprint and installs much less cruft.
<dendrobates> basically why would you install/run the desktop apps if you do not need them.
<levander> I got a GB of RAM and 40 GB of hard disk, but I guess it using less RAM could come in handy.
<levander> dendrobates: Yeah, it's not the idea that I'll run desktop apps on it.  But, I guess if the box goes down with serious problem, it would be nice to attach a monitor to it.
<dendrobates> you can still use a monitor, just no x.
<levander> I see on ubuntu.com that they've got an integrated LAMP install.  But, I'm not using PHP, which I understand is the bitch in that config.
<dendrobates> you don't have to install the lamp stack.  You can apt-get apache
<levander> Yeah, I was just saying that looks like a big advantage of Ubuntu Server, if you're using PHP that is.
<dendrobates> you can always install server and do an apt-get install ubuntu-desktop if you change your mind.
<jetole> hey guys, does anyone know where I can find a listing of say all apnic ip address ranges or all ripe... well more specifically apnix
<jetole> *apnic
<kgoetz> you'd have to check their website probably
<jetole> yeah... do you know where, I assume it is a common place since the host tool on everyones computer queries the proper RIR
<jetole> whois tool does as well
<kgoetz> whois.apnic.net ?
<jetole> right, I am actually looking for a list of all apnic IP
<jetole> whois 85.15.0.0/16 queries RIPE, how does my whois tool know it is a RIPE IP?
<kgoetz> the dns server/s tell it
<jetole> hmmmm
<jetole> if I wanted to firewall every asian ip from connecting to port 25... can anyone think of a method?
<kgoetz> SMTP? it would probably be easier to reject all .cn .jp etc domains
<jetole> kgoetz: yeah... not really
<jetole> out of 640 hosts analyzed in my SMTP records for today, 222 had NXDOMAIN entries i.e. no DNS PTR
<jetole> and of coarse we get spam for canadian viagra that canadian-viagra.com (forget the real website name) points to jp
<kgoetz> jetole: so perhaps not accepting from host without valid dns would work best for you
<jetole> well we have started implementing that as well as a lot of anti spam features but frankly I am about to ready to say fsck asia on the SMTP level
<jetole> grey lists don't seem to work because there seems to be a lot of broken legitimate SMTP servers out there and they mean too much to the corperation to just tell them they are broken and let us know when they are fixed
<jetole> one of them I saw today in the logs belonged to some news company called dispatch.com or .net
<kgoetz> something like spamcop RBL+not accepting from invalid dns should help a lot
<jetole> well spamcop is on the list but it is providing temporary issues atm
<ajmitch> blacklisting everyone in APNIC makes a lot of people very very unhappy
 * kgoetz included
<jetole> ajmitch: asian people?
<ajmitch> pretty much anyone in australia or NZ
<jetole> oh
<jetole> ...
<jetole> yeah that doesn't help
<kgoetz> jetole: the P stands for Pacific
<jetole> yeah but the A stand for asian ;)
<kgoetz> Asia to be picky
<ajmitch> and you're talking to people in the APNIC range at the moment :)
<jetole> kidding, well I mean I am not but I understand what you mean
 * ajmitch really doesn't like trying to explain to customers why mail doesn't get through
<jetole> ajmitch: yeah, our partnership department had to do that today @ grey listing
<kgoetz> greylisting is evil (from what i hear)
<jetole> kgoetz: grey listing is great, broken legitimate mail servers are whats evil
<kgoetz> 4517   Reject RBL                                87.91%
<kgoetz> our one blacklist (which i forget where its from)
<jetole> grey listing is fully SMTP compliant and does not break protocol, if a mail server cannot communicate with a grey listed server then from time to time it may not communicate with any other server either and mail is lost
<jetole> all grey listing does is the server initially issues a try back later code, SMTP 452
<jetole> if a SMTP server gets the code from another server and does not retry then the server is broken
<jetole> EOF
<ScottK> kgoetz: There's really no evil in greylisting, but I do get sick of not getting my mail instantly.
<ScottK> lamont: Thanks for the mail.
<lamont> np
<lamont> sorry for the delay - it's been an interestingly busy afternoon/evening
<lamont> and now to bed.
<Kalamansi> ScottK lamont : i have server ubunt 7.10 desktop. running on firestarter as firewall. how to filter the downloads of my pc2 and pc3 when they download a file? pc1 is my server.
<Kalamansi> filter or auto scan by with anti virus
<Kalamansi> in ubuntu server
<kgoetz> set it up as a proxy
<ScottK> Kalamansi: This is not, however, a desktop support channel.  Try #ubuntu
<kgoetz> you'll want clamav+probably squid
<Kalamansi> ScottK i have installed CLI server too still underconstruction because i dont know how to configure a firestarter in CLI
<Kalamansi> thanks kgoetz
<ScottK> Isn't firstarter just a gui for iptables?
<ScottK> firstarter/firestarter
<kgoetz> yeah
<Kalamansi> ScottK : ahh ok i got it
<Kalamansi> so whats the other alternative for CLI server aside from firestarter?
<ScottK> iptables
<kgoetz> or save your rules after makin them with firestarter and load it onto the server
<ScottK> I've never done it, but I believe you can set up firestarter on one box and then copy the iptables rules it produces to another.  That's not, however, a complete substitute for knowing what you're doing.
<Kalamansi> ScottK : do you have tutorials and howto? configuring a server just for internet sharing, traffic shaping and dhcp or assigning ip?
<ScottK> I don't, but Google does.
<Kalamansi> ScottK : how to locate the iptables of firestarter? or the .conf of the firestarter kgotz?
<Kalamansi> kgoetz*
<kgoetz> Kalamansi: no idea
 * ScottK neither
<ScottK> I suspect the firestarter documentation would be a good place to start.
 * ScottK is going to quit and go to bed before he starts mumbling about consulting rates.
<ScottK> Good night.
<Kalamansi> ScottK : kgoetz : is it okay to use dhcp to pc2 and pc3 or better to assign each pc an ip?
<kgoetz> ScottK: later mate
<kgoetz> Kalamansi: much of a muchness
<Kalamansi> kgoetz : you mean better to assign ip each pc?
<kgoetz> Kalamansi: i mean it doesnt matter
<kgoetz> afk , going home
<Kalamansi> thanks
<Kalamansi> thanks mate
<kraut> moin
<Kalamansi> kraut sup
<Kalamansi> kraut : how to save my config? when i type this "ip addr add 192.168.2.1/24 dev eth1, udo ifconfig eth1 192.168.2.1 netmask 255.255.255.0,echo 1 > /proc/sys/net/ipv4/ip_forward and pc2 then pc3 can connect to the internet..i reboot my server, after backing up, and do a ifconfig all that i entered in eth1 was gone... and pc2 / pc3 cant connect to the internet.. how to solve this problem?
<kraut> write it down into /etc/network/interfaces
<Kalamansi> i see
<Kalamansi> thanks
<kraut> how to use this file is described in man interfaces
<Kalamansi> kraut : what kind of apps is good for logging or process of workstations? like log all yahoo messenger chats and msn chats?
<kraut> what exactly do you mean and what do you want to log?
<kraut> linux use a syslog-facility. everything system-relevant can be found in /var/log
<Kalamansi> kraut : is there any applications to install, like for example a application that can logs or chats that came from yahoo messenger and msn chats?
<Kalamansi> logs all chats
<kraut> that's application dependend. also this is #ubuntu-_server_, please remember this!
<Kalamansi> ok ok but still it is installed in ubuntu server
<kraut> of course it is, but that are desktop-applications
<kraut> and it's stupid to install desktop-applications on a server-distro. of course it's possible, but nobody does this.
<Kalamansi> kraut : i usually (but not many times) ..when my isp disconnected, i always dial so that i could connect using a windows os dialer then unplug the cable rj45 then put it back to server..how to config the server and let the server to dial my isp?my setup is isp's modem---server ubuntu pc1 --- switch --- pc1 and pc2 ..
<kraut> erm, how do you dial? PPPoE?
<Kalamansi> yeah PPPoE they give me login and password (3mbps)
<kraut> normal dsl-connection?
<Kalamansi> how do i dial? i use windows box then plug the modem wire to the nic, then dial.if get connected, i unplug the modem cable wire and transfer to ubuntu box
<Kalamansi> yes dsl connection
<kraut> do you understand german?
<Kalamansi> i cannot understand german
<kraut> hmm, then have a look on pppoeconf
<kraut> it's easy to handle and will guide you through the config
<Kalamansi> how to access pppoeconf?
<kraut> anyhow, the linux-dialer is called ppp, it creates the pppoe-tunnel to your dslam
<kraut> apt-cache search pppoeconf?
<Kalamansi> i see
<Kalamansi> thanks kraut
<Kalamansi> =)
<kraut> np
<kraut> you should use google for example more in future
<kraut> you could handle this easy thinks on your own if you search a bit
<Kalamansi> one last question kraut before i go, how to filter all download of pc2 and pc3? im not sure if there is anti virus in console
<kraut> there isn't a free and good soloution
<kraut> please try first to understand linux and how it works, then take care on special topics like that
<Kalamansi> so its okay to use CLI than GUI servers?
<kraut> what?
<kraut> a server is a server and a desktop is a desktop
<Kalamansi> yes but i dont really get it..why others want a desktop server and others want server without x window..which is really safe? server with desktop or server without x window?
<_ruben> x is both insecure and a resource hog, avoid installing on a server when possible
<kraut> Kalamansi: _ruben got the point exactly
<kraut> and installing a window-manager will bloat your package-list
<ScottK> Debian Bug #311812
<ubotu> Debian bug 311812 in postfix "postfix: syslog reconnection" [Important,Open] http://bugs.debian.org/311812
<XiXaQ> Isn't it very strange that Ubuntu still doesn't have a package for freenx?
<ScottK> Does Debian have one?
<XiXaQ> several. I think all of the other distros of some size has them.
<dantalizing> search gave no results at packages.debian.org
<XiXaQ> I don't know if they're in their repositories.
<kriel> Okay, here's a strange question. I'm currently in the process of remapping my network, so my server currently has two active interfaces. However, my sshd only listens to one interface (eth0). Is there any way to coax my sshd into listening to both interfaces?
<lamont> ScottK: yeah - that's a syslog bug that affects postfix... :-)
<ScottK> lamont: Please fix.  kthnxbye
<lamont> and requires a change in postfix to use the non-existant syslog package interface for adding $CHROOT/dev/log
<lamont> please work with the debian syslog maintainer on how to add additional log files to syslogd
<ScottK> Cool.  Sounds like you've got it handled.
<ScottK> lamont: Any thoughts on adding the VDA patch to your Postfix package?
<lamont> remind me of what VDA is
<ScottK> Virtual Delivery Agent
<ScottK> Allows some kind of soft bounce quota thingy.
<ScottK> IIRC, the last comment on it I saw from Weitse was "Doesn't meet Postfix quality standards".
<lamont> is that the stupid half-ass quotas-sort-of for virtual mailboxen?
<ScottK> Yeah  That one.
<lamont> sounds like the same thing.  and yeah.  fails.
<ScottK> OK.  You may want to read the ubuntu-server ML and weigh in on the ebox thread.
<lamont> I believe my last comment on the bug is something of the form "I'll provide this when it comes down from upstream. kthx"
<lamont> sigh.  I'll take a look at that later today, I guess.
<sommer> ScottK: are you thinking they'll ship a different version of postfix?
 * sommer found the eBox udpate very interesting
<ScottK> sommer: I'm thinking they'll want us to patch our postfix when we integrate ebox.
<ScottK> That, or, even worse, ship their own in the package.  That horror hadn't even ocurred to me.
<lamont> and the patch fails to meet quality standards, so they'll need to update it.
<sommer> from the language used my impression was they were shipping their own, but obviously it's still being developed
<sommer> couldn't you configure filesystem quotas to give you a similar result?
<ScottK> sommer: I believe ebox upstream is shipping their own.  Dunno what'll happen with the Ubuntu packages
 * ScottK doesn't have time to get into it right now.
<ScottK> sommer: Short version is almost, but not quite.
<sommer> ScottK: gotcha, thanks
<nealmcb> yeah - I'm glad to see the ebox conversation starting - it is a big challenge, and we really need something to bring servers to a wider audience
<sommer> nealmcb: seems like the biggest challenge is the large amount of options used to configure server apps, and how do you translate that to a web interface
<foolano> ScottK: so far we are shipping our own postfix package
<ScottK> foolano: Right, but we don't want two postfix in Ubuntu.
<foolano> but as i just said on the mailing list we can easily strip out that part from the code
<foolano> no problem
<ScottK> foolano: Sounds good.
<nealmcb> sommer: well I don't think they have to handle all the options - just the ones that a typical soho would really need. but they have to avoid fouling up existing configs
<nealmcb> foolano: welcome!
<foolano> thanks :)
<nealmcb> foolano: what's your name?
<ScottK> foolano: I just replied on the ML to close the thread.  Thanks.
<foolano> handling all the possible options and presenting a simple UI is too complicated
<sommer> nealmcb: I agree, lot of work though
<sommer> foolano: thanks for the update, eBox is a very interesting project
<foolano> our current released is debian based, but i really think that we are doing the right think by changing to Ubuntu. Hopefully, we'll have more users more testing, and we'll end up with a better product
<foolano> s/released/release/
<ScottK> Probably.  I doubt that many people who are the type to run Debian servers are also the kind to run Ebox.
 * nealmcb nods
<nealmcb> foolano: ahh - I think I met you at UDS Boston :-)
<foolano> mmm, whois...
<foolano> hehe
<foolano> yeah
<foolano> i think you sat in front of me during the ebox meeting
<nealmcb> yes
<foolano> how's everything going? :)
<nealmcb> as usual, trying to stay on top of too many things at once :-)
<foolano> hehehe, that's the way to go :)
<nealmcb> I seem to recall rumors that apache 1.3 might not be in hardy
<nealmcb> the memory size issue with apache2 and ebox seems surprising - do you know what causes it?
<nealmcb> how big is apache 1.3 plus mod-perl plus ebox?
<soren> We don't even have apache1.3 anymore..
<soren> (!)
<soren> It's not even in gutsy.
<nealmcb> ahh - on re-reading I see that is what foolano said :-)
<nealmcb> in email - had to backport....
<foolano> i don't know what is causing it
<foolano> i have to do some profiling to find out
<foolano> in the meantime, i'm using apache 1.3
<kriel> I have two interfaces connected to my Ubuntu 7.10 (server) machine. lspci shows two interfaces, and originally ifconfig showed two interfaces (plus loopback) as well. After a reboot (with no hardware changes at all) lspci still shows two interfaces, but ifconfig only shows one. Where could I begin troubleshooting this? (besides using lspci and ifconfig)
<nealmcb> foolano:  http://vda.sourceforge.net/se doesn't work for me (from your email)
<foolano> nealmcb: i pasted the wrong URL, remove the trailing "/se"
<nealmcb> yeah - and I guess it is moot now anyway.  thanks
<fishor> kriel: dmesg, /etc/netwok/interfaces, /var/log/syslog
<foolano> gotta go. see you later
<kriel> fishor: if i pastebin those files, would you mind helping me figure out what happened?
<fishor> kriel: 1. you should check in dmesg if netwok interface driver was loaded corrctly 2. in /etc/netwok/interfaces if it was korrectly configured 3. in /var/log/syslog if there is some other errors
<kriel> fishor: thanks.
<nealmcb> memes we'll be hearing about: home servers - take off on stay-at-home-dads: http://www.stayathomeserver.com/
<ScottK> sommer: I'm taking another stab at backporting clamav to Dapper/Edgy/Feisty/Gutsy.  Please have a look at the team wiki page.  Testing needed.
<sommer> ScottK: cool, will do
<sommer> haven't gotten very far in backporting the API to the dapper version, but really haven't looked at it since before x-mas
<ScottK> With PPA, I can build test packages against the curren clamav pretty easily and others can test, so we'll get that a shot.  0.92 had additional API changes anywya.
<ScottK> wya/way
<sommer> gotcha, should be able to do some testing this evening
<pHaze> What's the best way to auto build and deploy servers in a cluster with ubuntu server?
<nealmcb> pHaze: what sort of cluster?
<pHaze> Just a regular web cluster. Running apaches and some of our own software.
<pHaze> behind a load sharer.
<pHaze> I'm building machines individually right now and want to automate the process so I can just slap a disk in and a new ubuntu spins up along with our own software installed.
<zul> kickstart might help
<nealmcb> !kickstart
<ubotu> Ways to automate installation of Ubuntu on multiple machines are described at https://help.ubuntu.com/6.10/ubuntu/installation-guide/i386/automatic-install.html - See also !cloning
<nealmcb> !cloning
<ubotu> To replicate your packages selection on another machine (or restore it if re-installing), you can type Â« dpkg --get-selections > ~/my-packages Â», move the file "my-packages" to the other machine, and there type Â« sudo dpkg --set-selections < my-packages && apt-get dselect-upgrade Â» - See also !automate
<nealmcb> !automate
<pHaze> thanks
<nealmcb> np
<nealmcb> !automate
<ubotu> Ways to automate installation of Ubuntu on multiple machines are described at https://help.ubuntu.com/6.10/ubuntu/installation-guide/i386/automatic-install.html - See also !cloning
 * nealmcb mumbles about best-effort delivery to uboto :-)
<nealmcb> *ubotu
<nealmcb> and I wonder if those techniques have changed much since dapper
<zul> preseed as well
<ScottK> Hell ivoks
<ScottK> Hello I mean
<ScottK> Sorry
<ScottK> ivoks: I'm -> <- this close to having amavisd-new in Main
<astabeno> scottk: I am going to report you
<ivoks> hi all
<ivoks> hell ivoks :)
<ivoks> ScottK: awsome
<astabeno> just kidding
<ScottK> Once that's done you can integrate it into task select ...
<ScottK> astabeno: Glad to hear it.  I'm famously grumpy and would have hated to have to have pointed some of it at you.
<ScottK> ivoks: I decided to kill of amavisd-new-milter once I say the Debian amavisd-new maintainer comment that he just assumed it worked because he had no way to test it.
<ScottK> I think we don't want that in Main and it saves me having to split libmilter out of sendmail.
<varek> i hate grub error 17
<varek> no idea what's happening, but i've called grub-install onto the right hard drive 1000 times now
<varek> is there any way to get grub to be a little more verbose
<qman> google is your friend
<qman> grub error 17 means the partition exists but the fiesystem type cannot be recognized
<varek> no shit.
<qman> filesystem*
<varek> thanks for that.
<qman> pretty straightforward
<varek> how is it straightforward ?
<qman> either your filesystem is damaged, has the wrong type code, your drive is toast, or your BIOS is interfering
<qman> it really can't be anything else
<varek> must be the bios.
<qman> go in and make sure all your disks are set to "auto", not "user" or "LBA
<qman> "
<varek> they're all set to auto :\
<varek> apparently someone on a gentoo forum found that the bios helpfully re-ordered drives at boot time
<ajmitch> yep, /dev/sd{a,b,c} are certainly not in that order for me in the BIOS
<ajmitch> I think that the first SATA drive that the BIOS sees turns up as sdb for me
<varek> i'm using a sata PCI card for my boot hard drive
<varek> s'pose i'll just guess hard drives
<varek> five to choose from :(
<varek> wait
<varek> this is ridiculous.
<ivoks> there's a magic command
<ivoks> find
<varek> yeah but presumably it'll be different at boot
<varek> according to device.map it's hd4,0 but that gives me error 17, so it must be one of my software RAID disks at boot
<ivoks> software raid disk?
<ivoks> like... windows software raid?
<varek> linux software raid.
<ivoks> what raid type?
<varek> md, raid 5
<ivoks> i hope you don't have /boot on md raid5
<varek> no...
<varek> it's on a seperate disk, first partition
<varek> any ideas besides just guessing ?
<varek> guessing it is.
<varek> wait, how is that going to help
<varek> error 17 means grub isn't even loading
<varek> when it says 'cannoy mountselected partition' what does it mean ?
<somerville32> It means it can not mount the partition you selected to mount
<varek> which is specified when you install grub right?
<Thorsten11> hello all
<Thorsten11> is anyone on this channel/
<varek> haha.
<varek> fellow has less patience than i do.
<Thorsten11> i have a question if anyone is out there
<Thorsten11> well its actually more of a concern
<ScottK> !ask | Thorsten11
<ubotu> Thorsten11: Please don't ask to ask a question, ask the question -- All On One Line, so others can read it and follow it easily --. and if anyone knows the answer they will most likely answer. :-)
<Thorsten11> I was viewing the auth.log file on my server back home from the hotel room i am in and i have one hell of alot of remote login attempts, obviously a brute force, my question is what can i do to make sure no one gets in
<ScottK> This is SSH, I assume?
<Thorsten11> yes
<ScottK> You can use iptables to limit the number of SSH connection attempts.  If the server has lots of people trying to logon, this may have unwanted side effects.
<ScottK> I'm the only one SSH'ing into servers I administer, so it works quite well for me.
<ScottK> Once they hit the limit, SSH just stops responding and they go away.
<Thorsten11> that would work perfect, I am the only one that really logs in, ocasionally my brother does, but basically me.
<ScottK> !pastebin
<ubotu> pastebin is a service to post large texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the #ubuntu channel topic)
<Thorsten11> Because i travel so much the ip address restriciton could never work so i have been looking for another solution
<Thorsten11> thanks alot scottk
<ScottK> http://paste.ubuntu-nl.org/52350/ is the basic idea.  You'll have to figure out how to integrate it into your iptables rules.
<varek> what the hell
<Thorsten11> ok
<varek> it actually loaded grub
<Thorsten11> thanks again too all
<ScottK> Thorsten11: Test it when you have local access to the server
<Thorsten11> i shall, probably tomorrow when i get home
<Thorsten11> are you on here often?  I'd like to let you know how it works out
 * ScottK is usually either here or logged in and reads the scrollback
<Thorsten11> fantastic
<Thorsten11> cheers and thanks, i'll let you know
<ajmitch> varek: you found the right partition & disk then?
<varek> i changed the boot order in the bios
<ajmitch> heh
<ajmitch> computers are wonderful
<varek> it didn't like it being fifth, but did like it being first :\
<varek> now i just have to figure out how to get it to recognize raid.
<nealmcb> ScottK: so that ssh rate limiting rule links to a ratedrop chain, right?  how do you define that?
<ScottK> nealmcb: http://paste.ubuntu-nl.org/52352/
<nealmcb> ScottK: cool - thanks
<ScottK> nealmcb: No problem.  That's mostly thanks to Google.
#ubuntu-server 2008-01-18
<pubo> Hi all
<pubo> I'm trying to install phpldapadmin. I alreade have installed apache2, but now, when I do aptitude install phpldapadmin, it ask for install apache-common as dependence requisites... Â¿Why have I to install apache-common if I have installed apache2?
<thingymabob> got a server installation problem, who can help me out?
<thingymabob> nevermind, i'll just lay it out.
<thingymabob> installing Ubuntu Server edition.  it gets through most of the installation just fine, then when it's time to "select and install software" it fails on me...I don't have it in front of me, so I can't remember the error it gives me.  then it goes to the overall menu of installing the OS.  ignoring that, figuring I can install that stuff later, I choose to install grub, it makes an attempt then fails, saying it can't install to /target/.  NOTE:  
<thingymabob> installing Ubuntu Server edition.  it gets through most of the installation just fine, then when it's time to "select and install software" it fails on me...I don't have it in front of me, so I can't remember the error it gives me.  then it goes to the overall menu of installing the OS.  ignoring that, figuring I can install that stuff later, I choose to install grub, it makes an attempt then fails, saying it can't install to /target/.  NOTE:  
<kgoetz> noe what? stop spamming
<kgoetz> *note what
<thingymabob> ?
<kgoetz> saying it can't install to /target/.  NOTE:
<thingymabob> i'm confused, what are you trying to say?
<ajmitch> he's saying that your sentence was cut off
<thingymabob> oooooh
<ajmitch> since there is a limit on how much you can fit on a single line in IRC
<thingymabob> my fault.  heres the rest
<thingymabob> NOTE:  I have looked this up MANY places in MANY forums and all ask to find a "stage1", well, my installation of grub never gets that far.  it only makes the directories.  plus, it won't allow installation of lilo either.  this produces an error 15 at boot up afterwards
<ajmitch> if it didn't get as far as installing a kernel along with the other base packages, grub & lilo aren't going to help
<kgoetz> i think we need to know what the error is to help in any useful way
<kgoetz> check your cd has teh correct md5sum for a star though
 * kgoetz afk
<thingymabob> well, it seems to install everything else normally, at least no errors are shown until then
<thingymabob> btw, is it really spamming when I only said that twice with 21 minutes a part from each other?
<kgoetz> since *nothing* in the channel had changed, yes
<thingymabob> i was wondering if anybody actually saw that I typed something.  i'm getting absolutely no response from anybody in the regular ubuntu channel.  i've asked in a couple different ways there.
<thingymabob> oh, and btw, i checked the cd and image, they are fine
<levander> Is there a UI for managing which services run in which runlevel?  Or do Ubuntu people just modify the script names in /etc/init.d?
<ScottK> thingymabob: On this channel you tend to get more response during the US/European business day that now.
<LeChacal> I need to install a GUI on my sever to manage somethings every once in a while but i don't want the GUI to start every time the server reboots. So when I install the GUI will it start everytime the PC starts after I install it or will I have to issue 'startx'? If the GUI while auto start with every boot how do I stop that?
<thingymabob> ah
<thingymabob> scottk: ah
<ScottK> LeChacal: We don't really do GUI stuff on this channel.
<levander> LeChacal: You're actually asking a very similar question that I'm asking.
<kgoetz> levander: theres a tool yes
<levander> kgoetz: Is it commonly used with Ubuntu?
<ScottK> But some people answer anyway ;-)
<levander> kgoetz: I kind of like being "standard".
<levander> kgoetz: But, even it it's not, I'd still like to know what you recommend.
<levander> kgoetz: Still with me?
<thingymabob> scottK: well, I'm assuming that nobody here has a solid notion of what could be causing this problem, so maybe I'll try again tomorrow.  it seems like it's pretty unique considering that all online sources show similar but not exact errors
<LeChacal> OK well I thought that I would start here I will try the general ubuntu channel, thanks.
<levander> LeChacal: If you install ubuntu-desktop, it's the /etc/init.d/gdm script you want to prevent from running at startup.
<kgoetz> levander: i dont remember what it is, i know it exists
<levander> LeChacal: The runlevel your computer is in determines which /etc/init.d scripts get run.
<levander> LeChacal: I'm in here asking if there's a tool to control them.
<levander> LeChacal: That's how are questions are similar.
<sommer> levander: update-rc.d is the command you're looking for
<sommer> ScottK: around?
<ScottK> Yeah
<ScottK> sommer: Did you see the ubuntu-clamav ppa?
<sommer> playing with the dapper clamav in the ppa and after removing all my previous stuff I got a Template error when trying to install clamav-freshclam
<sommer> ScottK: pretty cool those ppas
<ScottK> sommer: Yes.  I just uploaded a fix for that
<ScottK> When ppa4 is built, it should be fine.
<sommer> ScottK: ah, just wanted to make sure it wasn't something in my config
<ScottK> No, the Dapper toolchain appears to not like comments in the debconf templates.
<sommer> any objection to doing some serious cleanup on the wiki page?
<sommer> ah
<ScottK> I got one in ppa3 thanks to leonel, but forgot to check the other.
<ScottK> sommer: No, what I'd really like to have is a table (kind of like the MIR table on the Ubuntu server spec wiki page) for Dapper/Edgy/Feisty/Gutsy and each package
<sommer> makes sense to me
<sommer> I feel like just starting over... especially since there's a new clamav version
<ScottK> I think that's fine.  Just make sure I haven't missed any packages
<sommer> I noticed in the ppa you've started backporting already... that's cool
<sommer> ScottK: sure, will do
<sommer> when I say start over, I think I mean more reorganizing the page.
<ScottK> Great.
<ScottK> Go for it.
<sommer> the clamav thing was the first area I got involved with Ubuntu in... seems like I've learned volumes since then
<sommer> still have volumes to go though :-)
<ScottK> Don't we all.
<emgent> heya
<ScottK> Hi emgent
<sommer> ScottK: is there a way for the ppa to email me when the new builds are done?
<ScottK> Not that I know of.
 * ScottK gets FTBFS mails though.
<sommer> cool, I'll just check back later
<inkaico> hello
<inkaico> how do we know where is conected a printer?
<inkaico> if i install a desktop on a server is is possible to remove it after?
<ScottK> inkaico: Yes
<inkaico> hi scottk
<inkaico> im trying to install a printer on ubuntu server 7.10
<inkaico> but i have a lot of problem
<ScottK> I've never done it.  I just use HP Jet Direct boxes straight on the network.
<Gargoyle> Good Morning
<mok0> Hey
<soren> Hi.
<mok0> Soren, we are trying to create some kvm virtual servers with bridges to the external network
<soren> Oh, cool.
<mok0> For webservice, ftp, named, etc
<soren> Right.
 * antdedyet grins
<mok0> It can be done, right? Because my collaborator is in doubt
<mok0> We have a set of IP numbers for each virtual server
<soren> Sure it can be done.
<soren> If you set up the host correctly, you can make the kvm's appear as though they were connected directly to the network.
<mok0> soren: that's exactly what we want.
<soren> Ok then.
<mok0> My collaborator thinks we perhaps need to set up a DHCP server is that true
<soren> No.
<soren> I haven't tested this much, but all that you should need to do is:
<soren> If you have:
<soren> iface eth0 inet static
<soren>    address foo
<soren>     netmask bar
<soren> [...]
<soren>  
<soren> You replace that with:
<soren> iface bridge0 inet static
<soren>     pre-up brctl addbr bridge0
<soren>      bridge_ports eth0
<soren>     address foo
<soren>     netmask bar
<soren> [...]
<mok0> soren: OK, thx
<mok0> If we need to bridge 8 servers, how does that impact performance?
<soren> When that network configuration has taken effect, virt-manager (if connected to qemu:///system (or running as root) will allow you to choose the bridged network in the network tab.
<soren> Er.. Network page of the config wizard.
<soren> mok0: Bridging has *very* low overhead.
<mok0> Is it better to use switched connections to guests?
<mok0> soren: ok
<mok0> soren, thx now we have something to work on!!
<soren> I usually use the virtual network option as it doesn't interfere with my host's network settings.
<soren> Especially useful if I was using a laptop with network-manager or whatever.
<mok0> soren: do we need a special vlan for it to work?
<soren> mok0: No.
<mok0> soren: ... because our IP numbers for the guests are on the external network
<soren> mok0: Ah, looking at /etc/network/if-pre-up.d/bridge it seems that the pre-up thing above is not necessary
<soren> (I was typing from memory)
<soren> mok0: Setting up the network as I explained will make it appear exactly as though the virtual machines were connected to the same network as the host.
<mok0> soren: that's great
<mok0> We will work on it this afternoon; perhaps I can ping you again if we have more questions?
<mok0> hej jesper
<jelka> mok0: hej Morten
<soren> mok0: Sure, feel free.
<rotini> good morning all.  I was just wondering if any of you are using Request Tracker.  On the ubuntu server homepage, I noticed the 'Zero to function LAMP stack in 15 minutes' thing and it really got my attention.  I have yet to find a distro on which the RT config is reasonably easy.  In fact, I'm trying to clone an install from Fedora to Kubuntu right now, and, well...
<sommer> rotini: I use RT on Ubuntu... works great
<sommer> rotini: you could say it's reasonably easy, there are some good guides on the RT wiki regarding Ubuntu which worked great for me
<rotini> sommer: ok, thanks.  RT documentation seems pretty scarce, I even have that O'Reilly book on it.
<sommer> rotini: heh, I've got that one too, I think it's written using an older version, but from my experience most of it still applies
<Gargoyle> What config do I need to edit to get mysql errors and warnings to go into /var/log/mysql.err and not just syslog?
<sommer> rotini: here's the guide I used: http://wiki.bestpractical.com/view/UbuntuInstallGuide
<sommer> rotini: there isn't specific instructions for Gutsy, but the Feisty ones should work fine.
<Gargoyle> Is it as simple as adding mysqld.* /var/log/mysql.err to syslog.conf
<sommer> rotini: you could always update it for Gutsy :-)
<Gargoyle> ?
<rotini> Gargoyle: don't know, sorry.  where what goes in logs often confuses me.  I grep the hell out of them to find anything...
<Gargoyle> rotini: It's just going into /var/log/syslog, but there are empty mysql.log and mysql.err files.
<Gargoyle> makes things more than a little confusing.
<Gargoyle> I'll do a google search later, I suspect that the mysql package should be updating /etc/syslog.conf somehow.
<rotini> Gargoyle: did you try the ubuntu forums?
<Gargoyle> not yet
<rotini> I thought gentoo's forums had a lot of members until I saw ubuntus.  There are like 800 people on there at any given time.
<Gargoyle> Gentoo is a great distro for learning a fair bit about command line linux admin, but it takes too damn long to setup!
<rotini> yeah, I've been on it for years.  They're having some internal administrative problems, alarmists are saying it's dead, so that's why I'm here.
<Gargoyle> Aww that's a shame
<Gargoyle> I used gentoo for 2 webservers a few years ago.
<Gargoyle> but you can't beat ubuntu server for sheer speed and easyness of installation.
<rotini> well, if it's true, i think it is, but... Kubuntu seems good, and I'm looking forward to trying ubuntu server...
<ScottK> One of the things I really like is that under the hood they are the same.
<navlop> Gargoyle: Did u install ebox on sever
<Gargoyle> ebox?
<navlop> Gargoyle: it replaces webmin
<navlop> Gargoyle: or u do everything manually, to manage your server
<Gargoyle> ahh, at the mo yes.
<navlop> k
<Gargoyle> But I doubt even ebox will help me setup a mysql->drbd cluster!
<rotini> hey, you're all server guys?  question: what is the MTA to use?  In just the past 10 days, i've decided that sendmail is useless.  Right now I'm on postfix on my fedora system running RT, but when i installed RT on my kubuntu box (trying to clone the existing instance from the fedora box), it installed exim.  What's the last word on MTAs so I don't have to think about it any more?
<Gargoyle> is ebox for virtual sites and email type of thing?
<lamont> postfix is the preferred one of the team
<navlop> yeah, its a gui front end to server
<Gargoyle> rotini: I have a postfix server in production. been using it for about a year now.
<lamont> rotini: but since we stopped modifying packages just to say 'exim| m-t-a' --> 'postfix | m-t-a', you tend to get exim if you didn't already have an MTA installed.
<rotini> so maybe postfix edges out exim?  Others have also suggested postfix.  Plus, it's working, so.....
<navlop> Why I was asking i'm in the process of putting a server, and i'm not that great at cmd line so I like to use gui once in awhile
 * lamont has had postfix in production since 1997 (accidentally, but still)
<Gargoyle> lamont: How do you acccidently put a server into production?
<lamont> rotini: postfix is my baby.  elmo prefers exim.
<lamont> Gargoyle: sendmail died
<rotini> lamont: but having postfix installed would satisfy the rt package's deps?  I installed lighttpd alone, but when I installed rt, it pulled in the apache packages anyway...
<lamont> Gargoyle: postfix was listening on inaddr_any, and postfix had the production IP.
<lamont> 2 weeks later, someone on the mailing list I was serving noticed.
<Gargoyle> ahh.
<lamont> that was postfix 0.0.19970206 or some such I was running.
<lamont> (happened in summer 97)
<Gargoyle> lamont: You know any good links on howto setup "out of office" messages using postfix?
<lamont> man vacation?
<Gargoyle> mope!
<Gargoyle> nope!
<lamont> well, I expect you don't want to bounce the mail...
<lamont> out-of-office is an MUA thing, not an MTA
<lamont> thing
<Gargoyle> hmmm.
<zul> whoops
<zul> mathiaz: what do you think about #156468?
<mathiaz> bug #156468
<ubotu> Launchpad bug 156468 in samba "Missing files for Active Directory support" [Undecided,New] https://launchpad.net/bugs/156468
<zul> man pages are find but the nss_ifno one is more conerning
<mathiaz> zul: why ?
<mathiaz> zul: you may wanna ask slangasek about it.
<zul> mathiaz: because im not sure
<zul> ok
<mok0> My virtual machine works now!!!
 * soren high-fives mok0
<mok0> soren: yay!
<soren> mok0: Any difficulties along the way -> bug reports, please. :)
<mok0> soren: I can't get out of the local domain from the guest
<soren> "domain" as in "subnet"?
<mok0> soren: things cleared up when I did a clean install of ubuntu-server and started over
<soren> Or "domain" in some other sense?
<mok0> soren: yes, the "gateway" is the guest host ip
<soren> mok0: I see. I've been battling this bridging thing since you asked me about it. I'd really like to make it as painfree as vmware.
<soren> -> /msg
<erast_> hie
<erast_> guys, where i can find list of packages for minimal ubuntu server?
<ScottK> Is there anyone here with Dapper servers that would be willing to do some testing?  I'm working on backporting the current clamav to Dapper.
 * sommer should be able to do more this evening :-)
<ScottK> sommer: Great.  Please mark test results on the wiki page.
<sommer> sure np
<mikone> hey, i'm trying to compile the isc dhcpd server with ldap patch on ubuntu gutsy 32-bit and got some dependency problems. it requires at least libldap-2.3 and - more important - it's headers. the library itself is installed properly but it seems like there are no headers available. now, do i really have to compile it myself or are there any chances that there's a package available containing the libldap-2.3 headers (libldap-2.3-dev is no
<mikone> n-existant)?
<sommer> mikone: you're probably looking for: libldap2-dev
<mikone> if it only was the development package for libldap2.3, but unfortunately it's not. the package contains headers and such for libldap-2.1
<mikone> sommer, at least i think they are as described here: http://packages.ubuntu.com/gutsy/libdevel/libldap2-dev
<sommer> gotcha, I'm not sure about the headers then
<mikone> thanks anyways :)
<oly-> hum, anyone know if you can pxe boot the ubuntu desktop image, i know you can do the iso
<oly-> but can you get the files from the cd and boot using them ?
<oly-> +can't do an iso i mean
<ScottK> mikone: IIRC we don't ship libldap-dev on purpose for what seems like a good reason to some people, but I'm not sure what it is.
<mikone> I did not want to complain about it - sorry if it seemed like. Maybe there is an older patch which can be satisfied by the version available in the repositories. Just noticed that hardy will contain the same version of libldap-dev so there probably is a good reason to keep it. :)
<ScottK> No problem.
<firecrotch> Hi everyone, I was just in the middle of updating a server from feisty to gutsy, and while doing so, my ssh session was disconnected.  I'm pretty sure everything was almost done, but how can I be sure that I won't have problems ?
<firecrotch> I was updating to gutsy via ssh, was disconnected near the end of the process.  I'm running dpkg --configure -a now, and it's seems to be stuck on "update-initramfs: Generating /boot/initrd.img-2.6.22-14-generic".  It's been sitting there for about 20 minutes on that alone
<firecrotch> Any clue as to what could be going on?
<Nafallo> it's (re)building the initramfs?
<Nafallo> s/\?$/\./
<javaccen> are there any common causes of poor gigabit network performance? i am only getting 200mbps instead of 600 or 700 like most people
<javaccen> that is with iPerf
<XiXaQ> when I copy files to /etc/skel, then all files are supposed to be copy from that onto each new users homes, right?
<leonel> yes
<XiXaQ> strange. I made a user "proto", configured it the way I want new users configured, and copied all its files to /etc/skel. I then created a new user, but it wasn't configured as I thought it would be.
#ubuntu-server 2008-01-19
<XiXaQ> it didn
<XiXaQ> t seem like anything was copied.
<nealmcb> how did you create the new user?
<XiXaQ> sorry.. It seems like I didn't copy it properly :)
<KillerKiwi2005> Hello, Whats the correct way for a deb to add a user to the fuse group??
<luckyone> hello - can anyone help me get dovecot setup correctly?
<soren> !ask
<ubotu> Please don't ask to ask a question, ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely answer. :-)
<luckyone> I am having trouble getting a mail server set up
<luckyone> I need advice - I have followed the tutorials and things *seem* to be working
<luckyone> but alas, I cannot send/receive mail from the accounts that I created with postfixadmin
<soren> What's postfixadmin?
<luckyone> it is a php frontend that helps manage a postfix database for virtual domains/virtual users
<soren> Well, you probably need to teach dovecot about postfixadmin's user database, so it'll look in the right place for their mail spool (and for authentication info).
<soren> I've never used postfixadmin, so I haven't a clue.
<luckyone> yeah, I specified passwd <file> and user <file> where file is /etc/dovecot/dovecot-mysql.conf
<soren> That's not going to work.
<soren> At least I don't think so.
<soren> Er..
<soren> Sorry.
<soren> Yes, it might.
 * soren just got out of bed and is a bit confused
<luckyone> yeah, it is supposed to... I am confused as to why dovecot isn't making directories for my users
<luckyone> or maybe why postfixadmin isn't
<soren> Making directories?
<soren> When you do what?
<luckyone> in /home/vmail/<domain>/<user>
<luckyone> when I create the mailbox using postfixadmin
<luckyone> seems like it is just creating the entry in the database
<soren> It's not dovecot's responsibility to create the user's mailbox.
<soren> Send the user a test mail (which I recommend anyway) and postfix should create it for you.
<luckyone> how do I do that from the cli?
<luckyone> postfix doesn't seem to be receiving mail...
<soren> mail newuser@domain.com
<luckyone> PERM_FAILURE: SMTP Error (state 13): 553 sorry, relaying denied from your location [209.85.132.241]
<soren> From localhost?!?
<soren> You've got worse problems that dovecot not creating mailboxes then :)
<luckyone> from gmail...a
<soren> Just do it from the mail server.
<luckyone> I don't have mail installed - I thought postfix would be what I am using as my MTA
<soren> It probably is.
<soren> No mail or mailx installed?
<soren> Just install mailx. is that a problem?
<luckyone> not especially - but I think I am going to get some sleep and start fresh tomorrow
<luckyone> thanks for your help
 * luckyone bows in appreciation to soren 
<luckyone> buenos noches amigo
<soren> np :)
<yapyccky> hello everyone. i've a problem. i'm trying to install a server on a old p3 500mhz but i've a problem during partition. i get an aror that says that i cant mount partition on root
<yapyccky> may someone help me to solve this problem? i cant go on ...
<lamont> ScottK: I'm preparing 2.5.0~rc2-1 for upload to debian
<lamont> ScottK: is debian bug 291288 fixed in 2.5? (what version, if any?)
<ubotu> Debian bug 291288 in postfix "feature request for inclusion of the libspf2 c patch to postfix" [Wishlist,Open] http://bugs.debian.org/291288
<luckyone> hello - anyone want to help me debug why postfix isn't starting up smtpd correctly? http://pastebin.com/de6e7aef
<luckyone> when trying to connect dovecot to mysql, does the default dovecot package not have mysql support in
<Nafallo> luckyone: look at the depends and you'll have your answer
<luckyone> Nafallo: well - I ran dovecot --build-options and saw that it was infact built with support for mysql
<luckyone> Nafallo: however - it does not seem to like driver = mysql in my /etc/dovecot/dovecot-mysql.conf file
<Nafallo> well, I use postgresql
<Nafallo> and the file would be dovecot-sql.conf surely?
<luckyone> well, it is whatever you name it
<luckyone> you define what file you want to use in /etc/postfix/main.cf
<luckyone> or /etc/dovecot/dovecot.conf rather
<Nafallo> I use the default :-)
<zul> dovecot has postgresql support doesnt it?
<Nafallo> yes
<Nafallo> and mysql
<ScottK> lamont: You should won'tfix that bug (291288).  They should use a policy server instead.
<ScottK> lamont: You want me to write something up on that?
<ScottK> lamont: I'm going to reply in the bug.
<ScottK> lamont: Bug commented.
<lamont> ScottK: tanks
<lamont> thanks, too. :-)
 * lamont was afk
<ScottK> No problem.
<lamont> ScottK: you could have tagged it +wontfix yourself.. I'd have been ok with that.
<lamont> and 2.5.0~rc2-1 is in experimental
<ScottK> OK.  I figured that was up to the Maintainer to decide.
 * ScottK remembers for the future.
<lamont> ScottK: it is. :-)
<lamont> you're my defacto SPF maintainer-guy, you see....
<ScottK> OK.  Makes sense.
<ScottK> Any more SPF stuff, I'll just deal with it then.
<lamont> thanks.  you know my general philosophy and such on spf, and I promise to listen to you when you say something is a _good_ thing...
 * lamont goes afk again for several hours.
<pubo> Hi all
<pubo> anybody has configured Bind9?
<andol> pubo: Just ask your question :)
<pubo> oki, I've installed dhcp-server v3 and bind9. I'd like bind9 to search in dhcpd files (dhcpd.leases) or something like that, to assign DNS to clients dynamicly
<pubo> So from any other client I could ping it without given IP. (ping client1, ping client2, ...)
<pubo> andol, do you understand what I want to mean? (bad english)
<andol> pubo: Yes, but not a compination I've tried myself. Right now I'm thinking on whatever I think it is a bad idea or not :-)
<pubo> I'd like to have something like in windows networks but without having to edit manually DNS files...
<pubo> Uhm.. I thinl I got it! I'm going to test...
<nijaba> possible
<nijaba> err...  wrong window
<pubo> uhh, lot of problems with ddns + bind9 :'(. Can anybody help me?
<Travitron> basic question: after i've installed ubuntu 7.10 server, how do I get X up and running if I want it?
#ubuntu-server 2008-01-20
<onesandzeros> hello all.  I'm looking through packages.ubuntu.com for something that'll automatically select a fast mirror, or at least allow me to look at a list, but I'm not seeing anything.  Is there such a util?
<pubo> andol, are you there?
<pubo> andol, if you want to run dhcpd + bind9 + ddns = http://my-mili.eu/matt/docs/dynamic-dns-with-dhcp-and-bind-9/
<pubo> I success!!
<luckyone> can anyone help me figure out why I am unable to receive email on the email server I just set up?
<luckyone> PERM_FAILURE: SMTP Error (state 13): 553 sorry, relaying denied from your location
<ScottK> luckyone: Still there?
<CarlFK> that sounds more like a sending problem
<CarlFK> <- not an expert... but know enough to babble
<luckyone> ScottK: yes - still here
<luckyone> ScottK: I think it was with my mx records on the domain - I think I didn't have them forwarding to my box correctly...
<luckyone> *seems* to be working now
<ScottK> OK
<ScottK> Glad you got it worked out.
<andol> pubo: Well, I already have my system running the way I want, but thanks anyway.
<Boris> hi, i need help setting up raid 0
<Boris> i cant find it in the installation
<Boris> hardware raid 0
<Boris> humm make that raid 1
<levander> I just configured bind9 and (naturally) had to put an email address in for the zone I set up.  Since I haven't installed postfix on that machine, if DNS does have to send me an email, is it going to be able to send it?
<levander> I've only got a couple of servers I want to set up for home use, and am wondering if I can get away without installing postfix.
 * TheRazer is away: Gone away for now.
<Nafallo> levander: just use an e-mail you use?
<levander> Nafallo: Don't know what that means.
<Nafallo> what part of that sentence was unclear?
<levander> How that sentence was related to what I asked.
<levander> Nafallo: Oh, okay.
<Nafallo> ...
<levander> Nafallo: I have dovecot installed on that machine.  The email address is the one that I use on dovecot.  That's the one I'd like to use.
<levander> Do I need to install postfix to use that email address?
<levander> Or, does bind9 have another way to send me emails?
<Nafallo> is it reachable for everything else trying to send mail to it?
<Nafallo> it's not for bind. it's for people looking at your SOA that wants to contact you.
<levander> I haven't tested it yet.  I just installed it just now.
<levander> Nafallo: Ah, I see.  So, bind9 doesn't send emails?
<Nafallo> no
<levander> Even for errors?
<levander> Nafallo: K, thanks.
<levander> But, I bet I end up having to install postfix anyway.
<levander> For something else...
<iclebyte> Is anyone aware of any opensource software for managing Mirosoft Windows workstations? e.g. deploying hotfixes and applications etc?
<Nafallo> iclebyte: not that I'm aware of. google would know better.
<iclebyte> yeah I'm googling like a badboy and coming up short... what an appealing tool to the enterprise that would be.
<iclebyte> http://wpkg.org/ =)
<MenZa> Webian package manager o_O?
<MenZa> Ooh
<MenZa> Windows.
<MenZa> Sweet
<iclebyte> yea, looks quite cool. i think im gonna build a virtual network and test it out later this afternoon. woop wooop
<mok0> soren: I made a writeup of the kvm + bridge stuff:  https://wiki.ubuntu.com/KvmWithBridge
 * lamont tries to remember what if anything postfix needed to have changed for hardy -server support love
<ScottK> lamont: There was some discussion about making changes in Postfix versus doing it in tasksel.
<ScottK> lamont: I don't think there was any resolution.
<ScottK> lamont: I really don't like the idea of postconf running in the postfix init.
<lamont> in the postfix init?  it already does that about 6 times... :_)
<lamont> or do you mean in the dovecot postinst?
<lamont> or did you mean postfix' init.d?
<ScottK> postfix init.d if I understand the proposal correctly
<lamont> how very, um, interesting.
<lamont> the boottime police will come looking for us
<ScottK> That's kind of how I figured it, but I may have misunderstood the proposal.  IIRC it was on ubuntu-devel.  It may have been on the ubuntu-server ML, or both.
<lamont> ok
<lamont> did I tell you that 2.5.0~rc2-1 is in experimental?
<lamont> feel free to poke at it.
<ScottK> You did
 * lamont is doing a pass through the bts looking for other things to fix in 2.4 before the final upload
<lamont> s/final/"final"/ :)
 * ScottK still expects one more 2.4 release just after 2.5 comes out, or do you have that already?
<zul> 'noon
<lamont> no, not yet.
<lamont> I've badgered all the translators for debian/templates updates though
<lamont> maybe all that will land together.
<iclebyte> ldap is a mission!
<iclebyte> oh no.. now i cant login atall!
<Gargoyle> Is it possible to create a SSH tunnel without starting a full SSH session (I'm currently using "ssh -L localhost:3307:otherhost:3306 user@otherhost" to create MySQL tunnels)
#ubuntu-server 2009-01-12
<frojnd> jmarsden: ok thanx
<frojnd> ..whre can I change default port 80 for http ?
<frojnd> I need to change it to something above 1000 since my ISP blocks everything under 1000
<frojnd> I found it in apache2/ports.conf :)
<jmarsden> frojnd: /etc/apache2/ports.conf
<jmarsden> Yup.
<jmarsden> You may also need to chaneg it in various VirtualHost lines, see /etc/apache2/sites-available/default for example
<frojnd> jmarsden: hm hm :)
<owh> When I run aptitude install libvirt-bin, it installs three packages: dnsmasq-base libvirt-bin netcat-openbsd -- but when I run aptitude purge libvirt-bin, it only wants to remove dnsmasq-base libvirt-bin -- this makes no sense. Why is this happening?
<owh> Is this a bug in libvirt-bin?
<jmarsden> Or a bug in aptitude??  Hard to say.  Have you checked all the Depends: and Recommends: stuff in all 3 packages for clues?
<owh> jmarsden, I don't see any difference between the depends and rdepends of dnsmasq-base and netcat-openbsd.
<jmarsden> Strange... OK, let me see if I can duplicate the bug here...
<owh> jmarsden, I've compared /var/lib/aptitude/pkgstates in the three states, that is, before the install, during the time that libvirt-bin is installed and after it has been purged. netcat-openbsd looks the same as dnsmasq-base, except in the final state -- because it's still installed. Very curious.
<jmarsden> Indeed.  I wonder if it could have anything to do with the way the netcat packages use alternatives somehow...?  But I don't really see why that should affect this.
<frojnd> oh nose :s
<frojnd> how can I update CA certificate ?
<frojnd> anyone ?
<owh> jmarsden, were you able to reproduce this?
<jmarsden> owh: Yes, I reproduced the issue here (Intrepid on amd64)
<ball> my head hurts. so. much.
<jmarsden> frojnd: Update a CA cert?  Normally you would just create a new one.
 * owh hands ball an ice-cream for the pain.
<owh> jmarsden, I'm not sure where to report the issue first. I'd rather not report a bug to everything. What do you think of an email to ubuntu-devel-discuss as a start?
<jmarsden> You could do that; I'd be more tempted to just report it as an aptitude bug, indicating you are not sure if it is really a bug in aptitude or one of the packages concerned, and let whoever triages it decide whether that is correct or not.
<owh> jmarsden, cool, I can do that instead.
<owh> jmarsden, FYI the bug exists - I'm adding a comment: Bug #305504
<uvirtbot`> Launchpad bug 305504 in aptitude "aptitude does not automatically remove unused packages" [Undecided,Confirmed] https://launchpad.net/bugs/305504
<frojnd> ...does anyone know how can I update cert list ?
<jmarsden> frojnd: Read https://help.ubuntu.com/community/OpenSSL for general info on certificates and Apache?
<frojnd> just CA
<jmarsden> frojnd: That page describes creating your own local CA, and using it to create certs, etc...
<frojnd> jmarsden: very nice :)
<frojnd> it solved my problem :)
<jmarsden> Good!
<fowlduck> oh my kittens, 137 ppl
<techsupport> how can i uninstall perl without the other packages ?
<fowlduck> i'm not sure how to google this, so i suppose i'll describe my situation and maybe someone can give me the terminology for what i'm looking for
<Kamping_Kaiser> techsupport, you dont.
<techsupport> cause when i type sudo apt-get remove perl it wants to uninstall apache2, mysql, total is 182 megs
<Kamping_Kaiser> you dont uninstall perl. its like uninstalling oxygen.
<techsupport> i need to downgrade
<fowlduck> I'm running a rails application that's using postfix for delivery of mail, specifically just sendmail.  what is it called when your mail server only does that? local delivery only? i'd like to figure out how to disable any other features to keep it locked down
<Kamping_Kaiser> techsupport, huh?
<techsupport> the version of perl that i have is 5.10 and i need 5.8
<Kamping_Kaiser> techsupport, whysthat?
<Kamping_Kaiser> fowlduck, the exim4 installer calls it "local delivery". not sure about posfix though.
<techsupport> because its not compatible with utf8
<fowlduck> Kamping_Kaiser: hm, so i should reconfigure postfix for local delivery only, maybe
<Kamping_Kaiser> fowlduck, if its not already set to do that, yeah.
<Kamping_Kaiser> techsupport, perl 5.10 isnt? nonsense
<fowlduck> Kamping_Kaiser: i think i configured it for "Internet Site"
<fowlduck> since it's a site on the internet ;)
<Kamping_Kaiser> internet site probably means connects to other hosts via smtp directly.
<fowlduck> Internet Site: Mail is send and received directly using SMTP
<fowlduck> Local only: The only delivered mail is the mail for local users. There is not network.
<Kamping_Kaiser> yay, i got something right ;P
<fowlduck> i don't think local only is right, based on that description
<fowlduck> hm, maybe i should try exim
<Kamping_Kaiser> what do you want the mail server to do?
<fowlduck> just allow an application on the system to use sendmail to send email
<fowlduck> no receiving, no relay, no remote sendinf
<fowlduck> sending*
<Kamping_Kaiser> local should do what you want, as long as the mail is delivered locally
<fowlduck> i know so little about how email servers work *sigh*
 * Kamping_Kaiser isn't sure he made sense there
<fowlduck> define 'delivered locally'
<Kamping_Kaiser> to a user on the system
<fowlduck> it's delivered to emails outside of the domain, if that's what you mean by not delivered locally
<fowlduck> yeah, it's not just locally
<fowlduck> for example, a user signs up on the site, we send out a confirmation email
<fowlduck> maybe i don't need postfix or exim, just sendmail?
<Kamping_Kaiser> have a look at ssmtp
<Kamping_Kaiser> as long as your network connection stays up, its pretty funky
<Kamping_Kaiser> (it doesnt hold unsendable messages, it drops them).
<fowlduck> yeah, someone already recommended that one, not sure if i want to go with it
<techsupport> how can i downgrade my perl version ?
<Kamping_Kaiser> with a world of pain - I'm certainly not going to try and help you do it
<fowlduck> Kamping_Kaiser: that could be an issue, too, dropping unsendable messages :/
<fowlduck> well, potentially
<techsupport> ubuntu server 8.10 , from perl v.5.10 to perl v.5.8
<fowlduck> we usually just use a background process with gafyd using smtp straight from the app
<fowlduck> but this is a legacy app :/
<fowlduck> no time to put all that in and track emails that are sent
<Kamping_Kaiser> perhaps search the package repos for a simple smtp sender that doesnt drop mail? otherwise setting postfix to listen on loopback and send via $public is your best bet
<fowlduck> hmm, cool, found some good exim tutorials
<fowlduck> http://newbiedoc.sourceforge.net/networking/exim.html
<fowlduck> Kamping_Kaiser: thanks, btw. i just went with postfix and set mynetworks to 127.0.0.1
<fowlduck> supposed to only relay email for that ip then
<Kamping_Kaiser> fowlduck, cool. have fun, hope it works :)
<fowlduck> same ;)
<kirkland> nijaba: thanks!  i just merged and tested
<kirkland> nijaba: couple of minor tweaks
<kirkland> nijaba: renamed screen-install and screen-remove to screen-launcher-install and screen-launcher-uninstall
<kirkland> nijaba: seems more accurately named
<kirkland> nijaba: i just released 1.6 to my ppa's and to jaunty universe
 * kirkland going to bed now :-)
<uvirtbot`> New bug: #316283 in bind9 (main) "bind9-dlz-mysql - Please make a package with this option turned on" [Undecided,New] https://launchpad.net/bugs/316283
<kraut> moin
<PC_Nerd> Hi.  Attempting to send emails from batch scripts/crons etc via mail (exim4 etc).  Dont want to run a mailserver, and have port 25 open....    any ideas why Im not getting any emails from the mail command? (about to post logs).
<PC_Nerd> http://pc_nerd.pastebin.com/m601147ca       thats one log entry from one mail command ( the command used included)
<PC_Nerd> any ideas?
<jobrien> I am having issues with a clean install of 8.10 and 8.04 on a Dell 2500 with PERC Controllers.  Has anyone had any luck with the PERC based systems?
<Kamping_Kaiser> PC_Nerd, "Mailing to remote domains not supported". sounds like your config needs tweaking
<_ruben> jobrien: i installed both 8.04 and 8.10 just fine on dell pe1950 and pe2950
<_ruben> perc/5 and perc/6 i think
<PC_Nerd> ok - where should I be looking to "tweak" it?
<jobrien> _ruben:  I saw people were having some luck with those.  My OS drive is in RAID 1 and the install goes perfect then I get GRUB 17 at boot.  Been screwing with this for 4 days.
<_ruben> jobrien: never had any grub problems with em
<jobrien> _ruben:  Thanks man.  I"ll just keep digging.  I RHL boots fine but I really would like to stick with a debian base.
<Phil_> hello, does anybody know how to mount an hfsx filesystem in linux?
<uvirtbot`> New bug: #300265 in libapache2-mod-perl2 (main) "armel build failure (package not yet in the archive)" [High,Fix released] https://launchpad.net/bugs/300265
<Kamping_Kaiser> didnt realise ubuntu had an armel port
<heath|work> what's the best way in a script to test if a drive is mounted to a specific location? Right now I am putting a file in the mount folder called NOT_MOUNTED then testing for it
<sommer> heath|work: probably the mount command, then you could use grep or awk on the output
<heath|work> is there a way for mount to show by uuid?\
<sommer> heath|work: mmm, not that I see, but there may be another utility that can
<heath|work> I will look into it, thanks
<ScottK> FYI, https://edge.launchpad.net/~ubuntu-dev/+polls for any developers.
<kirkland> nijaba: around?
<jdstrand> kirkland, nijaba: with the latest screen-profiles, help (F9) doesn't appear to work
<kirkland> jdstrand: ?
<kirkland> jdstrand: what version?
<jdstrand> kirkland, nijaba: I also noticed that after the update I did 'select-screen-profile' then launched screen, I got a flash of blue before screen started. I deleted all my (previously unmodified) .screenrc* files and that seemed to go away, but help still doesn't work
<jdstrand> kirkland: version is 1.7-0ubuntu1
<kirkland> jdstrand: testing ...
<jdstrand> this is in gnome-terminal, if that makes a difference
<kirkland> jdstrand: f9 is working for me, in gnome-terminal
<kirkland> jdstrand: 1.7-0ubuntu1
<kirkland> jdstrand: try removing ~/.screen-profiles-helper
<frojnd> Just curious why a user can't have autocmopletion with tab ?
<frojnd> Do i have to se it manually ?
<jdstrand> kirkland: I don't have that file
<frojnd> when I do du -hs /media[tab] it will throw me a few spaces forward... I'd like tab for autocompletion for a user ...
<kirkland> jdstrand: ah, that looks to be the problem
<frojnd> How can I do that ?
<kirkland> jdstrand: nijaba's toggle code didn't account for that file missing
<kirkland> jdstrand: i'll fix
<jdstrand> kirkland: cool
<frojnd> ...looks like I don't have a bash as a user ...
<frojnd> how come only first user which is also root has bash ?
<frojnd> how can I give bash to everyone else ?
<kirkland> jdstrand: okay, i think i have it
<kirkland> jdstrand: would you mind verifying it?
<jdstrand> kirkland: ok
<kirkland> jdstrand: jaunty, right?
<jdstrand> kirkland: where is it?
<jdstrand> kirkland: oh yes, jaunty
<kirkland> jdstrand: i'm pushing to my ppa now
<kirkland> jdstrand: i'll ping you as soon as the dsc is available, and you can build it
<kirkland> jdstrand: faster than ppa will build ;-)
<jdstrand> kirkland: ok
<kirkland> jdstrand: i'll upload to universe as soon as you confirm
<kirkland> jdstrand: dget https://edge.launchpad.net/%7Ekirkland/+archive/+files/screen-profiles_1.8-0ubuntu1~ppa1.dsc
<jdstrand> kirkland: \o/
<jdstrand> kirkland: working now
<jdstrand> kirkland: thanks!
<kirkland> jdstrand: cool, it need a couple of try/except cases
<kirkland> jdstrand: to handle that config file not existing
<frojnd> for everyone else that had similar problem like me...
<kirkland> jdstrand: i'll upload now
<Shoopuf> Is there some sort of script or program I can use that will aggregate all my apache/whatever logs together so I can analyze them to see if anyone has been suspiciousing?
<kirkland> Shoopuf: there are a few, i think
<Shoopuf> suspiciousingness*
<frojnd> if ur new to shell and u just created a new user and has /bin/sh instead of a /bin/bash shell all u have to do is to change it's shell like this: chsh -s /bin/bash username
<Shoopuf> frojnd: chsh -s /bin/bash shoopuf? ok thank you
<kirkland> Shoopuf: i use awstats
<Shoopuf> kirkland: ok i'll try that, thanks
<frojnd> How can I check if my external disk supports ext2 or ext3,... it's 1TB and I'm not fine with just vfat32...
<frojnd> Is it even possible '
<heath|work> frojnd, why would it not support ext3?
<RainCT> Hi
<RainCT> Does someone know how I can enable mod_userdir for those users in a specific group?
<Jeeves_> RainCT: http://httpd.apache.org/docs/2.2/mod/mod_userdir.html
<Jeeves_> It seems that you cannot do that
<RainCT> :(
<Jeeves_> Who is using kvm/libvirt with nfs storage?
<soren> Jeeves_: A number of people... Why?
<Jeeves_> soren: I get issues when migrating
<Jeeves_> it looks like the image file is still locked by the source host
<Jeeves_> Migration is successfull
<Jeeves_> the domain starts pinging after about four seconds (it's a 100mbit link)
<soren> Probably a bridging issue.
<soren> Try setting fd for your bridge to 0.
<Jeeves_> soren: How do you mean?
<soren> You're using bridged networking, right?
<Jeeves_> Yes
<soren> brctl setfd <name of your bridge> 0
<Jeeves_> oki
<Jeeves_> lets ry
<Jeeves_> +t
<Jeeves_> That doesn't seem to help
<Jeeves_> But I'll reconfigure it and restart the boxes, just to be sure
<Jeeves_> 17:15 < bitrot> SVN commit by marks on repository cfengine, revision 11248: Set bridge_fd < soren> brctl setfd <name of your bridge> 0
<Jeeves_> Tadaaa.wav
<_Cid> question ...why is 'sudo -i' considered "better to use" than  'sudo /bin/su' ?
<soren> Jeeves_: Any better?
<ph8> hi all - any recommendations on the best mass-market mailing list manager to use on ubuntu? (e.g. for box users to make their own mailing lists with etc)
<soren> mailman?
<ph8> cool
<ph8> that's what i was thinking of
<ph8> thought i'd ask first
<Jeeves_> soren: Nope
<Jeeves_> bit-beheer@ubuntu:~$ sudo -i
<Jeeves_> -bash: /usr/bin/sudo: Input/output error
<Jeeves_> soren: http://pastebin.ubuntu.com/103979/
<jmedina> ph8: I like phplist
<jmedina> it has better features for only sending mailing, open/click count
<jmedina> support for text-plain and html templates, and scheduling
<jmedina> clean interface for opt-in/opt-out
<ph8> i'll take a look, thanks
<soren> Jeeves_: What's that sudo thing?
<soren> Jeeves_: I'm curious, though... You got kvm migration running under libvirt how?
<frojnd> How come when I execute screen a user doesn't have a bash but sh ? if I do echo $SHELL when not in screen I get a nice /bin/bash but when in a screen and executing echo $SHELL I get /bin/sh ?
<frojnd> How can I fix this so when in screen a user will also have bash ?
<heath|work> if a bash script, can you do an or  something like if [ -e $FILE || -d $FILE ]  ?
<nixphreak> should I need a broadcast address if I am only using one server using a static ip from an ISP  ?
<jmarsden|work> heath|work: man test describes all the operators you can use.  I think you want [ -e "$FILE" -o -d "$FILE" ]
<heath|work> jmarsden|work, thanks... I found that if [[ -e $FILE || -d $FILE ]] works too
<jmarsden|work> No problem.  I'm showing my age, [[ is bash-specific and I think didn't exist when I learned shell programming -- but yes, that will work fine too.
<Chipzz> heath|work: [ actually is a command with an exit status (there's also a binary called [)
<Chipzz> hence what you should be doing is [ sometest ] || [ someothertest ]
<Chipzz> but do not use [[ ; that's not portable at all, and there is no reason at all to prefer it over [
<Chipzz> || is actually a way of constructing a bash pipeline (please refer to "man bash" for more info), and seperates 2 seperate commands
<kees> jdstrand: I like the ec2sec script.  I was pondering renaming "start" to "launch", and making "start" call "launch" and then wait for the new instance to leave "pending".  (i.e. once "start" finishes, the instance is _actually_ running.)
<jdstrand> kees: that sounds like a nice improvement
<jdstrand> kees: there are surely many more :)
 * zul is working on new ec2 crack
<mathiaz> jdstrand: kees: so your main usage of ec2 is for testing?
<kees> mathiaz: yes, though it's still rather informal.
<kees> mathiaz: mostly just trying things out, seeing how it operates, etc
<mathiaz> kees: right - the main issue I'm facing now is the step once you've launched the image: customize your test environemnt
<jdstrand> mathiaz: yeah
<mathiaz> kees: on my server I have {hardy,intrepid,...}-base images that I clone (via lvm snapshots) when creating new vm for testin
<jdstrand> kees: though, with the stuff you talked about with cr3, some of our environment setup and testing might become easier
<jdstrand> mathiaz, kees: something that is cool about ec2 that does fit in nicely is that on launch we have a pristine image
 * kees nods
<ball> mathiaz: Can't make tomorrow's meeting, I'll be at work sadly.
<ball> ...not that I had anything useful to contribute anyway mind ;-)
<stickystyle> Does anyone know of a way to push a cron job out to all of my users, either creating a new crontab for them (if one doesn't exist) or appending to their existing crontab?
<jmedina> probably appendint the job to /var/spool/cron/crontabs/usrname
<jmarsden|work> But change the time it runs at for each user... if not you will try to run all of those cron jobs at the same time, which is probably not good for performance ;)
<jmedina> well you need to do some shell scriptting to automatically update the time for each user
<stickystyle> jmedina: yeah, thats what I thought at first also, but right at the top of each crontab is "DO NOT EDIT THIS FILE - edit the master and reinstall."
 * stickystyle shrug
<jmarsden|work> stickystyle: You can use crontab -e to edit those files if you want, maybe set $EDITOR to sed or whatever and play games that way...
<jmarsden|work> But as long as you know noone else is editing the crontabs when you are, appending to the files should be OK.
<stickystyle> Hum.  okay, thanks for the info.
<stickystyle> perhaps that warning is there just for the situation you described of the user perhaps editing the file at the same time...?
<jmarsden|work> I'm not 100% sure.  There may be some other reason... a test on one user would be smart before editing all of them...
<stickystyle> for sure.
<jmarsden|work> Looks like crontab -e also does sanity checks on the format of the lines in the file...
<erichammond> zul: What is the "new EC2 crack" you're working on?
<zul> just some fixes and updated kernel etc
<erichammond> zul: Yay.
<erichammond> I'm sending out my opinions on prioritization of the ubuntu-on-ec2 bugs.
<erichammond> Do you assign tickets when you are working on them?
<rickross> anyone updated to the 2.6.28 kernel?
<zul> erichammond: i should be doing alot of them this week hopefully
<rickross> I have a dir of aprox. 56 GB on an -drive RAID5 with a lot of available spae (linux software raid)
<Jeeves_> soren: You awake?
<rickross> are there any tricks I can use to get it to copy this dir to a backup copy on the same RAID?
<rickross> I have lots of cores and lots of ram available, but I don't think "cp -a" takes advantage of that at all
<Jeeves_> rickross: cp usually waits for your disks
<Jeeves_> not cpu/ram
<uvirtbot`> New bug: #316534 in bacula (universe) "instalation faild, but synaptick still admids  the combabilety" [Undecided,New] https://launchpad.net/bugs/316534
<rickross> the copy speed we're seeing is only about 70 MB/s, although the RAID will read a sustained 700 MB/s and write a sustained 300 MB/s
<rickross> I think the issue is that it is reading and writing on the same RAID, so it's changing gears all the time to copy files
<Jeeves_> rickross: that will decrease your performance indeed
<Jeeves_> And a 300MB/sec write?
<Jeeves_> What kind of raidset is that?
<rickross> 8 1Tb WD Caviar drives in a RAID5
<rickross> we're using an LSI dumb controller that gives us 8 additional SATA ports
<Jeeves_> And how long can you write 300MB/sec?
<rickross> a long time - we tested for 100 Gb
<rickross> but I think it's an entirely different matter to do a recursive copy of a big directory with lots of subdirs
<rickross> it actually peaked out at about 400 MB/s for writing, but that's for big blocks and big streams of continuous writing
<Jeeves_> Yeah
<rickross> so real-world recursive dir copy on the same RAID is showing a big difference :(
<Jeeves_> So you'll do about 100MB in real world
<rickross> we have a lot of ram available, too, so I wondered if there was some snazzy copy tool that could load a ton of stuff into ram, then pump it out to disk again
<rickross> instead of churning back and forth for read/write
<Jeeves_> rickross: try 'cp' :)
<rickross> jeevs - thx :)
<rickross> I didn't see the "cp" option that says "use 16 Gb ram for an input buffer" to avoid switching back and forth so much
<Jeeves_> It wouldn't matter for your speed
<Jeeves_> It still won't complete untill the last sync() on your disks :)
<jmarsden|work> rickross: You could set up a 56GB ram disk and cp to that, then from there to your ultimate destination... if you have that much RAM ;)
<jmarsden|work> I suspect the real issue is that your benchmarks for disk speed do not represent the kind of workload you really have and flattered the array...
<rickross> jmarsden - undoubtedly
<rickross> although there may exist tools which are designed to accelerate this kind of same-device backup
<rickross> I just wondered if anyone knew of one
<rickross> nslookup mail.hpyle.net
<rickross> oops
<Deeps> maybe a tool that was originally designed for copying data to multiple floppy disks
<Deeps> only instead of floppy disks, it's ram disks
<mathiaz> kirkland: I'm working on the Triagger section of the GettingInvolved page for the ServerTeam
<kirkland> mathiaz: good for you!
<mathiaz> kirkland: and trying to come up with easy steps to follow for new comers.
<mathiaz> kirkland: what do you think about advising potential contributors to look at bug in New,Undecided first?
<kirkland> mathiaz: definitely...  i think moving a bug from "New" to "Confirmed" is a really important first step
<kirkland> mathiaz: or marking "Incomplete" if more info is required
<kirkland> mathiaz: i tend to focus on Confirmed/Triaged bugs first, as a developer
<mathiaz> kirkland: right - should confirmed or triagged have a reproducible test case?
<mathiaz> kirkland: the bug squad has the following wiki page: https://wiki.ubuntu.com/Bugs/HowToTriage
<mathiaz> kirkland: but it seems a bit long for a first time/potential contributor
<kirkland> mathiaz: yes, of course.  to move beyond "new", at least someone else should be able to reproduce the issue, and document who to do it (if it's not already in the report)
<jmarsden|work> mathiaz: Are there really enough differences between bugs in general and Server bugs that there is a need for a different "HowToTriage" page just for the ServerTeam?
<mathiaz> jmarsden|work: I don't think so
<kirkland> mathiaz: i agree
<kirkland> mathiaz: but i think something like a blogpost would be good
<kirkland> mathiaz: calling for more triagers to look at server bugs
<kirkland> mathiaz: and giving simple instructions on what that means
<kirkland> mathiaz: pointing to the wiki page for more detailed info
<mathiaz> jmarsden|work: I'm just updating the section in the GettingInvolved page to make sure potential contributor can get started as easily as possible
<jmarsden|work> So... the ServerTeam Traige section could just point ServerTeam contributors to the existing one?
<mathiaz> jmarsden|work: right
<mathiaz> jmarsden|work: that's already the case from the KnwoledgeBase wiki page
<mathiaz> jmarsden|work: where a lot of ressources from the Bugsquad are referenced
<mathiaz> I'm mainly thinking about getting potential contributors started as easily as possible - and then give them ressources to read up on.
<jmarsden|work> OK, from your questions I thought you were writing a server-specific equivalent of HowToTriage
<mathiaz> bdmurray: hi - question about the BugSquad wiki page
<mathiaz> bdmurray: I'd like to include the section "Triaging Bugs" from https://wiki.ubuntu.com/BugSquad/GettingInvolved
<mathiaz> bdmurray: into the ServerTeam GettingInvolved page
<mathiaz> bdmurray: I'd rather not just copy and paste the text as I'd miss all the updates done to the section
<mathiaz> bdmurray: the text is already duplicated on https://wiki.ubuntu.com/HelpingWithBugs
<mathiaz> bdmurray: do you know of a simple way to do that with moinmoin?
<bdmurray> mathiaz: Hi! Yes I do.  You can look at Bugs/Tags for an example or ... <<Include(DebuggingOpenOffice, ,5,from="= Bug Tags =", to="= Debugging procedure =")>>
<bdmurray> mathiaz: also see http://moinmoin.wikiwikiweb.de/HelpOnMacros/Include
<mathiaz> bdmurray: thks :)
<mathiaz> bdmurray: I've seens some triaggers moving a bug to confirmed stating that there has been enough comments in the bug as proof of confirmation. Shouldn't a triagger set the status to confirmed if he/she is able to reproduce the bug locally?
<bdmurray> Not everyone knows how to change a bug's status or when a bug should be Confirmed.  It isn't discoverable outside of Launchpad, subsequently I think having triagers confirming bugs for people who don't know how is fine.
<mathiaz> bdmurray: only members of the bugsquad team can set bug statuses right?
<bdmurray> mathiaz: no, that's not correct.  any one can set any bug status except for Triaged or Won't Fix.
<bdmurray> mathiaz: Triaged and Won't Fix are restricted to members of Ubuntu Bug Control
<mathiaz> bdmurray: ah - right.
<mathiaz> bdmurray: it's the importance that can only be set by members of the bugcontrol team
<bdmurray> Yes, that is correct.
<mathiaz> kirkland: does screenbin support multiple guest options?
<kirkland> mathiaz: yup
<mathiaz> kirkland: ie screenbin --guest kirkland --guest mathiaz?
<kirkland> mathiaz: yes, precisely
<kirkland> mathiaz: says so in the usage() statement
<mathiaz> kirkland: ok - I'd mention that in your blog post example. I didn't grasp how the sharing between multiple people work right away.
<kirkland> mathiaz: refresh http://blog.dustinkirkland.com/2009/01/screenbin-like-pastebin-but-for-screen.html
<mathiaz> kirkland: ah ok. self is automatically added.
<kirkland> mathiaz: right
<mathiaz> kirkland: that's the part I was missing.
<mathiaz> kirkland: since you are kirkland I thought you had to specify your login when using screenbin
<kirkland> mathiaz: see:
<kirkland> # This could be parameterized for non-standard keypairs
<kirkland> for i in id_rsa.pub id_dsa.pub; do
<kirkland>         if [ -r "$HOME/.ssh/$i" ]; then
<kirkland>                 my_ssh=`cat "$HOME/.ssh/$i"`
<kirkland> ...
<mathiaz> kirkland: right - I haven't read the code. I was just reading your blog post. It's the first explaination of what screenbin is. And I failed to see how the sharing was working.
<kirkland> mathiaz: gotcha, i'll edit one more line in, clarifying
<kirkland> mathiaz: okay, update published
<techsupport> can someone help me downgrade from perl 5.10 to 5.8
<RainCT> techsupport: Hardy has 5.8
<frojnd> How how how :)
<frojnd> I have a little problem. When using screen as normal user I loose bash and I get sh. How come ?
<frojnd> I have bash if I'm not using screen...
<frojnd> How can I fix this so a user will have bash no matter if he/she uses screen or not ?
<techsupport> RainCT, can i transfer my website and database to hardy ?
<RainCT> techsupport: yes, that shouldn't be much of a problem
<RainCT> techsupport: but first you could try if you can install Hardy's package in Intrepid or whatever you use..
<RainCT> why do you need an older version? perhaps even manually installing perl 5.8 into /usr/local will do?
<techsupport> RainCT, if you dont mind reading my post on hlstatsx forum http://www.hlxcommunity.com/forums/viewtopic.php?f=1&t=377
<techsupport> RainCT, if you can help me with this i would really appreciate it
<techsupport> using characters not in standard ASCII, it will crash
<techsupport> RainCT, please help me :)
<RainCT> techsupport: have you read the last post there?
<techsupport> RainCT, yes I have
<techsupport> RainCT, you mean this ? Basically, whenever someone joins your server with a name that is using characters not in standard ASCII, it will crash. There are many posts here about it, has to do with the MySQL module.
<RainCT> techsupport: yes. that guy suggests that it's a problem with MySQL rather than with perl
<techsupport> RainCT, no its perl , thats why they dont support perl 5.10 related problems
<techsupport> RainCT, the developers dont support 5.10 related questions, they just say use 5.8 perl
<RainCT> techsupport: ok. then you could get perl 5.8 from http://www.cpan.org/src/perl-5.8.9.tar.gz, compile and install it into /usr/local
<RainCT> then change that script to use /usr/local/bin/perl instead of /usr/bin/perl
<RainCT> i'm off now, good night
<RainCT> techsupport: and good luck getting that to work :)
<techsupport> RainCT, thanx man
#ubuntu-server 2009-01-13
<Kamping_Kaiser> that doesnt make it perls problem though, it just makes the perl revision the catalist
<Kamping_Kaiser> *yst
<techsupport> Kamping_Kaiser, hi !
<Kamping_Kaiser> hallo
<techsupport> i'm downloading perl 5.8 from here http://www.ccl4.org/~nick/P/perl-5.8.9.tar.bz2
<techsupport> do you think you can help me install it after its done ?
<Kamping_Kaiser> any reason not to get it from perl.org? http://www.cpan.org/src/README.html
<Kamping_Kaiser> and i can probably lend you a hand, but only on a fairly theoretical level
<techsupport> Kamping_Kaiser, ok its downloaded from the link you gave me
<techsupport> Kamping_Kaiser, how do I install compile and install it ?
<Kamping_Kaiser> techsupport, have you compiled something before?
<techsupport> techsupport, yeah a long time ago, I am getting back to ubuntu after a long break
<Kamping_Kaiser> are you working on the server here, or on a workstation?
<techsupport> server
<uvirtbot`> New bug: #316594 in mysql-dfsg-5.1 (universe) "/etc/lsb-base-logging.sh: line 84: INITOUTPUT: unbound variable " [Undecided,New] https://launchpad.net/bugs/316594
<Kamping_Kaiser> ok. i generally advise people dont install build environemnts on servers. in a chroot on the server, no worries, but not on the live system. If you dont mind building on your live server, you can skip making a build chroot
<techsupport> Kamping_Kaiser, i just need it installed and working properly thats it (keeping in mind that perl v.5.10 is already installed)
 * hads thinks installing 8.04 would be easier
<techsupport> hads, ok can i transfer my database if i install 8.04 ?
 * Kamping_Kaiser thinks people should use LTS on servers, but this clearly isnt universal
 * hads agrees
<uvirtbot`> New bug: #268536 in samba (main) "mount smbfs not working properly after upgrade from 6 to 8" [Undecided,New] https://launchpad.net/bugs/268536
<hads> techsupport: That depends what "my database" is, but I'd assume yes.
<erichammond> kirkland: I like the screenbin idea.
<erichammond> I've used Ubuntu desktop on EC2 for similar purposes working with and walking somebody through a graphical application.
<Sylphid> im trying to migrate my server to a raid 1 install and the instructions i followed worked save for one thing ... they suggested running update-initramfs -u  and now i can boot to any kernel save the one that was running when i issued that command
<_Cid> Heya, does anyone know how to add log to syslog?
<_Cid> oh, nice config file - nevermind :-)
<Tailsfan> Hi There, I'm trying to install 8.10 on my tower, but whenever it gets to the Hard Disk scanning phase, it keeps on flashing and then keeps on saying "Failed"
<Tailsfan> What can i do?
<Gr3mlin> hay all, got a question for you.
<_Cid_> uh oh ...
<_Cid_> is it the one about the african versus the european swallow?
<Kamping_Kaiser> African swallows are non migratory :)
<Gr3mlin> it was sort of.
<_Cid_> but, what is the air velocity?
<Gr3mlin> :(
<Gr3mlin> what would one expect to pay for a IBM x445, 4x2.8Ghz MP Xeons, 4Gb ram.. with 2 10k, 36Gb HDD?
<_Cid_> uh ...
<_Cid_> less than you :)   employee pricing is 15% off I think
<_Cid_> Gr3mlin:  gimme a minute, let me look it up - can't rememebr the URL
<Gr3mlin> cheers _Cid_
<_Cid_> Gr3mlin:  new, refurb or new?
<hads> And in what country
<Kamping_Kaiser> I'd go with a 4 digit number of $AUD at a guess.
<Gr3mlin> new zealand
<Gr3mlin> its second hand.. but no OS
<_Cid_> hads:  good question ...
<_Cid_> Gr3mlin:  sorry mate, I only got access to US stuff .... let me give you price comparison anyway
<hads> That's the reason you should say where you are :)
 * _Cid_ is in the living room ...
 * Kamping_Kaiser is in a heater
<hads> That's odd, I'm in the living room too and I can't see you.
<_Cid_> Gr3mlin:  looking at the clearance stuff, which would be the best to comapre against for the used market I guess .... looks like .... somewhere around $1400-1850  USD
 * _Cid_ checks for hads behind the counter....you freaking me out dewd ....
<hads> Theh
<Gr3mlin> that was weird. im use to microsoft and crashes.. but i've never had the program stay open before..
<Gr3mlin> sorry. ok, so 1400 - 1850 usd.
<hads> Doesn't appear to be available in NZ
<Gr3mlin> 2.5k! - 3.28k!
<_Cid_> uh ..we made him crash
<Kamping_Kaiser> poor kiwi, probably not used to hearing such large amounts of money
<Gr3mlin> that was strange...
<Gr3mlin> ok.. were was i..
<hads> Kamping_Kaiser: Oi!
<_Cid_> he probably divided the full amount witht he price of beer, and it made his computer crash
<Gr3mlin> lol, i say that btw Kamping,
<Kamping_Kaiser> hehe
<_Cid_> oh..the kiwi is back
<Gr3mlin> lol
<Gr3mlin> NIce CID
 * hads is also in .nz
<Gr3mlin> so should i grab it if i was offered it for 700 NZD or 394 USD?
<_Cid_> but..but..the licing room is in California?!
<hads> Gr3mlin: Yes
<_Cid_> Gr3mlin:  depends what it is worth for you
<_Cid_> Gr3mlin:  great deal - expensive book press though
<Kamping_Kaiser> Gr3mlin, if you A. can use it, and B. know its all working, i dont see why not
<Gr3mlin> LOL, it could server me!
<Gr3mlin> lol
<hads> You need somewhere to put it too
<_Cid_> Gr3mlin: and you ened to give me an account <nod>
<Gr3mlin> no, ive got a game server. but its pretty crap and i looked at what everyone else is running.. sortta
<Gr3mlin> made me wanna get one!
<Gr3mlin> but getting t he OS is the expensive bit..
<hads> That bit is free
<Gr3mlin> ?
<_Cid_> run linux on it ..
<Gr3mlin> ubuntu?
<hads> Of course
<_Cid_> sure
<_Cid_> not sure what version of Ubuntu made it to NZ yet - but anything should work
<Gr3mlin> the game server needs windows. they havent converted it over yet.
 * _Cid_ put on his abstest suit ...
<hads> _Cid_: Quit it :)
<_Cid_> what game we talking?
<Gr3mlin> is it v8?
<Kamping_Kaiser> _Cid_, its ok, australia has spare 5.10's we can send over :D
<_Cid_> Kamping_Kaiser:  Redhat 5.1 ? :D
<Gr3mlin> guess.. hl2-gmod-ZS and others.
<Kamping_Kaiser> _Cid_, or that ;)
<_Cid_> Gr3mlin: running windows on a box like that is a crime ..
<Gr3mlin> Yeah... i guess i could use wine.
<_Cid_> now you talking
<_Cid_> I mean, a box like that - you could even run VI in color, and it wouldnt break sweat!
<Gr3mlin> i've already had Ubuntu v8 with wine for the whole doesnt crap itsself factor and performance wise. it
<Gr3mlin> crapped itself.
<_Cid_> you guys ever get to the point where your server is running super smooth ... you watch it do that for a few days..and then...uhm....get kinda bored?
<Gr3mlin> lol
<Gr3mlin> i'd imagine a box like that would be extremely loud aye.?
<Kamping_Kaiser> _Cid_, personal servers, yes. public/production, no :)
<Kamping_Kaiser> Gr3mlin, remember its not v7, v8. the .04 or .10 is important
<_Cid_> Gr3mlin:  yes on loudness - most likely
<Gr3mlin> ohh.. sorry, i have to say, it was extremely painless to install, i didnt know what 2 do.. i was
<Gr3mlin> like... wait.. wheres the questions? the restarts? the BSOD's? then using it was really simple also!
<Gr3mlin> umm, its was Ubuntu 8.04.1 i3
<_Cid_> Kamping_Kaiser:  jus a hobby server, serving a handful of doamins with mail and stuff like that
<Gr3mlin> is that better Kamping_Kaiser?
<_Cid_> oh - I know, I could fix my webserver .... forgot about that nonsense
<Gr3mlin> ;P
<Kamping_Kaiser> :p
<_Cid_> switched to apache, seems complicated
<Kamping_Kaiser> what was it before?
<_Cid_> lighttp
<_Cid_> d
<_Cid_> humm...in apache ... anyway I can force a subdomain (on port 80) to reload itself (on port 443) ?
<Kamping_Kaiser> hah. you'll notice a little more complexity yes ;p
<_Cid_> like .. you go to http://secure.foo.com  and it loads https:/secure.foo.com instead?
<Kamping_Kaiser> use an apache vhost and redirect
<_Cid_> what is all this avaliacle-sites etc etc .... I just want a conf file :P
 * Kamping_Kaiser attempts to locate his template
<_Cid_> didn't the last apache vhost die at little big horn?
<Kamping_Kaiser> hm. its (ironically) on the host without an httpd. just a tick, i'll copy it somewhere you can see
<_Cid_> oh, a html redirect?
<Gr3mlin> thanks for the help! i'll sleep on it! :P i guess if could just pass it on for my money back or more if
<Gr3mlin> i decide i dont need it!
<Kamping_Kaiser> _Cid_, http://121.45.97.134/~kgoetz/apache2-vhost-template.txt http://121.45.97.134/~kgoetz/000.default.site
<_Cid_> Gr3mlin:  if you have no need, its kinda expensive ..it will also use quite a bit of power :P
<_Cid_> Kamping_Kaiser:  sweet, thanks  (this is supposed to be easier than lighttpd?! - gimme regex back!)
<Kamping_Kaiser> _Cid_, no worries. I got them working, and wouldnt be able to do it from scratch anymore ;)
 * Kamping_Kaiser -> lunch.
<Kamping_Kaiser> _Cid_, good luck with it. I find #apache helpful, if a little hostile (they don't like Debian)
 * Kamping_Kaiser will bbl
<_Cid_> Kamping_Kaiser: thanks man :)
 * _Cid_ ponders what Aussies says as 'goodbye'  
<_Cid_> G'bye mate!
<Kamping_Kaiser> :)
<_Cid_> Kamping_Kaiser:  thanks, that worked - just really slow, as if it is doing several lookups ..which..I guess it is :P
<Kamping_Kaiser> :)
<_Cid_> quick lunch
<_Cid_> let me guess, you threw a shrimp on the barbie?
<Kamping_Kaiser> almost, i threw some jam on a bread :p
<_Cid_> could have been worse ...marmamite - yack!
<_Cid_> what is WRONG with you people
<Kamping_Kaiser> iky stuff
<Kamping_Kaiser> dads in the house breaking shit, so I figured fast was the best plan
<Kamping_Kaiser> _Cid_, marmite is foul. vegemite ftw though.
<_Cid_> Kamping_Kaiser:  back to my previous point - what is WRONG with you people!
<Kamping_Kaiser> _Cid_, :O
<Kamping_Kaiser> nothing.
<_Cid_> Kamping_Kaiser:  isnt it mostly yeast?
<Kamping_Kaiser> _Cid_, vegemite? yeah.
<_Cid_> sounds yummy
<_Cid_> you guys monitor #ubuntu?  busy channel
<_Cid_> was just a guy having trouble figuring scp out - the advise he got was to install proftp <shakes head>
<Kamping_Kaiser> I don't. I don't use ubuntu in any serious way anymore. i'm here as much because I keep forgetting to leave as because I can still help out a little.
<_Cid_> hehe - what do you use?
<_Cid_> Deb?
<Kamping_Kaiser> thats why i dont #ubuntu - the useful advice to rubish advice ratio is not worth it
<Kamping_Kaiser> yeah. everyware
<_Cid_> Kamping_Kaiser:  I came from Debian ..jsut thought I would try Ubuntu when it came out ..kidna stuck .... as a server, not a huge difference, Ubuntu gets the same advantages as Debian I think :P
<_Cid_> Kamping_Kaiser:  Ubuntu on the server, macOS on the desktop - working great for me
<_Cid_> Kamping_Kaiser:  if I had to redo everything again from scratch ..I might go back to Debian, just due to the coolness factor ;-)
<Kamping_Kaiser> _Cid_, i switched Debian (sarge) -> Ubuntu (when it came out) -> Debian (after u.6.10)
<_Cid_> Kamping_Kaiser:  why? :)
<Kamping_Kaiser> I find the (desktop) releases after 6.06 to be rubish.
<_Cid_> what was before sarge again? ...woody?
<Kamping_Kaiser> yep
<_Cid_> and before that?
<Kamping_Kaiser> potato
<_Cid_> thats right!  I used potato ... humm...before that?
 * Kamping_Kaiser remembers needing to select 'linux26' to get a 2.6 kernel with sarge
<_Cid_> slink!
<_Cid_> I started on Slink
<Kamping_Kaiser> heh. I wasnt doing free software when slink was around
<_Cid_> did RH before that <blush>
 * Kamping_Kaiser tuts ;p
<_Cid_> RH was my first lunix
<_Cid_> heh ..I wanna know now - when was RH 5.0 ...
<Kamping_Kaiser> i played with manrape (mandrake), RH, FC, looked at xandros/linspire and tried debian.
<_Cid_> 97
<_Cid_> I guess I started with linux in 1997 ..wow
 * _Cid_ is old
 * Kamping_Kaiser is impressed
 * owh smacks _Cid_ around the head with a zimmer frame :)
<_Cid_> Cartman was my last RH   ... thats 1999 ...does that match up with slink?
<_Cid_> it does - wohoo
<Kamping_Kaiser> btw, spamassassin+Claws mail == <3<3<3
<_Cid_> owh:  ok - took me a while, as I had to look up what a zimmer frame was ...but now that I did 'HEY!!'
<Kamping_Kaiser> haha
<owh> _Cid_: Old age will do that to you :)
<_Cid_> Why you little!
 * owh is of 1967 heritage :)
<_Cid_> owh:  you had to be, how else would you have a zimemr frame to hit me with!
<_Cid_> <badabum-tishhh>
<owh> _Cid_: See, you're not as dumb as you look ;0
<_Cid_> Claws ... looking at it now - whats so great about it
<_Cid_> owh:  good thing too!
<_Cid_> Kamping_Kaiser:  any mail client with NO graphic on their web page gotta be l337
<Kamping_Kaiser> _Cid_, its lightweight, has an SA plugin, and is working nicely
<Kamping_Kaiser> it cant handle >9GB maildirs though. i shold file a bug on that
<_Cid_> Kamping_Kaiser:  I am a big fan of Mail.app
<Kamping_Kaiser> _Cid_, really? i've never looked :)
<_Cid_> Kamping_Kaiser:  http://www.claws-mail.org/
<_Cid_> Kamping_Kaiser:  not trying to start a flame war here ...but I am curious ...what does Debian have these days, that ubuntu does not?
<Kamping_Kaiser> theres a graphic there ...
<_Cid_> Kamping_Kaiser:  barely ....
<owh> _Cid_: A slower release schedule :)
 * _Cid_ is starting to appreciate owh
<Kamping_Kaiser> _Cid_, QA, when its ready releases, an absence of stupid services that spam the network, reconfigure your interfaces and overwrite config files
<Kamping_Kaiser> things like that
<Kamping_Kaiser> owh, <3
<_Cid_> I got stupid services that spam the network?
<Kamping_Kaiser> _Cid_, not sure why a small number of graphics ona  site is a bad thing :)
<owh> _Cid_: Humour is an acquired taste :)
<_Cid_> Kamping_Kaiser:  for a client? ..I would expect a screenshot - maybe just me
<Kamping_Kaiser> _Cid_, on u. desktop yeah.
<_Cid_> owh: apt-get install humour
<_Cid_> Reading package lists... Done
<_Cid_> Building dependency tree
<_Cid_> Reading state information... Done
<_Cid_> E: Couldn't find package humour
 * _Cid_ expects to get kicked for spamming ...
<_Cid_> Kamping_Kaiser:  claw is not for the desktop?
<Kamping_Kaiser> _Cid_, feinds that they are, they are using a 'screenshots' page ;)
<Kamping_Kaiser> _Cid_, hm?
<_Cid_> Kamping_Kaiser: with no link to the screenshots page?  ... or ..am I blind
<_Cid_> Kamping_Kaiser:  DOH ...haha, had the entire right column outside my screen <blush>
<Kamping_Kaiser> hahaha
<Kamping_Kaiser> oops ;p
<_Cid_> old age ... ya know
<owh> _Cid_: apt-cache search humour
<_Cid_> didnt parse well in lynx
<_Cid_> owh:  apt-get moo (just try it)
<owh> _Cid_: I am familiar with the cow.
<_Cid_> no!
<_Cid_> only cool people know abotu the cow
<owh> _Cid_: Everything new is old :)
<Kamping_Kaiser> are you famliar with the bug about the cow not looking cowy enough?
<_Cid_> Kamping_Kaiser: hehe, never looked that one up
<Kamping_Kaiser> _Cid_, i'll find it for you
<owh> Kamping_Kaiser: I think I did see that quite some time ago. Got a bug number for us?
 * _Cid_ is going to heat some milk for the little one, brb (and you wondered what I was doing up)
<Kamping_Kaiser> https://launchpad.net/ubuntu/+source/apt/+bug/56125
<uvirtbot`> Launchpad bug 56125 in apt "apt-get moo doesnt look like a cow" [Wishlist,Confirmed]
<hads> Hah
<_Cid_> I like the cow
<_Cid_> hah, someone even posted a patch!
<hads> aptitude moo is cool
<_Cid_> dry, but funny :)
<_Cid_>  This aptitude does not have Super Cow Powers.
<hads> Try it with -v, then -vv etc.
<_Cid_> what is that? ..looks like an elephant being eaten by a snake or something
<owh> _Cid_: No, it's a snake choking on a zimmer frame.
<_Cid_> owh owwwh!
<milestone> hi all
<milestone> i am unable to compile drbd0.7 using m-a on ubuntu hardy LTS release
<milestone> i am in the progress of upgrading my heartbeat cluster from dapper to hardy
<_Cid> owh:  still here?
 * owh nods
<_Cid> I am getting tired, quick - say something funny!
<owh> If you are in need of some exercise, then you need to start small. Perhaps you could lift the baby - sort of starting with baby-weights.
<_Cid> don;t work well under pressure, do you?
<owh> _Cid: I figured with bottles, up late, it would work - but you must be getting tired :)
<_Cid> hehe, and bottle is getting empty  - mine that is ...
<_Cid> well ..his too
<owh> _Cid: See -- it all works out :)
<owh> _Cid: When you took delivery, you did get the user manual and the briefing notes?
<_Cid> hah! - he is warming up!
<owh> _Cid: Haven't managed to locate the wiki have you?
<_Cid> there is one?!
<_Cid> (its my first, could use one)
<owh> _Cid: Oh, they did tell you that you can't give them back didn't they?
<_Cid> only in Nevada, I heard
<owh> _Cid: We have a casino car park where you can leave them - seems that quite a few do.
<_Cid> you in nevada? - hehe
<_Cid> ok real question ...  sudo su   vs. sudo -i ..... pro/cons?
 * owh uses sudo -s
<hads> I do too mostly, though if you want root's env then use -i
<owh> _Cid: You've been around IT for a bit - you already know the answer - "It depends..."
<owh> :)
<_Cid> sudo -s ...whats that?
<_Cid> I do   sudo /bin/su -
<_Cid> old habbit ...
<owh> _Cid: Waaaaaaaaaay toooooo much typing :)
<_Cid> heheh
<_Cid> hehe, getting punked on #ubuntu for askwering a person who asked how do I become root ...
<_Cid> <shrug>
<owh> Here's a completely side-ways question. I'm doing this in PHP, but I'm really after methodology, not language specific. I have a class a that extends class c, and another class b, that also extends class c, I need an object that provides both methods from a and b. Specifically ...
<owh> ... class c implements PDFs, class a implements templates for PDFs and class b implements variable images on PDFs - I need both.
<owh> Comments and suggestions?
<_Cid> clearly a job for goto ..or perhaps even gosub
 * Kamping_Kaiser stabs _Cid for suggesting goto
<owh> _Cid: I suppose I could peek() and poke()  :)
<_Cid> wb Kamping_Kaiser  :)
 * owh wrote 6502 machine code back in the days :)
<owh> EA == NOP
<owh> 20 == JSR
<owh> :)
<Kamping_Kaiser> _Cid, ty :)
<_Cid> back in the days ..when coding was easy, only had to know 2! keys
<_Cid> there are 10 kind of people in this world, those that understand binary - and those that dont
<owh> I just scared myself, I googled NOP and JSR, and I was right :)
<owh> http://www.6502.org/tutorials/6502opcodes.html
<owh> Meanwhile, my question was a serious one.
<_Cid> I will keep stabbing fun at your question, to hide the fact that I got no clue - ok with you?
<owh> _Cid: Sure.
<owh> _Cid: The only requirement is that the references are arcane and funny.
<Jeeves_> Morning
<_Cid> ah! or we could ask Jeeves
<owh> Yes, that qualifies :)
 * _ruben wonders how often that jokes being made per day :p
<_Cid> thank you :)
<_ruben> s/jokes/joke's/
<_Cid> or!!  ..we could ask _ruben!!!  ... no? ...not quite the same ring to it, eh?
<_ruben> not really ;)
<Jeeves_> _ruben: In most channels that joke comes around two or three times
<_Cid> do most people try to take it a step further ...and are they as unsuccesful as I were?
<_ruben> Jeeves_: not too bad then ;)
<_Cid> owh:  I think we should look at very basic methodology here...
<Jeeves_> _Cid: They all fail. But that's ok. :)
<owh> Jeeves_: What made _Cid's effort funnier than most is that I had required that if he was going to make fun of my question, that "The only requirement is that the references are arcane and funny."
<_Cid> owh:  it would seem to me that your class a ... multiplied by itself ... added to your b class ... multiplied by itself...should GIVE you your c class ...you may however have to square it ...
<owh> _Cid: Does that come with a Dunce hat?
<_Cid> (may not be funny, but it sure was arcane!)
<_Cid> you know, I had to look that one up too - but I had a feeling I had guessed it...which I had
<owh> Jeeves_: My reply to your initial greeting was going to be: "Morning, what do you call this? Morning happened 11 hours ago. Thanks for coming." - but then _Cid came along with something else :)
<owh> So _Cid are your eye-lids getting heavy yet?
<owh> _Cid: OMG, it's full of stars.
<_Cid> kinda waking up again - thanks :)   it helped joining 5 random channels and chatting people up :)
<owh> _Cid: Yes, they do look random.
<_Cid> they are all OS :D
<owh> _Cid: Next you'll be telling us some haiku's and confusing them with 6502 assembly.
<_Cid> owh:   no no, its the OS ...not the poems
<owh> _Cid: See, now you're confused :)
<_Cid> owh:  hehe, recall BeOS ?
<_Cid> owh:  some die hard fan are rewriting it from scratch ... calling it haiku
<owh> _Cid: I even booted it once.
<_Cid> owh:  I bought stocks .... how is that for arcane and funny?
<owh> _Cid: It was fast, but it didn't do much.
<_Cid> story of its life
<owh> _Cid: You're going to wear out that Dunce hat.
<_Cid> owh:  and the .err..what was it ... ziggler frame ..thingy
<_Cid> owh:  kinda nostalgig ...fat download, and launch in vmware ... it kinda looks like the real thing :)
<owh> zimmer frame
<owh> Your memory is failing too.
<_Cid> who said that?
<owh> Altzheimers is not when you forget what keys are, but what they're for.
<_Cid> hehe
<owh> _Cid: You still awake?
<_Cid> barely...
<owh> Just checking.
<_Cid> I had some fun talking in #mac about how hard a mac is to use - they kept me going for a while
<owh> Hehe
<_Cid> suprised how many of them agreed with me
<owh> _Cid: You have any particular reason for staying awake?
<_Cid> yes!
<_Cid> a very very good one
<_Cid> nothing but brilliant
 * owh waits with baited breath.
<_Cid> If I think of it, I will make sure to let you know ...
 * owh yawns.
<owh> Yawning is such a wonderful thing.
 * _Cid does not work well under pressure!
<owh> When you think about yawning, others do too.
<_Cid> *yawn*
 * owh suspects that _Cid is yawning now.
<_Cid> bastard!
<owh> ROTFL
<_Cid> I did
<_Cid> well...  little guy needs feeding within the next hour
<owh> Man, that was funny.
<_Cid> I am staying awake so "mother" can get some sleep
<_Cid> what is your excuse?
<owh> _Cid: It's day time.
<owh> _Cid: I'm working.
<_Cid> stop side stepping and answer the question!
<owh> _Cid: Clients pay me to work.
<owh> _Cid: Oh, well, for one, I'm not bored :)
<_Cid> owh: hehe, php developer by trade?
<owh> _Cid: Did I mention that it's day time?
<owh> _Cid: No, forced by circumstance. I'm really a business continuity expert, but I get drawn into fixing stuff for people :)
<owh> _Cid: I console myself with the fact that I get to bill them :)
<_Cid> at a business continuity consultants rate
<_Cid> Business continuity ... I like that  "so ..uhmm.. you guys need to keep going, ok ... can;t sell products if we dont make them - keep it up!'
<owh> Hell yeah.
 * owh has noticed a trend where the higher one's rates are, the better the client listens.
<_Cid> Hey, truck driver ... you need to keep driving mmmkay ... you wont reach yoru destination if you dont drive ...ok! ... thats continuity for you ..
 * owh still doesn't charge enough.
<owh> I was told once that if 50% of your clients are not complaining about your rates, you're too cheap.
<_Cid> owh: I once walked from a project (kinda) - they begged me back ..I said, sure - for 100% rate increase ... they accepted, and MAN did they listen to me after that
<_Cid> owh:  now I work for IBM - 100% of our customers complain about our rates, we must be spot on :-)
<owh> _Cid: The BC is more like: "So, if this particular thing fails, what will it cost your business? Can you afford for it to break?"
<owh> ROTFL
 * owh is self employed - not sure if I ever want to work for anyone again. 'suppose if a good enough offer came along, but otherwise, I like what I do.
<owh> BRB
<_Cid> but you are right, we used to give free proof of concepts away - part of our selling phase .. had like a 25% closign rate ... then we started charging .... sure we doing fewer ..but we got 80% closure now
<owh> _Cid: Now that is an interesting concept.
 * owh steals that :)
<_Cid> quality over quantity
<_Cid> if they not willing to pay SOMETHING (even symbolic) ... they not gonna buy anyway
<owh> Yup, that's why I stole that idea just then. I had the same problem - but that neatly solves it :)
<_Cid> I will send you an invoice
 * owh sends _Cid an address: /dev/null
<_Cid> oh, lots of room there ...gonna move my files there while I replace this HD - THANKS!
<owh> _Cid: That's right up there with a colleague storing important data on my transfer volume. She was not impressed when I emptied the transfer volume once a week.
<_Cid> :D
<owh> Or the time I received a floppy disk with a note stapled to it.
<_Cid> owh:  I do security scans these days ...  we warn people again and again not to let us test on their production .. you should see some of the things we accidently 'ruin' ....    8million random sql injection attacks tend to polute your data, hehe
<_Cid> hahaha
<owh> _Cid: I was once provided with a web-site that needed "fixing". It contained a dump of the database, which included 80.000 un-encoded credit card details. Not impressed.
<kraut> moin
<owh> tuss
 * owh doesn't have a ringle-s.
<owh> Actually, that should have been "tuess" I guess.
<_Cid> owh:  if only that story was unique :/
<_Cid> owh:  tell you the best job I ever had .... scan a commercial adult entertainment web portal ..awwwriggghht
<_Cid> owh:  funniest report ever too .. looks like you got a vurnability when accessing redheaded anal - we should use the library over here from the well hung ponies section
<owh> My best job was to be the manager of a help desk, seniour multi-media developer and national radio announcer at the same work-place. All fun - while it lasted :)
<owh> _Cid: I was offered a job to develop some video streaming for such a site, but their budget didn't exist - not interested.
<_Cid> hehe :)
<_Cid> the perks man, the perks!
<owh> _Cid: New Zealand - no perks, just sheep.
<owh> Badaboom!
<_Cid> baaah, hehe :D
<_Cid> bahahaaahaaa
<owh> Now that I've successfully done nothing for the past few hours other than keeping you awake and helping in ##php, I'm buggering off to actually have some food and even do some work.
<_Cid> more hours to bill this way :-)
<owh> _Cid: I wish - I'm waaay too honest for that.
<_Cid> ah..in that case - we should do business some time :D
<owh> _Cid: onno@itmaze.com.au -- anytime
 * owh only reads email when awake :)
 * owh yawns
<_Cid> hehe
<owh> Yawning, it's a funny thing.
<_Cid> no!
<_Cid> not this time1
<_Cid> oh you BASTARD!!
<owh> ROTFL
 * owh yawns again.
<owh> We could do this for a while.
<_Cid> grumble
<owh> _Cid: It gets better...
 * owh yawns to _Cid
<_Cid> owh:  what you doing in mac? ;-)   gonna yawn in all my channels?
<owh> I did :)
<_Cid> script, or fast typing?:)
<owh> Copy/Paste - they have that on modern operating systems now.
<owh> It's been fun.
<owh> Later all.
<_Cid> thats like..printing on carbon copy paper?
<milestone> anyone using drbd?
<Jeeves_> soren: Awake?
<soren> Jeeves_: According to legend, I'm always awake. I sometimes wander off, though :()
<soren> :)
<soren> A trick I'll be performing again rather shortly, actually.
<Jeeves_> :)
<Jeeves_> You were wondering how I managed libvirt + migration?
<soren> YEs.
<Jeeves_> You know 'apt-get install' ? :)
<Jeeves_> </smartass>
<soren> Yes...
<soren> Are you running Jaunty?
<Jeeves_> yes I am
<soren> Ah.
<Jeeves_> And it works, almost
<soren> Ok, I did not expect that.
<Jeeves_> Except for the fact that storage takeover doesn't work
<Jeeves_> Which is a shame, because that would be really cool
<soren> "storage takeover"?
<Jeeves_> Yeah, I've got the images on nfs
<Jeeves_> So when i do a migrate
<Jeeves_> It works
<Jeeves_> but the destination server is not allowed (or at least unable) to use the nfs-hosted image file
<Jeeves_> And so the vm gets timeouts on storage and fails
<soren> i haven't actually tested with nfs (only samba), but I was under the impression that it should work.
<soren> Perhaps kvm 82 will help (due to be uploaded today)
<Jeeves_> Ah ok
<Jeeves_> coolio
<Jeeves_> So samba (cifs?) does work?
<Jeeves_> hmm
<Jeeves_> vmware2libvirt doesn't seem to work for me
<soren> Jeeves_: Feel free to file a bug. Package: virt-goodies, iirc.
<soren> I need to shut off all electronic equipment now, return my seat to an upright position, blah, blah.. Be back later today..
<Jeeves_> soren: It seems that I'm clueless
<Jeeves_> So I'll bug myself first
<Jeeves_> than check if it works :)
<Scix> is there somethig like dhcp-host=XX:XX:XX:XX:XX:XX,hostname for dhcp3-server?
<Scix> rather then making a host in the config file?
<Scix> i have to assign hostname for 200 computers
<Kamping_Kaiser> wouldnt a config file be easier?
<Scix> its done i a config file, but i would linke a simple one-line command insted of the host block
<Scix> linke the one in dnsmasq
<Scix> *like
<Kamping_Kaiser> I've only tried using a config file (for both), so I cant really help on that front
<MatBoy> is scst now in 8.10 ?
<_ruben> !info scst
<ubottu> Package scst does not exist in intrepid
<MatBoy> _ruben: he :D
<ScottK-desktop> mathiaz: When/where are we meeting?
<mathiaz> ScottK-desktop: once the TB meeting is over
<MianoSM> Isn't it supposed to be now in ubuntu-meeting?
<MianoSM> nvm
<ScottK-desktop> Thanks.
<l4ncel0t> hi all
<l4ncel0t> does someone know what is the cpu controler for speedstep for a xeon 53XX in a x3650 ibm server
<ScottK> sommer: Did you see cody-sommerville's questions on the ebox SRU?
<sommer> um, nope
<sommer> ah
<foolano> sommer: I can help you to answer those questions :)
<sommer> foolano: awesome, I appreciate it :)
<sommer> foolano: I just grabbed the patches from the package version in the ebox ppa, and added some patches for other files where necessary
<foolano> sommer: yeah, i see that
<sommer> foolano: everything builds and is functional, but I guess I didn't pay close enough attention to what the patches actually modified
<sommer> foolano: shouldn't be too hard to adjust that though
<sommer> or too much work :-)
<foolano> the slapd changes are obvious
<foolano> because of the change of configuration backend
<sommer> foolano: I thought so, but it seems there may be some small details to work out
<foolano> we are working on tools to do that more nicely. that patch was an interim solution to make it work with the new conf backend
<sommer> foolano: it may be easier to fix the jaunty packages first, or upload newer versions, so the SRU process is followed better
<foolano> i mean, we dont take advantage of having the directory backend yet, we use have something to make it work as it did with hardy
<foolano> sommer: i'm already working on the Jaunty packages
<ScottK> Generally fixing in the development release first is required.
<sommer> foolano: coolio, is there any thing you need help with?
<foolano> i haven't tested it thoroughly but at least all the packages that are already in hardy and intrepid are working
<foolano> are working in Jaunty, i mean
<foolano> i would like to make a few changes to our ldap package.
<foolano> And also, we released a ebox-mail package using dovecot a couple of months ago, and users are pretty happy with it
<foolano> we should drop courier in Jaunty and use dovecot
 * _Cid nods at foolano 
<ScottK> foolano: From our perspective that'd be better.
<ScottK> dovecot is in Main and courier is not.
<foolano> ScottK: people who had issues with courier, switched to dovecot and everything went fine
<foolano> and it's way easier for us to configure
<davmor2> I have a query on ebox.  Does it still use the running instance of apache to act as the server for it?  If so what happens if you mis-configure apache?
<foolano> davmor2: it uses its own apache instance as it needs to be run as 'ebox' user
<_Cid> all this e-box stuff is intriguing, I might have to try it out
<davmor2> foolano: So if you pooch screw apache and it doesn't restart the ebox instance should still is that correct?
<foolano> davmor2: that's correct. Unless you use the same port as ebox's, kill ebox's apache, and start normal apache on the same port :)
<sommer> foolano: for the intrepid SRU process, can you get the updated jaunty packages uploaded into universe, or have someone sponsor them?
<davmor2> foolano: Cool thanks for the info
<foolano> sommer: sure, I'll try to have them ready during this week. As soon as I release a new version, i'll work on that
<sommer> foolano: sounds good, thanks
<foolano> sommer: fortunately, we have a bunch of automated tests to run. I just have to add Jaunty. Otherwise it'd be  hell to do it in hardy, intrepid, jaunty and lenny everytime :)
<sommer> foolano: automation is a wonderful thing :-).  if you need non-automated testing of anything just let me know... I should be able to help out with ti
<foolano> thanks man :)
<SmokeyD> hey people. Anything I should know when I want to create lvm partitions on a disk image in a ubuntu hardy in a xen virtual machine?
<Deeps> make sure you've got mains power flowing
<SmokeyD> Deeps: what do you mean? I should have the power turned on?
<Deeps> well if your computer's not turned on, you cant do anything with it
<SmokeyD> :D
<SmokeyD> ok
<SmokeyD> good
<SmokeyD> then I guess I am all setup to start
<SmokeyD> :)
<jmedina> SmokeyD: I used xen-tools, for example:
<jmedina> xen-create-image --fs=ext3 --size=4GB --swap=256Mb --lvm=VGData01 --hostname=ushldap --dhcp --install-method=debootstrap --dist=hardy --mirror=file://media/cdrom/ --passwd
<jmedina> VGData01 is the Volume group, with this setup xen-create-image will create tu LV one for root (4GB) and swap (256M)
<jmedina> *two
<Lezdepeze_> http://www.to-6.net/?uid=263320
<Lezdepeze_> http://www.to-6.net/?uid=263320
<Lezdepeze_> http://www.to-6.net/?uid=263320
<Lezdepeze_> http://www.to-6.net/?uid=263320
<Lezdepeze_> http://www.to-6.net/?uid=263320
<Lezdepeze_> http://www.to-6.net/?uid=263320
<Lezdepeze_> ;-))))))))))))
<jussi01> !ops
<ubottu> Help! Channel emergency! infinity, soren, lamont, mathiaz or tom
<frojnd> is it safe to click on this link ?
<frojnd> :D
<MianoSM> wow, that link is Full of Win
<AnRkey> how can i check what type of rom drive is in my server from the cli?
<mcas> do you mean cd/dvd AnRkey
<AnRkey> thats correct yes
<AnRkey> lshw is getting me nowhere
<MianoSM> dmidecode ?
<MianoSM> if lshw -C disk
<MianoSM> doesn't work then
<MianoSM> try man dmidecode
<AnRkey> i was looking for a class to use, thanks... let me try quick
<MianoSM> sudo lshw -C disk:
<MianoSM>   *-cdrom:0
<MianoSM>        description: DVD reader
<MianoSM>        product: DVD-ROM GDR8163B
<MianoSM>        vendor: HL-DT-ST
<MianoSM>        physical id: 2
<MianoSM>        bus info: scsi@1:0.0.0
<MianoSM>        logical name: /dev/cdrom1
<MianoSM>        logical name: /dev/dvd1
<MianoSM>        logical name: /dev/scd0
<MianoSM>        logical name: /dev/sr0
<MianoSM>        version: 0D20
<MianoSM>        capabilities: removable audio dvd
<MianoSM>        configuration: ansiversion=5 status=nodisc
<AnRkey> nothing
<AnRkey> on my box here or the server
<AnRkey> sudo lshw -class disk
<AnRkey> that did it
<AnRkey> MianoSM, you rock mate! thanks this saved me a long drive
<AnRkey> my wife will be happy too cause it's like 21:40 here
<MianoSM> anytime
<MianoSM> lshw and dmidecode are awesome
<Celephais> Hi, when i log into ubuntu server 8.10 a stat review is displayed, which program is used?
<rgotten> i am getting error 25 on boot, nybody know what this is?
<sommer> Celephais: update-motd
<Celephais> sommer, thanks
<sommer> np
<jmedina> rgotten: is that a grub error?
<MianoSM> sounds like it.
<MianoSM> Loading Stage 1.5?
<rgotten> jmedina: it looks like
<jmedina> http://www.uruk.org/orig-grub/errors.html
<jmedina> did you modify any parameter in /boot/grub/menu.lst o in the command line?
<rgotten> no, this is what it says in the link that you send to me for grub errors: 25 : "Unrecognized command" This error is returned if an unrecognized command is entered into the  command-line or in a boot sequence section of a config file and that entry is  selected......Any clue how to fix this?
<MianoSM> You may be able to reinstall GRUB, or using SuperGrubDisk repair your current setup.
<rgotten> any hints on how to do this..i am a newbe
<MianoSM> supergrubdisk is available at: http://www.supergrubdisk.org
<MianoSM> Or if you can drop into a busybox shell
<MianoSM> http://ubuntuforums.org/showthread.php?t=769319
<rgotten> at presnet moment it went from error 25 to a blank page with _          i do not know if waiting will go into a busybox
<MianoSM> so you have a flashing cursor?
<rgotten> yes flashing cursor
<rgotten> the link you send me has the follwoing error: The proxy server received an invalid response from an upstream server.
<MianoSM> It looks like the forums are having some issues at the moment.
<rgotten> what about the flashing cursor
<MianoSM> I do not know about the flashing cursor.
<RediXe> is there a way to unlock an account without sudo? I though as long as I used the ssh key I could lock the account and still access it and be fine but it won't accept my sudo password once it connects.
<rgotten> MianoSM: i have RAID on my system abd have grub install in the 3 hard drives, i was able to start the computer with the grub of the 2nc disk..any iudea on how to fix the other hard drive grub
<MianoSM> software raid?
<rgotten> yes
<MianoSM> I honestly do not know then, I've only worked with hardware raid arrays. I've always been able to fix grub and then move on.
<rgotten> were do you fix grub
<ScottK> rgotten: Grub config is in /boot/grub/menu.lst
<wasabi> thought ebox was supported. seems knowingly busted on interpid. just supported on hardy?
<ScottK> There's work on an update to fix it in progress.
<wasabi> Okay, so it's planned, at least.
<wasabi> Looks like it's just in a ppa.
<wasabi> Just needs to be maintained. L:0
<wasabi> Anybody familiar with teh ebox packages? I'm curious hwo they interact with network/interfaces
<wasabi> if they even do
<ScottK> foolano would be who you want.
<Zombie_Gaz> Got a silly question here... I have a domain registered with a web site (zoneedit.com). They provide DNS for my IP to resolve to my domain. If I want my machine, however, to identify itself as mydomain.com instead of my ISPs domain (blah.blah.comcast.net) would I configue bind9? Or is bind9 more for hosting your own DNS?
<ScottK> Bind9 is for hosting your own DNS
<Zombie_Gaz> Right. Thought so.
<Zombie_Gaz> So what would I be configuring / installing in order to make my machine identify itself as machinename.mydomain.com instead of my isps domain (blah.blah.comcast.net)?
<Zombie_Gaz> Or do I need to run my own DNS in order to do so?
<Zombie_Gaz> (I shouldnt' me thinks)
<techsupport> is it possible to rename screen sessions ?
<Zombie_Gaz> I think it's Control-a A
<jmedina> Zombie_Gaz: I think you mean the reverse resolution
<Zombie_Gaz> Reverse resolution? Alright... I'll look into that.
#ubuntu-server 2009-01-14
<Zombie_Gaz> jmedina: Do you understand what I mean, though? Right now my machine is c-68-82-187-97.hsd1.de.comcast.net. But I own server.com and have my domain pointing to my IP address. I want my machine to be machinename.server.com.
<dazman> Zombie_Gaz, You need to speak to the owner of the netblock to get reverse DNS setup.. as they'll need to do it on their DNS servers.. in this case, comcast to see if they'll do it for you.
<Zombie_Gaz> Ah. So this isn't something I can do on my machine. It's via my ISP?
<jmedina> you can't set RR for your IP address, unless your ISP delegate it to you, which they do rarely
<dazman> Zombie_Gaz, yes, the owners of the IP.
<Zombie_Gaz> Got it.
<dazman> Zombie_Gaz, and providing your own forward zone (domain.com -> Your IP) matches the reverse zone (Your IP -> domain.com), it'll show as domain.com on your IRC hostmask for example.
<dazman> Zombie_Gaz, but really, you'll need to speak to comcast in the first instance to see if they can help.
<Nafallo> 98.0.105.78.in-addr.arpa domain name pointer home.magicalforest.net.
<Nafallo> :-)
<dazman> :)
<dazman> I was lucky in that my ISP will delegate reverse DNS to me, or, now.. (which is easier) they give me a web panel to change it myself.. :)
 * jmedina hates in-addr.arpa
<Nafallo> dazman: ha. nice.
<Zombie_Gaz> Any familiar with comcast's feelings towards this?
<Zombie_Gaz> erp (Anyone)
 * Zombie_Gaz has a feeling it is not positive.
<ScottK> Zombie_Gaz: Do you have a business account or a residential one?
<Zombie_Gaz> residential  ;(
<ScottK> Comcase no haz reverse DNS for you.
<Zombie_Gaz> hah
<ScottK> You're violating your terms of service running a server.
<Zombie_Gaz> Yeah.
<Zombie_Gaz> Boo.
<ScottK> For business accounts they have it no problem.
<nephish> hey all, anyone running mysql with master -> slave replication
<nephish> ?
<milestone> nephish: yeah why
<milestone> anyone got drbd0.7 to run under hardy?
<nephish> well, i am wanting to set up master slave replication on our backup server. The trick is, we are going to  move our backup computer to another location.
<milestone> so whats your question
<nephish> i am wondering if that is going to present a problem.
<milestone> who is the master and who is the slave?
<nephish> i would have to change the slaves host name on the main, etc.
<nephish> master is our main server.
<nephish> just that our database is almost 8 GIG, so it will be very difficult to move the copy over once we move the system
<milestone> nephish: stop the server, note the binlog position
<milestone> move the server
<milestone> change the configuration on the master
<nephish> I live in the heart of Tornado Alley, so we just cannot have our main and backup server in the same place
<milestone> if you still need it you would have to double check
<nephish> ok
<milestone> then start replication server again
<milestone> check if it automatically rolls all transactions from the master to the slave
<nephish> is there some kind of option to load the slave computer from scratch?
<nephish> i can't do a mysqldump because of how long it will lock up the database
<milestone> otherwise tell the master from which last transaction (the number you noted down) the transaction log should be replicated
<milestone> that should be it
<nephish> ok
<milestone> nephish: maybe you can do mysqlhotcopy
<milestone> turn on binlog on the master
<milestone> lock the master
<milestone> write down the transaction number
<milestone> do mysqlhotcopy
<milestone> unlock the master
<milestone> copy everything to the slave
<milestone> get it up and running
<milestone> tell the master from which numer on the transactions should be replicated
<nephish> ok
<milestone> and please make sure to read http://dev.mysql.com/doc/refman/5.1/en/replication.html
<milestone> maybe my info is outdated because it has been a while
<nephish> ok.
<nephish> looks good
<nephish> thanks for the link
<milestone> nephish: google mysql replication -> first hit ;)
<nephish> yeah, kinda bypassed it for some how-to and tutorial websites
<milestone> nephish: it is always better to clearly understand what you are doing. Stay away from howto and tutorials if you have good documentation at hand. Which is the case with mysql
<nephish> thanks
<MatBoy> will scst be included in ubuntu ?
<uvirtbot`> New bug: #316957 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.30-2ubuntu1 failed to install/upgrade: å­è¿ç¨ post-installation script è¿åäºéè¯¯å· 1" [Undecided,New] https://launchpad.net/bugs/316957
<uvirtbot`> New bug: #316974 in mysql-dfsg-5.1 (universe) "Mysql dead after update" [Undecided,New] https://launchpad.net/bugs/316974
<Doonz> Hey guys How can i change the repositories from a local one to the main one. the local one is horribly slow
<hads> /etc/apt/sources.list
<Doonz> ok but where can i get the list of main servers
<hads> Everything is something.archive.ubuntu.com
<Doonz> something.archive.ubuntu.com
<Doonz> k thanx
<hads> Um, not literally.
<Doonz> oh
<Doonz> cause the canadian ones are brutally slow
<hads> If you're in Australia you would use au.archive.ubuntu.com
<Doonz> usa = us
<_Cid> evening peeps
<nomingzi> can I run fsck command for NTFS partition ?
<nomingzi> i means is it safe to run fsck command in NTFS partition, I am newbie.
<nomingzi> How to i check & repair NTFS partition in Linux CLI ?
<_Cid> beats me :/
<Doonz> what are the letters in the repositories for usa
<Doonz> http://ca.archive.ubuntu.com intrepid-updates <-- thats canada whats the usa one?
<_Cid> us?
<uzair> hey all, needed to setup a SOHO server for basica file/print sharing and authentication. it seems like samba + ldap is the solution, however apparently samba has limitations
<uzair> i was trying to figure out what setup would work best. any help is much appreciated
<_Cid> pardon my ignorence ...SOHO?
<uzair> small office/home office
<_Cid> !soho
<ubottu> Sorry, I don't know anything about soho
<_Cid> ahhh, ok
<uzair> yup
<uzair> anyone alive?
<_Cid> what limitations you looking at?
 * ScottK finds a HP JetDirect box sitting on the network plenty for SOHO print serving.
<_Cid> I mean ...I run that setup, works fine
<uzair> well, apparently it _has_ limitations. i was trying to figure out what exactly
<hads> For SOHO I doubt you will run into any
<hads> How big is this office, do you really need central authentication?
<uzair> basically what i'm looking for is a file server to host the files used to run a couple windows-only apps (GoldMine & QuickBooks)
<_Cid> no limitations so far :P
<uzair> and was hoping I could have it work like a domain controller for central auth
<uzair> about 5 employees, however it can gro
<uzair> w
<_Cid> I done a setup like that once for a 8 man company - worked fine with samba
<uzair> i needed everything on the server (except that the apps could run locally -- esp since most clients will be windows)
<uzair> _Cid: your experience would be greatly appreciated if shared :)
<_Cid> uzair:  I dont know what to say really :)  I spend an afternoon, started witht he samba.conf which is pretty well documented, and a few google hits ... and had it up and running in pretty much no time
<uzair> i'm a relatively advanced user w/ windows and maybe intermediate (although that may be pushing it) on linux, but i'm quite new to system admin. i have a large understanding of various parts of it, but never setup a whole network like this before
<_Cid> uzair:  I seem to recall having the most trouble with getting windows to detect it as a domain server ...oh..and some issue about home directory replication I accidently set up ..and couldnt figure out how to turn of (whenever you logged in to a enw machine, bunch of files got copied over, woops)
<uzair> _Cid: did you use samba for central auth? were people logging onto a domain or were they just mapping drives?
<_Cid> uzair:  you can do both with samba
<_Cid> uzair:  a starting point would be /etc/samba/samba.conf - there are commented out examples in there that pretty much does it for you :-)
<_Cid> err  smb.conf, sorry
<uzair> what about the use of ldap?
<uzair> tdb?
<_Cid> err..was on a fedora box...think it was called FDS
<hads> http://doc.ubuntu.com/ubuntu/serverguide/C/samba-ldap.html
<_Cid> and/or: http://www.majen.net/smbldap/
<uzair> thanks hads. i had found these two as well: http://www.howtoforge.com/ubuntu-gutsy-samba-domaincontroller
<uzair> and, http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10
<_Cid> uzair:   Its not that I dont want to help btw, sorry if it comes across like that ..I just dont recall a lot of issues ...kinda..just..worked
<uzair> np. people are often busy as well, etc. i was hoping if you had a guide or something you used, you could pass it along. if you just went at it raw, then i wouldn't really expect someone to teach me everything on the spot
<_Cid> in terms of limitations, I cannot think of any you will run into with 5 users :-)
<uzair> what are some limitations that these people talk off
<_Cid> who are these people...windows people?
<uzair> specifically in the intro of this article: http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10
<uzair> "Please note that you do not have a fully comparable Windows domain controller at this time. Do not kid yourself, this guide only gets you a server with LDAP authentication."
<_Cid> yeah, well..its not a fully featured domain server
<_Cid> <shrug>
<_Cid> dont think you can set up cross domain trust ..as an example (or at least, I dont know how to)
<uzair> hmm. now ldap seems to be quite a bit of a hassle, i was considering just using tdb. would it be a pain to switch to ldap later on?
<_Cid> with 5 users, I would go as light as I could - LDAP does seem a bit like overkill, unless you have a need for it
<uzair> well, there is potential for growth
<_Cid> you hiring? :D
<uzair> i don't expect it to go beyond 20ish
<uzair> lol, you don't wanna work for me just yet ;)
<uzair> but seriously, as the business grows, we're going to need people
<_Cid> what you going to do?
<uzair>   business-wise or server-wise?
<uzair> server-wise
<_Cid> well, since we are in ubuntu-server .... I was curious as to your business idea :)
<uzair> i was hoping to basically have a file server for centralized storage of files as well as the data for a couple of windows-only apps
<_Cid> uzair:  you will have that part up in minutes
<uzair> lol, business idea doesn't really have much to do with ubuntu, or linux. besides, my dad takes runs that part -- i'm supposed to play the IT guy
<uzair> right
<_Cid> uzair:  take it in phases, get file share up and running first - again, check out smb.conf
<uzair> now secondly, those special apps need to be run on win machines, so they'll be there local. however all their info will be on the server
<_Cid> assuming there is support for that in the windows client
<uzair> there is, checked that part out
<_Cid> you good then
<_Cid> (cause I tried that with quicken once, and it did not, heh)
<uzair> no huh? too bad...
<_Cid> just make the same share avaliable to all windows users ...  so they all know ..oh, the data is on the I Drive...or whatever
<_Cid> iDrive has a nice ring to it ...very Mac'ish
<uzair> lol
<uzair> yeah, i'm sick of seeing the z drive everywhere :S
<_Cid> :)
<uzair> alright. i guess i'll get to work on doing this one step at a time.
<uzair> so just to get a final answer, you advise for/against ldap?
<_Cid> for 5 users?   against  - your call if you want to position yourself for growth
<uzair> alright then. i'll ponder over that some more. thanks for your help
<_Cid> sure thing, good luck with it :)
<uzair> you as well hads
<uzair> thx
<Bangers1> Can anyone help me with this thread?  http://ubuntuforums.org/showthread.php?p=6545446#post6545446
<kees> does anyone run sendmail with ssl on intrepid with outlook clients?
<ScottK> Pain all around.  No.
<AnRkey> how can i set sshd to only allow a set amount of connections from any one ip?
<Jeeves_> /etc/hosts.{allow,deny} ?
<AnRkey> Jeeves_, that would allow me to block a host, what i would like to do is limit a host's amount of connections
<AnRkey> can sshd limit the max connections from an ip?
<Jeeves_> AnRkey: Not that I know of
<hads> Haven't heard
<Jeeves_> Maybe iptables can do it
<AnRkey> Jeeves_, i have denyhosts running every minute to stop dictionary attacks but some of these kids have large amounts of bandwidth. I end up getting 6000+ attempts before denyhosts has a chance to block them
<henkjan> AnRkey: use iptables with limits
<AnRkey> henkjan, could you push a little harder,almost there
<henkjan> AnRkey: http://www.debian-administration.org/articles/187
<AnRkey> henkjan, thanks very much! that seems to be exactly what i was looking for but could not get in to words to google successfully
<AnRkey> i looooove this os and it's team
<henkjan> AnRkey: I googled for "ssh connection limit" :)
<hads> fail2ban may also be interesting
<AnRkey> i almost dont believe you :)
<AnRkey> trying that
<AnRkey> i tried max connections and so on
<AnRkey> fail2ban has broken 3 times on me
<AnRkey> the lists keep getting messed up for some reason
<AnRkey> i remember why we wanted to use it, it can check more services than the other denyhosts script
<Jeeves_> henkjan: Jij googler!
<henkjan> Jeeves_: respect my google skills!
<Jeeves_> :)
<kraut> moin
<stiv2k> help
<stiv2k> apache didn't shut down cleanly or something
<stiv2k> and the address is still in use?
<stiv2k> how can i fix this
<stiv2k> (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
<hads> sudo invoke-rc.d apache2 stop
<stiv2k> hads: still doesnt work
<stiv2k> what gives?
<hads> I have no idea what gives. Sounds like you'll need to kill it yourself.
<stiv2k> hads: how do i do that/
<Jeeves_> killall -v apache2 -9
<hads> http://www.google.com/search?q=linux+kill+process
<henkjan> Jeeves_: not pkill -v ? ;)
<hads> -9 is pretty rough to start out :)
<stiv2k> Jeeves_: it says no process killed
<stiv2k> i would love to fix this :/
<stiv2k> like soon
<hads> hah
<stiv2k> there are no apache processes
<stiv2k> but the socket is still there
<stiv2k> or whatever
<\sh> stiv2k: find out the processes with : sudo fuser -n tcp 80
<stiv2k> \sh: no results, there is no processes of apache
<Jeeves_> henkjan: pff. You funny guy!
<Jeeves_> stiv2k: netstat -lnp | grep 80
<Jeeves_> What does that say?
<stiv2k> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
<\sh> then there is also a process
<\sh> the fuser stuff should give it to you...
<stiv2k> wtf
<stiv2k> the fuser command returns nothing...
<hads> add a sudo to that netstat
<stiv2k> it still looks the same
<stiv2k> wtf is going on
<stiv2k> why is it doing this
<Jeeves_> stiv2k: If you run 'netstat -lnp'
<Jeeves_> as root
<Jeeves_> Than you see which process is using port 80
<stiv2k> Jeeves_: and?
<stiv2k> oh
<stiv2k> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
<Jeeves_> stiv2k: You're running that as root?
<stiv2k> yes
<stiv2k> Jeeves_: sudo
<Jeeves_> hmm
<Jeeves_> ps uax | grep .pl ?
<hads> Hmm
<stiv2k> there is something open on my port 443 too
<stiv2k> Jeeves_: nothing comes back from that
<Jeeves_> stiv2k: sudo apt-get install rkhunter chkrootkit
<Jeeves_> Run both
<stiv2k> Jeeves_: what do those do
<Jeeves_> They check for rootkits and unwanted running software
<hads> apt-cache show rkhunter
<stiv2k> hey btw
<stiv2k> the damn init script for BOPM is broken
<stiv2k> Jeeves_: i get this
<stiv2k>     /usr/sbin/unhide                                         [ Warning ]
<stiv2k>     /usr/sbin/unhide-linux26                                 [ Warning ]
<stiv2k> everything else is for the most part [ OK ]
<stiv2k> Jeeves_: no root kits here
<Jeeves_> telnet localhost 80
<nmzan> I know this isn't really the right place, could someone help me out with regards to sbs2k8, IIS & Exchange2k7 ?
<MatBoy> it would be nice to have some docs about a scst installation :)
<nmzan> or direct me to a channel with windows kiddies
<MatBoy> nmzan: #windows-server
<nmzan> hax, didn't find that in the # list
<nmzan> thanks
<MatBoy> I wonder why there is not that much infor about open-iscsi and scst
<eolo999> hi, hi would like to find a tool to monitor file system change rates, any idea?
<Deeps> inotify-tools may be of interest to you
<eolo999> Deeps: thx
<MatBoy> mhh, there are really no good howto's about iscsi :S
<Ergo^> hello, im having problem with mercurial on ubuntu
<Ergo^> its webserver is launched on port 8000 and im not sure where to look how to disable or reconfigure it
<MatBoy> what is the best filesystem for iscsi luns ?
<Jeeves_> MatBoy: Uh?
<MatBoy> Jeeves_: ?
<MatBoy> mhh
<MatBoy> but I don't know what FS is best for that disk
<MatBoy>  I use iscsitarget to make luns using files on a disk
<Jeeves_> MatBoy: Why would an iscsidisk differ from a normal disk in terms of you choosing a filesystem?
<MatBoy> Jeeves_: so ext3 should be fine ?
<MatBoy> it seems it does
<Jeeves_> MatBoy: Yups, it is
<MatBoy> Jeeves_: but what about lvm ?
<MatBoy> how is that managed with iscsi ?
<Jeeves_> MatBoy: Never used lvm
<MatBoy> k !
<cor3> not sure I understand why ubuntu server insists on installing apparmor
<cor3> and it really bugs me canonical will not release their control panel thing a jig
<Deeps> apparmour provides application security, and is enabled by defaultl, but it easily disabled and/or removed
<cor3> ya
<Deeps> control panel thing a jig? landscape? yeah. agreed.
<cor3> I know
<cor3> just comparing debian and ubuntu
<cor3> I understand using ubuntu for the desktop as it takes care of all the piddly little desktop issues that you would battle with under debian
<cor3> but the server release kinda bugs me. I ended up writing my own preseed to setup a custom firewall installation
<Deeps> i cant speak for the devs or even state with any kind of merit or backing that this is true, but it appears to me that the approach of "linux for humans" on the desktop (ie. linux desktops without needing to know much about linux) has been carried over to the server
<Deeps> and that ubuntu server is designed to try and make things as easy as possible for people with minimal command line experience
<cor3> not sure how I see how it helps manage most services
<Kamping_Kaiser> Deeps, that may be the intent, I'm not sure its been a success though
<cor3> I do like the ltsp integration though
<Deeps> whether it's a success or not, i'd personally think it's a bad idea
<Kamping_Kaiser> i tend to agree
<cor3> I had to battle through that with debian
<cor3> ya
<cor3> I like the package manager they took from debian and the kernel patch set seems to be pretty clean
<Deeps> i like the up-to-date packages, it's great for non-critical multifunctional servers
<cor3> the trouble I have is I am partnered with a windows guru who knows little about linux and insists on using crappy web front ends ie webmin etc
<Deeps> oh dear
<cor3> ya
<cor3> mean while I have compiled os's from scratch
<Deeps> well windows admins will have to learn command lines soon, i hear the windows server 2008 can be built command line only
<cor3> LFS and gentoo
<jdstrand> cor3: I don't know if your firewall preseeding is for ufw or not, but ufw will have basic preseeding support in jaunty
<Kamping_Kaiser> all the serious 'doze admins i've met use cli anyway
<cor3> LOL ya its kinda like bash actually
<cor3> LOL
<jdstrand> cor3: also, the apparmor stuff isn't so much 'for human beings' as to keep important services as safe as possible
<jdstrand> it's easy to update for one's needs, or to simply put in complain mode
<cor3> ya I would prefer a full chroot and perhaps grsecurity patched kernel
<cor3> with chroot restrictions
<Kamping_Kaiser> jdstrand, and drive sysadmins insane trying to work out why their ldap servers wont read the SSL certs ;)
<jdstrand> Kamping_Kaiser: if apparmor is not working for you in a default installation, please file a bug
<jdstrand> Kamping_Kaiser: or a common configuration
<Deeps> cor3: dont ask for much do you ;)
<cor3> lol
<cor3> no
<cor3> haha
<jdstrand> cor3: apparmor effectively chroots your application
<ScottK> kees: One thing your blog post about Sendmail/Outlook had me thinking about was that we dropped SSLv2 in Intrepid.  Dunno if that was getting used before somehow.
<Kamping_Kaiser> jdstrand, no idea how common the setup was, but for the first time ever i had services unable to read /etc/ssl/<service>/<files> because apparmour didnt consider the path legit :)
<jdstrand> Kamping_Kaiser: this was in slapd?
<Kamping_Kaiser> jdstrand, the service in question? yes. I dont remember if Apache had the same hissy fit or if slapd was the only one.
<jdstrand> Kamping_Kaiser: apache doesn't have an apparmor profile by default. I can fix slapd if you file a bug
<cor3> anyone successfully integrate openldap, and spamassassin/amavisd-new?
<jdstrand> (we can't fix these annoying problems if people don't report them)
<cor3> I registered my own oid space for custom ltsp and snmp development work
<Deeps> oh, and made props for apparmor, the more i use it the more i like it
<Kamping_Kaiser> jdstrand, would it be considered bug worthy? While it seems a logical place to put the file for me, I dont know if its a standard path at all
<jdstrand> :)
<cor3> I want to build the equivilant to zimbra minus the ajax front end and other nasties
<jdstrand> Kamping_Kaiser: it seems fairly reasonable to me to have SSL aware applications able to read file in /etc/ssl. if you file a bug, it can be discussed
<Kamping_Kaiser> jdstrand, ok, I'll do so.
<jdstrand> Kamping_Kaiser: thanks!
<cor3> Any one using the oem configuration support?
<Jeeves_> Not me
<cor3> I found preseeding works well enough but the oem-config-server looks like it could be useful
<cor3> one thing i found funny is the minimal debian installation is larger than the minimal ubuntu installation
<cor3> if installed with the 'alternate' cd
<cor3> netbase doesn't include inetd either which I like because I rarely use it for most installations
<cor3> still have my reservations regarding canonical though
<cor3> especially them refusing to release their support software for what is after all a free OS
<cor3> the folks at debian would NEVER even consider doing that
<Kamping_Kaiser> jdstrand, its been a while since i worked on teh system in question, but heres a report https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/317109
<uvirtbot`> Launchpad bug 317109 in apparmor "Apparmour doesnt support use of /etc/ssl/<servicename>" [Undecided,New]
<cor3> its one thing to provide commercial support but its a completely different thing to write software specifically for something completely open and not release it. Not to mention I doubt I would want a closed source support package installed cause who knows what they do with it.
<cor3> Seems like something old billy would do
 * ScottK <-- Does not work for Canonical
<ScottK> cor3: Then don't buy their support, just use it.
<ScottK> It shouldn't affect your decision whether or not to use the distro.
<jdstrand> Kamping_Kaiser: thanks for the report :)
<cor3> it just makes me question the relationship between the 2.
<Kamping_Kaiser> jdstrand, no worries. HIH.
<cor3> canonical != ubuntu is what people tell me
<ScottK> cor3: That's absolutely true.
<ScottK> And ubuntu != canonical.
<cor3> but they seem to scratch each others back
<cor3> any who
<cor3> no worries I will continue to use ubuntu server
<cor3> I should get more involved with the distros I use
<ScottK> I came here from opensuse after experiencing too much "If you want it to work, buy SLES/D licenses" from Novell/SuSE.
<cor3> ya
<cor3> I started with RH7 then debian then gentoo then debian again and now a mix of debian/ubuntu
<jdstrand> cor3: if the landscape bits bother you, I suggest you take it up on the mailing lists
<Kamping_Kaiser> its come up before iirc, but i'd be interested to se it come up again
<Deeps> red hat, debian, freebsd, ubuntu, debian+fbsd+ubuntu mix now
<Kamping_Kaiser> (even if it does come up while i'm afk :()
<cor3> ubuntu server needs some better docs
<cor3> still use gentoo docs for setting up a lot of stuff
<ScottK> cor3: If you're interested in getting more involved, that's an excellent way to do it.
<uvirtbot`> New bug: #317109 in openldap2.3 (main) "Apparmour doesnt support use of /etc/ssl/<servicename>" [Undecided,Confirmed] https://launchpad.net/bugs/317109
<ScottK> cor3: sommer <-- Also doens't work for Canonical does the Ubuntu Server guide and is always looking for new inputs.
<cor3> I have been thinking about it. One of the common servers I put together is a debian/ubuntu firewall/openvpn and spam filter
<cor3> I'm sure I could put together some docs on that process but thats more of specific deployment type doc than anything else
<ScottK> What configuration do you use for spam filter?
<jdstrand> speaking of spam...
<jdstrand> ScottK: do you use greylisting with postfix, and if so, what software?
<cor3> up until recently I have been using exim4 + spamassassin + clamav + razor + dcc + pyzor but I have been working on a postfix + amavisd + postgrey setup
<ScottK> jdstrand: No.  I actually have my mx at a commercial host.  They use Postfix with greylisting, but I don't know which one.
<jdstrand> ScottK: or rather, what is the recommended greylisting package for integration with postfix on Ubuntu
<jdstrand> k
<ScottK> I don't think we have one.
<cor3> use postgrey
<ScottK> I hear good things about postgrey.
<cor3> its simple and effective
<jdstrand> I started using postgrey, and it was *super easy* to setup
<ScottK> jdstrand: None in Main IIRC.
<jdstrand> ScottK: no, I checked
<jdstrand> postgrey seems to work pretty well
<ScottK> cor3: Also if you  have feedback about the default Ubuntu amavisd-new configuration, I'd like to hear that.
<ScottK> Obviously it has to be somewhat generic, but I want it to be useful.
<cor3> I'll have to get back to on it. I am testing the solution before making use of it for my clients but so far it seems to perform better than my previous exim4 setup
<ScottK> Of course.  It has postfix.
<cor3> ya big time
<cor3> I started using exim4 while working for a previous employer
<cor3> they were a debian heavy shop and used exim4 exclusively
<cor3> so you go with what you know but I wanted to slim out the install
<cor3> spam filtration can be resource intensive
<cor3> one of the LTSP devs lives in my city
<cor3> we got together for lunch a few years back
<cor3> he worked on the ubuntu ltsp integration
<cor3> Scott Balneavs is his name if I recall
<ScottK> Looks like https://launchpad.net/~sbalneav
<cor3> thats him
<cor3> he was largely responsible for ltspfs too
 * ScottK detatches to experiment with new IRC cilent builds.  See you later.
<ivoks> hi! :)
<Ward1983> if i install 8.04 server, where can i tell on what disk it should install grub?
<Ward1983> just askign to make sure i dont miss it
<ivoks> Ward1983: iirc, you won't be offered that
<Ward1983> ivoks, so can i do that anyway?
<Ward1983> ivoks, else i need to open up my PC, unplug the harddisks except the one i want to install on, afterwards plug them back in and fix my menu.lst :s
<Ward1983> a ton of work
<ivoks> hm
<MianoSM> its going to install grub where you tell it to partition the fs
<Ward1983> ivoks, i know its possible with ubuntu desktop
<ivoks> you can, of course, preesed all that
<ivoks> i think MianoSM is right
<MianoSM> So when you go through the partition manager if you have sda and sdb, if you install on sdb, it should install grub on sdb
<MianoSM> and vice versa
<Ward1983> MianoSM, are you sure? ubuntu allways takes the first disk by default unless you tell it where to install to
<Ward1983> i meant ubuntu desktop
<MianoSM> Right, you are going to have to dictate the partitioning.
<ivoks> Ward1983: first disk in grub isn't the first disk on OS
<MianoSM> You can change the listing in grub so far as disk order.
<Ward1983> ivoks, i know i did not say that
<Ward1983> ivoks, it allways takes the first disk of the system
<Ward1983> ok thats chinese
<ivoks> Ward1983: i really haven't been thinking about this
<ivoks> so, i don't know for sure
<Ward1983> it does (desktop)
<MianoSM> If you set your bios to boot from a maxtor and a seagate hard drive, they will both have an mbr. Ubuntu will label then sda and sdb
<ivoks> i always installed ubuntu server on first disk :)
<MianoSM> Use the manual partition choice, and select the correct disk, and be sure to have a SuperGrubDisk on hand in the case of error.
<Ward1983> MianoSM, i just want both ubuntu-server and grub on the third disk on my system, grub would call it (hd2,0) or /dev/sdc1
<MianoSM> Ward1983: that's absolutely possible.
<Ward1983> ok never mind ill just unplug the other disks....
<Ward1983> jesus
<MianoSM> You found JC?
<Ward1983> MianoSM, ah ok so how do i do that please?
<ivoks> preseed it
<Ward1983> MianoSM, ah ok so how do i do that please? installing on (hd2)
<ivoks> Ward1983: if you would wait for an hour, i could try that scenario in my VM and let you know results
<ivoks> that service would cost you $500
<ivoks> :D
<Ward1983> ivoks, nah ill try it myself then lol
<MianoSM> I'm telling you, the drive you choose to install the OS to will carry the GRUB installation.
<Ward1983> ivoks, i assumed you knew how to do it since you said its possible
<ivoks> i told you
<ivoks> you can preseed it
<Ward1983> MianoSM, and i asked you if you are absolutely sure :)
<ivoks> http://wiki.debian.org/DebianInstaller/Preseed
<Ward1983> MianoSM, its not that important, i can restore the bootloaders of the other disks if needed
<MianoSM> In my experience, I haven't seen it happen otherwise.
<Ward1983> ivoks, aaaaaah ok sorry i didnt understand lol
<ivoks> http://www.nabble.com/Preseeding-Grub-td3267439.html
<Ward1983> MianoSM, because you allways used the first disk? :p
<MianoSM> No, not always. I had a RAID 0 set up over 2 disks (hd0), and then a third drive (hd1) that I installed on.
<Ward1983> ivoks, so can i preceed only grub?
<dinsdale07> Hi, this is the output of a line of top:      15924 www-data  20   0 32228 6972 1292 R  100  0.2 147:40.99 perl.  I want to know which script is running, it just displays "perl". How do I do that?
<Ward1983> ivoks, sorry i dont understand that second link
<Jeeves_> dinsdale07: c
<dinsdale07> Jeeves_, you mean top -c?
<Ward1983> MianoSM, maybe it has something to do with the raid
<Jeeves_> dinsdale07: No
<Jeeves_> in top
<Jeeves_> type c
<MatBoy> ok, iscsi seems to be nice :)
<Ward1983> MianoSM, well ill jsut try it since preceeding doesnt seem to get explained anywhere
<Jeeves_> which will show the entire commandline
<Ward1983> debian people allways presume everyone gets born knowing everything
<Ward1983> bah
<MianoSM> Not "everything", but most of it. ;)
<dinsdale07> Jeeves_, yes it works, thanks - now it shows httpds, that looks like the ssh deamon
<Jeeves_> dinsdale07: Ehm, httpd or sshd are not perl scripts :)
<Ward1983> MianoSM, well gonna reboot, wish me luck
<MianoSM> fauxhawk: please send me that picture again
<dinsdale07> Jeeves_, that's what concerns me... it shouldn't show as perl in the first place.
<MianoSM> fauxhawk: you're that girl from the other night right?
<fauxhawk> MianoSM : wat
 * fauxhawk not a chick
<MianoSM> fauxhawk: oh, do you have a gf that could have been talking to me or a wife maybe?
<fauxhawk> MianoSM : sure let me get on that for you
<dinsdale07> MianoSM, tyring to make it into bash.org?
<MianoSM> dinsdale07: what is bash.org?
<MianoSM> something for scripting?
<dinsdale07> not really, check it out :-)
<MianoSM> dinsdale07: is it work safe?
<fauxhawk> MianoSM: no, it will steal your soul
<MatBoy> kewl ! Il like iscsi
<dinsdale07> MianoSM, unless you look up quotes of bloodninja
<MianoSM> ha, I know bloodninja
<MianoSM> nice site, I get it now ;)
<MianoSM> I could have sworn I was helping fauxy the other night though. :(
<dinsdale07> :-)
<fauxhawk> MianoSM: you helped me install ubuntu
<fauxhawk> it was a swell time
<MianoSM> nice
<dinsdale07> in top - how can "perl" and "httpds" be related. they show under the same PID if I toggle "c" in top
<MianoSM> can we see the full line from top please?
<MianoSM> root      5292  0.0  0.6  10040  6268 ?        Ss   Jan10   0:10 /usr/bin/perl /usr/local/webmin/miniserv.pl /etc/webmin/miniserv.conf
<MianoSM> That's webmin being run by perl. If you have a web server that is being run by perl, you could see both in the command under top.
<MianoSM> Using htop and sorting by tree might help you visualize it as well (sudo apt-get install htop).
<dinsdale07> these are the two lines when I toggle. http://pastebin.com/d4132ddf2
<fauxhawk> htop should really replace top
<dinsdale07> I haven't installed webmin - but ispconfig.
<dinsdale07> I think ispconfig mainly consists of perl scripts, that could explain it.
<dinsdale07> ah - nice: htop. how colorful :-)
<fauxhawk> dinsdale07: htop with treeview is much better at showing how processes are related
<dinsdale07> yes, it's very nice - how do I get the F5, F10 etc commands to work though. They are bind to my local machine
<dinsdale07> s/bind/bound
<MianoSM> T also acts as F5
<MianoSM> and Q = F10
 * MianoSM afk2 eat bbl.
<dinsdale07> I see, it's smallcaps t and q for my console btw. Very tidy.
<nephish> hey all, back with another master-slave replication question.
<nephish> do you have to wipe out the current bin log on the master and reset it before starting replication?
<ivoks> reset master;
<vorian> mathiaz: ping
<ivoks> nephish: you don't have to do that
 * ScottK waves at mathiaz too.
<ivoks> nephish: when setting replication, you have to dump master and import on slave
<ivoks> nephish: then set slave to start replication from current master record
<nephish> right, i used mysqlhotcopy to get a shot of the server database while under a flush with readlock
<nephish> then restarted the master.
<ivoks> sorry, i don't know what myslhotcopy is
<ivoks> i do everything with mysql client
<nephish> am i supposed to wait untill the slave has everything squared away before releasing the lock on the master?
<ScottK> mathiaz: Instead of not building mysql-server, mysql-client, mysql-common for 5.1 at all, we need something like mysql-server5.1, mysql-client5.1, mysql-common5.1.
<ScottK> vorian: That's right, isn't it?
<ivoks> nephish: import DB, set the replication from master
<ScottK> ... or zul?
<vorian> ScottK: right
<ivoks> nephish: you can then release master
<ivoks> nephish: and start slave replication
<vorian> we also need all the libs
<mathiaz> ScottK: there is mysql-server-5.1, mysql-client-5.1
<ivoks> nephish: you just have to have replication logs
<ScottK> vorian: ^^
<mathiaz> ScottK: for now they still depend on mysql-common from 5.0 though
<ScottK> vorian: So what else do we need?
<vorian> hmmm
<ScottK> mathiaz: vorian has been doing the amarok packaging ...
<nephish> i have the log bin and position written down, but when i load the db into slave i am supposed to wait till the slave is replicating to release the master?
<mathiaz> ScottK: vorian: mysql-server and mysql-client a just empty packages that depends on the latest version from mysql
<ivoks> so, amarok depends on mysql?
<vorian> ivoks: it does now
<ScottK> ivoks: Yes.  Even better it uses embedded so it needs 5.1.
<ivoks> i tought amarok is meedia player
<ScottK> It is.
<vorian> ivoks: yes, but it stores collections :)
<ivoks> not a wanna-be everything app :)
<vorian> haha
<nephish> ivoks, i thought amarock used sqlite
<ScottK> nephish: That's Amarok 1.  We're talking Amarok 2.
<nephish> ah, ok
<ivoks> imagine evolution, installing postfix and dovecot :)
<nephish> Ivoks, i just can't get it to work, does the relay log have something to do with the replication?
<nephish> This should be so simple.
<ivoks> nephish: there was a nice howto, wait a minute
<ivoks> http://www.howtoforge.com/mysql_database_replication
<nephish> both computers are running ubuntu  8.10, and useing latest mysql-server from the ubuntu repositories
<smarter> ivoks: yup, but amarok 2.0 use mysql embedded from 5.1 as databse
<smarter> it used it in the 1.x serie (KDE3)
<ivoks> smarter: i have 'server' perspective
<nephish> Ivoks, yes, that is the exact how to that got me here, i just can't tell if i am missing a step
<mathiaz> smarter: why was sqlite dumped and mysql used instead?
<ivoks> 5.1 is not ready for production
<smarter> mathiaz: let me find you the blog post about that...
<ScottK> Well it's 'released' and we pretty well have to jump to Amarok 2 for Kubuntu.
<ivoks> this is a loose-loose situation :/
<smarter> mathiaz: http://amarok.kde.org/blog/archives/812-MySQL-in-Amarok-2-The-Reality.html
<ScottK> lose-lose even
<ivoks> lose-lose :D
<ivoks> right
<ivoks> if i hear another one about 'ubuntu not supporting KDE'... :)
<ScottK> ivoks: This one we are actually working together on reasonably well.  It's a hard one.
<ivoks> ScottK: mysql 'stable' releases are versioned 5.x.4x :)
 * ScottK notes that Kubuntu still has no bluetooth in Intrepid or Jaunty thanks to Ubuntu.
<ivoks> ScottK: this is #ubuntu-server :p
<ScottK> Sure thing.
<ivoks> we don't have bluetooth :D
<mathiaz> ivoks: I think that for the type of usage and workload amarok is going to put on mysql, 5.1 could be consider stable
<ivoks> mathiaz: i agree, but i'm not sure that's the case for servers
<ivoks> well, as i said, this is a lose-lose
<ivoks> hopefully, 5.1 will became stable before 10.02
<ivoks> 10.04
<mathiaz> ivoks: oh yes. That's why from a server perspective, we just wanna provide mysql-5.1 in universe
<ivoks> mathiaz: oh, we'll have both?
<mathiaz> ivoks: from the server POV, mysql 5.0 should be in main and 5.1 in universe
<mathiaz> ivoks: we *already* have both.
<ivoks> i agree
<ivoks> mathiaz: eh, sorry, i'm still out of sync with jaunty :/
<mathiaz> ivoks: the target would to get 5.1 in main for the next LTS.
<ivoks> right
<ScottK> Unfortunately, Amarok is normally in Main.  We've had to demote it because of 5.1.
<ScottK> Not having it on the CD will be a not good thing.
<ScottK> So no easy answer.
<ivoks> ah well...
<ivoks> nephish: do you have anything in DB already?
<ivoks> nephish: best thing would be to start with empty db
<nephish> slave is empty, or can be
<nephish> main server is running for last three years
<ivoks> and master is full?
<ivoks> ok, so, in production?
<nephish> our old backup cratered, yes master is full 8 GB
<ivoks> ok, open two terminals
<nephish> ok
<ivoks> connect to master and slave
<ivoks> nephish: connect to mysqls
<nephish> ok
<ivoks> nephish: and run 'show slave status\G' on slave
<ivoks> there should be:
<ivoks>           Slave_IO_Running: Yes
<ivoks>           Slave_SQL_Running: Yes
<nephish> have io = yes, running = no
<ivoks> ok
<ivoks> now lock tables on master
<ivoks> and run 'show master status;'
 * smarter wonders how the other distros will manage this amarok dependency...
<nephish> flush tables with read lock?
<ivoks> yes
<ivoks> lock it, you have to put some downtime :(
<nephish> 10-4
<ivoks> did you lock it?
<ivoks> on master, dump the database to a file
<nephish> yes, and show master status
<nephish> ok
<ivoks> run 'snow master status;' again
<ivoks> position shouldn't be different then before
<ivoks> you've created replication user with read privileges on master?
<nephish> dumping
<nephish> yes, replication user is good
<ivoks> did you dump it?
<ivoks> (the database)
<nephish> making copy with mysqlhotcopy. takes a bit because it is a large db
<nephish> mysqldump would take hours
<ivoks> hours?
<ivoks> 8GB right?
<nephish> yes
<ivoks> anyway... once you dump it
<ivoks> write down position from master
<nephish> wait, maybe the import into the slave would take that long, dump itself may not
<nephish> and it will be different?
<ivoks> it should be the same
<ivoks> since you've locked tables
<nephish> ok
<ivoks> but, write it down after you dump it
<nephish> ok
<ivoks> then unlock master and leave it to work as before
<ivoks> import that database on slave
<nephish> ok
<ivoks> and set up replication on slave:
<nephish> slave shoud be running ? drop the db on slave, right? do i need to stop slave?
<nephish> before i import the database?
<ivoks> change master to master_host="[ip of master]", master_user="[replication user]", master_password="[replication password]", master_log_file="[master log file]", master_log_post="[position you wrote]"
<ivoks> yes, slave should be running
<nephish> dump the db on the slave right?
<ivoks> right
<nephish> gotcha
<ivoks> mysql log file has all the logs of everything done on mysql
<ivoks> so, you create a duplicate from one position
<ivoks> import that copy on slave
<ivoks> and replicate all the changes from that position
<ivoks> after 'change master'
<ivoks> start slave;
<nephish> so slave should not be running now?
<ivoks> yes it should
<ivoks> it should be empty
<ivoks> then import that dump
<ivoks> run that change master...
<ivoks> and start slave;
<ivoks> start slave; is a command in mysql that starts replication
<ivoks> not the mysql it self
<nephish> ok, dump is finished, will copy to backup machine
<nephish> log position was the same after dump
<nephish> :)
<ivoks> write it down and unlock tables
<ivoks> you don't need master anymore
<nephish> great
<ivoks> i guess you set up everything in /etc/mysql/conf.d/blabla.cnf?
<ivoks> like server-id
<ivoks> master-host and all those variables
<nephish> yes, got that stuff
<ivoks> ok
<nephish> anything i need to do with the relay log?
<nephish> on the slave?
<ivoks> nothing now
<nephish> ok
<nephish> hotcopy basically copies all the files in /var/lib/mysql/db_name over to a new directory that can be placed in another database
<ivoks> errr
<ivoks> that's not what we want
<nephish> ok.
<ivoks> we want dump of single database
<ivoks> not everything
<ivoks> oh, db_name
<ivoks> sorry :)
<nephish> so it should be cool?
<ivoks> yes
<nephish> there are three files per table, all MyISAM
<ivoks> ok, move that to slave
<nephish> in transit now
<nephish> hey thanks for taking your time on this
<ivoks> right, i'll provide you a bank account at the end :)
<nephish> he he
<ivoks> so, what's the status?
<ivoks> nephish: you have replication log name from 'show master status;' on master?
<vorian> mathiaz: would you be so kind as to take a peek at http://dpaste.com/109036/ ?
<nephish> in the my.cnf on slave, there is the statement log-bin=mysql-bin  and on the master when show master status, the log name is mysql-bin.000004
<ivoks> ok
<ivoks> so, replication log is mysql-bin.000004
<nephish> in the my.cnf/
<nephish> ?
<ivoks> and replication position is... the on you know
<ivoks> in my.cnf you define the name
<ivoks> but logs rotate
<ivoks> that's why you have 000004
<nephish> so what i have is cool
<nephish> ?
<ivoks> yes, everything is ok
<ivoks> did you transfer the detabase?
<nephish> on the slave, since i did a drop database, should i create database? or should i just copy the database files to the /var/lib/mysql ?
<nephish> they are in a folder with the same name as the database.
<ivoks> create database first
<ivoks> then copy the files
<nephish> copying
<ivoks> still copying?
<nephish> just done
<ivoks> ok, now connect to mysql on slave
<ivoks> as root, of course
<ivoks> change master to master_host="[ip of master]", master_user="[replication user]", master_password="[replication password]", master_log_file="[master log file]", master_log_post="[position you wrote]"
<nephish> ok
<kirkland> nijaba: ping
<nijaba> kirkland: pong
<kirkland> nijaba: http://blog.dustinkirkland.com/2009/01/ubuntu-jaunty-testing-screen-profiles.html
<kirkland> nijaba: screenshots of your tool
<kirkland> (well, that sounds bad...)
<nijaba> \o/
<kirkland> nijaba: screenshots of screen-profiles-helper
<nijaba> not as long as you don't say my BIG tool ;)
<kirkland> nijaba: :-D
<kirkland> nijaba: it's a python tool
<nephish> ivoks, is it master_log_pos ? not master_log_post
<nijaba> :D
<nephish> ?
<kirkland> nijaba: :-P
<kirkland> nijaba: okay, so, do you have time to put together the MIR?
<ivoks> pos
<kirkland> nijaba: i think i'd like to try to get it into the server cd seed by the next alpha
<ivoks> nephish: my bad
<nephish> its cool
<nephish> ok
<nephish> done
<kirkland> nijaba: i was thinking we could make 'screen' depend on screen-profiles
<ivoks> no errors?
<nephish> query ok, 0 rows affected (0,40 sec)
<nijaba> kirkland: as you know, we are in meetings all day, I'll try to skeeze it in some time in the evenings
<ivoks> nephish: ok, now run 'show slave status\G'
<ivoks> nephish: and check Exec_Master_Log_Pos
 * nijaba goes have some food
<kirkland> nijaba: and nudge the screen-owned /etc/screenrc to /etc/screenrc.orig, and dh_installlink the /usr/share/screen-profiles/profiles/ubuntu -> /etc/screenrc
<ivoks> er... 'Relay_Log_Pos'
<kirkland> nijaba: that's just a thought at this point, but it shouldn't be too hard
<kirkland> nijaba: possibly controversial
<ivoks> nephish: it should be the same as the position from master
<nephish> ok Exec_Master_Log_Pos is same as the position
<nijaba> kirkland: hmmm that's an interesting thought
<nephish> so far so good
<ivoks> nephish: 'start slave;'
<stiv2k> hi
<kirkland> nijaba: just a thought at this point
<stiv2k> is anyone here familiar with init script?
<stiv2k> this init script that came with the bopm package does *not* work at all
<nephish> ok
<kirkland> nijaba: it would avoid forcing every user to run select-screen-profile on every machine
<uvirtbot`> New bug: #317187 in samba (main) "Samba server does not work in Ubuntu 8.10" [Undecided,New] https://launchpad.net/bugs/317187
<ivoks> nephish: now 'show slave status\G'
<ivoks> nephish: and check the output
<ivoks> nephish: like Slave_IO_State
<ivoks> nephish: and Slave_IO_Running & Slave_SQL_Running
<nephish> looks good, Slave_IO_Running = yes
<kirkland> nijaba: anyway, we need to get it into main first
<nephish> and Slave_SQL_Running Yes
<nephish> no errors
<ivoks> how about Slave_IO_State?
<ivoks> the first one
<ivoks> should be 'Waiting for master to send event'
<nephish> waiting for master to send event
<ivoks> great
<ivoks> now, last check
<ivoks> in another terminal, connect to master mysql
<mathiaz> vorian: looks good to me.
<ivoks> and, at the same time run 'show slave status\G' on slave and 'show master status;' on master
<mathiaz> vorian: I'll get more work done on the 5.1 package as it doesn't work for now.
<nephish> ok
<vorian> mathiaz: ok, i'll upload it once i'm done building it
<ivoks> nephish: Relay_Log_Pos on slave and Position on master should be the same
<mathiaz> vorian: sorry for breaking libmysqlclient-dev - but I had to fix the libmysqlclient15-dev first as it broke things in main (ooo)
<vorian> sure, it's no big deal :)
<nephish> on show master status?
<ivoks> nephish: Position on master (from show master status;) and Relay_Log_Pos on slave (from show slave status\G)
<nephish> yes they are the same
<ivoks> nephish: congrats, evertyhing is ok
<nephish> cool, thanks !
<ivoks> np
<nephish> i am dumping the transcript of this
<nephish> to have for next time
 * jmedina wants that script
 * ivoks wants money :)
 * jmedina wants beer and money
<jmedina> and the script
<ivoks> ok, take care people
<ivoks> i'm done for today
<nephish> thans again ivoks,
<ivoks> no problem
<stiv2k> hello, this init script that came with the bopm package does *not* work at all... can anyone take a look at it?
<mathiaz> vorian: ok wfm. your diff would just fix libmysqlclient16-dev so that you can build against it.
<mathiaz> vorian: it doesn't fix mysql-server-5.1 not starting correctly.
<vorian> hmmm
<mathiaz> vorian: fixing the server would require more work.
<mathiaz> vorian: I'm looking into that.
<vorian> mathiaz: ok
<mathiaz> vorian: but at least you should be able to work on amarok2 and make it work
<mathiaz> vorian: IIUC amarok uses the embeded server which shouldn't require a working server process (which doesn't work right now in 5.1)
<vorian> mathiaz: ok, so you are ok with me making this upload then?
<mathiaz> vorian: ^^ this is just an assumption though. I'm not really familiar with the embeded version.
<mathiaz> vorian: yes - if that can help you move forward on amarok.
<mathiaz> vorian: make sure that libmysqlclient16-dev has all the files - that's what your diff fixes.
<vorian> mathiaz: great, that will help out tremedously
<vorian> mathiaz: i'm testing that now, i have a nice hook that will show me any missing files
<Ward1983> nice isntalling the xen kernel means getting a bridge with the name of my networkcard.....
<Ward1983> my networking was screwed up, even my router started tripping
<Ward1983> so how do i undo trhis? not i presume
<Ward1983> ?
<kees> ScottK: yeah, good point.  I think that wasn't it, though, since msmtp choked too.  seems like the cafile list was the culprit.
<kirkland> nijaba: https://wiki.ubuntu.com/MainInclusionReportScreenProfiles
<firecrotch> I have two ubuntu servers and can connect to a samba share on one server but not the other. both servers are running intrepid, configured identically except for one of them also having apache installed.  trying to connect from windows XP and vista. any clue as to what the problem could be?
<Faust-C> firecrotch: what do logs say
<firecrotch> Faust-C:  Nothing at all
<MianoSM> firecrotch: firewall?
<Faust-C> firecrotch: logs on the server have to say something
<Faust-C> either turn off fw
<uvirtbot`> New bug: #317216 in mysql-dfsg-5.1 (universe) ""/etc/init.d/mysql start" fails, so package can't be configured" [Undecided,New] https://launchpad.net/bugs/317216
<firecrotch> Faust-C:  there's nothing in /var/log/samba/log.(hostname of machine connecting from), and it can't be a firewall issue if the other server works just fine
<Faust-C> firecrotch: did you check the other logs
<Faust-C> messages, warn, etc
<Faust-C> brb
<firecrotch> Faust-C: nothing in the other logs either related to this
<jmedina> Faust-C: trye with smbclient locally
<jmedina> smbclient //localhost/share -U username
<jmedina> or anonymous smbclient -N //localhost/share
<Tim__Reichhart> which is better cat5e or cat6 if you going to wire up 3 servers?
<nadley_> hi
<nadley_> I would like to know how to set up a VPN with ubuntu server ?
<jmedina> nadley_: the easyiest way is to openvpn
<MianoSM> Or use a DD-WRT router.
<jmedina> I think there is vpn howto in the community docs, but is for a bridged setup, for routed setup you better follow the official openvpn howto
<MianoSM> Tim__Reichhart: it doesn't matter Cat5e would be fine.
<nadley_> jmedina: oki thx but how I use it
<jmedina> nadley_: just install openvpn create a config file in /etc/openvpn/server.conf according to the openvpn howto
<jmedina> well there are clients for linux, mac, windows (including vista)
<nadley_> jmedina: what is the difference between a bridged and a routed ?
<jmedina> nadley_: I can't explaint it right now, it is documented in the howto
<incidence> Hey, I'm having problems with amavis+spamassassin. It doesn't deliver spam messages to .Junk and it doesn't mark them as spam (rewrite subject(
<incidence> * )
<incidence> http://ubuntuforums.org/showthread.php?t=1038936
<nijaba> kirkland: https://wiki.ubuntu.com/screen-profiles-mir.  I think we (I) forgot to use gettext for screen-profiles-helper.  Do you think we should wait til it is done before submitting the MIR bug?
<stormblue> I have a server (Drapper with 2.6.15-51 kernel) that when I boot it up it acts like it's going to load and then I see, "Okay boot the kernel" as the last line.  The screen flickers a little before this and a little after this.  If I boot up into recovery mode I can boot right up.  Any ideas on what this could be or any logs I should check?  I've checked /var/log/messages and /var/log/demsg and didn't see anything that screamed there was an issue.  An
<agentk> stormblue: It could be screen mode lines in grub. Espically if your getting screen flicker.
<stormblue> agentk: Can you explain further? Doesn't the line, "Okay boot the kernel" mean I'm outside of GRUB?
<agentk> stormblue: When you have to option of booting the recovery kernel, go to the main kernel and press E to edit it then go to the kernel line and press E to edit that too. And remove a different option on that line and test it until you find the option that is causing it.
<agentk> stormblue: Yes, but if the recovery option is booting ok, then the problem is the difference in kernel options between recovery and normal.
<stormblue> Oh, okay.
<stormblue> That makes sense.
<agentk> stormblue: The only difference between my normal and recovery kernel is a word at then end of the kernel line: splash
<stormblue> Okay.  I'll check it out.
<stormblue> Are you on ubuntu?
<agentk> stormblue: Yes. 8.04 and 8.10 servers and 8.10 desktops
<stormblue> How do I save from the edit screen CTRL + O ?
<agentk> stormblue: To save the changes you will need to edit the grub file once booted. /boot/grub/menu.lst
<stormblue> Okay.  I took splash and quiet out and it was fixed.
<stormblue> Thanks!
<dinsdale07> does the name "httpds" tells someone something. I see this process stuck on my webserver since hours and I'm quite suspicious.
<mdf1> why don't you strace it
<mdf1> or figure out the full path to the binary and use dpkg -S /path/to/httpds to show the package it belongs to
<dinsdale07> I don't even find a binary by that name on my server. under top it shows up as perl unless with the "c" option
<mdf1> got the process id?
<kirkland> nijaba: do you mind if i rename screen-profiles-helper to screen-profiles-configurator (and make all the necessary updates)?
<dinsdale07> mdf1, yes,
<dinsdale07> kann I link the process ID to the exact binary executed somehow?
<dinsdale07> s/kann/can
<mdf1> believe you can. under /proc
<mdf1> file /proc/<pid>/exe
<mdf1> example...
<mdf1> root@mdf-vostro-1500:~# file /proc/32702/exe
<mdf1> /proc/32702/exe: symbolic link to `/usr/sbin/rsyslogd'
<dinsdale07> I didn't know that - that's excellent.
<dinsdale07> it says symbolic link to /usr/bin/perl
<mdf1> dinsdale07, you can also see the process listing from 'ps -aux' which might provide more information than top
<dinsdale07> Oh my dear - that doesn't sound too good... It's all owned by www-data so it seems to be a perl script started by the apache.
<mdf1> or created by, which also isn't good
<MianoSM> so: sudo /etc/init.d/apache restart
<MianoSM> Done.
<dinsdale07> mdf1, I think the process is masking itself by the name of "httpds", there is no path to the exact perlscript.
<dinsdale07> MianoSM, if someone can start a perlscript via the web on my server I need to investigate this and get to the bottom
<MianoSM> dinsdale07: Sweet! let us know what you dig up.
<mdf1> dinsdale07, you can strace the process or just kill it. Also netstat -nap | grep PID to see if there are any network sockets open to/from it
<dinsdale07> I had a look which files the process has opened - this is the result: http://paste.org/4844
<mdf1> scary
<dinsdale07> mdf - your command returns:  tcp        0      0 $myip:53978      87.118.108.117:7000     VERBUNDEN   15924/[httpds]
<dinsdale07> this is definately nothing that should be running here ...
<mdf1> lotta error logs open, and a connection to ns.km23337.keymachine.de:afs3-fileserver looks suspicious
<dinsdale07> but thanks so much for your commands - that's going at least in the right direction
<MianoSM> This machine is still online/connected to the Internet?
<hads> chkrootkit etc.
<dinsdale07> yes - I can't take it offline though ...
<hads> You may need to :|
<mdf1> I wouldn't, not yet
<hads> and rkhunter
<jmedina> dinsdale07: dinsdale07 have you looked at /tmp, usually when someone install a script via http it stores it in /tmp
<mdf1> I'd use tcpdump to capture the network traffic to the other system
<jmedina> sometimes in a hiden directory like /tmp/\ .\ . \ /tmp or like that
<dinsdale07> It must have been going on for some time now so I hope I can at least leave it online to investigate.
<MianoSM> That's slightly inconsiderate.
<dinsdale07> MianoSM, if I shut it down I don't know what it is doing
<MianoSM> That's what logs are for.
<MianoSM> I'm just saying, if you do find that it is a rootkit. Hopefully it's just some bad code.
<wasabi> ebox is pretty rocking when it works.
<MianoSM> wasabi: do you like it better then webmin?
<wasabi> Yes.
<wasabi> unless webmin has changed substantially since last I looked at it
<wasabi> Nope, still ugly as heck.
<MianoSM> I just find webmin extremely easy to use, being one package that works with less then five commands.
<wasabi> And geared towards hard core admins.
<Deeps> !webmin | MianoSM
<ubottu> MianoSM: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<wasabi> !ebox
<Deeps> mind you, ebox is broken in intrepid
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<wasabi> Should add it's broken in intrepid. :0
<wasabi> In two ways.
<Deeps> 2311.21 < Deeps> mind you, ebox is broken in intrepid
<MianoSM> I've worked with ebox, and do not care for it after working with webmin.
<wasabi> got cha
<wasabi> ebox isn't really meant for total box admin, as far as I can tell.
<Deeps> also noted on the wiki too
<wasabi> it's meant for a targetted set of devices.
<Deeps> it's still fairly new too
<wasabi> But, with it being on Ubuntu now... I really like it.
<Deeps> webmin's been around a lot longer
<Deeps> eitherway, it's a bad idea to be dependant on a web/graphical ui to manage your server, you should be able to use the command line comfortably
<wasabi> I disagre.
<wasabi> But thanks. :)
<MianoSM> Deeps: I completely agree.
<Deeps> wasabi: you think command line knowledge is superfluous, and it's acceptable to be a server admin that's dependant on web/graphical front ends?
<MianoSM> Everyone has to start somewhere though.
<uvirtbot`> New bug: #316849 in mysql-dfsg-5.1 (universe) "mysql-server-5.1 doesn't start - skip-bdb option unsupported" [High,Confirmed] https://launchpad.net/bugs/316849
<Deeps> indeed, it's an easy way to start, but bad to be dependant on
<MianoSM> In that regard webmin/ebox can help ease the transition over time, and still allow administration.
<MianoSM> Just like many will argue that admins shouldn't use ufw, and instead learn IPTables.
<Deeps> well, if you're transitioning home stuff, sure. if it's anything business critical, YDIW, and will probably suffer more in the long run
<Deeps> oh i think ufw is great, i'm starting to use it now too
 * jdstrand wonders why an admin shouldn't use ufw
<Deeps> it's a wonderful front end, just like webmin/ebox/whatever
<jdstrand> I mean, it has sane defaults and one could argue it will help prevent mistakes
<jdstrand> but, different strokes...
<Deeps> but i'd still reckon it'd be bad to be entirely dependant on, without knowledge of how iptables works
<MianoSM> At present the latest LTS does not support ufw with port ranges...
<jdstrand> well, you need to know iptables to do the fancy stuff anyway
<MianoSM> indeed.
<Deeps> indeed
<jdstrand> MianoSM: there will be a backport
<Deeps> OOMH!
<wasabi> Deeps: No? Why assume the polar?
<wasabi> Deeps: I madea  statement that I disagreed with what you said, not that I agreed with the polar opposite.
<dinsdale07> test
<Deeps> wasabi: i wasnt making any assumptions, i was asking a question, hoping you'd expand on your statement :)
<Deeps> maybe i should have prefixed it with 'do'
<wasabi> I think deep knowledge of a command line should not be required to do a whole lot of tasks on a server.
<jdstrand> but, if I may say, ufw works exceddingly well for a desktop user
<wasabi> I think being able to point and click to configure a firewall and NAT, and some users, is great.
<jdstrand> exceedingly even
<wasabi> And I don't think it's shameful.
<Deeps> aye, ufw's great for a desktop OS
<jdstrand> :)
<wasabi> And more pragmatically, whether it is or is not desired is besides the point.
<wasabi> People want it.
<wasabi> And if they don't get it with us, they'll find it elsewhere.
<wasabi> I'd prefer they find it with us.
<Deeps> wasabi: i totally agree with you, deep knowledge of a command line should not be required to do a whole lot of tasks on a server, point and click for firewall/services configuration is great
<MianoSM> I suppose therein lies the opportunity for a "home server"?
<wasabi> The lower the barrier of entry, the wider the swath of audience you can speak to, and the more jobs you can solve for people.
<wasabi> The thing is to do so while not pissing off another segment.
<Deeps> however if you're entirely dependant on these friendly front ends, it's easy to hide bad things going on in the background
<wasabi> Or at least MY segment. :0
<wasabi> Deeps: Great. And?
<wasabi> Deeps: The vast majority of offices in the world run Microsoft servers internally now for their infrastructure. And they have issues. The cost of those issues is however not greater than the cost of people capable of knowing the nitty gritty of all the systems.
<wasabi> If they were, they'd not be running them.
<wasabi> And that's just reality as I see it. :0
<wasabi> I'd much rather get those same people using Ubuntu.
<wasabi> ebox is an awesome step towards that.
<MianoSM> Well, there is a large push for a more friendly GUI/Frontend to the server - but every problem has a tool that will resolve it best. Linux/Ubuntu is a free O/S and as such the cost is in knowledge, not in licensing.
<Deeps> i've never said it isn't
<MianoSM> Funny enough even MS is starting to make servers without a GUI (available in 2k8 for many roles).
<JanC> wasabi: a good & "easy" web or GUI admin is certainly something we need to get into small & medium business
<dazman> I think Windows SBS is a pretty good "plug in and go" method of a small business server.. in that, on first boot, you get the nice welcome screen where pretty much the main core functionality is all configured using wizards etc.
<dazman> It means people with little knowledge of what anything the server does, can get it up and running to best practices pretty well.
<Faust-C> hmm i wonder if i can use gfs+iscsi to have more than one client connect
<jmedina> why not?
<jmedina> it is a common use, like gfs+FC
<Faust-C> jmedina: w/ windows being the client ?
<Faust-C> ive been messing w/ esx so much i didnt realize that there arent many "network" file systems
 * Faust-C has 3 windows servers that need to centrally store files on 1 linux server
<wasabi> MianoSM: knowledge is always more expensive.
<jmedina> Faust-C: dont know, I dont use windows
<dazman> wasabi: I think that's a big barrier.  I spoke to some company the other day who was migrating away from an opensource solution to a Microsoft solution (including Microsoft Exchange for e-mail) because support was much cheaper and more accessible.
<Faust-C> jmedina: i usually dont either
<wasabi> I did that.
<Faust-C> but since no one else can solve this issue its left up to me
<wasabi> I run Exchange, AD, and all the Apache stuff is IIS now.
<jmedina> Faust-C: but iscsi is for block level, I dont kwon if there is gfs support for windows
<Faust-C> jmedina: yeah ive been trying hard to figure this out
<dazman> wasabi: Exchange is a big big big selling point for Microsoft - there's nothing, IMO, in terms of what it does available elsewhere.
<wasabi> Nope. Nothing.
<wasabi> But AD is the same.
<dazman> wasabi: I'm hoping hula project turns into a project which can really start to be a viable alternative.
<wasabi> MS SQL I think is similar.
<wasabi> Hula is dead.
<jmedina> for years
<wasabi> Novell pulled away from that in 2006
<dazman> It's still being developed, albeit not as quick as I'd hoped. I think they're going for version 1 soon.
<dazman> Sorry, not hula
<dazman> Bongo.
<wasabi> If so, it's all volunteer.
<dazman> :)
<wasabi> I've never seen anybody who understood why Exchange rocked.
<dazman> bongo-project
<wasabi> And provided what was good.
<dazman> wasabi: You've seen me? :P
<jmedina> wasabi: it rocks in the specs :D
<wasabi> It rocks because of the UI. That's about it.
<wasabi> And the integration into AD.
<wasabi> And the client.
<dazman> *technically* it's not the best implemented.
<wasabi> But each of those things can be developed independently.
<dazman> It could be better.. certainly room for improvement.
<wasabi> Instead of pretending 'groupware' is important.
<Faust-C> eDir is superior than AD imo
<wasabi> eDir is idiotic.
<Faust-C> AD is only good at managing windows desktops
<wasabi> AD is good at setting up authentication.
<dazman> However, its the integration with clients, AD, the featureset (altho that is limited in parts too, to point which can cause big problems), etc.
<wasabi> eDir is good if you want a blank slate LDAP server.
<Faust-C> aside from that AD has no other functionality
<wasabi> But who WANTS that?
<Faust-C> wasabi: AD is good at setting up windows auth and desktop settings
<wasabi> AD solves a problem. It gets you an authentication infrastructure immediately.
<Faust-C> aside from that i see no use in it
<wasabi> Faust-C: Works fine with my Linux desktops and servers.
<wasabi> edir solves a different problem: it gets you a blank LDAP server.
<dazman> AD also stores lots of configuration... for exchange for example.
<dazman> It does quite a bit.
<Faust-C> wasabi: im speaking for locking down windows desktop settings
<wasabi> That's not WHY you buy AD.
<wasabi> that's a benefit.
<wasabi> The core is for centralized/distributed authentication and information.
<dazman> agree.
<Faust-C> and exchange i was interested in until i saw the price tag
<wasabi> Exchange is like 1k.
<wasabi> Which is nothing.
<Faust-C> what about cals
<wasabi> 25 per user.
<dazman> The fact you can install, for example, a mail server (Exchange) and all configuration and infrastructure information is instantly available via the domain, is a pretty big admin benefit.
<wasabi> Outlook license included with CALs
<Faust-C> wasabi: if you have all that setup already
<wasabi> dazman: and the domain can have THOUSANDS of DCs, all replicating.
<wasabi> With automatic site management, least cost pathing.
<Faust-C> unfortunatly i have to fix all the crap here
<Faust-C> brb
 * jmedina thinks wasabi sells exchange and AD
<wasabi> And it does this automatically. YOu do nothing more than answer 3 questions and enter a username/password.
<jmedina> :D
<dazman> wasabi: Indeed.
<wasabi> We have most of the technical pieces required for that.
<wasabi> We have LDAP servers, we have Kerberos KDCs.
<wasabi> We just don't have a coherent vision to tie them together with a good UI.
<JanC> wasabi: etc. etc. exactly ã
<jmedina> zivios looks promising
<dazman> wasabi: things like, Exchange.  You have 10 mailbox servers - mailflow all in AD, knows where to send mail to whichever user.. irrelevent of the mailbox server in use.. move mailbox, all mail is routed to a different server.  Things like that, for redundancy, management, usability is a big big big plus.. and it's where opensource solutions need to start looking.
<wasabi> And the same is true on the Exchange side. We have good IMAP servers. We have good calendar servers. CalDAV stuff.
<wasabi> But we don't have any coherent vision to tie them together.
<JanC> Red Hat & Novell & Apple have some solutions around that though
<dazman> *if* we could bring it all together.... well... that's the key thing.. but, possible.
<JanC> the unix/linux spirit requires us to come up with a solution that's both easy for mediocre admins and at the same time flexible enough for great admins though  :)
<dazman> JanC: This is where Microsoft have got it sorted though - one side they have SBS, which is all wizard based, very easy to setup for anyone.. but then they have full products, such as 2008, where you can install server core and that's it.. allowing the admin just a powershell to configure it all.
<dazman> JanC: completely different markets, totally different people.. but the same products presented a different way.
<JanC> dazman: right, and we *have* the tools to build something similar or even better
<dazman> JanC: we do.. yep.  It's just, doing it.. and bringing those tools together.
<dazman> JanC: and up to now (well, certainly in the 10-12 years I've been around), it's not happened.. lots of tried, projects come, projects disappeared :(
<JanC> dazman: AFAIK companies like RedHat, Novell, IBM & Apple have at least some solutions that they use for their clients...
<JanC> maybe not complete yet
<dazman> They certainly aren't complete, but they do have some sort of solution.
<JanC> IBM *has* solutions
<dazman> Getting to the point Apple are at, in terms of this stuff, it wouldn't be *that* much work relatively.
<JanC> but IBM is a very untransparant company
#ubuntu-server 2009-01-15
<JanC> some parts of IBM are 200% pro-linux/unix, other parts don't know it exists...
<dazman> It's certainly something we need to start looking at though.. in terms of getting things to a point where these sort of solutions are very plug in, install and work.. and manageable for most people moving forwards.
<nomingzi> Remote clients (who granted remote dial-in) can easily create VPN connection to server and the logon info (user ID & password) can be saved. so this create security problem if more users create VPN connection from unsafe (or home PC) to our server, how can I prevent this? what are the cheap-way of secondary authentication? Please advise.
<uvirtbot`> New bug: #315427 in samba (main) "winbind is not started before samba, but should" [Undecided,New] https://launchpad.net/bugs/315427
<uvirtbot`> New bug: #317355 in tomcat6 (main) "jaunty alpha3 - tomcat6 install doesn't listen on port 8009 " [Undecided,New] https://launchpad.net/bugs/317355
<Jeeves_> Mogge!
<stiv2k> hello
<stiv2k> i have openssl installed but a script is unable to locate it on my system
<lukehasnoname> whereis openssl
<hads> which openssl
<lukehasnoname>  /usr/bin/openssl
<hads> adjust script here
<stiv2k> oh
<stiv2k> i was missing libssl-dev
<stiv2k> oh boy, missing make
<hads> Ah, so not actually openssl
<didrocks> kirkland: seems to have an issue for screen-profile with putty
<didrocks> (F2,F3,F4) is binded in (/, *, -). Other keys are corrects
<didrocks> did you also removed shift+tab?
<didrocks> jdstrand: you didn't answered my last IRC question so that I can test ufw. Do I have to take the test on hardy?
<Scix> Would this guide apply for intrepid as well? https://help.ubuntu.com/community/Debmirror
<Scix> att the keyring section
<jahor> hello i'm interrested in incorporatin a tomcat multi instance launcher. anyone working on something similar?
<uvirtbot`> New bug: #317401 in openldap2.3 (main) "Wrong documentation for TLSCipherSuite" [Undecided,New] https://launchpad.net/bugs/317401
<incidence> Hey, any idea why couriertls is eating all the CPU?
<incidence> root      9069 98.5  0.0  16316  1752 ?        R    Jan07 11337:19 couriertls -localfd=5 -tcpd -server
<_ruben> tls is cpu intensive, so not *that* surprising
<_ruben> probably working on a lot of data .. or its messing around
<incidence> well yea, but there is no way to reduce that?
<_ruben> could try to 'nice' the process, but still it'd use any avail cpu cycles .. or perhaps courier has some throttling built-in
<henkjan> hmm, remapped ctrl-a -> ctrl-g in screen-profiles is annoying
<hads> So it is.
<henkjan> vim /usr/share/screen-profiles/keybindings/common :)
<Ward1983> why would ubuntu have xen if it is not working because its missing tons of crap :@
<Ward1983> https://bugs.launchpad.net/ubuntu/+source/xen-tools/+bug/205450
<uvirtbot`> Launchpad bug 205450 in xen-3.2 "xend fails to connect guest to dom0 block device or loopback file" [Undecided,Confirmed]
<Ward1983> by that i mean ubuntu 8.04 server
<hads> There's loads of stuff in universe
<Ward1983> hads, universe isenabled :s
<Ward1983> so nobody in ehre runs xen? haha
<_ruben> hmm .. nl.archive.ubuntu.com points to the uk mirror
<henkjan> _ruben: jeeves must be playing with his toys :)
<Jeeves_> Hmm?
<Jeeves_> One of the filers failed me yesterday night
<Jeeves_> so I had to ask Canonical to switch to them
<Jeeves_> Now, they're failing me by not respoding to my request to switch back :)
<_ruben> ouch :P
<Ward1983> pf
<Ward1983> nobody runs xen here? nobody has had this problem?
<Ward1983> its on 8.04 btw, when xen was not dropped yet
<Ward1983> well... kindof not dropped
<_ruben> perhaps it being broken was the reason for it getting dropped
<Ward1983> because its done so crappy that it looks liek they draopped t back then
<Ward1983> _ruben, maybe but other distros do not seem to have trouble with it
<Ward1983> so i gonna have to instlal anotehr distro :(
<hads> Use them?
<henkjan> Ward1983: you can ttry to ask zul
<Ward1983> hads, i did not say that to mock ubuntu
<Ward1983> henkjan, letÅ see if zul responds then thanx :)
<Jeeves_> Ward1983: kvm rules
 * hads likes kvm
 * _ruben likes esxi
 * Jeeves_ too
<Jeeves_> _ruben: bah!
 * Jeeves_ too's hads 
<Jeeves_> not _ruben
<hads> heh
<Jeeves_> vmware bah!
<Jeeves_> 'the internet is for porn'
<Jeeves_> lalalalala
<Ward1983> Jeeves_, i heard of it once but i prefer xen now (just learning, not production environment)
<_ruben> heard only once of porn ?
<Ward1983> no kvm
<hads> If you want supported virtualisation on Ubuntu then KVM is the way.
<Ward1983> hads, lol i cannot even find a good ubuntu link on kvm
<_ruben> Jeeves_: for windows guests the vmware products are the best imo, and most our stuff is windows, which i, luckily, have not much to do with :)
<Ward1983> so much for support
<Ward1983> im just depressed now
<Ward1983> gtg for a smoke
<Ward1983> might aswell give up
<hads> *yawn*
<Ward1983> this is the third distro :(
<Jeeves_> Ward1983: Skip Xen
<Ward1983> only ubuntu 8.10 worked and i had to compile the kernel mytself
<Jeeves_> Xen will die, slowly
<Ward1983> Jeeves_, well i compiled the xen kernel on 8.10 and it sorked perfectly
<Ward1983> Jeeves_, how come?
<Jeeves_> Ward1983: Linux has adopted kvm
<Jeeves_> (Linus, that is)
<Jeeves_> Redhat switched from Xen to kvm
<Ward1983> Linus is a a**hole
<Ward1983> really
<Ward1983> dont even like him one little bit
<Jeeves_> Ward1983: So what?
<_ruben> joy .. dns is updated :)
<Ward1983> Jeeves_, he intends to give linux to the community to do with it what they want but he keeps all kinds of cool stuff out of linux ,therefore it is not to be considered free imho
 * _ruben hits the sync button
<Ward1983> Jeeves_, what would be better on kvm btw? im considering it but i just learned all kinds of xen stuff for nothing then :(
<_ruben> bit.nl.archive.ubuntu.com became NXDOMAIN though .. not that it really matters
<Ward1983> btw the info it just plain wrong, xen can use extensions just aswell
<Ward1983> whatever makes people go for kvm i guess
<Ward1983> For hardware without virtualization extensions Xen and Qemu are popular solutions. Â¨
<Ward1983> http://doc.ubuntu.com/ubuntu/serverguide/C/virtualization.html
<Jeeves_> _ruben: That's not the right hostname
<_ruben> Jeeves_: not sure where i found it, but i ran into it when i was looking for info on the mirror
<_ruben> perhaps a temporary fluke in the matrix
<Jeeves_> _ruben: That's the hostname in launchpad
<_ruben> ah
<ivoks> how do we handle merges?
<henriquelm> Hello there
<henriquelm> Can you guys tell me what is the command line to upgrade and ubuntu server from the CD?
<henriquelm> I don't have the graphical interface installed
<henriquelm> I have tryed the command gksu "sh /cdrom/cdromupgrade", but it didn't work
<ivoks> there's no gksu
<ivoks> there's sudo
<ivoks> gksu is grpahical tool
<ivoks> i'm not sure cdromupgrade is CLI script
<henriquelm> [ivoks]: I was just following the instructions of ubuntu's website (http://www.ubuntu.com/getubuntu/upgrading), but like you said, the instructions are for those who have graphical interface.
<Ward1983> so i decided to try kvm
<Ward1983> but i read it needs a modified qemu, is that taken care of allready if i install it in 8.04 64bit ?
<Ward1983> i dont read anything about it here so: https://wiki.ubuntu.com/kvm
<ivoks> Ward1983: kvm is modified qemu
<ivoks> everything you need for kvm is in ubuntu already
<ivoks> kvm (userspace) is modified qemu, while kvm (kernel) is a kernel module
<Ward1983> ivoks, ok so i just follow the steps on the URL i gave?
<Ward1983> just to make sure
<Ward1983> (just had a bad experience with xen + 8.04 64bit)
<ivoks> Ward1983: what do you want to achive?
<ivoks> install another ubuntu in vm?
<ivoks> or some other os?
<Ward1983> ivoks, lol no
<ivoks> cause, if you want ubuntu, ubuntu-vm-builder would speed things up a lot
<Ward1983> ivoks, i wanted to learn xen first but since xen dosnt work and i did do some domUs before i might aswell learn kvm (people here suggested it since its supported and xen is not)
<Ward1983> ivoks, ubuntu-vm-builder is for building virtual ubuntuÅ ?
<ivoks> yes
<Ward1983> ivoks, is it similar to xen-toolsÅ debootstrap installations?
<Ward1983> that wiould be nice :)
<ivoks> yes, it debootstraps ubuntu and/or debian
<Ward1983> ivoks, sorry i thought you were gonna suggest virtualbox etc :) because you asked what i wanted to achieve
<Ward1983> oh very nice i liked that about xen :)
<Ward1983> thanx for the tip
<ivoks> https://help.ubuntu.com/8.04/serverguide/C/ubuntu-vm-builder.html
<Ward1983> ivoks, any idea on the speed compared to xen?
<Ward1983> roughly
<ivoks> i don't know any exact numbers, but i don't see how faster from kvm it could be
<ivoks> :)
<Ward1983> ivoks, well xen was insanely performanet here lol, i was really amased
<Ward1983> hopefully equally amased by kvm then
<ivoks> i use kvm
<Ward1983> is it popular with companies?
<Ward1983> i know xen is
<john_doe1> How do I limit my mail server to only send mails for clients when using login?
<ivoks> Ward1983: xen is dying
<ivoks> Ward1983: even those who pushed it, now move to kvm (redhat)
<ivoks> ubuntu decided in boston (2007.) to go with kvm
<frippz> why do I miss /usr/bin/qemu-kvm on my Intrepid install? is there a package that contains this binary?
<Ward1983> ivoks, is there any advantage for 8.10 isntead of 8.04 for kvm bt?
<Ward1983> btw
<ivoks> newer version? :)
<henkjan> Ward1983: newer kvm version i suppose. Hardy has kvm 62. Intrepid has v72
<Ward1983> ivoks, newer kvm version aswell?
<Ward1983> ah ok :s
<Ward1983> i would think they would make updates for 8.04
<Ward1983> since its LTS
<Ward1983> is it also in desktop 8.10?
<Ward1983> have that one on my external HD :p installs pretty fast
<henkjan> desktop and server are the same repo's. Only a different default install
<Ward1983> ah nice thats what i hoped
<Ward1983> i didnt fiddle with server much yet
<henkjan> apt-file reports no /usr/bin/qemu-kvm for me
<Ward1983> lol i was trying the same henkjan
<Ward1983> apt-file owns
<henkjan> Ward1983: server install is a basic ubuntu install without a graphical interface
<Ward1983> henkjan, and alternate install?
<henkjan> alternate install is for eg small memory systems
<Ward1983> also minial install no?
<Ward1983> well basic install
<frippz> hmm, seems that /usr/bin/qemu-kvm is the same as /usr/bin/kvm
<Ward1983> well going to reinstall 8.10 lol
<Ward1983> if only i knew xen didnt work beforehand i would have kept it... lol
<huayra_> I need a cron job to repat a certain shell command every 30 minutes as root
<huayra_> how do I do it?
<huayra_> I'm totally ignorant on cron and need this done quickly
<huayra_> some help... please? :)
<erik78se> crontab -e
<erik78se> Then a quick google for the syntax for cron
<erik78se> or "man cron", go to the end and loot for a valid example
<huayra_> thx
<erik78se> Make sure you do "crontab -e" as the correct user that is about to run the cron job.
<uvirtbot`> New bug: #317465 in mysql-dfsg-5.0 (main) "libmysqlclient15-dev_5.1.30really5.0.75-0ubuntu1_i386.deb error 1" [Undecided,New] https://launchpad.net/bugs/317465
<dazman> There's also /etc/crontab if you want it system-wide.. so not specific to one user.
<erik78se> What is the main method to administer user rights on a server as part of securing a server? sudoers?
<erik78se> If I would like a user to be able to mount/unmount devices, etc... how whould I do that the "debian/ubuntu" way ?
<Deeps> specify 'user' as an option in the fstab entry for your mountpoint, and users can mount/unmount it
<erik78se> Ok, that would be "a" way, but I'm sure its not the main metod... I'm not specifically interested in devices, but security in general....
<erik78se> sudo for example
<erik78se> ... I'm comparing it to the desktop "gnome-authorizations"... where you can like change stuff like that in a GUI.
<erik78se> ... do you understand what I'm after ?
<Deeps> not entirely, but if you're after the ability to allow users to run a limited subset of commands wiht elevated privledges, sudo is probably the way to go
<erik78se> Yeah... What I'm after is if you run a large server park, you need a very flexible way of centrally manage "rights" in your server park. Like having a central "sudoers" file is one example. Some people have the sudoers-file in an LDAP... I'm curious how Ubuntu has thought about that. Its needed in large environments.
<huayra_>       # m h dom mon dow user	 command
<huayra_>        42 6 * * *	 root	 run-parts --report /etc/cron.daily
<huayra_> what is the 42 ?
<Deeps> runs at 06:42
<huayra_> number of cron process? how do I know the number?
<huayra_> ok
<Deeps> erik78se: i dunno, sorry
<huayra_> thx people
<huayra_> you rock!
<Deeps> huayra_: minute, hour, day of the month, month, day of the week
<Deeps> huayra_: if you want something running every 30mins as root, you could do 0,30 * * * * root /path/to/command
<Deeps> and it'd run /path/to/command as root every hour on the hour and on the half hour
<huayra_> one hour is ok
<huayra_> is just the command for refresh of a planetplanet install
<Deeps> likeiwse, if you replaced 0,30 with 3,33; it would run 3 mins past and 33 mins past
<gcleric> does anyone know if Canonical will every sell Landscape for local installs rather than a service over the internt?
<Deeps> alternateively, if you wanted something more frequent (e.g. every 5 mins), you could do */5
<erik78se> gcleric: I'm hoping for that too...
<erik78se> ... or I would have to write my own ;)
<gcleric> erik78se: would be nice. =)
<huayra_> I can run sh /path/to/file right?
<huayra_> or just /path/to/file.sh
<Deeps> you can do however you want
<erik78se> You need the exact name of the file
<Deeps> if you do sh /path/to/file, you wanna probably do /bin/sh instead of sh
<Deeps> since $PATH may not be set appropriately within your cron
<Deeps> if you do /path/to/file.sh, you need to make sure /path/to/file.sh is executable (chmod +x /path/to/file.sh)
<huayra_> done
<huayra_> thx
<huayra_> now I gotta go
<erik78se> gcleric: Have a look here: http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software
<uvirtbot`> New bug: #308548 in ec2-ami-tools "ec2-ami-tools patch for excluding persistent network files" [Undecided,Fix released] https://launchpad.net/bugs/308548
<cowmix> anyone running VMWare Server 2.0 on 8.10?
<kirkland> didrocks: is "(F2,F3,F4) is binded in (/, *, -)" in putty your customizations, or putty's defaults?
<ivoks> zul: ping
<zul> ivoks: hi
<ivoks> hi
<ivoks> what's up?
<zul> not much how are you?
<ivoks> great... i've merged bacula
<ivoks> a sec... phone
<zul> sweet...gimme :)
<john_doe1> How do I limit my mail server to only send mails for clients when using login?
<RoyK> hi all. iss it possible to tell ufw to allow everything from eth1?
<jdstrand> RoyK: not yet
<RoyK> can I use custom iptables rules with ufw in a clean way?
<jdstrand> RoyK: sure-- just look in /etc/ufw/*.rules
<RoyK> those won't be overwritten with ufw?
<jdstrand> RoyK: look at the pathname :)
<jdstrand> RoyK: ufw allows configuration in /etc/ufw/before*.rules and /etc/ufw/after*.rules
<RoyK> ok
<RoyK> before and after ufw rules?
<jdstrand> RoyK: see the NOTES section of the manpage
<RoyK> ok
<RoyK> thanks
<Juaco> hey ppl
<Juaco> i'm having a problem with my date configuration, apparently Ubuntu 8.04 is getting wrong values for UTC time, consecuently i cannot ntpdate synch to the Active Directory at the office (because of kerberos), anyone could give me a hand, or has a clue about this?
<Deeps> !ntp
<ubottu> Information about using and setting your computer's clock on Ubuntu can be found at https://help.ubuntu.com/community/UbuntuTime - See https://help.ubuntu.com/7.10/server/C/NTP.html for information on usage of the Network Time Protocol (NTP)
<Deeps> change 7.10 to 8.04 though, heh
<Juaco> Deeps: thx, i'm checking it. (this looks like a weirder issue to me tho)
<didrocks> kirkland: putty's default, unfortunately :/
<kirkland> didrocks: can i reproduce it on putty on Linux?  or just windows?
<Deeps> "(F2,F3,F4) is binded in (/, *, -)" in putty?
<didrocks> kirkland: do not have the choice at work (windows XP only)â¦ So, didn't tried in Linux
<didrocks> Deeps: for screen-profiles, I had this behavior
<kirkland> didrocks: so in putty, when you hit F2, what happens?
<didrocks> kirkland: it prints B
<didrocks> C, & D for F3, F4
<kirkland> wierd
<Deeps> when i hitf2/f3/f4, i get: ~~~
 * Deeps grabs screen profiles now though anyway
<didrocks> yes, if you can confirm Deeps, it should be great :)
<Deeps> urr, heh, how? i'm looking at https://edge.launchpad.net/screen-profiles and i cant find anything on what PPA to add
<didrocks> kirkland: remember that it was on my server that I had some strange issues and have to use termcap xterm* instead of xterm
<didrocks> Deeps: add kirkland's ppa
<kirkland> Deeps: didrocks: not necessary ...
<didrocks> ?
<Deeps> which/what/how/where? lol
<kirkland> http://us.archive.ubuntu.com/ubuntu/pool/universe/s/screen-profiles/
<kirkland> just install the deb
<Deeps> oki
<kirkland> http://us.archive.ubuntu.com/ubuntu/pool/universe/s/screen-profiles/screen-profiles_1.8-0ubuntu1_all.deb
<Deeps> worth updating the screen-profiles with some info on how to get it
<Deeps> urr, screen-profiles page on launchpad
<kirkland> Deeps: doing now ...
<Deeps> is there a dpkg option to automatically grab and install dependancies?
<dazman> the menu on screen profiles doesn't like some terminals.. but I need to get round to filing a bug report.  I presume thats going to be more of a terminal issue possibly
<dazman> which is why I've not submitted a report yet whilst I test it a bit further.
<Deeps> e.g just now i got dependancy issue (missing python-newt), and i've manually apt-getted it,
<kirkland> Deeps: oh, well, dependency resolution is what you'd get from apt-get and my PPA :-)
<Deeps> lol
<Deeps> that's a no then
<dazman> Deeps: apt-get -f install will fix that.. (I had to do it too for screen-profiles)
<didrocks> Deeps: dpkg is just a single package tool. It does not handle automatic dependencies resoution
<Deeps> lol, less /usr/share/doc/screen-profiles/README: see launchpad/screen-profiles!
<Deeps> didrocks: yeah thats what i figured, but there's always a chance there's been upgrades to it ;)
<Deeps> (that i'm unaware of!)
<didrocks> :)
<Deeps> ok, i guess i'm still needing to do something more as i start a screen and it all looks normal
<Deeps> and f2-f9 dont do anything
<kirkland> Deeps: run select-screen-profile
<kirkland> didrocks: okay, so here's what I can suggest ....
<kirkland> didrocks: the keybindings are defined in /usr/share/screen-profiles/keybindings/common
<Deeps> hmm,
<Deeps> oh, wow that just took an age to load
<kirkland> Deeps: will do the first time, calculating updates available;  next load should be instantaneous
<kirkland> didrocks: perhaps you can come up with some keybindings that work for putty
<Deeps> switched to ^G instead of ^A? brave
<kirkland> didrocks: if you do, we can check them in and store them in /usr/share/screen-profiles/keybindings/putty
<kirkland> didrocks: and add an option to the configuration screen to switch your keybinding profile
<kirkland> Deeps: yeah, i'm on the fence about that one ....
<didrocks> kirkland: ok, I will try to have a look tomorrow if I can find some useful keybindings
<kirkland> Deeps: ctrl-a breaks emacs and go-to-the-beginning-of-the-line
<kirkland> didrocks: thanks.  feel free to open a bug in Launchpad to track this
<Deeps> i see
<Deeps> f2-f4 dont do anything on my putty either btw, i just get ~~~ output to the terminal
<Deeps> putty 0.60/winxp
<kirkland> Deeps: what about F9?
<kirkland> Deeps: and F8?
<Deeps> f5-f9 work as expected
<didrocks> kirkland: for sure. I will. I had some discussion with nijaba on what can be implemented (I have lots of ideas) and will try to have some time to enhance this.
<kirkland> Deeps: didrocks: oooh, interesting .... f5-f9 work
<kirkland> Deeps: didrocks: perhaps the putty profile would just adjust to those
<didrocks> kirkland: as for me. I only spoke about F{2..4} :)
<kirkland> okay, good
<kirkland> so i fully expect keybindings to be "hard" to solve everywhere
<kirkland> hard=impossible
<kirkland> which is why i created the keybindings/* dir
<kirkland> we
<kirkland> we'll need separate keybinding profiles, per terminal
<Deeps> yep
<kirkland> i've only been testing gnome-terminal and the tty console
<didrocks> yes, and have to switch between them?
<Deeps> out of interest, the red 18! i see to the left of my loadavg, thats how many packages i have that need upgrading?
<kirkland> didrocks: right, we'll add an option to the menu, to let you select your preferred profile
<kirkland> Deeps: yup
<kirkland> Deeps: that's what made the initial startup take ~5 seconds or whatever
<Deeps> kirkland: it's wrong then. i did an apt-get update just now, apt-get upgrade confirms 38 packages need updating, the number didnt changee. killed screen, started a new one, it still says 18!
<kirkland> Deeps: hmm, interesting, okay, test something for me ...
<kirkland> Deeps: btw, what version of Ubuntu are you running?
<Deeps> good question
<Deeps> hardy!
<kirkland> should tell you in the bottom left of the screen
<kirkland> okay ...
<Deeps> oh lol, yeah, i didnt see that
<Deeps> \o/ Ubuntu 8.04.1
<Deeps> cute, i like the colours too
<Deeps> looks very ubuntu
<kirkland> Deeps: run, /usr/share/screen-profiles/bin/updates-available
<Deeps> deeps@router:~$ /usr/share/screen-profiles/bin/updates-available
<Deeps> 18!
<Nafallo> kirkland: you got around to fixing ppas for that product? :-)
<kirkland> Deeps: okay, rm /var/tmp/updates-available-$USER
<Deeps> yeah i was just looking, my cache is < 60mins old
<kirkland> Nafallo: ?
<kirkland> Deeps: right
<Deeps> so it makes sense that it hasn't updated
<kirkland> Deeps: did you run the apt-get update *after* starting screen?
<Deeps> yep
<kirkland> Deeps: yeah, that'll do it ...
<Nafallo> kirkland: remember we spoke about not having those packages in your private ppa since that would install a bunch of other things? :-)
<kirkland> Deeps: it'll pick up the update in <60 minutes
<Deeps> deeps@router:~$ /usr/share/screen-profiles/bin/updates-available
<Deeps> E: Failed to write temporary StateFile /var/lib/apt/extended_states.tmp
<Deeps> 39!
<kirkland> Deeps: but, you've reminded me about something interesting ...
<kirkland> Nafallo: ah, right!
<kirkland> Nafallo: well, it's in universe now :-)
<Deeps> kirkland: i tend to do everything in screen, force of habbit from when i was stuck with only a gprs connection
<Deeps> kirkland: unreliable connection, dont need stuff dying just cuz my terminal dropped off
<kirkland> Deeps: cool, i think you've got it
<kirkland> Deeps: nice
<Nafallo> kirkland: hehe. only jaunty then :-). I'll wait for it then :-)
<Deeps> kirkland: 18! still showing in my screen though, it hasn't updated that still
<kirkland> Deeps: glad you like it then, please feed any instructions
<kirkland> Nafallo: well, you can install the Jaunty binary anywhere;  it's version agnostic
<Deeps> kirkland: had to restart screen for it to show the updated count
<Nafallo> kirkland: hehe. fair enough.
<kirkland> Nafallo: just wget that binary, and dpkg -i it
<Nafallo> kirkland: dpkg :-O
<kirkland> Deeps: right so there's two ways we can solve that ....
<Nafallo> kirkland: gdebi -i damnit ;-)
<kirkland> Deeps: we can bind a key to refresh your screen
<kirkland> Nafallo: :-P
<Deeps> kirkland: thats excellent though, i thought my machine and connection was being a bit sluggish, wouldn't have thought twice about it but saw in the bottom corner that system load was around 0.8, and promptly investigated and killed the rogue process
<kirkland> Deeps: hmm, what rogue process?
<Deeps> kirkland: scripted automated thing from elsewhere, problem in my code, nothing else
<kirkland> Deeps: ah, gotcha.  glad you like ;-)
<Deeps> is very cool
<kirkland> Deeps: i think more about how to get your updates better
<kirkland> Deeps: fwiw, this is handled much more cleanly in Jaunty
<Deeps> cool
<kirkland> Deeps: see that conditional code in my updates-available script
<kirkland> Deeps: basically, jaunty maintains this information in /var/run/updates-available
<Deeps> aah, nice
<kirkland> Deeps: so my updates-available script doesn't have to do any hard work, just read that file
<Deeps> shame that wont get backported to hardy
<kirkland> Deeps: which i can do every 60 seconds or something
<Deeps> yep, that sounds like a plan
<kirkland> Deeps: cheers, thanks for testing
<Deeps> thank you! this is niice
<kirkland> Deeps: didrocks: I'll be interested to see what you blokes come up with for putty keybindings :-)
<didrocks> kirkland: I am at home now, so, no windows ATM. But I will give you that tomorrow :)
<kirkland> didrocks: sure, no rush
<Deeps> http://209.85.229.132/search?q=cache%3Ahttp%3A%2F%2Fwww.mail-archive.com%2Fscreen-users%40gnu.org%2Fmsg01525.html&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
<kirkland> (me doesn't really care, as he no longer has to use putty!)
<Deeps> sheds some light
<kirkland> Deeps: ooooh, good one
 * kirkland files a bug to track this
<Deeps> and infact, changing putty keybinds to xterm r6 resolves
<didrocks> kirkland: we searched with nijaba about getting more interactivity with screen (like, retrieving the list of currently opened windows in screen like :windows does. But it seems complicated)
<didrocks> Deeps: you have maybe to document that somewhere
<Deeps> good point
 * Deeps files as a bug?
<Deeps> oh kirk's doing that already
<didrocks> yep :)
<kirkland> Deeps: i'm doing it
<kirkland> https://bugs.edge.launchpad.net/ubuntu/+source/screen-profiles/+bug/317550
<uvirtbot`> Launchpad bug 317550 in screen-profiles "f1, f2, f3, f4 not working in putty" [Undecided,New]
<kirkland> subscribe if you like
<didrocks> I will and confirm it.
<kirkland> didrocks: ah, i just took the liberty to mark it confirmed, since 2 of you are seeing it ;-)
<kirkland> Deeps: would you add that url you found?
<didrocks> kirkland: ok. I opened and saw it as "New" in the meantime :)
<Deeps> kirkland: just did
<Deeps> woo, my first contribution to ubuntu
<kirkland> Deeps: cheers ;-)
<didrocks> kirkland: do you know a good way to retrieve screen's current opened windows? I can't get them in, let's say, variable with "screen -X windows"
<Deeps> hmm, another potential bug
<kirkland> didrocks: hmm, i'm not sure ... http://manpages.ubuntu.com/manpages/jaunty/en/man1/screen.1.html
<kirkland> didrocks: that manpage is like 200 pages long :-)
<Deeps> when creating a new window, it starts a new terminal, and there's a space on the command line already
<kirkland> Deeps: jdstrand reported that one ...
<kirkland> Deeps: well, he mentioned it, didn't open a bug
<didrocks> kirkland: yes, and I tried to see every options in CUSTOMIZATION but didn't find useful stuff :/
<kirkland> Deeps: you're welcome to open a bug ... i have no idea what's doing that
<palt> I have a problem with an ubuntu server when downloading files to it. When I download big files say a dvdiso the file get corrupt somehow (The md5sum doesn't match). This doesn't happen for "small" files say 200M. Any idea what the problem could be? I would guess its the discs running in RAID 1
<Deeps> kirkland: ok, will do, gotta pop out now will do it when i get back though as it'll irritate the hell out of me when it happens ;)
<palt> fsck says that the file system is okay :)
<Ivanhoe> palt: Your RAID1, what kind of controller / discs?
<kirkland> Deeps: cheers
<palt> software RAID with mdadm.
<Ivanhoe> Palt: Have you run an extensive memtest86 memory check?
<Ivanhoe> Can anyone tell me how to change the textmode of the console on server 8.10 taxtmode only
<Ivanhoe> ^^textmode
<uvirtbot`> Ivanhoe: Error: "^textmode" is not a valid command.
<palt> Ivanhoe: No, perhaps I should try that. Is there any way to do so with remote access?
<Ivanhoe> Not really, to do a proper memory test, you need physical access t the machine, and depending on how much memory you have installed it can be a very time consuming process.
<Ivanhoe> Does your server use ECC?
<kirkland> Deeps: jdstrand: fixed the extra-whitespace-on-new-window problem :-)
<jdstrand> kirkland: \o/
<jdstrand> kirkland: what was it?
<kirkland> -register n "^g^c ^gA"   # Goes with the F2 definition
<kirkland> +register n "^g^c^gA"   # Goes with the F2 definition
<jdstrand> nice
<Ivanhoe> If you are suing softwraid and getting md5sum mismatches, it is most likley flakey RAM. Do you have any non-raid volume on which to test?
<jdstrand> good to know it was something teeny
<kirkland> jdstrand: very
<Ivanhoe> So anyone know how to change the textmode of the console?
<Ivanhoe> eg dos mode con: cols=132 lines = 50 ?
<Deeps> kirkland: lol, i just filed https://bugs.launchpad.net/ubuntu/+source/screen-profiles/+bug/317558
<uvirtbot`> Launchpad bug 317558 in screen-profiles "new windows start with a leading space on the command line" [Undecided,New]
 * Deeps out
<kirkland> Deeps: excellent, i'll close it with my patch
<palt> Ivanhoe: No, the server only contains 2 discs in the RAID. But I'll test the RAM tomorrow :)
<Ivanhoe> Good luck palt.
<J_P> hi all, I have a server with feisty (7.04), but somes packages don't works more.. Err http://archive.ubuntu.com feisty/main smartmontools 5.36-8ubuntu2
<J_P>   404 Not Found [IP: 91.189.88.40 80]
<J_P> So, Are there a place with all packages of feisty ? for me download smartools.deb and install manucally with dpkg ?
<Nafallo> J_P: feisty is End Of Life and removed from the archive servers.
<J_P> ahh :-(
<Nafallo> J_P: the repository is still available from old-releases.ubuntu.com IIRC
<J_P> ahh ok
<J_P> that is fine :-)
<Nafallo> I strongly suggest you upgrade however.
<Nafallo> ...cause you won't receive handy things like say... SECURITY UPDATES on feisty ;-)
<J_P> Nafallo: yes, I know.. Do you that are there a problem upgrade directaly to 8.0.4 ?
<J_P> or 8.10
<Nafallo> J_P: you can't skip versions with non-LTSes.
<Nafallo> I'm not sure how difficult it would be considering the archive have moved.
<J_P> Nafallo: http://old-releases.ubuntu.com/ubuntu/dists/feisty/main/binary-i386/ don't have any binary
<Nafallo> J_P: that's not how the archive works dude...
<palt> Ivanhoe: Thx :)
<Nafallo> J_P: deb http://old-releases.ubuntu.com/ubuntu feisty main <-- will work
<J_P> Nafallo:  ahh in the poold dir works :-)
<J_P> Nafallo: don't have smartools in http://old-releases.ubuntu.com/ubuntu/pool/universe/s/  :-(
<Nafallo> J_P: you are running feisty now yea?
<J_P> Nafallo: yes
<Nafallo> J_P: why don't you replace your sources.list with the new location of things, apt-get update and then use the package manager as you usually do?
<J_P> Nafallo: what new location ?
<Nafallo> J_P: old-releases
<J_P> Nafallo: ahh ok :-)
<Nafallo> J_P: does that make sense?
<J_P> Nafallo: yes
<J_P> :-)
<J_P> I forgot that.. uaehuae
<J_P> Nafallo: but I can upgrade one LTS to another with ?
<J_P> for example a 7.0.4 to 9.0.4 ?
<Nafallo> J_P: the built-in tools for upgrading probably doesn't work for this anymore, but you really want to go 7.04 -> 7.10 -> 8.04.2
<Nafallo> J_P: LTS would be 6.06 -> 8.04
<J_P> Nafallo: ok..
<J_P> now other example..
<Nafallo> J_P: since you are not on an LTS that will however not work :-)
<J_P> if I have the 5.0.4 ?
<Nafallo> 5.04 -> 5.10 -> 6.06 -> 8.04
<J_P> the old-releases can be used to upgrade until get the oficial like as 7.10 ?
<J_P> Nafallo: but are there sources list for all old releases ?
<J_P> to upgrade.. ?
<Nafallo> I would hope so. but as I said, I'm not convinced about the status for do-release-upgrade for those EOL'd versions.
<Nafallo> J_P: looks like it.
<J_P> ok
<Slown> hello
<Slown> I have problem with my proxy
<Slown> I use squid with squidGuard module
<Slown> I have installed a filter
<Slown> but it doesn't work
<Slown> any one can help me ?
<jmedina> Slown: have you seen in the squid or squidguard logs?
<Slown> yes
<Slown> no problem
<jmedina> and?
<jmedina> coulod you paste bin your squidguard config?
<Slown> yes one minute
<jmedina> and, are you sure squid is loading squidguard childrends?
<Slown> I don't use squidguard children
<Slown> I use a blacklist
<jmedina> I mean, squid redirects requests to a squidguard process and squidguard a few childrends
<jmedina> you can see that in /var/log/squid/cache.log
<Slown> http://pastebin.com/m28ba2236
<Slown> you're here ?
<jmedina> Slown: try to add the         log             blocked.log option to you dests
<Slown> what's blcoked.log ?
<jmedina> a file in the "logdir" directory
<jmedina> I dont remember if you need to create it by hand or squidguar automatically will create it
<Ward1983> KVM == supported???
<Ward1983> virt-manager is a year old....
<Ward1983> cannot even install debian from hhtp......
<Ward1983> it seems both xen an  KVM are supported for about 50%
<Ward1983> bah
 * jmedina uses xen and kvm by hand
 * jmedina preferes xen-tools
<ivoks> virt-manager != kvm
<Ward1983> yeah nobody that uses kvm will use virt-manager
<Ward1983> :s
<Ward1983> sarcasm alert
<ivoks> well, i don't use it
<sommer> virsh rules :-)
<ivoks> virsh?
<ivoks> cli :)
<ivoks> nice
<sommer> part of libvirt-bin
<sommer> useful when dealing with multiple vms... I've found
<stiv2k> hello
<stiv2k> i am having issues with this cron script not executing
<stiv2k> 0,10,20,30,40,50 * * * *   ircd   /home/ircd/Unreal3.2.7/ircdcron/ircdchk >/dev/null 2>&1
<ivoks> */10 * * * * would be easier :)
<stiv2k> hmm ok
<stiv2k> but its not executing regardless, my irc server isnt coming up
<ivoks> check /var/log/syslog
<ivoks> you should see if it's executing or not
<stiv2k> Jan 15 14:20:01 rickb /USR/SBIN/CRON[8087]: (ircd) CMD (  /home/ircd/Unreal3.2.7/ircdcron/ircdchk >/dev/null 2>&1)
<ivoks> so, it's executing
<ivoks> try running the program
<ivoks> sudo -i <- become a root
<ivoks> su - ircd <- become ircd user
<ivoks>  /home/ircd/Unreal3.2.7/ircdcron/ircdchk
<stiv2k> it doesnt let me do that
<stiv2k> i say su - ircd and im still root
<stiv2k> root@rickb:/etc/apache2# su - ircd
<stiv2k> root@rickb:/etc/apache2#
<ivoks> su ircd
<stiv2k> same
<ivoks> what chell does ircd have?
<stiv2k> no shell
<stiv2k> /bin/false
<ivoks> then su -s /bin/bash ircd
<stiv2k> cool
<ivoks> and, does it work?
<stiv2k> bash: /home/ircd/Unreal3.2.7/ircdchk: No such file or directory
<stiv2k> oops
<stiv2k> wrong dir
<stiv2k> /home/ircd/Unreal3.2.7/ircdcron/ircdchk: line 47: /home/ircd/irc.rickb.net/src/ircd: Permission denied
<stiv2k> hmmm
<ivoks> there you go
<stiv2k> ah
<stiv2k> the ircd binary is owned by root (wtf)
<Nafallo> kirkland: would /usr/share/screen-profiles/bin/updates-available make sense to run every 10-15 minutes rather than each hour? :-)
<Nafallo> maybe even 5-10 minutes ;-)
<kevinbrewster> Question: I have a server with apache2+ssl requiring a RCA pass phrase on start up. When I restart server, it hangs waiting for me to enter passphrase. Once I ssh to the server is there a way to bring that process to the "foreground" (so to speak) so I can enter in the passphrase?
<Nafallo> kirkland: especially if reboot-required is that often :-)
<ivoks> kevinbrewster: openssl rsa < key > new_key
<ivoks> kevinbrewster: (that's: don't ask password at all)
<ivoks> take care... battery low
<kevinbrewster> Yes, I'd rather not disable the password though. Just want a way to enter it in on restart through ssh
<hads> Only thing I can think of is some sort of hack to start it in screen
<uvirtbot`> New bug: #317542 in openvpn (universe) "Error in sysv script (dup-of: 271777)" [Undecided,Confirmed] https://launchpad.net/bugs/317542
<Nafallo> kirkland: how about using Malone to translate screen-profiles? ;-)
<MatBoy> starnge question maybe, but is ubuntu better on iscsi than debian ?
<uvirtbot`> New bug: #315507 in php-suhosin (universe) "Unable to remove Suhosin patch" [Undecided,Incomplete] https://launchpad.net/bugs/315507
<uvirtbot`> New bug: #316441 in php5 (main) "PHP session garbage collection" [Undecided,Incomplete] https://launchpad.net/bugs/316441
<kirkland> Nafallo: right, I agree on making updates-available more frequent, now that it's using caching
<kirkland> Nafallo: before, it would run the whole calculation every time
<Nafallo> kirkland: haha. nice :-)
<kirkland> Nafallo: that's an expensive operation, and i didn't want to run it more than every how
<kirkland> Nafallo: but now, with the caching, i'll make it happen more frequently
<Nafallo> awesome :-)
<Nafallo> kirkland: will we have translations somewhere in Malone as well? I wouldn't mind making it Swedish even though I don't use the language myself anymore ;-)
<kirkland> Nafallo: sure...  do you know how to set that up?
 * kirkland doesn't
<kirkland> but i'm happy to have it translated
<Nafallo> kirkland: hmm. never done it myself :-)
<kirkland> Nafallo: well, if you can help me figure that out, i'd love to get it using LP translations ;-)
<kirkland> Nafallo: i've checked the box in LP :-)
<kirkland> Nafallo: so there's a tab at https://edge.launchpad.net/screen-profiles
<Nafallo> kirkland: awesome :-)
<kirkland> Nafallo: hmm, i have checked the box, but it doesn't think so ....
<kirkland> https://translations.edge.launchpad.net/screen-profiles
<kirkland> Nafallo: okay, cache changes commited, pushed
 * Nafallo updates trunk locally :-)
<kirkland> Nafallo: okay, i uploaded the .pot and .po files
<kirkland> Nafallo: now, we're waiting on LP human review
<Nafallo> hmm. bzr says I'm up to date. probably will have to wait a bit ;-)
<kirkland> Nafallo: you need revision 59
<Nafallo> yea. bzr update is probably not the same as bzr pull ;-)
<Nafallo> worked now
<Deeps> kirkland: on screen -r, does it refresh the updates count if the cache is > 60mins old?
<kirkland> Deeps: not sure ... test it out and let me know
<Deeps> lol
<Deeps> kirkland: i think it does, last time i tried to reattach to my screen it was painfully slow
<Deeps> 5-7 seconds to get the session back, on a 750mhz p3
<kirkland> Deeps: i'm surprised by that ....
<Deeps> we're well past 10  seconds now
<Deeps> and it's back
<kirkland> Deeps: that doesn't seem right
<Deeps> admittedly, the 15min load avg is 1.76
<Deeps> due to the abismal cifs stack
<Deeps> i should look for and/or file a bug about that
<GreenCult> hi all
<GreenCult> someone here have to install ubuntu on raid sata server?
<stiv2k> hey
<stiv2k> is this supposed to happen?
<stiv2k> /dev/sdb3 on /root/test type ext3 (rw)
<stiv2k> /dev/sda3 on /root/test type ext3 (rw)
<stiv2k> i can't unmount this now
<oly562> hello
<oly562> I believe Im slowly but surely killing my server here. can someone take a look at my pastebin, its the synaptic errors listed using the gui. trying to fix up deps and errors, seem to be making it worse. thanks!  http://www.internetworkpro.org/pastebin/919/
<oly562> brb going for a smoke
<MatBoy> I can't ping or traceroute any host with good settings, hard set, but using dhcp everything works :S
<MatBoy> I had this twice already
<maw_> MatBoy: when you use a static IP are you sure your gateway is the correct IP?
<MatBoy> maw_: 200% sure
<maw_> can you  1) ping your loopback address 2) ping your adapter address 3) ping your gateway?
<MatBoy> btw, what weird is when I try to use another gateway, one subnet lower, eth0 can't be started
<maw_> and finally 4) ping something outside the gateway
<MatBoy> maw_: can't ping my gatway :S
<MatBoy> but everything localhost I can
<maw_> what is your IP and subnet?
<MatBoy> 192.168.11.x and 255.255.255.0
<maw_> is the gateway 192.168.11.1/24 ?
<maw_>  /24 = 255.255.255.0
<MatBoy> maw_: nope, 11.254
<maw_> that should be fine as .254 is the upper limit address in /24
<maw_> run netstat -rn and show us the output
<MatBoy> yep, I use it onother hosts too
<Gargoyle> What's a good program for monitoring server cpu and mem usage over time, so I could get a weekly or monthly summary?
<maw_> cacti
<Gargoyle> sweet.
 * Gargoyle give maw_ a cookie
<_Cid> thats RDD based, right?
<maw_> yes
<maw_> RRD
<maw_> round robin database
<_Cid> oh, just looked it up cacti is a web interface to RDD ...thats nifty that is
<maw_> MatBoy: what is the output of "netstat -rn"
<Ward1983> thanx for suggesting kvm earlyer
<Ward1983> its total crap
<MatBoy> maw_: routes are OK as on other hosts
<maw_> yes cacti is great, but make sure you don't expose it to the internet. It is known for having security vulnerabilities
<_Cid> guess not a priority :)
<maw_> ya
<maw_> but it captures data well
<maw_> and you can write your own scripts to capture data as well
<maw_> it is very robust
<Deeps> munin's another useful tool in this situation
<maw_> MatBoy: can I please see the output?
<maw_> there are a lot of snmp based monitoring/performance capture programs out there
<maw_> I just like Cacti as it doesn't require an agent on every machine
<MatBoy> maw_: itÅ OK, I have checked it
<MatBoy> a have a default route for 0.0.0.0 and 192.168.11.0 uses *
<MatBoy> and 0.0.0.0 uses my gateway
<maw_> wait... if it says 0.0.0.0 and 192.168.11.0 then that is wrong
<maw_> it should be 0.0.0.0 192.168.11.254
<maw_> but even so... apparently your gateway is on the same subnet so it should respond to ping
<maw_> you need to dump your ifconfig and routing details for more help
<MatBoy> yes it says that
<MatBoy> and 192.168.11.0 uses gateway 0.0.0.0
<MatBoy> that is normal
<MatBoy> really weird
<MatBoy> ah I think I already know
 * Gargoyle loves linux tools... cacti up and running already!
<MatBoy> maw_: stays weird
<MatBoy> aaah !!!!
<Jeeves_> cacti is nice, for small and easy setups
<Gargoyle> doesn't seem to want to show me a network graph... I'll read the docs tomorrow
<MatBoy> weird this, I can't ping my gateway but can ping other hosts that can ping the gateway :S
<Gargoyle> MatBoy: You messed up your subnet?
<MatBoy> Gargoyle: nope, I can ping other hosts in the subnet
<MatBoy> I have the idea that it's a ubuntu-server issue with static ip's
<usta> i did a big wrong, now using ubuntu server 8.04 but i changed my chmod settings. i did chmod -R 644 / and my system now not starting, can anyone help me pls. Thanks a lot
<Gargoyle> MatBoy: I have run ubuntu servers on static IP's for years
<Gargoyle> usta: You would probably have to re-install the system!
<Gargoyle> usta: I mean, you could probably reset the permissions by hand, I don't know if there is an automated method?
<Gargoyle> MatBoy: Your gateway should be like any other host. If you can ping other hosts, then you should be able to ping the gateway.
<MatBoy> Gargoyle: yes, but I have updated my box now using dhcp, itÅ rebooting now
<MatBoy> with static IP again
<MatBoy> there was an issue in iproute I thought
<MatBoy> I have had this before 2 days ago with a new install
<usta> Gargoyle, i have a lot of domain on my system
<MatBoy> damn
<simplexio> i have static ip configured and work like it should be
<MatBoy> Gargoyle: just can't ping my gateway :S
<Gargoyle> MatBoy: Pastebin the ip settings if your node and the gateway. (I assume they are all in the same switch?)
<MatBoy> Gargoyle: aha, that IP can't ping the gatway
<MatBoy> weird !
<MatBoy> set another IP and everyting is fine
<MatBoy> but I want that IP :P
<simplexio> my best quess is user error :) i have done it many times, looking fifth time into subnet mask and then notice that it's actually wrong
<simplexio> MatBoy: ip mask and gateway ip ?
<Gargoyle> MatBoy: Which two IP's and subnet?
<MatBoy> I used 192.168.11.250
<MatBoy> it worked before
<MatBoy> nowhere used
<simplexio> mask /24 ? and gateway ip ?
<MatBoy> rebooting my esxi machine to see if it was still in that switch maybe
<MatBoy> simplexio: yep and gatway ip .254
<MatBoy> I use it in a lot of places like that
<simplexio> well it should work..
<MatBoy> indeed
<simplexio> and i think there should be something in dmesg if there is another machine with same ip
<MatBoy> I have the idea that ESXi hold it somewhere in the lun
<MatBoy> the iscsi_mod was loading weird too
<usta> i did a big wrong, now using ubuntu server 8.04 but i changed my chmod settings. i did chmod -R 644 / and my system now not starting, can anyone help me pls. Thanks a lot
<simplexio> usta: reinstall, its fastest that way
<jmedina> really bad :S
<MatBoy> mhh
<MatBoy> maybe the router is messed up
<usta> simplexio, i have data and working webserver
<maw_> usta: have you tried to boot into fail safe mode?
<simplexio> usta: well.. backup data, and reinstall. you can boot into into in signle user mode
<usta> i tried maw_
<simplexio> usta: aka add single into bootline in grub
<MatBoy> ok, router had a issue with the IP :D
<simplexio> usta: if singe user mode dosnÃ¤t work then use livecd to rescue data
<usta> simplexio, thanks i will try now
<maw_> usta: this is a good example why partitioning using FHS is quite benficial ... you could probably just reinstall without losing any data
<simplexio> FHS ?
<Deeps> filesystem hierarchy standard
<maw_> http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
<simplexio> indeed..
<simplexio> allready open
<maw_> heh
<simplexio> google is fast :)
<maw_> /etc /home /var /usr /tmp ...are the important ones. If you standardise your deployments then you can add a new partition to every system that will always include your data... maybe a /data *shrug*.
<simplexio> ability to easily move home directory own harddisk was one main reason why i use linux in my main desktop nowdays
<maw_> irc truncated my first / :|
<usta> how can i start ubuntu server safe mod?
<maw_> if you have grub, I think it is F2
<maw_> spam it when the server is starting... right after POST
<simplexio> on my computer i just press anykey until i can choose kernel and boot options
<simplexio> has anyone come with good disk layout for postgresql server. i mean disk layout for laxy ppl so i can use normal tablespaces ?
<uvirtbot`> New bug: #317667 in apache2 (main) "Please sync apache2 2.2.11-1 (main) from Debian unstable (main)." [Wishlist,New] https://launchpad.net/bugs/317667
<Furabolos> Anyone alive?
<usta> yep
 * genii makes a fresh batch of coffee
<Furabolos> I suppose no one is using vmbuilder with a FS different from ext3, right?
<Furabolos> Gawd, this channel needs some heavy caffeine injection
 * genii hands Furabolos a large coffee in a shiny new Ubuntu mug
<Furabolos> Hey, thanks
<Furabolos> May I ask a bit of milk?
 * genii pours a bit of milk in the coffee
 * owh notes that most coffee roasts these days expect a little sugar - to be used like a condiment - think: adding pepper or salt.
<oly562> k im back
<oly562> I believe Im slowly but surely killing my server here. can someone take a look at my pastebin, its the synaptic errors listed using the gui. trying to fix up deps and errors, seem to be making it worse. thanks!  http://www.internetworkpro.org/pastebin/919/
<oly562> any takers. im pretty nix savoy, i could really use some help on this, i made the switch to ubuntu a month ago
<owh> oly562: The real question is "What did you do before these errors?"
<hads> You will get more help with CLI tools in this channel.
<oly562> its really hard to say
<oly562> i been adding software, with apt-get install
<oly562> thats about it
<oly562> im a cli kinda guy
<oly562> fire away... what do you need to know, so forth. i can follow well
<oly562> looks like a lot of deps
<owh> oly562: There are logs in /var/log/apt*, you'll also have cli logs if you execute `history`
<Deeps> what was the last thing you tried to install before it all went pear shaped?
<oly562> so my first quesiton is, by doing apt-get -f install whatever  seems to not be fixing the missing lol
<oly562> Deeps: ok, well i was installing xaos
<hads> Bug 316013
<uvirtbot`> Launchpad bug 316013 in util-linux "apt-get dist-upgrade failed - architecture (i486-linux-gnu-thread-multi-2.6.15.7) does not match executable architecture (i486-linux-gnu-thread-multi-2.6.24-14-server)" [Undecided,New] https://launchpad.net/bugs/316013
<oly562> i just signed up for a launchpad account, since M4 popped us as a Crash incident.
<xp_prg> hi all, I need help configuring apache2 to allow my perl and python cgi's to play together, anyone good at that?  http://pastebin.com/d4751a09d
<oly562> i was trying to also install alien but these errors existed prior, this just reminded me i had an issue
<oly562> i was trying to make and rpm into a .dep. well i started too, then i saw all the errors again from previous synaptic installs
<oly562> i cant even remove programs now
<oly562> nor add them with out these errors coming up. i will seperate pastebin them, they are the core progs with issues, like gettext, po-something, and um debhelper
<oly562> yadd
<oly562> yadda, brb
<oly562> im a vi guy, and i tried installing emacs to see what it would do, same thing, just added to the list of progs with errors
<oly562> http://www.internetworkpro.org/pastebin/923/
<owh> oly562: Did you see the work-arounds in that bug report?
<oly562> oh not yet, let me check that out, thanks
<oly562> i wasnt doing a dist-upgrade so i past that one lol
<oly562> im not using kernel-server
<oly562> by the way
<oly562> Linux pluto 2.6.24-19-generic #1
<oly562> i think the question i was also going to ask was... when it says..... Package whatever is not configured yet
<oly562> what that means
<oly562> and dependency problems - leaving unconfigured
<oly562> all over that pastebin prior
<oly562> i tried reinstalling things, so forth, same errors
<oly562> i see that apt-get is like yum is like rpm, they all have issues with deps when trying to remove/add
#ubuntu-server 2009-01-16
<oly562> lol
<oly562> none is better than the other
<owh> oly562: No, the problem is that you continued after an error happened.
<owh> oly562: You noticed that there was more than one work-around?
<oly562> not really owh
<oly562> no. i havent
<hads> dpkg works
<oly562> i noticed there are errors also with cpan and perl
<oly562> cant even launch cpan now
<oly562> wierd, when trying to load alien it synap pointed to cdrom when usually it goes to universe or main
<oly562> still getting used to sources with ubuntu and synap
<oly562> by the way, xaos runs fine. its just that now i cant load new progs w/o errors, let along kernel upgrades
<oly562> when its time to that is
<oly562> owh:  what did you see as other workround?
<oly562> thanks
<hads> Mixing packages, rpms, cpan etc. is a good way to break things
<oly562> you referring to Errno.pm?
<oly562> yah agrees
<oly562> i was going to take rpm with alien and convert adobereader.rpm to .deb, since thier site consistantly doesnt let us download the .deb
<oly562> i knew i should have used a zigzag
<oly562> shrugs
<oly562> so people, if this was your box, with the pastebins i gave out, what you would do first? thanks "_
<oly562> :)
<oly562> if you dont know, thats ok, ill figure it out eventually, just thought i would give you guys a shot
<owh> oly562: I'd fix the thing that broke first.
<hads> Remove the stuff you installed that isn't from official repositories.
<MatBoy> wow, I have a ubuntu iscsi target on a celeron D laptop with a 250GB sata drive attached using a conceptronic sata=> usb controller :P
<MatBoy> how fun
<usta> Jan 16 02:52:05 mail postfix/postdrop[6399]: warning: mail_queue_enter: create file maildrop/765735.6399: Permission denied
<usta> can anyone help me how can i solve ?
<MianoSM> usta: change the permissions
<oly562> im back
<oly562> hads: what do you mean, offical
<oly562> how will i be able to tell the difference betw universe and 3rd party
<oly562> whats the path , ill have a look
<oly562>  /var/lib/dpkg/info?
<xp_prg> anyone good at httpd.conf config on apache2 here?
<oly562> yep xp_prg but i have my own issue at present
<hads> I mean; Mixing offcial packages, randomly converting rpms, using cpan etc. is a good way to break things
<hads> Stick to the official repositories if you don't want to break things.
<oly562> i never mixed packages
<oly562> i did nothing randomly
<oly562> cpan was required by other programs
<oly562> but i do agree, it will break things
<oly562> also, offical packages didnt support my vid card
<oly562> nor my wireless card
<oly562> nor my sound devices
<hads> I thought this was a server?
<oly562> no linux has it all "offically"
<oly562> dont be a dork hads. im not new to nix k. there is no difference between a server and desktop in linux
<oly562> maybe to you, but not to me
<hads> *shrug*
<oly562> linux is linux period
<oly562> its 3% of any distro
<oly562> where everything is put and packages is all gnu to me
<oly562> like i said, yum, rpm, dpkg, whatever, it all breaks at some point
<oly562> i didnt break things, the package managers do
<oly562> cpan doesnt break things, the programs that call on them do
<oly562> good grief
<oly562> server/desktop doesnt matter, you should know that
<owh> oly562: We try very hard not to make apt break *ever*. If you can break it, only using apt, then you have found a bug.
<oly562> thats that happened then, and typically that is always the case for me
<oly562> like i said, im new to ubuntu and how it reports things, so forth
<oly562> i been using apt-get the whole time, and still this happend. i know to use the "preferred" method per distro and flavor
<oly562> still happend. so im here to try and figure it out
<oly562> get some clues
<oly562> i guess synap doesnt report enough information to figure out whats going on, right off the bat, rather, as usual, ill have to dig and dig, deep into the scripts and see whats going on, deal with the set -e stuff, see where ubuntu puts everything. i like it so far, but these problem is pissing me off.
<oly562> yet again, i see no real reason to switch from distro to distro for just a few things, rather i should stick with what i know, and as for apt, its not that special. i actually prefer yum to it. maybe i was just used to it, but there really isnt much difference
<oly562> yet another package manager lol
<oly562> where are things stored on here
<oly562> like info
<oly562>  /var/lib...../info
<oly562> thats a good directory to look in
<oly562> postinst, and .prerm
<oly562> so forth
<oly562> these are what i mean by clues, this is what i mean, where you all look at first....
<oly562> where does ldconfig fit in here
<oly562> what the heck does this mean in var/log/message
<oly562> Jan 15 15:51:14 pluto -- MARK --
<oly562> Jan 15 16:11:14 pluto -- MARK --
<oly562> Jan 15 16:31:14 pluto -- MARK --
<oly562> Jan 15 16:51:14 pluto -- MARK --
<oly562> Jan 15 17:11:14 pluto -- MARK --
<oly562> i just found /var/log/crash, looks interesting
<jmarsden|work> oly562: man syslog and see the -m option
<jmarsden|work> s/syslog/syslogd/
<oly562> k
<oly562> no man syslog
<jmarsden|work> s/syslog/syslogd/
<oly562> sudo man?
<oly562> nope
<jmarsden|work> man syslogd
<oly562> aw... thats what i though
<oly562> thanks
<oly562> ic. thanks
<jmarsden|work> np
<oly562> i never seen something like that b4 in messages
<oly562> i like these little .crash files. nifty
<oly562> has all the progs i was referring to
<oly562> that errored out
<oly562> is Package: xaos 3.2-7ubuntu1 an "offical" package?
<oly562> yesh.... Log started: 2009-01-05  10:54:50 long time ago
<oly562> bunch of previous "deselected" libs
<oly562> i had thoughts about loading this file when it asked for them... dammm   gstreamer0.10-plugins-bad
<oly562> interesting...... check this line out
<oly562>  Errno architecture (i486-linux-gnu-thread-multi-2.6.15.7) does not match executable architecture (i486-linux-gnu-thread-multi-2.6.24-14-server) at /usr/local/share/perl/5.8.8/Errno.pm line 11.
<oly562>  Compilation failed in require at /usr/sbin/install-info line 304
<oly562> i saw that each time
<oly562> in synaptic
<oly562> hmm... interesting, points to a lock file
<oly562>  300 if (!$nowrite && !link($dirfile, "$dirfile.lock")) {
<oly562>     301     printf( STDERR _g("%s: failed to lock dir for editing! %s")."\n",
<oly562>     302             $name, $! );
<oly562>     303     printf( STDERR _g("try deleting %s?")."\n", "$dirfile.lock")
<oly562>     304         if $!{EEXIST};
<oly562>     305     exit 1;
<oly562> unless im reading that wrong
<Deeps> someone posted bug 316013 earlier, did you see that?
<uvirtbot`> Launchpad bug 316013 in util-linux "apt-get dist-upgrade failed - architecture (i486-linux-gnu-thread-multi-2.6.15.7) does not match executable architecture (i486-linux-gnu-thread-multi-2.6.24-14-server)" [Undecided,New] https://launchpad.net/bugs/316013
<oly562> i been doing everything as sudo
<oly562> i looked at that bug, i dont see it.. any clues?
<jmarsden|work> oly562: rmadison -s hardy xaos # suggests that xaos 3.2-7ubuntu1 is indeed official.
<oly562> k
<Deeps> did you read the comments? there are several workarounds listed that may work
<oly562> Deeps: i saw it
<Deeps> well, where 'several' is 2
<oly562> and why dont you say what i should do, as im not good at reading about bugs
<oly562> i dont see the link there
<oly562> im using Generic kernel
<oly562> if you just popped in a search for Errno.pm yadda, it points to a lock file, and i commented earlier if i should do that. i dont see how that will have any effect
<oly562> or error status 9
<owh> oly562: What if you actually do what the work-around suggests?
<oly562> which is.... modify the errno.pm
<oly562> ?
<jmarsden|work> No, it is to get the Errno.pm from under /usr/local/share out the way so Perl uses the real one.
<oly562> ic
<Deeps> with a link that explains to an article that explains why you should do the move, and what you did to cause the problem in the first place
<oly562> i dont see what i did in the first place... sighs
<oly562> you think i did a an upgrade attempt?
<jmarsden|work> Read the bug report, and then read http://www.debian-administration.org/users/simonw/weblog/201 which it links to...
<Deeps> http://www.debian-administration.org/users/simonw/weblog/201 is linked from the bug report, incase you missed it
<hads> That article has some familiar advice.
<oly562> Deeps: thanks
<oly562> yah, i havent worked with bugs that much, prolly time i dove into those things
<Deeps> oly562: i guess you haven't used forums much either then
<Deeps> oly562: or mailing lists i guess
<oly562> nope
<oly562> not at all
<hads> Or reading.
<Deeps> oly562: have you used the internet before now?
<oly562> i learned it all by myself
<oly562> Deeps: go play with some one who is clueless, at least i admited something. cant say that for most people
<owh> oly562: We generally cannot (or will not) fix problems you are having. We can guide you to fixing your own problems. If you come across a specific actual bug, then you can lodge the bug-report and if we can reproduce it, we can attempt to fix them. #ubuntu-server isn't your personal helpdesk - most here are volunteers.
<Deeps> oly562: i'm doing precisely that, and realised i shouldn't. gl, nn.
<oly562> owh: right
<oly562> like i need to hear all that
<oly562> i bet you think its your personal helpdesk
<oly562> please, dont anyone be all double standard with me, i can easily prove this
<oly562> save that shyt for the noobs
<oly562> ill be reading the links. thanks, but no thanks for the rest of the crap you just said
<owh> oly562: This is a PG channel and you are waaaay out of line IMHO.
<hads> Seconded
<hads> http://www.ubuntu.com/community/conduct
<oly562> both of your opinions are meaningless to me, as you are attacking me. put yourself in my shoes. you wouldnt just sit idle. again, double standard
<oly562> matter of fact, dont comment to me again, you points have been noted
<oly562> i dont need "your kinda of help"
<owh> Is there an "elegant" way to put PHP libraries into a central location, or am I just going to have to chuck them all in /usr/share/php/*
<oly562> does anyone ELSE know how to remove cpan that was installed by perl?
 * owh points out that the libraries are *not* packaged - yuk - but you get that :)
<oly562> welp, i fixed my issue. good grief. that was easy. all my packages that had issues works now. welp, im out, Njoy
<hads> You're welcome
<owh> hads: Huh? - Oh you're replying to someone I put on /ignore :)
<hads> owh: heh good idea, he's gone now.
<owh> More bile?
<peepsalot> my server is really screwed up and I don't know why.  i get a segfault when i run sudo
<peepsalot> i was editing cups config using the web admin pages, and then it stopped serving up the pages.  i tried to restart cups, and segfault, i tried to update repo and segfault... i don't know what is going on
<peepsalot> i guess i shoulda used LTS
<peepsalot> anyone alive in here?
<peepsalot> would you guys recommend LTS server instead of 8.10?
<hads> I would, you shouldn't get segfaults on either though.
<peepsalot> i found this issue: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/278617
<uvirtbot`> Launchpad bug 278617 in samba "login crashed with SIGSEGV in dump_core() (dup-of: 260687)" [Undecided,New]
<uvirtbot`> Launchpad bug 260687 in samba "Purging samba breaks login (pam_smbpass.so segfaults)" [High,Fix released]
<peepsalot> i think it's related
<hads> Sounds like it.
<hads> Do you have libpam-smbpass installed?
<peepsalot> yes
<hads> Are you at the console or remote? Sounds like you need to fix from single user mode.
<peepsalot> well the server is in the same room as me, but it's currently headless, and I'm logging in remotely.  i guess I gotta attach a monitor again
<hads> Follow the advice in that bug report (bug 260687) and you should be right
<uvirtbot`> Launchpad bug 260687 in samba "Purging samba breaks login (pam_smbpass.so segfaults)" [High,Fix released] https://launchpad.net/bugs/260687
<peepsalot> i hope this sort of thing is not going to be a common occurance, this server has not even been up a week, and this is the second day I've had a chance to touch it.
<peepsalot> and it's totally unusable
<hads> Shouldn't be.
<peepsalot> goddamnit it was working, and I go to admin cups and it's broken again
<peepsalot> this is the most ridiculous crap i've ever seen
<peepsalot> as soon as I add a printer everything breaks
<peepsalot> actually, as soon as I do anything that involves entering my password through the cups web interface.
<peeps[ur]> t
<peepsalot> hads, do you know if this bug affects only 810?
<peepsalot> 8.10
<peepsalot> or am I going to have the same nightmare after i spend another couple hours downgrading OS versions
<peeps[ur]> agh i keep losing connection
<peepsalot> i don't know what I should do, my server is unusable
<uvirtbot`> New bug: #317740 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.30-2ubuntu3 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/317740
<owh> peepsalot: Did you read the comments and the work-around in the bug that hads showed you>
<peepsalot> owh, yes I did the workaround at the end of that bug, and then as soon as I used cups webadmin again, the bug came back
<peepsalot> i guess i don't need that package though, so I left it uninstalled this time, and I guess it's ok for now
<peepsalot> i'm not entirely clear what that package is for
<owh> peepsalot: Uhm, cups web-admin doesn't install new authentication stuff after it has been installed that I know of. Are you talking about having done this: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/278617/comments/2
<uvirtbot`> Launchpad bug 278617 in samba "login crashed with SIGSEGV in dump_core() (dup-of: 260687)" [Undecided,New]
<uvirtbot`> Launchpad bug 260687 in samba "Purging samba breaks login (pam_smbpass.so segfaults)" [High,Fix released]
<owh> peepsalot: The action in comment # 2.
<peepsalot> no i did this: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/260687/comments/21
<owh> So, did that fix it?
 * owh has to leave. Later all.
<peepsalot> does ubuntu server automount usb drives?
<_Cid> peepsalot:  didnt for me
<_Cid> peepsalot:  well..define auto mount I guess ....I had to configure it once, now it looks for it
<peepsalot> on ubuntu desktop it automatically puts a directory in /media and mounts to it.  does not appear to happen in ubuntu server
<MianoSM1> .
<kirkland> nijaba: do you think you could add another entry to screen-profiles-helper, that would add/remove a line to the user's ~/.screenrc, that would set the escape sequence?
<kirkland> nijaba: let them enter one character, and do it for them?
<uvirtbot`> New bug: #301954 in amavisd-new (universe) "/var/log/mail.log spammed with amavis error messages" [Undecided,New] https://launchpad.net/bugs/301954
<zsolty_>  Hello, I have a problem with Remote Desktop. From Windows I can't connect to my Ubuntu box. In windows I am using realvnc. Can somebody guide me in the right direction? :)
<kraut> moin
<PC_Nerd> Hi,  Im about to purchase a server to run 8.10 on, and wanted an opinion if its better to have 1x2GB ram or 4x512 which is more expensive?
<ikonia> PC_Nerd: that sounds like home PC
<ikonia> PC_Nerd: that's also a hardware question which I suggest you take to #hardware as it will depend on your motherboard
<PC_Nerd> ah ok. thanks ( itll be from dell, and they dont have the greatest explanations on hardware for servers)  Ill ask in #hardware
<ikonia> PC_Nerd: why not pickup the phone and talk to dell
<ikonia> PC_Nerd: they support their own hardware quite well, especially on the server platform
<PC_Nerd> Yup ill do that - wanted an "ubuntu" related opinion first, since the person I was talking to was "distribution? we do offer linux (foudn out it was RH enterprise)
<temudjin_> ...hi guys
<ikonia> PC_Nerd: ubuntu opinion doesn't matter as it's hardware specific
<PC_Nerd> Ok, understood.  I'm not exactly a hardware person, so I thought that maybe in terms of ubuntu server being built for server use, that an optimised hardware might make a lot of difference.... but aparently not ;)
<PC_Nerd> The other thing, is if I boot from a USB, cna I format that USB drive back for normal disc usage ( moving files etc?)
<frippz> I'm going to create a VM with JeOS 8.10 that will only run a proftpd server. would 256MB RAM suffice?
<sommer> frippz: I'd think so
<frippz> sommer: great thanks
<Deeps> depends on the type of operations happening on your ftp server
<frippz> very few users
<Scix> how can i get DHPC3-SERVER to randomly assing a hostname?
<frippz> in the time we've had a dedicated machine, there's only been two concurrent users logged on :D
<Deeps> can probably get away with even less then
<frippz> hmm, now that I think about it. it will be running samba as well
<Deeps> it's useful to have lots of ram if you have say 30 users all downloading the same batch of files simultaneously - keeps the files in memory instead of reading from the disk
<frippz> ah
<frippz> I might be running webmin off it as well to allow other users in the office add customer accounts
<frippz> but it will still be very rarely used
<uvirtbot`> New bug: #317734 in mysql-dfsg-5.0 "mysql initscript fails" [Undecided,New] https://launchpad.net/bugs/317734
<heath|work> how can I list mounted devices by their UUID?
<Scix> is there a way get DHCP3-SERVER to automaticly apply a hostname for a computer if nostname is not set
<Scix> using preseeding over ethernet, and has to get the system to work totaly of-hands
<Scix> thinking of a automaticaly randomly generatet hostname
<Scix> this whay i dont have to make 200 hostgroups in dhcpd.conf
<apachelogger> zul: pling... do you mind if I change mysql-5.1's rules to use cmake instead of autotools? if not:: does it have any known disadvantages?
<zul> why do you want to change it?
<apachelogger> zul: because cmake got better structure, is faster and is just fun to work with
<apachelogger> + it got progress indication ;-)
<zul> I do mind actually since either mathiaz or I would be doing the merge but if you want you can submit a patch to debian and see what they have to say about it
<apachelogger> sensible
<Scix> how can i generate a incremental string
<Scix> I must have something who can genrate a unique string for option host-name in dhcpd.conf
<Scix> and binary2ascii fails
<frippz> damn it! a kvm xml-file got "accidentally" overwritten. is there anyway to generate a new one based on the machine runnning?
<sommer> frippz: not sure, but you might look into virsh define
<Nafallo> dumpxml even
<sommer> frippz: on second thought, that's probably not going to work
<Nafallo> frippz: virsh dumpxml <hostname>
<sommer> frippz: if the vm is still running you could probably copy the xml file from another vm and update the mac address from the running one
<sommer> frippz: and any paths to the image file, etc
<sommer> or dumpxml :-)
<frippz> Nafallo: you're a damn genius! :D
<frippz> I was looking in that list, but never saw dumpxml
<frippz> thanks a million
<Nafallo> nw, but I really wasn't the one implementing dumpxml. credits not due in my direction :-)
<frippz> well, you're a damn genius for pointing me in the right direction when my brain farted out :D
<Nafallo> hehe. fair enough :-)
<frippz> and now to find out why the damn xml-file got written over in the first place. I need an after work beer :)
<frippz> yup, forgot to change hostname in the cfg... god, I need to leave the office
<MatBoy> how is gfs supported on ubuntu ?
* You're now known as ubuntulog
<MadChopr> i have a mobo with two ethernet ports, one should connect to the outside world (like it's doing currently) and the other should never talk t the outside world at all nor should the outside world talk to it.  is this possible?
<Deeps> yep
<MadChopr> and how would i set thiis up; currently one ethernet port is set to dhcp, and i'd like the other one to be static (10.0.0.10 or something)
<MadChopr> Deeps: can you give me a quick run down on how i'd do this?
<Deeps> lets start with the interfaces file
<MadChopr> /etc/if ?or somehing
<Deeps> open /etc/network/interfaces in your favourite text editor (nano, pico, vim, gvim, emacs, whatever)
<MadChopr> ah okay
<MadChopr> open
<Deeps> pastebin what you see
<Deeps> paste.ubuntu.com
<MadChopr> rad, 2secs
<MadChopr> http://paste.ubuntu.com/105644/
<MadChopr> the bridge is for my virtual machines
<Deeps> ah ok
<MadChopr> i want some virtual machines on the internal ethernet and some on the extgernal
<MadChopr> but i'll deal with those later
<Deeps> currently they're on internal or external?
<Deeps> external i guess based on what you've said earlier?
<MadChopr> the second ethernet port isn't configured at all from what i can tell.. and the primary one is currently on the internet (which is fine)
<Deeps> ok
<Deeps> presumably your second interface is eth1, you can confirm this with ifconfig -a | grep Ethernet
<MadChopr> 2secs
<MadChopr> looks like it, i can paste what the output is if you like.
<MadChopr> er,, i mean it looks like eth1 is the second interface
<Deeps> http://paste.ubuntu.com/105645/
<_ruben> ok .. this is weird .. my usenet downlaoads slowed to a crawl and when looking with tcpdump i see all packets are ~100 bytes and a tcp win of  50-150
<MadChopr> no gateway needed, small network.. 8 computers..
<MadChopr> Deeps: pasted that all into my /etc/network/interfaces file
<MadChopr> how do i restart network?  like... xinetd ihup or osmething?
<Deeps> you can simply ifup eth1
<MadChopr> rockin'
<MadChopr> how do i get it so that there is not possible for one to talk to the other.. i don't want any pesky hasks0rs on my computers
<Deeps> iptables
<Deeps> or ufw
<Deeps> ufw may be better
<Deeps> !ufw | MadChopr
<ubottu> Sorry, I don't know anything about ufw
<MadChopr> yea, i been using this ufw thing
<Deeps> block input from your lan ip range on eth0, block input from anything but your lan ip range on eth1
<MadChopr> awesome that makes sense, i don't know why my brain couldn't conceive of that on it's own.
<MadChopr> so if i got peoples socials and credit cards n the other side.... i should be alright as long as i keep the system updated, correct?
<Deeps> well you shouldn't keep any of that in plain text
<Deeps> as there's always the risk that your internet facing machine can get compromised
<Deeps> then leading the way into your lan
<MadChopr> gotcha
<Deeps> never store sensitive data in plain text
<Deeps> the iptables stuff simply reduces the risk of ip spoofing based attacks
<Deeps> i.e. someone on the internet attempting to spoof their ip to appear in your lan ip range to bypass any potential firewalling
<Deeps> ideally, you'd store this data on a machine that has no direct route to the internet
<genii> ssh hopscotch in or so
<Deeps> better would be offline entirely, but thats a bit impractical
<Deeps> indeed
<MadChopr> Deeps: i see i see... interesting
<MadChopr> ssh hopscotch... like reverse forwarding or somesuch?
<Deeps> as in, if you need to access the system from remote
<Deeps> ssh into another machine that is internet facing
<Deeps> and then from there access the target system with your socials and cc's
<Deeps> via ssh or however
<MadChopr> Deeps: the machines are all offline right now -- i don't want them to have access online, or have online to access them.... i was hoping the ufw would handle my worries.  i'm not sure the data is in plaintext, nor am i sure if it's encrypted at all... we run peachtree accounting
<Deeps> the harder it is for you to access the machine, the harder it is for someone else to find their way in
<MadChopr> okay, i think you what you said makes sense.
<Deeps> by 'offline' i mean completely detached from any network
<Deeps> by 'no direct route to the internet', i mean you cant access the internet at all from it, nor can anyone on the internet connect to the machine
<MadChopr> yea, that's how they are now.... (well they are networked together, but not connected to the internet physically... i wuold like change that to make back-ups easier.
<jdstrand> doing 'ufw enable' will deny incoming connections. it does not do egress filtering atm (but it's easily added to /etc/ufw/*.rules (see the NOTES section in the ufw man page)
<Deeps> instead having an intermediary machine that is connected to both the sensitive machines and the internet, and doing the work from there
<Deeps> ofc if that's all fully scripted and automated, then you're still at risk if the intermediary gets compromised
<MadChopr> Deeps: .. understand... maybe something like that demilitarized zone i've read about?
<Deeps> alternatively, have a proxy server running on the intermediary that the lan machines can connect through for internet access
<Deeps> no, DMZ means all inbound ports allowed to that ip
<MadChopr> ah okay
<MadChopr> Deeps: i need to take a minute and go help someone out; bbiab
<Deeps> a proxy server on your intermediary is probably the 'best' solution, balancing security with usability
<Deeps> lan clients are fully shielded from the internet, and can only access what you allow in your proxy configuration
<Deeps> (IMO)
<MadChopr> Deeps: rad, thank you for the insight.
<MadChopr> i do have a spare  box i can turn into an intermediatary
<slicslak> anyone here with any fiber optics experience (or knowledge)?  I have a stupid question.  is there any speed difference between 10-gigabit copper ethernet and 10-gigabit fiber optic ethernet?
<slicslak> related to that, for those of you using nfs storage arrays, generally speaking, have you found gigabit ethernet to be fast enough?  or have you found a situation where you wanted/needed to go 10-gigabit
<slicslak> ?
<Nafallo> fiber optics yes, cx4 no :-)
<slicslak> heh, any reasons why?
<simplexio> depends how big raid array you have behind ethernet
<Nafallo> slicslak: any reasons why what? :-)
<slicslak> this is for a web cluster.  10GB of data is being stored on a sun ZFS storrage array for some 150 websites.
<slicslak> I'm thinking about also storing the database files on the storage array as well.  so it would be both web and db servers access the array.  so i'm wondering if gigabit ethernet is enough, and if not, do i go copper or fiber with the 10GbE?
<slicslak> Nafallo, reasons why you prefer the fiber over cx4?  is it because of copper vs fiber, or is it just the cx4 standard you don't like?
<Nafallo> slicslak: cx4 is quite new and the lengths you can use it isn't that good.
 * slicslak nods
<slicslak> i'm not going to need anything over 10m
<genii> copper transmission quality degrades substantially the further it has to go. Also it's prone to emf interference
<Nafallo> are you sure you'll need 10Gbps for what you're doing?
<chmac> What's the best way to set the noop scheduler as the default? /etc/sysfs.conf? Add elevator=noop to grub?
<slicslak> Nafallo, no, I'm not sure at all.  In fact I suspect that gigabit will be enough.  But I have been asked about faster options, and so am researching.  Unfortunately there is not published on the topic, especially for real world situations.
<slicslak> so if anyone has expereince with heavy traffic NFS solutions I'm interested!
<Nafallo> slicslak: not that I know how your network is cobbled together, but might bonding be an option?
<slicslak> Nafallo, this is a new expansion, so we can go in any direction
<Nafallo> slicslak: right. so you're not having a set list of hardware at all then?
<Nafallo> cause of course... that /would/ play a part in the whole.
<Nafallo> :-)
<slicslak> :)  ya.  http://www.sun.com/storage/disk_systems/unified_storage/7110/  is the only confirmed purchase so far
<slicslak> it's their new zfs based storage array.
<slicslak> good point about bonding.  we should do that anyway.  all the servers will at least have two gigabit NICs on them.
<Nafallo> hmm. 2TB and you're going to use 10GB? :-)
<slicslak> room for expansion.  and iterative backups.  :)
<slicslak> incremental that is
<Nafallo> could say that... :-P
<Nafallo> 1.990TB for backups ;-)
<Nafallo> hmm
<Nafallo> how many servers?
<Nafallo> cause if that one have 4x1Gbps... would it be worth trying cross connections from each server? :-)
<slicslak> not sure yet.  the more we have the more requests will be split up among them so the less each has to serve.  until one of the sites get's slashdotted (or similar).
<Nafallo> :-)
<slicslak> i think we'll build this cluster with the default gigabit ethernet and then profile it and make further decisions from there.  can always add cards later.
<slicslak> thanks for the help!
<Nafallo> yea. that sounds like a good plan :-)
<Nafallo> no worries. was just about to say that I've ran out of ideas based on the information anyway ;-)
<Nafallo> websites are usually not very heavy though :-)
<Nafallo> unless they are "spetial" ;-)
<chmac> I'm trying `cryptsetup luksClose blah` and getting device busy. lsof /dev/mapper/blah reveals nothing. Any other things I can try?
<simplexio> all 4 ether port bonded to on 48 port gigbit ether switch + few webserver to handle all 150 websites
<chmac> I've deactivated all the lvm volumes within the luks partition
<chmac> Darn, I was trying to unmount my running system's encrypted wrapper! Working now that I use the correct device. :)
<simplexio> chmac: you using encrypted stuff, any experince from software raid5 plus dm_crypt ?
<chmac> simplexio: Alas not. I use dm_crypt on my laptop. It's supported in the installer, so I know virtually nothing about it :)
<simplexio> ok.. i have allready decited to buy 4x1.5T seagate hdd, im just pondering which is "optimal" configuration
<simplexio> is it 3 hdd in raid5 or 4 in raid5
<Nafallo> simplexio: how much storage do you need and for what purpose?
<simplexio> Nafallo: backup and "Family videos"
<simplexio> i was thinking at one point that i would use those disk as shared /home/ on all linux computers what i have in lan
<Nafallo> simplexio: so maximum storage. that would be RAID5 indeed. now the next question would be, what would you do if one breaks? :-)
<Nafallo> simplexio: having a cold spare sitting, or using one of them as a hot spare, which means loosing 1.5TB on the volume :-)
<simplexio> Nafallo: i hope that i dont loose more disks
<simplexio> that is my problem, i mean with 4 disk its allmous same to go raid10 if i left one spare
<_ruben> having one box for both storage and backups .. sounds, well, odd .. yet "common" :)
<simplexio> if i dont , there is change that i lost all data on raid is little bit bigger
<_ruben> raid10 has far better write performance compared to raid5
<genii> I may be nostalgic but still like raid5
 * Nafallo would probably have made a 4 disk RAID5 to get extra space :-)
<_ruben> i have 2 6 disk raid4's here at home :)
<Nafallo> and then a cold spare :-)
<_ruben> raid5's
<_ruben> 6x200G pata .. 6x250G sata
<_ruben> neoughta consolidate those into some 1 or 1.5TB disks based array :p
<genii> _ruben: My desktop has two raid1 and a 4 disk raid5   (all crappy WD 1Tb)
<simplexio> i have 6 hdd in my desktop, none in raid
<slicslak> Nafallo, simplexio, cool, thansk.
<simplexio> i have notices that it much nicer to have dev databse in two hardisk, one home disk etc than one big raid0
<_ruben> raid0 isnt raid
<henkjan> the 0 in raid0 stays for the number of files you get back if one of your disks failes
<simplexio> yeah.. it dosnt give any redundancy
<_ruben> hehe, yeah
<_ruben> and the r in raid is well .. redundant :p
<simplexio> henkjan: thats what i use when i think which one was stripping and which one was mirrored
<Nafallo> it is raid.
<_ruben> Nafallo: how?
<simplexio> which remind me to test 4disk raid0 when i get disks
<Nafallo> not redundant, but raid :-)
<_ruben> rttt
<_ruben> err even
<Nafallo> well. redundant amount of disks :-)
<_ruben> still doesnt compute very well here :)
 * Nafallo wonders how he actually got that one together and decides he didn't.
<_ruben> hehe
 * Nafallo shrugs
<Nafallo> it's still called raid0 ;-)
<simplexio> its was fun to have 2x120G raid0 in windows. it was fast but i lost 3 times files when another hd started to loose data
 * _ruben loves his 4G scsi disk in his P-233MHz .. that thing was blazing fast
<ivoks> zul: sorry about that bacula md5 mismatch
<zul> ivoks: no big deal
<ivoks> zul: i uploaded new version
<zul> ivoks: getting it now
<zul> ivoks: uploaded
<uvirtbot`> New bug: #308903 in bacula (universe) "The bacula-dir.conf file is not present when installing Bacula (dup-of: 269251)" [Undecided,Fix released] https://launchpad.net/bugs/308903
<uvirtbot`> New bug: #314746 in bacula (universe) "package bacula-console-qt does not install desktop entry" [Medium,Fix released] https://launchpad.net/bugs/314746
<ivoks> zul: our diff against debian is getting really big for bacula
<ivoks> i'll try pushing some changes to debian
<zul> thanks
<luckyone> is there a way to upgrade from feisty to intrepid from the cmd line?
<ivoks> yes
<ScottK> But not all at once (not a supported way anyway)
<ivoks> upgrade to gutsy, then to hardy and then to intrepid
<ivoks> :)
<luckyone> say I went into /etc/apt/sources.list and :%s/feisty/intrepid and then ran an apt-get update && apt-get dist-upgrade
<luckyone> kk
<ivoks> but, use do-release-upgrade
<ScottK> luckyone: If you were lucky you'd end up with a running system.  You might not.
<ScottK> as ivoks says.
<luckyone> kk
<luckyone> cannot ssh to box yet...
<ivoks> you did dist-upgrade to intrepid?
<luckyone> still can't ssh to box... fuck
<ivoks> you dist upgraded from feisty to intrepid?
<luckyone> that was dumb
<ivoks> yes :)
<luckyone> sorry for swearing in this channel
<luckyone> I thought I was in another one!
<luckyone> and we have connected, wheew
<hads> Your nick suits you today
<luckyone> it does everyday - you should see my wife!!!!
<hads> :)
<simplexio> :D
<ivoks> :D
<luckyone> to gutsy we go!
<luckyone> thank you fellow server admins!
<luckyone> again, I apologize for swearing in the channel, I thought I was in another one - honestly
<luckyone> I was like, ivoks what are you doing in #freehat?
<luckyone> Southron: it is a realy channel that I am in
<luckyone> real*
<Nafallo> simplexio: http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207931 <-- you might want to check up on your 1.5TB drives mate...
<alexb2283> i just asked in the main channel, but maybe someone here knows:
<alexb2283>  is there any reason for me to keep consolekit & dbus on my console only jaunty server install? consolekit keeps segfaulting (there's tons of bugreports for this, but no fix yet)
<alexb2283> i'm merely asking if i would break anything important by purging them
<simplexio> Nafallo: yeah. googled it. friend friend has same 4x setup and no problems
<Nafallo> simplexio: still worth checking up on it IMHO :-)
<simplexio> hmm google 'ST31500341AS firmware' gives many .torrents files
<simplexio> have to check current status again
<stormblue> Good Afternoon all!
<Jeeves_> Evening :)
<stormblue> Yeah, it now is evening!
<Jeeves_> Well, it was before :)
<stormblue> We must be in a different time zones :)
<Jeeves_> I guess so
<luckyone> hello all
<luckyone> I have just gone through several upgrades, one release at a time
<luckyone> in the final one, from hardy to intrepid, I am having some problems getting ubuntu-standard processed
<luckyone> it seems that atd isn't starting or staying up when I manually start it, so that is preventing the upgrade from totally completing
<stormblue> luckyone: what seems to be the issue?
<stormblue> What's atd?
<alexb2283> i'd say that's an awkward moment
<stormblue> Anyone know why I'd get ssh: connect to host 192.168.0.20 port 22: Connection refused sometimes when I try to connect.  It seems like when I restart the client meachine it goes away for a while.
<alexb2283> luckyone: have you tried a) checking your logs and b) stracing atd ?
<luckyone> stracing?
<luckyone> where does atd log?
 * hads assumes syslog
<alexb2283> luckyone: syslog
<alexb2283> luckyone: apt-get install strace && man strace
<luckyone> alexb2283: I can't install anything until apt finishes processing my upgrade
<luckyone> luckily it is installed
<alexb2283> i forgot, sorry
<luckyone> I have it, I have run it on atd
<alexb2283> it might also help if you pastebinned the output you get when you try dist-upgrading
<luckyone> alexb2283: I was hoping someone would offer to look at that :)
<alexb2283> there's no promise i can help, but i can try
<alexb2283> :P
<stormblue> Have you tried ubuntuform.org or google.com for the text output of dist-upgrading?
<luckyone> hehe, 2 sets of eyes are better than one
<luckyone> http://pastebin.com/d2d1909ed
<stormblue> Can someone take a peek at http://pastebin.com/m8754c1c it's my sshd output.  Wondering if anyone has any ideas?
<alexb2283> luckyone: have you tried purging at just to get a fresh start ?
<stormblue> http://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg1056692.html is this related?
<luckyone> alexb2283: what do you think I should purge?
<alexb2283> try: dpkg --purge --force-depends at
<luckyone> done, then apt-get install it?
<alexb2283> stormblue: aside from some possibly low level network network issues, your log looks good
<alexb2283> stormblue: how are the two involved machines connected ?
<luckyone> alexb2283: wow, that worked, I reinstalled it and now life seems to be good
<luckyone> Calculating upgrade... Done
<luckyone> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
<stormblue> Client -[wifi] - Router -[ethernet] - switch - [ethernet] - server
<alexb2283> luckyone: if you try to dist upgrade it should automatically reinstall and also finish your distupgrade
<luckyone> I feel all current and what not!
<alexb2283> luckyone: good :D
<alexb2283> another happy customer i guess ;)
<luckyone> yeah, thanks for the tips!
<luckyone> I was happy when it was broken
<luckyone> ubuntu and ubuntu-ers rock!
<alexb2283> agreed
<luckyone> probably my favorite people on the planet
 * luckyone bought his hot wife the ubuntu thong off of cafe press =)
<stormblue> luckyone: Prove it!
<alexb2283> stormblue: maybe some sort of powersaving kicking in or wifi issues ? i'd make sure it's not a hardware fault in between the machines by using a crossover cable just for testing (if possible at all)
<alexb2283> stormblue / luckyone : that was unexpected... but good. i'd like proof as well :P
<alexb2283> powersaving on the wifi that is
<alexb2283> but it's just a random guess
<stormblue> Yeah, I don't think it's power saving.  I'm plugged it and It messes up over etherent too.  It's weird...It works sometimes, but other times not.
<alexb2283> stormblue: also, if i can't help you, the #ubuntu channel might be of more help to you, this isn't necessarily -server related
<luckyone> stormblue: I will foward you the reciept
<Deeps> proof that it's for your wife
<Deeps> and not for you
<Deeps> is what he meant to say
<alexb2283> over ethernet... is that with all the hardware in between as well ? (router/switch)
<luckyone> haha
<luckyone> it wouldn't fit me...
<stormblue> What does this line: Read error from remote host 192.168.0.148: Connection reset by peer specificaly mean?  That means it's a client issue right?
<Deeps> proof
<stormblue> lucky, actually, I meant to focus on the hot part.
<stormblue> Yeah, alexb2283, router and switch still between.
<Deeps> unfortunately when it comes to wives, hot is very subjective
<luckyone> ahhh, http://www.jenniandjordan.com/v/wedding/ceremony/DSC_0243.JPG.html
<luckyone> that's us
<Deeps> this is a PG channel
<alexb2283> stormblue: that error could be anything on osi layer 3 and down. i would try to establish a connection as direct as possible
<alexb2283> x-over
<Deeps> unfortunately that prevents me from reacting
<Deeps> lets just say 'bravo'
<luckyone> (and the server dishing that out is *very* recently upgraded to intrepid!!!)
<stormblue> alexb2283: 10-4.
<luckyone> yeah, in the US we call that 'out punting your coverage'
<alexb2283> stormblue: 1-3
<alexb2283> luckyone: beautiful, in a G-sort of way :)
<luckyone> yeah, wedding days are that way
<alexb2283> luckyone: that kind of g: http://en.wikipedia.org/wiki/Motion_Picture_Association_of_America_film_rating_system#Ratings
<stormblue> luckyone: are you  rocking the lamp stack?
<stormblue> Wedding pictures are lies anyway.  You know she doesn't look like that when she wakes up first thing!
<luckyone> stormblue: haha - yeah, LAMP
<stormblue> Nice.  I used to run a LAMP server, but then I didn't have the time to maintain it.
#ubuntu-server 2009-01-17
<ziggles> hi all, i am having problems using vmbuilder -- "domain is undefined and host has no domain set"  could someone point me in the right direction as to how i define a domain?  thx
<agentk> ziggles: What is the command and options you are trying to use?
<ziggles> agentk: just following a  tutorial right now, but here is the line:
<ziggles> sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o --libvirt qemu:///system --ip 192.168.0.100
<agentk> ziggles: As your specifying an ip address manually you may need to specify the netmask and domain. For now try adding: --hostname YOURHOSTNAME --domain YOUDOMAIN
<agentk> ziggles: Also you'll find if you dont specify a hostname too vmbuilder will always call the domain ubuntu and you will have to manually rename it each time.
<ziggles> agentk: thanks i will give it a shot, but according to https://help.ubuntu.com/8.10/serverguide/C/jeos-and-vmbuilder.html  there are defaults and domain is not required
<ziggles> ah i see
<ziggles> agentk: It accepted: sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o --libvirt qemu:///system --ip 192.168.0.100 --hostname HOSTNAME --domain shiz.com
<ziggles> (just testing)  :)
<agentk> ziggles: Sounds like your on your way now. I have put all my common options into ~/.vmbuilder.cfg and now to create a host use:
<agentk> ziggles: sudo vmbuilder kvm ubuntu --hostname <HOSTNAME> --mem <MEM> --dest /svr/shared/libvirt/<HOSTNAME/
 * agentk <3 vmbuilder
<ziggles> thats so much more pretty :)
<ziggles> agentk, looking through the docs it looks like you can up with some pretty hairy/long option strings
<ziggles> so that sounds very nice.
<ziggles> agentk: one other question.... How do you setup your partitions?  i'm thinking that if i setup another partition or even different drive to house all of the VMs, back up will be a snap (we will only use about 3-4 vms, nothing crazy)
<agentk> ziggles: you'll also find the ubuntu / kvm specific help in vmbuilder by using `vmbuilder kvm ubuntu --help` instead of just `vmbuilder --help`
<agentk> root 8000 swap 4000
<agentk> My vm's are fairly simple. I prefer to keep things consistant and documented.
<ziggles> agentk, actually i mean non-vm partitions, like for example your /svr/shared/.....
<jmedina> dont forget to send this comments to the documentation proyect, I think is it worth
<jmedina> like the hostname/domain and that ~/.vmbuilder.cfg
<agentk> jmedina: Yes, I am looking forward to doing that too. Should I send them to the ubuntu-server mailing list
<agentk> ziggles: I basically only have /svr/shared as a nfs mountpoint for keeping my vm images. stored on a one of the vm hosts. and thats about the only change I have made.
<ziggles> got u
<Netham46> "[notice caught SIGWINCH, shutting down gracefully"  I'm getting that in my Apache error log, and nothing works. Anyone know how I can fix this?
<ziggles> agentk do these perms look right to you?   this is the newly created HOSTNAME.xml (from my test run) in /etc/libvirt/qemu/
<ziggles> -rw------- 1 root root  828 2009-01-16 16:32 HOSTNAME.xml
<agentk> ziggles: Yes. Same on my system here too. Security first.
<ziggles> agentk: thank you for checking
<agentk> ziggles: np
<MatBoy> when you setup a dir and make it available for nfs, another server connects to that folder as root... you will have a problem I think?
<agentk> MatBoy: only if you use norootsquash
<agentk> And nfs shares should be restricted by hostname or ip address in exports and iptables if you want to go that far too
<alexb2283> hi again
<alexb2283> i'll ask my thing again :P my udev is looking for it's /etc/udev/rules.d directory before dm-crypt asks me for the / password. is there a way to make it wait until after the root partition is decrypted ?
<MatBoy> agentk: mhh
<MatBoy> can't write in a strange way
<PC_Nerd> Hi,  When ubuntu states that the servers are "compatable" does that imply that other servers arent compatable and will not work with ubuntu?
<MatBoy> agentk: yep I have them restricted
<MatBoy> agentk: I thought root was not able to use from external as it's also not with other things from time to time in ubuntu
<agentk> MatBoy: Your are correct. I cant remember what permission I changed, i think i set the folder setuid with group permissions set for root only to be able to access it.
<MatBoy> agentk: ok !
<MatBoy> agentk: maybe it's easier to use debian for nfs :S
<luckyone> anyone know how to set up a streaming media server?
<luckyone> I want to be able to stream media, videos as flash, music to my wii
<ziggles> agentk: thanks for the help earlier
<ziggles> i had to rush out, but wanted to say thanks
<agentk> ziggles: Not a prob. I was having the same trouble as you when I started too.
<ziggles> agentk: sorry, one more question... do you normally run virsh as root?
<ziggles> using sudo was the only way i was able to define
<agentk> Nope. As unprivliged user.
<ziggles> Really?  when i was doing this as an unpriv user, i got this error: Failed to open file 'HOSTNAME.xml': Permission denied
<ziggles> I also double checked that i was added to the correct groups
<agentk> add yourself to the libvirtd group and logout and back in
<agentk> Hmmm. and make sure your connecting to qemu:///system
<agentk> virsh -c qemu:///system start HOSTNAME
<ziggles> oh shit, worked
<ziggles> :)
<ziggles> i also added myself to the KVM group
<ziggles> should have tried one thing at a time
<hads> Language please :)
<ziggles> hads, sorry! sometimes the s word comes out in periods of sheer joy
<ziggles> does vmbuilder have a default user/pw when it creates a virtual vm?
<agentk> ziggles: default/default
<ziggles> agentk: hmmm tried that one, and ubuntu/ubuntu but no luck.   ubuntu/ubuntu is what is listed in the docs
<agentk> I added passwd to my first login script and specified --username myname when building
<agentk> ziggles: try ubuntu/default
<ziggles> nope, lol
<ziggles> i can ssh to it... so close :)
<agentk> then when i first login i login with password=default and get prompted to change it
<agentk> in my ~/.vmbuilder.cfg: user = kbowden\n name = Karl Bowden\n pass = default
<agentk> ziggles: maybe you should specify a username and rebuild it
<ziggles> agentk, that's a great idea.  I will do so now.
<ziggles> its a good thing this server has sata and a quadcore xeon.  my personal PC would be dieing. :)
<agentk> ziggles: LOL. I bought 2cpu quadcore amd servers just because my laptop was amd and I wanted to make sure I could migrate the images between my laptop and the servers live.
<agentk> and now I dont even use live migration
<ziggles> hahaha  that's great.
<ziggles> agentk: so, are you using virtualization for your own personal stuff or for biz purposes?
<agentk> ziggles: both. A couple of windows and linux vms at work and at home. mainly for application isolation at work. at home for testing and playing around
<ziggles> cool
<ziggles> agentk: are you happy using kvm?
<agentk> More than. It's great for the servers. I still use virtual box for using windows guests for upgrading phone firmware via usb though.
 * hads likes KVM
<agentk> Just because I know it works and i've never tried it in kvm. Anybody done this with KVM successfully yet?
 * agentk high fives hads
<hads> :D
<agentk> ziggles: home or work use?
<ziggles> agentk: well, i lost my job recently, so im working on it @ home lol... but its for a client
<ziggles> setting up a few VMs for him to work in
<agentk> ziggles: Yip keep your mind learning new things. Life can be an intense expletive at times.
<kj-victory> how do I uninstall the gui on Ubuntu server? I installed ubuntu-desktop, but an uninstall of that does not rid me of the gui.
<uzair> hey all. quick question in regards to running some windows-only apps w/ a linux server
<uzair> is it possible to just have a dedicated client that the server will allow access to somehow for the use of those apps while the linux server takes care of everything else (PDC, mail, etc)
<uzair_> sorry back
<uzair_> anyone happen to reply to that?
<Pupeno> How do I get the Bacula MySQL database created on Ubuntu?
<nijaba> kirkland: https://code.launchpad.net/~nijaba/screen-profiles/configure-keybindings proposed for merging
<zhaozhou> Hey guys.
<sergevn> Hi
<uvirtbot`> New bug: #318154 in mysql-dfsg-5.1 (universe) "Cannot install mysql-server-5.1 on PPC 'cause service won't start" [Undecided,New] https://launchpad.net/bugs/318154
<lwizardl> hi
<lwizardl> is there anyway to keep my hostname just a local name only? example "compaq" not "compaq.ispname.tld"
<maxb> lwizardl: define what you mean by hostname. The output of the 'hostname' command is or should be just the local name
<uvirtbot`> New bug: #318179 in apache2 (main) "Please merge apache2(2.2.11-2)(main) from debian unstable(main)" [Undecided,Confirmed] https://launchpad.net/bugs/318179
<lwizardl> maxb, ok last time i did a server install and configure the hostname of my server i entered compaq and after the install it seemed to become compaq.gateway.2wire.net
<lwizardl> 2wire was used by my ISP (AT&T U-Verse used 2wire modem/router)
<maxb> Again, I have to ask: define what you mean by hostname?
<lwizardl> when i get the logon prompt its compaq.gateway.2wire.net, inside my hosts file its compaq.gateway.2wire.net
<lwizardl> anyone?
<dinsdale07> I have a security problem on my server, I find rogue perl processes and I find the following in my apache access log which is unusual.
<dinsdale07> http://paste.org/4881  Can someone assist me please in deciphering what's going on?
<dinsdale07> the SRC is actually given as 127.0.0.1 which means my server makes these weired requests. Is it possible that it scans other servers for vulnerabilities.
<dinsdale07> which is a good channel to attend on freenode to learn about webserver security - people who know about php, perl, apache exploits.
<_Cid> dinsdale07:  ther eis a #security
<dinsdale07> Thank you very much _Cid
<_Cid> dinsdale07:  dont get your hope up though, its pretty inactive :/
<dinsdale07> well, you're in it :-)
<_Cid> dinsdale07:  hehe
<owh> apachelogger, did you just comment on bug #238444? I'm Onno.
<uvirtbot`> Launchpad bug 238444 in kdebase-runtime "Index building for initial launch is overly complex" [Undecided,Invalid] https://launchpad.net/bugs/238444
<apachelogger> owh: I did
<apachelogger> aloha
<owh> Hiya.
<owh> So, I've been thinking about this. Wouldn't it mean that khelpcentre should depend on kubuntu-default-settings?
<apachelogger> owh: you get a vanilla KDE without k-d-s, which is pretty much the idea of that package (+ of course it is more maintainable to everything in one place)
<owh> apachelogger: I don't understand your point. I just installed task-juggler and got bombarded with index requests from khelpcentre.
<apachelogger> owh: when opening taskjuggler itself?
<owh> Yup
<owh> apachelogger: I was running task-juggler, selected help and all hell broke loose.
<apachelogger> hm
<owh> I just wanted to RTFM :)
<apachelogger> owh: well the design flaw is in upstream khelpcenter and is supressed in kubuntu setups
<owh> apachelogger: I'm not running kubuntu, so khelpcentre had never been run.
<apachelogger> yeah, figured
<apachelogger> I actually consider deactivating the whole indexing upstream because it is only working in 0.1% of setups
<owh> apachelogger: So, what happens if a ubuntu user installs k-d-s?
<apachelogger> owh: the popup ought to be supressed
<owh> apachelogger: So, would there be other side-effects?
<apachelogger> nope
<apachelogger> doesn't even have extra deps
<owh> apachelogger: I'm suspecting that it also changes icons and templates, or does it not?
<owh> apachelogger: Or is k-d-s, specifically for khelpcentre only?
<apachelogger> that depends if taskjuggler is KDE 3 or KDE 4 ;-)
<owh> One mo.
<apachelogger> in genearl it is kubuntu branding + kubuntu settings ... less of the former really
<owh> Crap, it appears that I installed this when I was running gutsy - since upgraded to intrepid.
<owh> Uhm, that should be "freshly installed"
<owh> I should try this again - needed to look at task-juggler anyway. BRB
<sektor1952> I keep getting a tsig error when I start my dhcp server I have verified the keys
<owh> apachelogger: I'm about to install it again and it's installing khelpcentre and khelpcentre4 - does that answer your question?
<apachelogger> no
<apachelogger> owh: we should move this to #kubuntu-devel
<owh> Cool
<sektor1952> I can't figure out why I keep getting the error related to the rndckey
<Zombie_Gaz> Having trouble getting identd to work... I've tried every package I can find with no luck. At one point (last weekish) oidentd worked on and off (mostly on). Any ideas (I have 113 open).
<sektor1952> This is the error I keep getting when I try to start my dhcp server
<sektor1952> unknown key rndckey	key
<sektor1952> anubody have any suggestions?
<Bizzeh> hey
<Bizzeh> has anyone had any experiance setting up pureftpd with mysql as an auth-method?
#ubuntu-server 2009-01-18
<pug2694328> hiya anyone able to answer an nfs question?
<pug2694328> I have an ubuntu server 6.06 and two desktop ubuntu 8 boxes, I'm sharing a folder via nfs from the server, and have no problems mounting it on one client, but the other client mount just clocks when I try to view the folder
<pug2694328> anyone know how to debug nfs problems?
<ScottK> This channel is usually pretty dead this time of day.
<ScottK> and particularly during the weekend.
<ScottK> Try again during the US/European workday.
<pug2694328> okay thank ScottK
<pug2694328> I may be working on Saturday night but I'm drinking a beer while doing it : )
<strick9> I've got a home server that I'm very happy with and a pair of brand new hard-drives I want to put into raid1
<strick9> whats the best way to move all my data over, reinstall and start over from backup?
<sloopy> hmmm
<sloopy> what is the best question to ask in #ubuntu ?
<ScottK> sloopy: Support for servers is on topic here.
<sloopy> ScottK, yeah just realized i was in server not offtopic :')
<quizme> hello, i can't find /etc/init.d/courier... is it called /etc/init.d/courier-imap now ?
<MatBoy> mhh I was migrating a LAMP site from ubuntu to debian, but it seems that debian has too old packages ?
<MatBoy> mhh I was migrating a LAMP site from ubuntu to debian, but it seems that debian has too old packages or somthing like it ?
<Nafallo> ask Debian? we run Ubuntu in here... :-)
<MatBoy> Nafallo: yes I know that, but I was wondering if someone knows if Ubuntu needs the newer packages because Debian has issues because of older ones
<MatBoy> my main issue in Ubuntu is Sudo, I need to turn it off
<MatBoy> so that is why I can to debian
<Deeps> MatBoy: you can turn sudo off in ubuntu....
<MatBoy> Deeps: and give the root user a normal password... Sudo by default in Ubuntu is damn insecure
<Deeps> MatBoy: yep
<jpds> !sudo
<ubottu> sudo is a command to run programs with superuser privileges ("root"). Look at https://help.ubuntu.com/community/RootSudo for more information. For graphical applications see !gksu (Gnome, XFCE), or !kdesudo (KDE)
<MatBoy> every user is root actually :S
<MatBoy> by default
<Deeps> MatBoy: nope
<MatBoy> every user can sudo
<Deeps> MatBoy: users who are members of group 'admin' have sudo rights
<jpds> MatBoy: Only users in the admin group are.
<MatBoy> mhh
<MatBoy> but on WS every user can sudo using his own password for sure ? or that only the first added admin user during the install ? I see ALLALLALL that means... everyone by default can sudo
<Deeps> thats the first user thats added
<MatBoy> and ALLALLALL is also on server :S
<Deeps> is added to admin group by defualt
<Deeps> apt-get remove sudo
<Deeps> if you're concerned
<MatBoy> Deeps: but will it not break the whole system ?
<Deeps> although sudo -s first, and set a root password, heh
<Deeps> why would it?
<MatBoy> Deeps: some people say
<Deeps> nothing depends on sudo
<MatBoy> I thought the same
<jpds> ...or you could juread the link the bot gave above.
<Deeps> (try it, no extra packages get removed)
<MatBoy> jpds: yes will read there for sure
<MatBoy> Deeps: but ubutnu itself doesn't count on it also ?
<Deeps> MatBoy: 'ubuntu' what?
<MatBoy> Deeps: package manager... so on ?
<Deeps> MatBoy: why would apt be dependant on sudo?
<MatBoy> jpds: I have read that last night :)
<MatBoy> Deeps: dunno what magic Ubuntu has done with it :)
<Deeps> hmm, looking my sudoers file, i see root has sudo rights, and members of admin group
<Deeps> infact, it's even commented to say that
<Deeps> couldn't be clearer
<MatBoy> but when I set a root password I can nornally login ? I mean, I need to run scripts as root using ssh and ssh-keys
<Deeps> yep
<Deeps> root account isn't disabled, it just doesn't have a password set
<Deeps> you dont need to define a password to be able to login with ssh keys
<MatBoy> OK, if that's it, it saves me to check for sudo in my scripts
<MatBoy> Deeps: is it done more often or is there always worked around sudo in most cases ?
<Deeps> MatBoy: can you rephrase the question
<MatBoy> Deeps: when you chose ubuntu as server distro and people need actually root, what do most people do in most cases... work with sudo or just enable the root account by setting a password ? I mean it's not for nothing by default in ubuntu
<Deeps> MatBoy: i cant speak for most people, but given that ubuntu is geared towards people new to linux, i'd imagine 'most' would work with sudo. i personally do not.
<MatBoy> Deeps: ok, that's what I wanted to know ;) thanks
<Deeps> MatBoy: many people i know do though, as they're not very comfortable using root, and using sudo gives them the extra safety of having all root level commands logged
<MatBoy> yep, if you need it logged... can be nice
<MatBoy> maybe only for people that need to admin the system manually
<Deeps> useful if you do something and break everything, but not sure what it was that you did, can look through the log to see all sudod commands
<Deeps> and that helps when trying to get someone else to help you
<MatBoy> yep true, but I think that's not needed when you run script and you tested them well
<MatBoy> you don't need 200% logging than
<Deeps> if you're enabling passworded root logins though, i'd recommend disabling root logins via ssh, or enabling something like fail2ban
<Deeps> otherwise you're more exposed to brute force attacks
<MatBoy> Deeps: yep, that's for sure
<MatBoy> Deeps: BFD is nice too
<MatBoy> but it needs apf... so your solution is nicer
<MatBoy> ok, nice talking about ubuntu this way as you hear some guru's sometimes... don't touch sudo :S
<Deeps> sudo's security track record hasn't been great, which is why many more experienced linux users dont touch sudo, but i think it's in a much better place these days
<Deeps> and like all tools, it has a time and a place
<MatBoy> yep
<MatBoy> it would be nicer to have in the installer an option to make your system "more secure" by installing sudo or not
<MatBoy> ok, apt-get remove --purge sudo is not difficult also
<Deeps> your considerations of sudo being a security risk are invalid, unfortunately
<MatBoy> but I must say... it's nice when a systemadmin that needs to login locally is logged
<MatBoy> Deeps: yes I know
<Deeps> as only the user created during install time has sudo rights, no other users do (other than root, but that doesn't count) unless you explicitly add them to your sudoers file, or to the admin group
<MatBoy> yep true
 * MatBoy is most of the time the only user on a system, that's why
<Deeps> creating a user doesn't automatically add them to sudoes nor admin group too, you have to specify that you want them added to admin at creation time or afterwards
<MatBoy> ok, ubuntu is the way to go than for my servers :)
<Deeps> if sudo was your reason for considerring other distributions, then yes
<MatBoy> but still, I don't know why there was that difference between debian and ubuntu... but I will investigate
<Deeps> debian is "more" stable
<MatBoy> nah, they have to prove that :)
<Deeps> they have already
<Deeps> package versions are frozen and kept in testing for quite some time before a release
<MatBoy> the advantage of ubuntu is that their packages are newer, this can be very good
<MatBoy> Deeps: even than I have had broken systems before
<Deeps> package versions arent upgraded, while security fixes are backported
<Deeps> sure
<Deeps> no system's perfect, humans are always involved, mistakes will always occur
<MatBoy> you better can have good and fast development that can fix issues when they are there than keep it in testing and in stable it still goes wrong
<MatBoy> indeed, that's fun of life
<MatBoy> ok, /me needs to do something about his condition !!
<MatBoy> bbl
<MatBoy> thanks
<user___> hello, how can i access bind9's manpage? i would like to get a output of the currently saved namezone infos "cache history"
<Deeps> can start at man named or man rndc i guess
<user___> Deeps: thanks, mistake on my side was to search for man pages in the bind9-doc package, where bind9 already brings them to your door
<Deeps> user___: np
<alaz> Hello everyone. Im having problems understanding how to setup my postfix server... It seems like everything is working fine for incoming mail, but outgoing is not setup correctly. The mail client complains that there is no supported authentication methods avaliable...
<alaz> I "have" setup SSL authentication, I think the cert is working.
<alaz> Is there some parameters i need to set that i gorgot maybe?
<popcornPanic> hi i need to make a file with the date at the title. How would i use the 'date' command in the title.
<jpds> filename="~/file-$(date)" - in shell.
<jpds> You might prefer "date -I" though.
<popcornPanic> jpds: this is not working for me
<popcornPanic> nvm i spoke too soon
<popcornPanic> thanks for the help jpds
<Narc0tiq> Hi, I'm trying to do something that will appear very stupid: set up a totally anonymous Samba share with read-write options;
<Narc0tiq> However, my Samba seems to be f**ked in some way, as I can't seem to convince it to allow any kind of connection at all.
<Narc0tiq> I'm running Ubuntu Server Intrepid, installed just yesterday and brought up to date on everything Aptitude recommended.
<Narc0tiq> Any ideas?
<gharz> guys, i've tried installing ubuntu server... is it really by default doesn't install the wireless driver for broadcom?
<alkisg> Has anyone used the kubuntu alternate cd to install an ltsp server? In the boot screen, there *isn't* an F4 option to install an ltsp server, but it's there in the debian-installer steps...???!!!
<rjaus> hey, im not actually using ubuntu server ( using 8.10) but I thought this question would be best answered here.  When setting file/folder permissions to give apache2/php read/write privileges (eg sessions.path) which user do I give the permission to?
<rjaus> ok found the answer, thanks anyway.
<Mohammad[B]> why i can't open it ? http://boozary.info/cgi-bin/mysqltuner.pl
<Mohammad[B]> how i can resolve this problem ? cgi file was not compile
<maxbaldwin> "wget http://boozary.info/cgi-bin/mysqltuner.pl" and then vi it?
<Mohammad[B]> maxb, why wget ?
<Mohammad[B]> maxb, sorry
<Mohammad[B]> maxbaldwin, why wget ?
<maxbaldwin> well... you can't open it. just download it, and when your done looking at it, delete it or keep it.
<Mohammad[B]> maxbaldwin, that is in my vps !
<maxbaldwin> Mohammad[B]: what browser?
<Mohammad[B]> maxbaldwin, oops :-s this file run in cli, sorry dear :-s
<maxbaldwin> Im not getting anything with firefox, but safari is showing it.
<maxbaldwin> one second...
<maxbaldwin> are you asking how to run it, Mohammad[B]?
<Mohammad[B]> maxbaldwin, my problem resolved thank you :-)
<maxbaldwin> oh.
<maxbaldwin> ok.
<JessicaParker> hi newbie here can someone tell me if i need to use BIND  ?
<sommer> JessicaParker: regarding an internal network or a host on the internet?
<JessicaParker> sommer - getting confused with all of this......but it in relation to setting up a dedicated server with fixed ip address to host a website and mail server
<JessicaParker> at the moment i have set it all up at home but without a domain name, i port forward by router to the current machine and if i type in my ip address i get the website up
<JessicaParker> now want to move all of this to a dedicated server using ubuntu server edition
<JessicaParker> reading through the manual there is stuff on ldap / bind none of which i did at home to set it up
<JessicaParker> but i didnt have a mail server at home, and porbably wont get one on the dedicated server, but i do need some form of smtp relay
<sommer> JessicaParker: are you going to use a hosting provider for the site?  because usually they will provide dns, so you won't have to setup your own
<sommer> JessicaParker: you can configure postfix to forwawrd mail to another server as well
<JessicaParker> i was going to set up a dedicated server with full root access
<JessicaParker> so they will do out of the box install
<JessicaParker> they provide 2 fixed ip address and out of the box install of ubuntu server no configu
<Mohammad[B]> sorry for this question, how to i can configure w3m for refresh a page per 2minutes ?
<serveradmin> i recently built a lamp server using ubuntu-server 8.10. However I want to be able to ftp into my /var/www folder. I have vsftpd installed. And Im trying to figure out a good way of going about this. Any ideas? Files that go into /var/www must be chmod 777 or else the php does not parse.
<serveradmin> maybe create a new user?
<jtaji> I doubt your files need world write permission for php to parse
<jtaji> chmod 777 = I haven't spent the time to learn unix permissions ;)
<serveradmin> well, at the moment, i am using my sudo account to write files in view ftp, however the php didnt parse untill i chmod 777 them
<jtaji> as likely would 755 which removes group and world write permissions
<serveradmin> or else i run into this http://codeigniter.com/forums/viewthread/62505/
<serveradmin> the deal is, i want to ftp files into /var/www and I want apache to have the appropriate permissions to execute php code
<JessicaParker> sommer any thoughts
<jtaji> serveradmin: if I need apache to write I'll set the group owner to www-data (apache's user/group) and give group write permissions.... btw sorry not to be answering your initial question ;)
<serveradmin> sooo . . .I should create a new user that belongs to the group www-data?? and then when i ftp in files under this user, apache will be ok??
<jtaji> or maybe I am
<jtaji> serveradmin: you could do that, you might need to set /var/www setgid for that to work
<serveradmin> ok, ill give it a shot. what does setgid do? can I just chown to my new user?
<jtaji> it would enforce uploaded files to be owned by the group
<serveradmin> ok
<serveradmin> that would be perfect
<serveradmin> jtaji: I created a user and added them to the group www-data, and then chown /var/www to the new user. However when i upload my php files apache doesnt have correct permissions to use them. what did I miss??
<serveradmin> i guess my real problem is that apache wont parse my php unless they are cmod 777, and I dont understand why??? jta
<jtaji> first off forget what I said about setgid... not sure what I'm smoking today...
<serveradmin> i couldnt find a command setgid anyways
<jtaji> serveradmin: apache needs read access to those files, you can either allow world read access... or set the group owner of the files to www-data and allow group read access
<jtaji> serveradmin: and that link never connected to see your error
<serveradmin> jtaji: the link i provided was a forum that described the error I get
<serveradmin> so how can I set group owner of the files??
<serveradmin> chmod 770??
<jtaji> chgrp
<serveradmin> ok
<serveradmin> chgrp www-data /var/www?
<thefish> serveradmin: or chown .groupname /files
<jtaji> I'd also recommending learning the ugo+rwx notation of chown
<serveradmin> do I have to do that every time I upload new files via ftp??
<jtaji> it allows you to do something like chmod o-w to remove world write permissions, without messing with other permissions
<jtaji> serveradmin: dunnno that's why I wanted to see your error
<serveradmin> here you go then http://humanity.homeip.net/index.php
<thefish> serveradmin: try setting the permissions of the file/files to 0755
<thefish> so chmod 755 index.php should sort that issue, assuming its owned by serveradmin.www-data
<jtaji> serveradmin: also on /var/www itself
<serveradmin> the php did work this time
<serveradmin> but how can I make it so that new uploaded files will work??
<thefish> yes, the directory should have +x for www-data
<serveradmin> i dont want to chmod all my files every time I upload something new
<thefish> serveradmin: maybe you can tell your ftp client to do it automatically for you, or you can change the mask in the ftp server config
<soulresin> sutff like this is the reason i'm a fan of using fcgi + php running as the user.  files will be written as the user.
<serveradmin> im using vsftpd for my ftp server daemon. However, I can edit /etc/vsftpd.conf and tell it to auto chmod 0755, but then all my ftp users will upload files with that mask.
<serveradmin> what user does apache use?? The problem is, that apache isnt able to read or execute my files?? Apache is under the group www-data correct? So then chmod 750 my files, should allow only group to read and edit my files. right??
<serveradmin> i dont want to give world permissions to my files
<Deeps> kirkland: or anyone else using screen-profiles, what does the blue ? mean?
<tjaalton> has anyone heard of pulse2 before? http://pulse2.mandriva.org/wiki
<tjaalton> wondering if there are any packaging effort going on
<chmac> Anyone recommend a way to speed up shred? I'm shreding a 250Gb disk and it'll take forever. I don't mind if the data is pseudo-random, it's just a precaution, there's nothing valuable on the disk
<Deeps> dd if=/dev/[u]random of=/path/to/your/disk/mount/or/device/name
<Deeps> for i in `seq 1 4`; do dd if=/dev/[u]random of=/path/to/your/disk/mount/or/device/name; done; dd if=/dev/zero of=//path/to/your/disk/mount/or/device/name;
<Deeps> would be what i've done in the past
<Deeps> random data a few times over, and then zerod
<Deeps> makes it pretty tricky to recover after that
<chmac> Deeps: That's what shred does
<chmac> Trouble is, generating the random data takes forever
<Deeps> either urandom or random is fairly speedy
<chmac> The red light on my hard drive is flashing intermittently, while shred beavers away
<Deeps> i cant remember which
<chmac> I think urandom is quicker, but it still takes a *long* time to generate 250Gb of random data
<chmac> I think one pass with semi-random data would do me fine, anyone who wants to read my old email that badly is welcome to!
<chmac> Writing 0s to the disk is probably enough to obfuscate my data if I run out of time to let shred run
<chmac> I looked into faster random number generators in the past and found frandom, but it's not available in the repos, so I'd need to compile, etc, etc
<Deeps> probably worth it if you need to wipe the disk in a hurry
<chmac> Deeps: I'm going to sell the laptop, so I probably need to re-install Ubuntu after reformatting, and I'm leaving at 9am tomorrow morning
<chmac> So I suppose it might be worth it, or I could just use a 0 wipe instead :)
<Deeps> and it's now... 2pm in the afternoon?
<chmac> 5pm :(
<Deeps> 6am in the morning you're selling it?
<Deeps> ah
<Deeps> plenty of time
<Deeps> consider though, if you're shred-ing files on your filesystem, rather than just sprawing random data across the whole platter
<Deeps> that your files may not actually be erased, if you're using a journaled filesystem
<Deeps> or rather, the data may not actually be erased
<Deeps> since shred doesn't delete file descriptors anyway
<chmac> Deeps: I'm shredding /dev/sdb from another machine, so the whole disk is being overwritten with random data I believe
<chmac> But it won't even have overwritten once by 9am tomorrow morning
<chmac> It's been running a few hours and only generated 20Gb of random data thus far
<Deeps> how slow's your cpu?
<chmac> Core 2 duo, 1.4GHz
<Deeps> no way it should be that slow then
<chmac> Damn, there must be something wacky going on then
<chmac> I've always had this problem though, on this laptop and the previous one
<Nafallo> have enough entropy?
<chmac> Nafallo: I'm not sure, I'm using the machine right now, so I think so
<Deeps> i get 4mb/sec using /dev/urandom on a 1.2ghz celeron
<chmac> holy crap, ok, something is going crazily worng here
<chmac> Maybe shred is using /dev/random instead of /dev/urandom as it says is the default
<Deeps> dd if=/dev/urandom of=/dev/sdb bs=1024
<Deeps> dd if=/dev/urandom of=/dev/sdb bs=1024 count=100000
<Deeps> if oyu want to do a short test for speed
<chmac> Deeps: Running that now, thanks
<chmac> I get 1.7MB/s
<chmac> So 250Gb will take around 40 hours...
<chmac> Ok, looks like I've got frandom installed and working... :)
<chmac> Disk appears to be writing as fast as it's little spindles will carry it... :)
<chmac> Now I'm getting 4.5Mb/s :)
<chmac> Ok, I think we're writing as fast as possible now
<chmac> sudo dd if=/dev/frandom of=/dev/sdb bs=1024 skip=18000000
<chmac> shred had already written over 19Gb of random data at the start of the disk
<Deeps> sorted
<chmac> Still due to take 15 hours at 4.5MB/s though :(
<Deeps> ouch
<chmac> I think I'll let it overwrite the first 30-40Gb which is where my most sensitive data was, then use a 0 overwrite
<Zombie_Gaz> Can someone please explain the difference between priority and nice?
<maxbaldwin> priorities: noun, plural; -ties, 2-4.
<maxbaldwin> 1.  the state or quality of being earlier in time, occurrence, etc.
<maxbaldwin>   2.  the right to precede others in order, rank, privilege, etc.; precedence.
<maxbaldwin>   3.  the right to take precedence in obtaining certain supplies, services, facilities, etc., esp. during a shortage.
<maxbaldwin>   4.  something given special attention.
<maxbaldwin>   âadjective
<maxbaldwin> 5.  highest or higher in importance, rank, privilege, etc.: a priority task.
<MianoSM> Wow.
<soulresin> haha
<Zombie_Gaz> That hilarious. You had better know the real answer now.
<Zombie_Gaz> My processes have a process value and a nice value.
<maxbaldwin> nice: -adjective, nicer, nicest:
<maxbaldwin> 1.  pleasing; agreeable; delightful: a nice visit.
<maxbaldwin>   2.  amiably pleasant; kind: They are always nice to strangers.
<Zombie_Gaz> Both make things "higher in importance".
<maxbaldwin>   3.  characterized by, showing, or requiring great accuracy, precision, skill, tact, care, or delicacy: nice workmanship; a nice shot; a nice handling of a crisis.
<maxbaldwin>   4.  showing or indicating very small differences; minutely accurate, as instruments: a job that requires nice measurements.
<maxbaldwin>   5.  minute, fine, or subtle: a nice distinction.
<maxbaldwin>   6.  having or showing delicate, accurate perception: a nice sense of color.
<maxbaldwin>   7.  refined in manners, language, etc.: Nice people wouldn't do such things.
<maxbaldwin>   8.  virtuous; respectable; decorous: a nice girl.
<maxbaldwin>   9.  suitable or proper: That was not a nice remark.
<maxbaldwin>   10.  carefully neat in dress, habits, etc.
<maxbaldwin>   11.  (esp. of food) dainty or delicate.
<maxbaldwin>   12.  having fastidious, finicky, or fussy tastes: They're much too nice in their dining habits to enjoy an outdoor barbecue.
<maxbaldwin>   13.  Obsolete. coy, shy, or reluctant.
<maxbaldwin>   14.  Obsolete. unimportant; trivial.
<maxbaldwin>   15.  Obsolete.  wanton.
<maxbaldwin>   âIdioms
<maxbaldwin> 16.  make nice, to behave in a friendly, ingratiating, or conciliatory manner.
<MianoSM> Is that a spammer or what?
<maxbaldwin>   17.  nice and, sufficiently: It's nice and warm in here.
<maxbaldwin> Thank you for using the maxbaldwin dictionary service. please come again.
<Zombie_Gaz> Is an op going to kick this *** or what?
<maxbaldwin> hehe, hope not.
<Deeps> lol
<Deeps> +5 comedy value
<Deeps> Zombie_Gaz: man nice tells me:        nice - run a program with modified scheduling priority
<Deeps> Zombie_Gaz: man priority tells me: No manual entry for priority
<Zombie_Gaz> The point of this channel is to help though. Anyway... priority has a certain value and nice has another value. Both make things more important to the server. What is the specific differences?
<Zombie_Gaz> Yes... I can use man too.
<Zombie_Gaz> erp "are"
<Deeps> priority doesn't appear to be installed by default, at a guess they're both wheels invented at different times, both do the same job, nice being installed by default would be considerred to be 'better'?
<Zombie_Gaz> So... same thing?
<maxbaldwin> sure
<Deeps> if you want specifics for a particular tool, coming to a generic help channel isn't the best approach, heh
<Zombie_Gaz> Nice = highest priority is -19. What is the highest priority setting I can use... most of my processes run at 20ish.
<Deeps> the source code, however
<Deeps> Zombie_Gaz: i thought you could use man too? :)
<Zombie_Gaz> It doesn't say.
<Deeps> man nice:
<Deeps> DESCRIPTION Run  COMMAND  with  an adjusted niceness, which affects process scheduling.  With no COMMAND, print the current niceness.  Nicenesses range from -20 (most favorable scheduling) to 19 (least favorable).
<Zombie_Gaz> Sorry. Missed that.
<soulresin> nice effects priority.  -5 nice is 15 priority.
<Zombie_Gaz> Er... but I mean what's highest priority not highest nice.
#ubuntu-server 2010-01-18
<jMyles> I'm using dnsmasq for DHCP - how can I list all the devices on my network with their hostnames?
<jMyles> ....or, more properly, all the devices that are DHCP, not static devices
<twb> jMyles: you need to tell dnsmasq to maintain a lease file.
<twb> jMyles: then, you simply cat the lease file.
<twb> Note that you will need to restart dnsmasq to turn the leasefile option on -- meaning that unless it's already on, you can't extract the current leases.
<jMyles> twb: yeah, I thought it was strange that there was no file with this info :-)  where do I do this?  dnsmasq.conf?
<jMyles> twb: that's no problem
<jMyles> twb: I could have a grep-fest with nmap if I was really feeling energetic, but I knew there was an easier way
<twb> Also note that if you have the leasefile turned on (and not read-only), restarting dnsmasq will no longer clear the lease database within dnsmasq.  This can be REALLY confusing when you forget about it.
<twb> jMyles: yes, it's in dnsmasq.conf, see the options in the dnsmasq(8) manpage.
<twb> jMyles: you can also look at your current ARP table for hints
<jMyles> twb: I looked at man, but I guess I searched for the wrong phrase
<twb> "sudo arp"
<twb> Erm, ARP assuming you're using Ethernet.
<jMyles> twb: Awesome, found it.  Another question (and again, I looked at man but maybe I missed it): how can I get dnsmasq to log to some place other than syslog?
<twb> I doubt you can.
<twb> Why would you want to?
<jMyles> twb: just to stay organized
<twb> What does that mean?
<jMyles> twb: syslog gets so bloated :-\
<twb> Um, are you talking about the *service* called syslog, or a file?
<jMyles> twb: I'd rather have dnsmasq-dns.log and dnsmasq-dhcp.log
<twb> OK, all you need to do in that case is configure syslog.
<jMyles> I don't think I know the difference :-\
<jMyles> the only way I find dnsmasq logs is by catting syslog
<jMyles> which is very inefficient
<twb> Daemons use a system call (called syslog, too, IIRC), and a daemon (syslogd, rsyslogd or syslog-ng) "hears" them and puts them in files.
<jMyles> ahh, I see
<twb> So if you want to put log entries in a different file, you configure rsyslog.
<jMyles> so I need to have a little heart-to-heart with rsyslog
<jMyles> right
<twb> Personally I usually just grep dnsmasq.*DHCP /var/log/daemon or so
<jMyles> I don't understand that last statement - can you explain?
<twb> jMyles: are you familiar with grep(1)?
<jMyles> perhaps not - the (1) is foreign to me
<twb> (1) just means its in the first chapter of the manual
<twb> (See man(5)).
<jMyles> I see
<jMyles> well, since we're on the topic - how does one search for a string in man?
<jMyles> (like ctrl-f in firefox or ctrl-w in nano)
<twb> apropos(1)?
<twb> If you mean within the displayed manpage, then it depends on your pager.  The default pager is less(1), so use / for forward searching, and ? for backward searching.
<twb> C-/ or / should also work in firefox, FWIW.
<twb> You can use a different pager (e.g. w3m), or have man generate PDFs or HTML, of course.
<jMyles> phew.  I'm learning many new server applications at once, and I really want to come to terms with all of them and have a good grasp.  I have a gateway running dnsmasq (and apache) and now I'd like to set up openvpn.  I've read the guides, and I've tried, but restarting openvpn is giving me [fail].
<jMyles> Is there a specific guide for setting up openvpn on a computer that is a gateway / router?
<twb> Have you looked at the Ubuntu Server Guide?
<twb> It's the fourth link in /topic
<jMyles> twb: looking.
<jMyles> thanks for all your help
<twb> np
<jMyles> I am running into frustration over the bridging in openvpn - the documented setup seems to be for a server with one NIC connected to a router.  In my case, I can't create the extra device br0 because I already have a bridge between eth0 (WAN) and eth1 (LAN).  I don't think I need the bridging stuff at all, but I don't know how to use openvpn without it.
<jMyles> I really just want openvpn to listen on eth0, that's it
<twb> I don't do much with OpenVPN, sorry.
<a|3x> hi all
<a|3x> i have a bit of a problem with the official kernel and iscsi targed daemon, hoping somebody can help...
<sabgenton> should my hostapd config be in /etc/hostapd/hostapd.conf
<sabgenton> it doesn't seem to take there
<twb> !anyone > a|3x
<ubottu> a|3x, please see my private message
<sabgenton> with /etc/init.d/hostapd start
<twb> sabgenton: I don't know.  What does the manpage say?
<sabgenton> nothing
<twb> strace the daemon, then.
<sabgenton> I only can get it  working with hostapd /etc/hostapd/hostpad.conf
<a|3x> i have vmware installed on an ubuntu server installation with iscsi target daemon, but every time my vm tries to use the iscsi target i get console message that says soft lockup, cpu #x stuck for 11s, and istd has 100% cpu usage, any ideas what could be causing this?
<sabgenton> but I want to use it via /etc/init.d/hostapd
<twb> sabgenton: my default position would be to blame vmware, because I hate it
<twb> Oops, bad completion
<twb> a|3x: does it work if you take VMware out of the equation?
<sabgenton> ?
<sabgenton> oh ok
<sabgenton> :P
<a|3x> i cant
<sabgenton> twb I asked this earlyer but when hostapd appers in /etc/init.d/hostapd is that sometimes becouse ubuntu/ the deb put it there or is that what would happen if I intalled it from source
<sabgenton> generally i mean
<sabgenton> as the man has nothing about /etc/init.d/hostapd
<sabgenton> is it debian people that made the deb installer setup a space in /etc/init.d/ for it
<twb> sabgenton: I don't know.  I don't install packages from source.
<sabgenton> for better management
<twb> You could find out by inspecting the upstream source.
<sabgenton> ok
<a|3x> twb: i could set up a test system on the side but i was wondering maybe its something easy
<twb> a|3x: I don't know.
<twb> iscsi is pretty complicated.  If I had to deal with network block devices, my gut position would be to steer towards AoE.
<twb> That's assuming your nbd doesn't need to cross networks, of course.
<a|3x> twb: the problem is vmware is a fart when it comes to support for >2tb virtual drives
<a|3x> twb: that is why i had to use iscsi in the first place
<ruben23> hi
<ruben23> jmarsden: hi
<jmarsden> hi
<ruben23> jmarsden: the one you test me about the mount cifs.. it worked but with my fstab when reboot
<ruben23> it didnt work im getting erro like this-->error connecting to IPv4 socket , cifs mount failed error code = -113
<jmarsden> ruben23: So now if you do   sudo mount /media/share   # what happens?
<jmarsden> ruben23: -113 sounds like "wrong IP address or remote XP box is not there" kind of a problem, but I'm not really sure.
<ruben23> jmarsden:--> mount media share i can mount it
<ruben23> but with auto mount upon reboot i cant..
<ruben23> my fstab is this-->http://pastebin.com/m594509e7
<jmarsden> ruben23: Interesting.  Sounds like a timing issue, maybe some other service is not up when the mount is tried at reboot.   I don't have any great ideas on that.  The fstab entry looks fine to me.
<jmarsden> As an "ugly" workaround, you could try doing something like    sleep 60 && mount -a     in /etc/rc.local
<ruben23>  jmarsden: the windows unit is up already while the system is rebooting
<ruben23> ow ok
<ruben23> ill try it
<jmarsden> That will wait for one minute and then try the mount again... it might help.
<twb> jmarsden: isn't upstart supposed to magically fix boot order issues?
<jmarsden> Yes... but I lack time right now to troubleshoot it, and ruben23 just needs something that works for a personal server :)
<twb> I was just bitching
<jmarsden> twb: If you can work with him on a full diagnosis and non-ugly fix for this, go for it :)
<jmarsden> OK...
<ruben23>  jmarsden:thanks ill try the work around..
<kingjm> kingjm
<kingjm> 12:13
<kingjm> I am looking for some help to do with VPNs I have started a forum discussion as I could not find a previous one. http://ubuntuforums.org/showthread.php?t=1383560
<kingjm> can somone see me now?
<kingjm> is anyone in here?
<twb> !anyone > kingjm
<ubottu> kingjm, please see my private message
<kingjm> I am trying to setup two VPN's one using PPTP and the other IPSEC/XL2TP I have started a forum thread with what I have done. however I cannot connect using Snow Leopard or windows Mobile. Can someone please help?
<twb> kingjm: can you connect using Ubuntu Server?
<kingjm> I havn't tried that I did not think that I could connect to my own server that I am serving the vpn from. I will try
<kingjm> twb well I am having trouble with that too I don't know how to connect on ubuntu terminal.   I have install pptp-linux
<twb> Uh, PPTP, IPSec and L2TP are all different protocols.
<twb> AFAIK you can't (for example) connect a PPTP client to an L2TP server.
<kingjm> twb I am starting with pptp shoudl be the easiestâ¦. it
<kingjm> sudo pptp 192.168.0.100
<kingjm> Terminated
<twb> Have you configured your server to serve PPTP?
<kingjm> I thought so. if you click this link it will show exactly what I did. don't worry. I have the only post atm
<kingjm> http://ubuntuforums.org/showthread.php?t=1383560
<twb> kingjm: the link you provided sets up three completely different VPN tunnels.
<twb> It also contains bugs, so if you followed it you would've seen errors and tried to deal with them.
<kingjm> I realize that. I am just trying to start with pptp. My goal is to get all of them working
<twb> kingjm: so pptpd is installed?
<kingjm> yep it is installed
<twb> And you edit /etc/ppptpd.conf, /etc/ppp/options, /etc/ppp/chap-secrets and /etc/sysctl.conf as advised by that page, and restarted pptpd?
<kingjm> yep just as that page says
<twb> Did you activate the changes to sysctl.conf?
<kingjm> with /etc/init.d/networking restart
<twb> That's wrong.
<kingjm> oh
<twb> Here it is managed by the procps init script.
<kingjm> so how do I activate the changes?
<twb> 17:45 <twb> Here it is managed by the procps init script.
<kingjm> sudo /etc/init.d/procps restart
<kingjm>  * Setting kernel variables...
<kingjm>    ...done.
<kingjm> sudo pptp 192.168.0.100
<kingjm> Terminated
<kingjm> twb anything else that you can see might be wrong?
<twb> kingjm: maybe you should look at the log files
<twb> kingjm: and inspect the open ports (with ss or netstat) and firewall.
<kingjm> I looked in var/log/messages nothing there anywhere else?
<kingjm> tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN      -
<twb> kingjm: that will depend on how your daemon does logging.
<jmarsden> kingjm: /var/log/daemon.log is one possibility.  Read /etc/syslog.conf to see where else your syslog daemon might be logging things, or man pptpd to see where pptpd is supposed to log things.
<kingjm> auth,authpriv.*			/var/log/auth.log
<kingjm> *.*;auth,authpriv.none		-/var/log/syslog
<kingjm> #cron.*				/var/log/cron.log
<kingjm> daemon.*			-/var/log/daemon.log
<kingjm> kern.*				-/var/log/kern.log
<kingjm> lpr.*				-/var/log/lpr.log
<kingjm> mail.*				-/var/log/mail.log
<kingjm> user.*				-/var/log/user.log
<jmarsden> Don't spam the channel :)  Read it and then check the relevant log files on your server for pptp related log entries!
<kingjm> I was just putting it up there so that you would know where to logs are going. as you may know which ones to check
<jmarsden> Never post more than 2 lines to the channel.  For anything more than that use pastebin.
<kingjm> pastebin what is that?
<jmarsden> It would have been faster to grep pptp /var/log/*log than to spam us with syslog.conf entries anyway...
<jmarsden> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://ubuntu.pastebin.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<kingjm> thanks I will
<kingjm> http://ubuntu.pastebin.com/d1e9f0d5a this is the grep pptp
<jmarsden> OK.  So now you can go through that and fix anything you find relating to "error" or to missing or unrecognized options, etc.
<kingjm> I am going through this, I don't understand muchâ¦. I do really appreciate that you are walking me through how to find my own errors.
<kingjm> In file /etc/ppp/pptpd-options: unrecognized option 'localip'  but this is needed for localip and remoteip. what can I change?
<jmarsden> Are you sure that is the right option in the right file?  man pptpd and check.  Maybe it is spelled local-ip or maybe the intent is that you replace the string "localip" with your actual local IP address 1.2.3.4 or something ?
<jmarsden> It has been years since I ran a pptpd so the man page will be more accurate than I am.
<twb> Isn't PPTP the one with the gaping cleartext-password-type holes?
<jmarsden> twb: I think the really bad holes were cleared up a while back, but since it is basically a Microsoft protocol, it wouldn't be surprising if there are still some issues with it.
<kingjm> I think I got it thanks sudo pptp 192.168.0.100 did not return any errors
<jmarsden> twb: http://www.sans.org/security-resources/malwarefaq/pptp-vpn.php    May be worth a look for SANS ideas on improving its security...
<twb> Ha, a security group is using PHP
<kingjm> how do I check or close the pptp connection
<twb> You can close it by pulling the cable out and waiting an hour
<jmarsden> kingjm: You are trying to write a wiki article about doing this stuff, but don't know how to start and stop PPTP, nor how to test it?  Seems odd... perhaps you should leave writing wiki articles about VPNs to folks who have experience with them?  You could kill the pptp client, to close the connection rather rapidly :)
<twb> jmarsden: I think he was writing up what he *tried*, rather than having to repeat it all here
<kingjm> I would love to however no one else has done so. That is why I am using the forums to figure it out
<twb> Forums are worse than IRC!
<twb> They are populated by people too stupid to configure a newsreader.
<jmarsden> kingjm: Did you Google for    ubuntu pptp server      and see how many hits there are?  "noone else has done so?"
<kingjm> I have gotten pptp to work and connect via snowleopard
<kingjm> I did google that is where I started. then I went to the wiki, then to the forums, and now here
<jmarsden> kingjm: OK.  So you know there are plenty of people who have written this up.  Mostly a long time ago, because few people use PPTP any more, it being considered too insecure...
<beric> Hi, Something moved my syslog.conf to syslog.conf.0 , I guess some unattended upgrade. where can I read about protecting my config files from things like that ?
<twb> The Debian Policy ought to prevent that :-/
<jmarsden> twb: That's what I was thinking... "is that *allowed*?"
<jmarsden> beric: What kind of automated unattended updating software are you using on your Ubuntu server that you think did this?
<beric> apt-cron
<twb> apt-cron is basically an obsolete version of unattended-upgrades.
<twb> It shouldn't do anything like that -- it basically just does an "apt-get update && apt-get upgrade"
<twb> Now, if you have cowboy third-party repositories enabled, their postinsts could do any kind of crack-addled thing...
<beric> it's 8.04 LTS. I know it's old but can't upgrade anything
<kingjm> I would just like to say thanks for all those who helped. good night
<jmarsden> kingjm: Goodnight.
<beric> twb: sounds reasonable, It has turnkey linux repositories . what can I do about that in the future ?
<jmarsden> beric: You might want to check what version of syslogd you have and where it came from?  And make frequent backups of /etc :)
<jmarsden> beric: You may also be able to use pinning to restrict which pacakges the 3rd party repositories can update, to ONLY the few you really need from there.  man apt_preferences for more on pinning.
<twb> The obvious solution is not to use those shitty "turnkey" repos
<twb> Or, to not enable auto-upgrading, or at least disable it for everything by hardy-security
<twb> aptitude install '~i ~S ~VTARGET ~Ahardy-security' (untested)
<beric> ok. I'll consider that
<twb> Pinning ought to work for that, too, but it always makes my brain hurt
<jiboumans> good morning
<Helix001> hi is anyone using squid and likewise open with active directory?
<rags> Hello, I am running BIND 9.4 on Hardy, I'm getting this messages in the logs : "named[30429]: unexpected RCODE (SERVFAIL) resolving '31.59.243.72.in-addr.arpa/PTR/IN': 97.66.48.58#53"
<rags> I've totally locked down the server - query and recursion only from local net and bind is listening only on the local host and n/w, but I keep getting these messages in the logs...
<jiboumans> soren, ping?
<jiboumans> soren: LP question. do you know why http://qa.ubuntu.com/reports/team-assigned/canonical-server-assigned-bug-tasks.html isn't listing https://bugs.launchpad.net/ubuntu/+source/ec2-init/+bug/494185 ?
<soren> jiboumans: /me looks
<soren> jiboumans: Probably because it's listed as fixed in Lucid.
<jiboumans> hmm, but not in karmic, which is half of the bug =/
<soren> jiboumans: It says "Status tracked in Lucid", so whatever the status is in Lucid is what matters here, I believe.
<jiboumans> soren: thanks for explaining.. damn this falling through the cracks. so if i say 'status tracked in karmic', it should pop up again?
<soren> jiboumans: You can do that?!?
<jiboumans> soren: i have no idea
<jiboumans> all i know is there's a bug that's 50% fixed and it's not showing up in reports
<soren> jiboumans: I don't think you can. I think it's just telling you that that's how it is.
<jiboumans> i see. damn.
<jiboumans> soren: could you check with the QA folks if there's a report they generate that does include things like this?
<soren> jiboumans: I'd bother the good people in #launchpad. I'm sure there's a bug open about it already (I remember seeing one to this effect), but I don't remember the bug no.
<jiboumans> ok, i'll ask there
<soren> ta
<tarski> anyone here have any luck or know about installing ruby 1.9.1 with rails on ubuntu server?
<jiboumans> tarski: you're running karmic?
<tarski> no i downloaded hardy
<tarski> jiboumans: but it's not working, so many errors with gems, and such
<tarski> jiboumans: think i should use karmic?
<jiboumans> tarski: depends on what you are looking for. Hardy's an LTS; the software will be older, but stable
<jiboumans> Karmic's the latest release, so will have the newest versions of ruby & co that were available
<tarski> jiboumans: well im looking for the newest ruby, i  can install ruby1.9.1 on hardy from the karmic repos but rails wont work and some other gems i need
<jiboumans> tarski: your best bet to run the newest gems/rails/ruby is to use karmic
<tarski> jiboumans: thought so. im going to be installing 10.04 when it's out so no i dont need lts right now
<tarski> jiboumans: thanks
<jiboumans> tarski: happy to help. good luck
<Ash-Fox> Perhaps someone else can figure this out - I have an external 1TB USB harddrive, it works perfectly on my other systems with the same distro, doesn't matter what kernel I use however on this specific machine, the drive eventually becomes inaccessible. I have tried tweaking max_sectors, but that doesn't seem to help at all. Here is a copy of my syslog:
<Ash-Fox> http://ash-fox.pastebin.com/d1fc9a240
<zul> soren: ping
<soren> zul: hey.
<zul> soren: i just uploaded the latest mysql 5.1 from debian testing can you add it to your testsuite thing?
<soren> zul: It's already there, isn't it?
<zul> i dunno how can i check?
<soren> zul: Don't you get build failures for mysql-dfgs-5.1 each morning?
<soren> Anyhow, the authoritative sources is:
<zul> lemme check
<soren> https://edge.launchpad.net/~ubuntu-server-qa/+archive/regression-test
<soren> Yup, mysql 5.1 is already there.
<zul> soren: cool thanks
<kaffien> can apt-get be used to install applications with make flags?
<ZimCS> Hello.  I am running ubuntu server on a small home server that I just built.  What is a good option to backup files from remote PC's?
<kaffien> I used to use samba
<kaffien> then use a backup software on the other machines to backup to the network share
<ZimCS> thanks
<ZimCS> kaffien: i setup samba last night and the file transfer was extremely slow.  did you ever run into that problem?
<kaffien> define slow
<ZimCS> 160GB would take 22 hours
<kaffien> the fastest way i have transferred to to a linux system was on an ftp program via the SCP protocol
<kaffien> jesus
<kaffien> that should take about 4 hours with the right hardware
<ZimCS> yeah
<kaffien> what kind of a server do you have?
<kaffien> you must consider all points
<ZimCS> what do you mean what kind
<kaffien> cpu, ram, hdd speed (do they have bad sectors etc)  speed of network switch,  cables, nic cards etc
<kaffien> all of those can slow a transfer to a halt
<kaffien> one of the biggest mistakes folks make is using a 10/100 switch / router
<ZimCS> oh, an amd sempron single core 2.2ghz 2 gb ram 10/100/1000  with 2 sata drives
<kaffien> what speed of sata drives?
<ZimCS> yes, unfortunately my router is a wrt50g so the switch is 10/100
<ZimCS> 3.0GB
<kaffien> thats a majour bottle neck
<ZimCS> even for home use?
<kaffien> yes
<kaffien> gigabyte switches are cheep
<mike3> .
<mike3> how can i remove the motd of permanently. It keeps generating a new message in MOTD.
<kaffien> id connect all computers to switch then one cord to the router for internets
<kaffien> also make sure your workstations / desktops have gigabyte ethernet cards or a gb switch is pointless
<ZimCS> yes, they do.  i guess i'll trade my router in then.
<kaffien> no no
<kaffien> you still need the router
<ZimCS> i mean just to one that has 10/100/1000
<kaffien> unless you can find a gigabyte ethernet router
<kaffien> if not just get a switch ... its more hardware but it might be cheaper
<ZimCS> a lot of my transfers from my laptop will be wireless
<kaffien> ahh
<kaffien> make sure you got wireless N on your net router then
<kaffien> wireless is generally slower than wired still
<alvin> Are those remote pc's running Linux? NFS would be a better choice for that.
<mike3> What keeps generating in my /etc/motd ? How can I remove it permanently?
<kaffien> scp will transfer faster than nfs
<ZimCS> alvin; windows
<kaffien> setup scp on the linux box and get winscp for windows (its free)
<alvin> kaffien: It will most certainly not. scp (SFTP) uses encryption.
<ziesemer_> mike3: What version of Ubuntu?  And do you only want to remove parts, or the entire thing?
<kaffien> FTP and scp are different
<mike3> the entire thing
<kaffien> sftp is slooooow compaired to scp
<alvin> actually, they are the same
<kaffien> definately faster over here
<kaffien> maybe its the way winscp handles them
<ziesemer_> Well, /etc/motd.tail is part of it, and I just cleared that.  That way I can still see package update notifications, etc.
<kaffien> i usually get about 17MBs
<ziesemer_> So you want to remove from just SSH, or all shell logins?
<alvin> No, it's just ssh. winscp should not be faster than the scp command, or FileZilla.
<mike3> ziesemer_: where to i tell it to use a different motd? Which file is doing this?
<ziesemer_> Either way, at least under Karmic, look in /etc/pam.d.  In both "login" and "sshd", there are references to pam_motd.so that could be commented out.
<Pici> mike3: look at the manpage for motd.tail, it explains the process as to how the motd is generated.
<sub> In my experience I've never been able to get winscp to exceed 10Mbps
<sub> or maybe it was MBps, i don't quite remember
<ivoks> if you want to remove it just from sshd
<ivoks> edit /etc/ssh/sshd_config
<ivoks> PrintMotd no
<mike3> Pici: okay thanks
<kaffien> alvin, its not im saying that SCP is faster than regular ftp and or windows transferring to a samba share
<kaffien> via drag and drop
<ZimCS> thanks for the help.  i have one more question.  this server primarily does hosting for my website, backups and file sharing.  but it has an hdmi out and I'd like to use it to watch movies on my hdtv.  but since boxee needs x-windows to run, do i need to install a gui?
<ivoks> man, don't do that
<ivoks> don't mix webhosting and divix :)
<ZimCS> its just for my site though, nothing important
<mike3> Pici: okay i found that, but I am still getting system information in there that I don't want..
<ivoks> mplayer can output to svga :)
<ivoks> aai is nice too :D
<alvin> kaffien: Ah, you were saying it was faster than NFS, and NFS is faster than CIFS (marginally). I didn't mention FTP. What I meant was that FileZilla can do SFTP (=SCP) too.
<ivoks> sftp != scp
<mike3> okay nm, i just removed /etc/motd all together
<mike3> i still would like to know where it generates the system information from. /etc/motd.tail doesn't contain this info
<ziesemer_>  /etc/update-motd.d
<ivoks> it depends on version of ubuntu and packages you installed
<ziesemer_> https://wiki.ubuntu.com/UpdateMotd .  But is slightly outdated for Karmic, as it no longer uses cron.
<mike3> ziesemer_: oh okay.. hrm..
<kaffien> alvin wouldn't he be better off using scp to transfer files as big as 160gb?
<ziesemer_> And I'm not sure that just removing /etc/motd will work like you expect.  It might, but I'm not sure.  You'd be better off removing the lines I mentioned from the pam.d files.
<alvin> kaffien: I don't know. In his case, I would use Windows file sharing in combination with backup software. The built-in backup solutions of Windows will probably be good enough.
<alvin> I would use SCP over an untrusted link only.
<ivoks> in any case, use scp always instead of sftp
<kaffien> seems to be that his problem is his 10/100 router
<kaffien> 160gb transfer took 22 hours
<mike3> ziesemer_: in ssh  right?
<ziesemer_> Depends.  Who do you want to disable it for?  SSH users only, or all users?
<mike3> let's say ssh users
<mike3> what do i need to do?
<alvin> kaffien, ivoks: Apparently I'm wrong. SCP is older than SFTP (faster, but less features). I thought it was the same.
<mike3> because PrintMotd is already no
<ziesemer_> Did you restart sshd?
<mike3> it was already set
<mike3> it was never yes
<ivoks> oh really?
<ivoks> hm...
<ziesemer_> And you're still seeing it?  Then I'd try disabling it in the pam.d files I mentioned above, e.g. /etc/pam.d/sshd .
<ivoks> i consider that as a bug
<mike3> ziesemer_: okay thanks..
<mike3> found it
<mike3> sec
<ivoks> ah... it's not
<mike3> okay that worked
<mike3> sweet
<ziesemer_> mike3:  See also:  https://bugs.launchpad.net/ubuntu/+source/pam/+bug/399071
<mike3> now on to my next problem... I want to install talkd but it wants to install the openbsd inetd which I do not want to use. I want to use xinetd
<ivoks> install xinetd first
<mike3> ivoks: it's installed already, but apt-get wants to remove it and intsall inetd
<bogeyd6> Anyone have a guide on how to have a linux server running bind be a backup dns server for active directory?
<ivoks> mike3: inetutils-talkd
<mike3> sec
<Aison> can I use dhcp3-server also for ipv6?!?
<genii> Aison: not yet
<Aison> so I need this "wide-dhcpv6-server" ?
<genii> Aison: As far as i know, yes
<kingjm> I have a problem wtih pppd "Cannot determine ethernet address for proxy ARP" how do I define proxyarp in /etc/ppp/options?
<kingjm> can I use arp --use-device --set 192.168.0.100 eth0 pub.  etho 192.168.0.100 is server address
<mike3> I'm having issues getting talkd to work..
<mike3> I need to use xinetd
<mike3> in.talkd is nowhere to be found...
<jfelt> Hail.
<jfelt> I'm trying to gather some more information about the Cloud functionality of Ubuntu 9.10 server.
<jfelt> has anyone implemented anything with it, yet?
<kpettit> Can anybody recommend a good systems monitor that's easy to script?  Basically I want to say "do XYZ if system is down..." type of stuff
<jMyles> I need to know how to reset my password for ldap.  I am getting "Invalid credentials".  I have looked and looked, but many of the guides seem to reference an outdated configuration using /etc/openldap/slapd.conf, which no longer exists.
<Jeniczek> hi guyz
<Jeniczek> am tryon to solve an installation problem
<Jeniczek> anybody around?
<Jeniczek> I wasnt successful on ubuntu channel :(
<guntbert> Jeniczek: the rules are the same - just ask :)
<Jeniczek> I have a Fujitsu RX300S4 server with 4 SAS drives. Both of the drives are put into 2 mirror RAIDS. During installation, I do partition the first RAID to / , swap and /home and the second RAID to /var . After successful install the server reboots and then all it says during boot is Fatal protection error at 0000:0000. I have tried to Low level format all hardrives, so its not an MBR issue.. Or at least doesnt looks so... The GRUB i
<Jeniczek> thats it ;)
<Jeniczek> hm :P
<Jeniczek> well, g2g, bb guyz
<Maz3Mike> How is it going everybody?
<Maz3Mike> I had some issues installing Fedora 12 with graphics, and I thought I would give Ubuntu a chance
<Maz3Mike> I have a Nvidia 7800 installed...any advice?
<guntbert> Maz3Mike: this is primarily support for the server version
<Maz3Mike> guntbert: That is what I am wanting to install
<guntbert> Maz3Mike: I was confused - where does graphics come into the picture?
<Maz3Mike> guntbert: I used to have a teamspeak server on fedora 9, but I wanted to upgrade...it didnt work..so I am going to give UbuntuServer a shot
<Maz3Mike> guntbert: I was just wanting to have a monitor hooked up to it
<guntbert> Maz3Mike: I see - and what exactly is your problem?
<Maz3Mike> guntbert: Since I have been fooling around with the linux the last couple of years..I always run into issues with graphic cards
<Maz3Mike> gunbert:installing it right now
<guntbert> Maz3Mike: with the CLI? very rare - I'd say just go ahead :)
<Maz3Mike> guntbert:already like the intial config...got opensuse working before this but I didnt like it either
<Maz3Mike> guntbert: question...I have one 300GB disc that I wont the os to go on...and I have a 500GB disc that I want to keep stuff on there such as pictures..videos...ISOs..random things for the most part..set it up as a file share throught samba..but I want to ecrypt all of the 500GB disc
<Maz3Mike> guntbert: what would be the best way of doing this...I am at the partition disk menu right now
<guntbert> Maz3Mike: no experience with encryption on server here - but I'd say install to the 300GB and leave the other one untouched for now - you should be able to handle that later
<Maz3Mike> k
<Maz3Mike> guntbert: I will encrypt that sucker later...just have to use fdisk
<Maz3Mike> figured it out
<Maz3Mike> just partion the disk and then encrypt what volumes you want
 * RoyK never uses X on servers unless they run opensolaris
<RoyK> sometimes I even turn it off on those suckers
<EtienneG> hey guys, I feel like an idiot
<guntbert> RoyK: and?
<RoyK> EtienneG: wanna talk about it?
<EtienneG> I just built a three host cloud (CLC/CC/SC/Walrus, and two NC)
<EtienneG> RoyK, oh yes!
 * RoyK hands EtienneG paper towels
<EtienneG> so anyway, I used the installer integration, it works fine
<EtienneG> only thing: no networking to the instances, except from the frontend
<EtienneG> it's like it is not routing between the public IP, and the instances private IP
<EtienneG> yet, sysctl says net.ipv4.ip_forward = 1
 * RoyK really has no idea about setting up clouds
<EtienneG> RoyK, it's all good, mathiaz, kirkland, nurmi or someone else will surely help eventually
<EtienneG> it's worth saying that both VNET_PUBINTERFACE and VNET_PRIVINTERFACE are set to eth0
<EtienneG> so I wonder if that has something to do with it ...
<kpettit> any good tools to say something like so "If ping 192.168.0.XX dpesm
<kpettit> If ping doesn't give me a response restart system?
<RoyK> kpettit: heh - no
<kpettit> I'm having a hard time finding something simple to do that.  Most of the systems are very bloated.  Don't really want nagios or zabbix for something like that
<RoyK> kpettit: what is this, from a server?
<RoyK> if you can't ping x.x.x.x, it's most likely (as in 99,lots%) something else than linux that is the problem
<kpettit> I've got this VirtualBox client VM that seems to die every so often.  The process stays running but windows locks up.  SO I want to do a ping test and send a restart to the client if it doesn't respond
<kpettit> Basically I want the Linux host to ping the Windows guest and restart it if it doesn't respond
<guntbert> kpettit: there is c
<guntbert> sorry
<RoyK> kpettit: nagios would be neat, but it really is a short script to do it manually
<kpettit> :)  If I had to code something I'd use python, it's the only thing I know well enough to do something usefull in.  But I hate re-inveting the wheel
<guntbert> kpettit: there is a complete CLI instruction set - so a "simple" script should do it
<EtienneG> kpettit, something I do not understand is: how will you restart the unresponsive machine?
<EtienneG> it's unresponsive, after all
<kpettit> The linux server would still be running.
<EtienneG> kpettit, yes.  How will it restart the Windows machine?
<kpettit> It's the VirtualBox guest that dies.  The guest gets it's own IP address, I can't ping it when it locks up
<kpettit> So normally I have to kill the process and restart it.
<EtienneG> kpettit, ok, that make sense
<EtienneG> then you would use a script that does something like:
<EtienneG> if ! ping -c 1 ip.of.virtualbox.guest; then
<EtienneG> # do something
<EtienneG> fi
<kpettit> exactly
<EtienneG> then run it from cron every minute, or something?
<kpettit> yes, not that often but something like that.
<EtienneG> kpettit, cool!
<kpettit> I just know it'll take me 1/2 a day to code something that's decent and doesn't give me a bunch of false postives or negatives.  That's why I was looking
<RoyK> kpettit: http://karlsbakk.net/pingtest.sh.txt
<RoyK> kpettit: that took me a little less than half a day :Ã¾
<kpettit> cool. I'll test it out.
<kpettit> I'm not a very good programmer though :)
<RoyK> just replace the stuff in function restart...
<kpettit> But I can copy and paste with the best of them
<RoyK> it shouldn't be too hard
<RoyK> it's hardly any more 'programming' than the usual linux commandline
<kpettit> interpreting the ping results is what I was worried about
<RoyK> oh
<RoyK> never mind
<RoyK> ping returns an error code
<RoyK> 0 on success, 1 on error
<RoyK> so
<kpettit> ah cool
<kpettit> that's perfect then.  Didn't know it did that, was thinking I'd have to parse the result line or something
<RoyK> if [ `ping blah > /dev/null 2>&1` ]; then echo success; else echo fail; fi
<RoyK> that's the simple way
<kpettit> sweet
<RoyK> that's unix basics :)
<RoyK> most commands follow that regime
<kpettit> good to know
<Maz3Mike> alright guys..just got the server
<Maz3Mike> edition installed
<Maz3Mike> hopefully it works with my nvidia 7800
<RoyK> erm
<RoyK> isn't this a server?
<RoyK> or do you plan to do some fancy 3d games with it as well?
<Maz3Mike> no..it is a server
<Maz3Mike> how do i enable Xserver?
<RoyK> first question is "WHY?"
<Maz3Mike> want to have the gui interface
<RoyK> Maz3Mike: https://help.ubuntu.com/community/ServerGUI
<RoyK> it's possible but not recommended
<RoyK> there's no need for a gui on a server
<ivoks> gui interfaces to unix services are... bad
<Maz3Mike> yes
<ivoks> you can't have that many checkboxes :)
<ivoks> so, why bother?
<ivoks> just learn to use real unix UI - CLI
<EtienneG> mathiaz, we had that discussion a little while back on UEC topology.  Sorry, I am amnesic, I do not remember the conclusion, but am I correct in thinking that the public and private interface cannot be the same?
<ivoks> vimtutor is a good start
<Maz3Mike> if you forgot your root password...what is the easiest way to reset it?
<mathiaz> EtienneG: hm - they could be the same
<ivoks> Maz3Mike: live cd
<Maz3Mike> I know how to do this on solaris..use disc..mount the drive...delete the password out of the shadow file
<Maz3Mike> Is that the disc I used to install with?
<mathiaz> EtienneG: I was able to run a UEC setup with one network only
<EtienneG> mathiaz, glad to her that - somehow, on my flat install (all interface on the same "public" network), the frontend is not routing traffic to the instance private IP (172.19.1.2).  Any ideas?
<mathiaz> EtienneG: what's you configuration?
<ivoks> Maz3Mike: the same is with ubuntu
<EtienneG> mathiaz, stock from the installer
<mathiaz> EtienneG: ie where are your CC/Walrus/CLC located?
<EtienneG> mathiaz, all on the same machine
<mathiaz> EtienneG: separate CLC and CC?
<EtienneG> mathiaz, no, all on the same machine.  that's what the installer does
<mathiaz> EtienneG: and what are you trying to do?
<mathiaz> EtienneG: for karmic or lucid?
<RoyK> Maz3Mike: if you haven't set a root password on ubuntu, single user mode lets you straight in
<RoyK> otherwise, just boot on a live cd
<EtienneG> mathiaz, instance is started fine, except I cannot ssh/ping whatever to it.  Security group, checked
<EtienneG> mathiaz, karmic!
<mathiaz> EtienneG: are you trying to ping/ssh the private instance IP or the public instance IP?
<EtienneG> mathiaz, the public IP, from another machine (not the frontend).  Pinging/sshing works fine on the frontend, using both the public or private instance IP
<soren> EtienneG: Can you get out from it?
<Maz3Mike> crap
<Maz3Mike> thought i set the password
<Maz3Mike> should be su -..right?
<Maz3Mike> for root
<EtienneG> soren, good question, I shoudl try that
<RoyK> maxb: sudo su -
<RoyK> Maz3Mike: that was for you
<maxb> mis-bing?
<maxb> righ
<EtienneG> soren, mathiaz: when checking iptables output, I can see that no packet goes through the FORWARD chain.  Is that normal?
<RoyK> maxb: sorry :)
<mathiaz> EtienneG: yes
<maxb> Why do people think 'sudo su -' is a good idea?
<RoyK> Maz3Mike: sudo su -, then use your own password
<mathiaz> EtienneG: things are handled in the nat table
<RoyK> maxb: because it's neat
<mathiaz> EtienneG: try iptables -t nat -nL:
<maxb> It's like "Become root and become root and run a shell"
<RoyK> maxb: you get root's environment that way
<RoyK> sudo sh doesn't give you that
<EtienneG> mathiaz, yeah, did that, some packets are indeed going through the POST/PREROUTING chain
<EtienneG> mathiaz, soren might be on to something .... maybe traffic is just not coming *out* of the instance somehow
<maxb> I guess sometimes you want that. However I frequently use 'sudo -s' and find it actively useful that my $HOME is my own
<RoyK> maxb: it's probably another fancy way to do that, but sudo su - works
<ivoks> sudo -i
<ivoks> sudo -s can be tricky
<mathiaz> EtienneG: are you able to ssh into the Cloud Frontend?
<maxb> define tricky
<RoyK> well, that's what I want, most of the time, to use root's environment
<EtienneG> mathiaz, sure
<ivoks> if you run a command that drops something in ~, it will end up in user's home with root permissions
<mathiaz> EtienneG: ie does the Cloud frontend knows how to route to your workstation?
<ivoks> for example, firefox :)
<maxb> eek
<ivoks> or some cli tools - vim
<RoyK> sudo -i I didn't know
<RoyK> neat
<mathiaz> EtienneG: is there a dhcp server running on the network?
<maxb> I would never run something huge and gui under sudo
<mathiaz> EtienneG: the instance may have gotten the wrong IP address
<EtienneG> mathiaz, grrrrr!  I hate you!
<EtienneG> mathiaz, of cours ethere is one ... :(
 * EtienneG bang head
<EtienneG> there we are
 * RoyK helps banging EtienneG's head
<ivoks> maxb: find ~ -user root
<EtienneG> If it wasn't for the CoC, I would transcribe the litany of swears that just came out of me
<EtienneG> it was very pittoresque
<EtienneG> mathiaz, in any case, thanks a bunch
<jMyles> I'm really in need of help with LDAP.  I'm pretty lost.  It never asked me for a password during installation, and now I can't even get started with it because I don't know the password.  Also, I want to understand it more / better.
<RoyK> jMyles: afaicr it asks for the initial password during install
<ivoks> jMyles: dpkg-reconfigure slapd
<Maz3Mike> Just want to say...thanks for all the help so far.....guys in the fedora channel werent that helpful
<RoyK> Maz3Mike: :)
<RoyK> ubuntu!
<RoyK> Maz3Mike: http://en.wikipedia.org/wiki/Ubuntu_(philosophy)
<jMyles> RoyK, ivoks: dpkg-reconfigure slapd doesn't ask me to set credentials.  I am essentially having the exact problem described in this forum, but I do not understand the solution (although it is marked "SOLVED"): http://ubuntuforums.org/showthread.php?t=1295934
<ivoks> jMyles: dpkg-reconfigure -plow slapd
<RoyK> wtf is plow? manpage doesn't list it
<ivoks> priority
<ivoks> low
<jmarsden> RoyK: priority of questions low
<RoyK> k
<ivoks> plow - ask everything
 * RoyK thought of plowing
<ivoks> phigh - ask only essential
<RoyK> I see - just getting late
 * jMyles *is* plowing
<jMyles> ivoks: Even after plowing, I am not asked for credentials
<jmarsden> jMyles: For ldap in 9.10 you are not supposed to be... the way it works changed, didn't it?
<EtienneG> mathiaz, that was not it, after all
<EtienneG> mathiaz, the instance does have a private IP.  It can ping the frontend (172.19.1.1), but nowhere else
<ivoks> jMyles: true... i haven't installed slapd on karmic yet
<ivoks> this worked on 8.04
<mathiaz> EtienneG: can you ssh into the instance from the frontend?
<EtienneG> mathiaz, I am starting to think there is something fishy with my security group or something
<EtienneG> mathiaz, yes
<RoyK> jmarsden: https://help.ubuntu.com/community/OpenLDAPServer <-- this says how to reset it
<ivoks> mathiaz: how do we setup root pass in slapd in karmic? :D
<mathiaz> EtienneG: I'd check the routing table on the instance then
<mathiaz> ivoks: olcRootPW
<EtienneG> mathiaz, ubuntu@172:~$ ip route show
<EtienneG> 172.19.1.0/27 dev eth0  proto kernel  scope link  src 172.19.1.2
<EtienneG> default via 172.19.1.1 dev eth0  metric 100
<EtienneG> that seems kosher
<mathiaz> ivoks: man slapo-config <- has the list of parameter
<bogeyd6> can lts run cloud?
<ivoks> oh, tree configuration
<EtienneG> bogeyd6, no, it was introduced in jaunty
<mathiaz> EtienneG: well - it seems that the instances are set correctly
<EtienneG> bogeyd6, but you can run LTS *kin* the cloud, ie on EC2, or your own private cloud
<EtienneG> mathiaz, indeed.
<mathiaz> EtienneG: I'd use tcpdump on the instance/NC/CC to check where the network stops
<bogeyd6> ok
<bogeyd6> so i need 9.10
<EtienneG> mathiaz, I did: it stops on the frontend
<jmarsden> RoyK: Be careful, there is "old" and "new" documentation around at the moment... that page says "This page may contain outdated information." ...
<mathiaz> EtienneG: have you enabled ssh traffic in your security groups?
<jmarsden> jMyles: The steps presented by xingmu in the forum thread you linked to look like the "new" way to do things... did you try them?
<EtienneG> mathiaz, etienne@curst:~$ euca-describe-groups
<EtienneG> GROUP	admin	default	default group
<EtienneG> PERMISSION	admin	default	ALLOWS	tcp	22	22	FROM	CIDR	0.0.0.0/0
<EtienneG> PERMISSION	admin	default	ALLOWS	tcp	80	80	FROM	CIDR	0.0.0.0/0
<EtienneG> GROUP	admin	demo	Demo security group
<EtienneG> so, yes
<EtienneG> hold on
<RoyK> jmarsden: i know, just trying to help the guy
<mathiaz> EtienneG: is your instance running in the demo group?
<EtienneG> what does the "tcp 22 22" means?  hopefully, it is not the source port
<RoyK> jmarsden: you, that is
<EtienneG> mathiaz, no, in the default group
<Maz3Mike> wtf man
<Maz3Mike> I log in and use my user account and try to sudo to root but it wont work
<mathiaz> EtienneG: you can check the iptables rules on the CC
<Maz3Mike> i keep getting su authentication failure
<EtienneG> mathiaz, sure.  Should I dump it here?
<mathiaz> !paste | EtienneG
<ubottu> EtienneG: For posting multi-line texts into the channel, please use http://ubuntu.pastebin.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<jmarsden> Maz3Mike: sudo or su ?  They are two different things...
<Maz3Mike> su
<EtienneG> ubottu, thanks, nice RTFM you have here!
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<Maz3Mike> should su -
<Maz3Mike> for root right?
<jmarsden> Maz3Mike: No.  Not in Ubuntu.
<jmarsden> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<RoyK> http://uncyclopedia.wikia.com/wiki/Rtfm
<RoyK> heh
<Maz3Mike> so what would I type?
<RoyK> just remember that without any root password set, you can get right through all 'security' by just booting into single
<EtienneG> mathiaz, http://ubuntu.pastebin.com/m331fc577
<jmarsden> Maz3Mike: as a Ubuntu server admin you need to learn, not just type.  Did you read https://help.ubuntu.com/community/RootSudo
<RoyK> Maz3Mike: sudo -i and type your own password
<ivoks> only members of admin group have sudo privileges
<ivoks> so if you aren't member of admin group, sudo won't work
<EtienneG> mathiaz, notice nothing gets into the FORWARD chain, hence nothing gets to be processed trough admin-default.  Is that normal?
<mathiaz> EtienneG: I don't think so
<mathiaz> EtienneG: what's the routing table on the CC?
<Maz3Mike> love it..nice got root access
<EtienneG> mathiaz, lots of stuff through PRE/POSTROUTING
<Maz3Mike> man the ubuntu website seems sloooow
<EtienneG> mathiaz, cloudmaster@uec-frontend:~$ ip route show
<EtienneG> 172.19.1.0/27 dev eth0  proto kernel  scope link  src 172.19.1.1
<EtienneG> 10.153.108.0/24 dev eth0  proto kernel  scope link  src 10.153.108.210
<EtienneG> default via 10.153.108.1 dev eth0  metric 100
<EtienneG> (I just love flooding the channel!)
<Maz3Mike> see...its always the little things that you need to know
<henriquev> EtienneG: you shouldn't
<Maz3Mike> Thanks guys..now on to figuring out the xserver setup
<EtienneG> henriquev, I know ... :-/
<ivoks> Maz3Mike: xserver setup?
<RoyK> Maz3Mike: true, one should be able to play tetris on ones server
 * RoyK sniggers
<ivoks> just install xorg package :)
<Maz3Mike> lol..dont make fun of me guys..i am on the gui crutch but i will get off of it soon enough
<Maz3Mike> need to get teamspeak 3 working on it
<mathiaz> EtienneG: I think it's because your public instance IPs are shared by the network IPs
<mathiaz> EtienneG: the CC doesn't do any routing
<ivoks> sudo apt-get install xorg
<RoyK> Maz3Mike: https://help.ubuntu.com/community/ServerGUI
<EtienneG> mathiaz, yes, that could well be ...
<EtienneG> mathiaz, ok, so I will try with another IP range, like 192.168.something
<mathiaz> EtienneG: is ip_forward enabled on the cC?
<EtienneG> mathiaz, that makes a lot of sense indeed, and remind me of something
<RoyK> http://www.lamebook.com/wp-content/uploads/2010/01/weekendwin4.png
<ivoks> ah, time for bed
<EtienneG> mathiaz, in fact, i am pretty sure I had this problem before indeed
<mathiaz> EtienneG: yeah - try to allocate instance public IP in a non-used network
<EtienneG> mathiaz, yes, CC is routing, I checked that first!
<ivoks> bye
<EtienneG> bye ivoks
<mathiaz> EtienneG: if the FORWARD chain isn't hit, it means that things are fishy at the kernel routing level
<EtienneG> mathiaz, yes, i got that indeed
<mathiaz> EtienneG: you could try to see if packets *leave* eth0 on the CC
<EtienneG> mathiaz, they aren't, I checked
<mathiaz> EtienneG: I don't remember exactly under which circumstances packets go through the FORWARD rule
<jMyles> jmardsen, ivok, royk, et. al.: I think I need to take a step back.  For LDAP, do I need to go through this process (the "people.ldif" thing from the forums) every time I want to create an account?  All I really want is 1) for the users / groups on my server to be authoritative across the network and 2) to be able to use that user list for a few other things (authenticating a wifidog portal, logging in to mediawiki, etc)
<mathiaz> EtienneG: does the kernel say anything special?
<EtienneG> mathiaz, no, completely silent
<mathiaz> EtienneG: I don't know then
<mathiaz> EtienneG: try to use instance public IP from a different network
<EtienneG> mathiaz, but I think you got it ... it has to be the PUBLICIP range overlap
<RoyK> jMyles: there are better ways to administer ldap than using ldif files, but you need to look it up. I really have no idea
<EtienneG> gah! now I have the 403 bug ...
<RoyK> EtienneG: 403 bug?
<EtienneG> RoyK, jMyles: there is not, really.  There are a couple of toolchains for managing user/group in LDAP, but they all suck.  smbldap-tools suck the least
<EtienneG> RoyK, jMyles: there is a blueprint to get a better toolchain in Ubuntu, but we are not there yet
<EtienneG> RoyK, in EUC
<jMyles> EtienneG: I guess I assumed that the process was going to be that the userlist on the server was going to just work on other computers.  I don't really mind using ldif files - I'll just have to learn how.
<EtienneG> jMyles, what you describe is more like NIS, the older network directory.  It is deprecated, though.
<RoyK> jMyles: we're still using NIS in our network
<RoyK> works like a dream
 * RoyK underlines the fact that not dreams are good
<soren> Do you dream in black and white?
<soren> and 320x200?
<RoyK> no, it's colour
<RoyK> cyan and magenta is nice
<RoyK> CGA FTW!
<soren> Yup, those are colours.
 * soren doesn't miss CGA much
<jMyles> EtienneG, RoyK: Thanks for walking me through these baby steps.  I think I think LDAP because it seems to be compatible where I need it: starting with wifidog and mediawiki, which both support it.  What is the best practice for securing and authentication wireless clients?  We want to do everything with one set of credentials per user.  (Background: My girlfriend and I are starting SlashRoot: The Grassroots Tech Cafe, where we se
<jMyles> rve organic, fair trade coffee and open source software)
<soren> Incidentally, I don't miss NIS much either. Coincidence?
<soren> jMyles: Where?
<jMyles> soren: New Paltz, NY, USA
<jMyles> soren: Hudson Valley Region
<RoyK> jMyles: http://luma.sourceforge.net/ <-- nothing has happened there recently, but it might work
<soren> google maps refuses to give me directions. I miss the times when it would tell you to swim from somewhere in France to New York or whatnot.
<RoyK> :)
<RoyK> soren: are you danish or perhaps norwegian?
<soren> RoyK: Danish.
<soren> http://googlesystem.blogspot.com/2007/03/google-maps-shows-funny-directions.html
<RoyK> makes sense - SÃ¸ren isn't really a very common name up here
<soren> No, you're all named Sven. Everyone knows that.
<soren> Well..
<soren> Except for those named Olaf.
<RoyK> heh
<RoyK> soren: seems those aren't so popular anymore http://www.ssb.no/navn/fylke/Hele_landet_2008-menn.html
<soren> RoyK: Bah. Statistics.
<soren> RoyK: http://dst.dk/Statistik/Navne/NamesPop.aspx fwiw
 * soren tries to get back on topic
<RoyK> lies, damn lies and statistics...
<EtienneG> mathiaz, excuse me again, I am abusing your time today.  I changed VNET_PUBLICIPS in eucalyptus.conf, restarted the services, rebooted even, and euca-describe-addresses still returns the old public IP.  Do we need to do some voodoo to have the new public IP setting applied?
<mathiaz> EtienneG: try to restart eucalytpus with CLEAN=1
<mathiaz> EtienneG: network information is presistant accross reboot
<mathiaz> EtienneG: you'd have to clean everything
<EtienneG> mathiaz, yeah, I see that!
<mathiaz> EtienneG: check eucalyptus init script the get the exact CLEAN syntax
<mathiaz> EtienneG: (CLEAN=1 IIRC)
<EtienneG> mathiaz, ok, looking
<EtienneG> mathiaz, but there is nothing in the init script about CLEAN
<EtienneG> would that be an environment variable?
 * RoyK corrects incidence 
 * RoyK corrects incorrect instead
<mathiaz> EtienneG: hm - you're right
<mathiaz> EtienneG: we've added the CLEAN env in lucid
<EtienneG> mathiaz, isn't it an upstart job now anyway?
<mathiaz> EtienneG: yes - but it still works the same way
<mathiaz> EtienneG: see bug 491254
<EtienneG> checking ...
<mathiaz> EtienneG: well - it should in karmic actually
<mathiaz> EtienneG: have you installed the latest version from karmic-updates?
<EtienneG> mathiaz, aaaaah, victory!
<EtienneG> mathiaz, yes, I did
<EtienneG> ok now, running instances
<EtienneG> mathiaz, VICTORY!!!
<EtienneG> note to self: VNET_PUBLICIPS range shall not be in your publicÃ©priv interface subnet
<EtienneG> now, what is the URL of MediaWiki on the demo appliance?
<soren> http://whatever/mediawiki/
<soren> http://whatever/mediawiki/
<soren> Whoops.
<EtienneG> soren, yeah, I got that
<EtienneG> I am defacing my own wikipedia!
 * RoyK takes EtienneG's coke
<EtienneG> crack, man, crack
#ubuntu-server 2010-01-19
<qwood> hi all, i have a question about quotas i wondered if anyone knew anything about. when i run "quotacheck -avugm" I get a warning that the quotafile //aquota.user and //aquota.group was probably truncated. is this ok?
<twb> qwood: I very much doubt it
<twb> Do those files exist?
<qwood> :/ hmm. im following a guide. would you like a link to it? the double slash bothers me.
<twb> The only guide you should be following is the Ubuntu Server Guide
<qwood> mhm ok. ill look in the man page on quota for any clues and brb
<qwood> hmm. i only have moderate knowlegde about linux and no knowledge of quotas. looking in the man i coulldnt find anything (allthough at least i think i understand what the command tried to do.) the files, also, do exist.
<qwood> what can i do to troubleshoot this? you mentioned the Ubuntu Server Guide?
<qwood> hmm... no idea/ help? :/ if not thats fine. just tell me so i don't waste anyone elses or my own time here...
<qwood> by the way the official Server Guide gave me some interesting information, but nothing about quotas.
<Pici> :)
<Lars2011> if I have the mean round trip time of X milliseconds for reaching an httpd server installed on ubuntu, and I send a request of about 300 bytes, and get ~7 KB back, how would I use this information to estimate the total time needed for the request if I assume the page generation time on the server to be negligible? only an estimate is needed.
<Lars2011> is it okay to assume that 7KB fit into one TCP packet and the total page request time = rrt ?
<Freeaqingme> Hi. Every time I reboot my server (not planning on doing that a lot, but still...) I need execute `/etc/init.d/networking restart` before the networking works. Any idea how come, and how to fix? It's a bare install of only a few minutes/hours old
<Freeaqingme> 9.10, amd64
<Scarra3> Ok I am new to setting up a server and I have no clue where to start.  I am setting up a file server out of my old desktop so I decided to go with Ubuntu Server.
<ball> Scarra3: I would like to know how to do that too, but I doubt it's easy.
<Scarra3> I see.
<Scarra3> One thing is should I use something like Gnome or KDE?
<ball> Scarra3: No.
<ball> (Not necessarily)
<Scarra3> Its more of I have been using ubuntu for 1 1/2 now and well I am not so good at the command line.
<ball> 1.5 what though?
<Scarra3> Huh
<Scarra3> Ow 1 1/2 years
<ball> Perhaps there's something available with a friendly (X? Web?) front end to Samba.  It's not something I know about though.
<ball> (we had to configure Samba the hard way)
<Scarra3> Ah well ill just half to learn how to use the command line
<Scarra3> Anyways is it ok if I do run a server off a wireless network.
<ball> Samba is not easy to configure from the command line.
<ball> Scarra3: define "off"
<Scarra3> As in instead of a wired connection to the router but a wireless connection since I am far away from the router
<ball> Scarra3: you can't move the router?
<ball> (or the server?)
<Scarra3> Nope
<ball> Scarra3: it's possible, but not something I'd recommend.
<Scarra3> Well sadly I have no other choice
<ball> Scarra3: that's a shame.
<Scarra3> Yup
<Scarra3> Ya but this is what I am going to be doing.  The server is going to be a file server running on the wireless network and to gain access to the server you half to ssh to it.  This is what I need help with because I dont know what I need to configure and setup to do this.
<Scarra3> Is that possible?
<ball> Scarra3: Yes, I believe so.
<ball> Wait though, what will the client machines be running as an OS?
<Scarra3> Ill be running a linux based OS
<Scarra3> Which is Ubuntu 9.10
<ball> just one client?
<Scarra3> Ya its my personal computer
<Scarra3> Im just using it as a personal file server
<ball> That's... wierd.
<Scarra3> But I might try to access it from a windows machine at school
<Scarra3> So linux and windows
<ball> Something I've done on the past is run a VNC server instance on a Linux host and then connected to it (from Linux and Windows machines) using VNC tunnelled through ssh.
<ball> ...so I was running the apps at home (or at the other office), where nothing was blocked.
<Scarra3> Im installing Ubuntu Server 9.10
<ball> I have to go.  Back later.
<ball> hello jono
<jono> hey ball
<jkakar> Hi!
<jkakar> I've got a UEC setup here on two boxes running lucid.
<jkakar> It seems to be running, but when I try and download the stock karmic 32-bit image from the image store an error occurs during installation: http://pastebin.ubuntu.com/358902/
<jkakar> I guess the next step is to either debug this or try to build/upload an image.
<ttx> jkakar: yes :)
 * ttx looks into euca2ools known bugs...
<jkakar> ttx: Cool. :)
<ttx> jkakar: uploading an image works, maybe there was a regression in euca2ools as used by the imagestore
<jkakar> ttx: I wonder if I should be trying to use UEC from source.  That might make debugging easier.
<jkakar> ttx: It could be.
<jkakar> ttx: Yeah, the same error I pasted is in /var/log/image-store-proxy/image-store-proxy.log and there's a stack trace.
<ttx> jkakar: the foolproof lucid procedure is described at http://testcases.qa.ubuntu.com/Install/ServerECluster http://testcases.qa.ubuntu.com/Install/ServerENode http://testcases.qa.ubuntu.com/Install/ServerEConfig
<jkakar> ttx: Ah cool, I didn't know about those, thanks.
<ttx> also note that bug 503180 is often blocking us
<uvirtbot`> Launchpad bug 503180 in eucalyptus "eucalyptus-cloud doesn't reply to requests" [High,Confirmed] https://launchpad.net/bugs/503180
<jkakar> ttx: I've been following the instructions here: https://help.ubuntu.com/community/UEC/PackageInstall
<ttx> but you seem to have gone farther
<ttx> ah
<ttx> Installing packages by hand, you might end up in registration issues, especially since we didn't refresh the karmic instructions
<jkakar> ttx: Does this help: http://pastebin.ubuntu.com/358903/
<ttx> Foolproof way is to use the UEC installer if you can
<ttx> yes it does
<ttx> The components didn't register
<ttx> At least, not fully
<ttx> Doing packageinstall you'll have to finalize registration by hand, usually by syncing some keys
<jkakar> Ah, it looks suspicious.
<twb> I'm running an NFSv3 server (using the kernel implementation).  For unimportant reasons, I got told to turn it off Right Now, and ensure it's disabled overnight.
<ttx> jkakar: I'd definitely recommend using the UEC installer that does everything for you :)
<jkakar> ttx: Hmm, it's late here.  Tomorrow I'll use the installer and see if I can get further.
<jkakar> ttx: Thanks for your help.
<twb> I did an /etc/init.d/nfs-kernel-server stop and an /etc/init.d/rpcinfo stop.  rpcinfo -p fails (good), and /etc/init.d/nfs-kernel-server status tells me that nfsd is down (good).
<ttx> jkakar: if not, then it's a bug :) Alpha2 passed those testcases I point you to :)
<twb> But netstat says that there are still rpc.mountd and rpc.lockd and rpc.quotad services listening.
<twb> Should I be freaking out about that?
<jkakar> ttx: Sweet.  I'll report back about how I go.  I'm digging into implementing the cloud topology integration features for landscape-client so I'll probably be pestering you with questions/bug reports about UEC. :)
<twb> I suspect it's just the NFS system trying to have a "clean" hangup with the desktops.
<ttx> jkakar: greta :)
<ttx> great, even
<TimoH> Hi, I've installed Ubuntu 9.10 Server into VMware Server 2.0.2 as guest OS. Most is working fine, but I have the problem that the file systems don't unmount cleanly upon reboot. Any hints where I can start searching, please?
<twb> TimoH: what kind of filesystems?
<TimoH> ext4 on LVM
<TimoH> Haven't used Linux for a while, so I just went with the defaults during installation...
<twb> Are you triggering the shutdown from within the VM, or are you telling VMware to initiate a shutdown?
<TimoH> from within the guest (shutdown -r now)
<TimoH> BTW: Is the console output shown during startup (fsck msgs) logged in a file somewhere?
<twb> TimoH: I don't see why you would get an unclean shutdown in that case
<twb> Have you asked #vmware if this is a known issue?
<TimoH> I'm just about to reinstall the whole stuff with an older variant of Ubuntu Server than 9.10 is not properly supported on vmware server. 8.04LTS comes to my mind. But even the current 8.04.3 is not oficcialy supported, only 8.04.2
<TimoH> Yeah, asked there. No real input yet.
<TimoH> And there's "experimental" support for 9.04
<cef> twb: you using netstat -p to get process names?
<twb> cef: -nap, but yes
<cef> twb: grepped for the process names in /etc/init.d and /etc ?
<twb> cef: ah, you're saying I should stop quotarpc and nfs-common?
<cef> twb: that'd be the ones..
<twb> Thanks.
<cef> (haven't got nfs running here.. just working form first principles)
<cef> np
<twb> Normally I'd just blithely kill -9 stuff to be sure, but because NFS is in the kernel I get scared and don't trust ps and netstat
<cef> fair call too
<ploum> hello
<ploum> I don't understand ufw
<ploum> I've a jabber server and I added a config file in /etc/ufw/application.d
<twb> ploum: welcome to the club
<ploum> but, as soon as I enable ufw, I don't have jabber anymore
<twb> I think it just runs iptables-restore --dont-flush on each file in turn
<twb> (Make that --no-flush)
<ploum> twb: so it means that old rules are kept ?
<twb> ploum: well, it flushes initially, but I mean when loading each rule file in sequence
<twb> Because otherwise it'd have to actually parse each file and then merge them in order to pass iptables-restore a single file, and I hope ufw doesn't try to be that "clever".
<maxagaz> how to make a fsck on a lvm partition ?
<maxagaz> i have booted my computer using a live usb
<ploum> twb: just found out that you have to manually enable the application
<ploum> putting a file in /etc/ufw is not enought
<ploum> but is it done at each reboot ?
<ploum> my syslog is filled with nearly every packet I receiveÂ :
<ploum> localhost kernel: IN=eth0 OUT= MAC=00:1c:c0:29:09:61:00:d
<ploum> how can I change that ?
<jiboumans> good morning
<ploum> hello
<cef> ploum: that's probably the LOG target. you could (possibly) comment out the rule that sends stuff to the LOG target?
<ploum> cef : I don't use iptables directly, only with ufw and psad
<ploum> do you believe it's a psad rule ?
<cef> ploum: then check the ufw rules, the config and/or /etc/default/ufw for mention of logging
<uvirtbot`> New bug: #509528 in tomcat6 (main) "Security manager breaks session listing" [Undecided,New] https://launchpad.net/bugs/509528
<jiboumans> ttx: morning
<ttx> jiboumans: yo
<jiboumans> should we reset the WI tracker today?
<jiboumans> also, good long weekend?
<ttx> Yes, good break :)
<ttx> jiboumans: I was thinking to reset it on Jan 17 if possible, otherwise yes, today.
<jiboumans> jan 17th is fine; basically the 15th is wrong
<jiboumans> can you ask pitti nicely to get that done?
<ttx> jiboumans: I also prepopulated the status field so that we can get quick status ("on track") by looking at the report
<ttx> jiboumans: sure, asking now
<jiboumans> ttx: i noticed, good move... need to make sure it stays updated though
<ploum> how can I configure iptables log level ?
<jiboumans> ploum: man iptbables shows you the --log-* commands
<jiboumans> ploum: output going to syslog
<maxagaz> how to fsck a lvm partition from live usb ?
<TeTeT> kirkland: what timezone are you in? Central?
<kirkland> TeTeT: usually, or right now?
<TeTeT> kirkland: right now, hopefully not central!
<jiboumans> kirkland++ # nice job at LCA :)
<kirkland> TeTeT: normally US Central, right now NZ
<kirkland> jiboumans: hey ther
<kirkland> jiboumans: thanks ;-)
<TeTeT> kirkland: nice, enjoy your stay
<kirkland> TeTeT: cheers, thanks.
<ttx> jiboumans: you can't reset on a day, you reset on a number. I set it to start at 150 (on Jan 15), that should be slightly more accurate.
<psteyn> Hi guys.  I'm running Ubuntu Server 8.04 LTS.  I _need_ to use PHP 5.2.5 or higher, but LTS seems to be locked to 5.2.4.x.  How can I safely upgrade to PHP 5.2.5?
<jiboumans> ttx: that's fine, thanks
<kirkland> jiboumans: ttx: FWIW, I'm very close to a qemu-kvm upload for Lucid
<kirkland> jiboumans: ttx: I have packaged the new bios projects, and filed MIRs, one approved, waiting on the other
<kirkland> jiboumans: ttx: as for the build itself, there's something broken for the mobile's static arm build
<ttx> kirkland: ah, I was wondering why we needed those *bios things in main -- so it's new deps for qemu-kvm, I gather
<kirkland> jiboumans: ttx: lool helped with an initial patch, which he said fixed the build for him
<kirkland> ttx: yeah, so qemu redid the way the bios blobs are built
<ttx> kirkland: good news, that was a mess
<kirkland> ttx: basically, they were redistributing that source
<kirkland> ttx: they stopped doing that
<kirkland> ttx: recommeding that we go and get that, build and package it from the upstream bios projects projects
<kirkland> ttx: still awaiting approval of the seabios MIR
<kirkland> ttx: and I need lool to help track down that arm build problem
<kirkland> ttx: but I hope to have a new kvm in the archive by the end of the week
<kirkland> ttx: i just added those tasks to the eucalyptus spec;  let me know if there's a better place for it
<ttx> kirkland: ok for me
<jiboumans> kirkland: works for me
<soren> kirkland: seabios replaces bochsbios?
<kirkland> soren: it's home page says that it can "run in bochs"
<kirkland> soren: it provides bios.bin
<kirkland> soren: ie, seabios provides bios.bin for qemu 0.12
<soren> kirkland: Ok.
<kirkland> soren: http://www.coreboot.org/SeaBIOS
<kirkland> soren: jiboumans: ttx: I also attended a talk today by Sam Vilain, promoting LXC on ubuntu
<jiboumans> kirkland: ah, if you run into him again, tell him i said hi
<jiboumans> kirkland: how was the talk?
<kirkland> jiboumans: sure thing, will do; thought you might know him from perl
<kirkland> jiboumans: i enjoyed it; was good to see the Ubuntu server promotion
<jiboumans> kirkland: indeed
<kirkland> jiboumans: he mentioned that there needed to be a better way of bootstrapping containers; i pointed him to vm-builder and some work soren has planned
<jiboumans> kirkland: he's a bright cookie and quite involved in OSS. perhaps we can get some contributions out of it?
<kirkland> jiboumans: yeah, would be cool; i'm not sure I quite understand his relationship (if any) with upstream lxc
<Guest38089> hey how can i connect to a wpa wireless network?
<Omahn> Does mvo appear in here often? I would like to ask him for some advice on unattended-upgrades..
<soren> Omahn: He doesn't.
<soren> Omahn: What's the question?
<Omahn> I was just going to update my debdiff for Lucid unattended-upgrades, it just adds an option to tag email subject lines with [reboot required] if a reboot is indeed required.
<Omahn> Wanted to check I was doing it in the right way.
<Omahn> ie, adding option to 50-unattended-upgrades file to enable/disable with default of disable.
<Omahn> It's worked for us on hardy for months so it's a relatively safe patch IMO :-)
<soren> Omahn: Ah, that sort of question. Just ask him in #ubuntu-devel.
<Omahn> soren: No problem, thanks.
<lool> kirkland: qemu-kvm > I want to look into this, but didn't have time yet
<lool> qemu tip built fine for me with the patch though
<lool> Probably just another patch which is missing
<lool> kirkland: Ah it only failed to build on i386 -- it did build on amd64, and I'm using amd64
<niekie> Erg leuke dag gehad gisteren *zucht*
<niekie> Err, oops.
<niekie> Wrong channel :(
<uvirtbot`> New bug: #509600 in libslf4j-java (main) "sync request (testing -> lucid/main)" [Undecided,New] https://launchpad.net/bugs/509600
<uvirtbot`> New bug: #509607 in samba (main) "samba don't start on boot with Lucid" [Undecided,New] https://launchpad.net/bugs/509607
<j416> what is a good syslogd for ubuntu?
<j416> ("syslog" client doesn't seem to exist, I am lost)
<pmatulis> j416: ubuntu uses rsyslog as logging framework since 9.10
<j416> pmatulis: ok! Any idea how I view its logs?
<j416> I managed to start rsyslogd
<j416> do I have to view its log file(s) manually or is there a utility?
<pmatulis> j416: logs are just files, so just read the various files (under /var/log)
<j416> ok.
<j416> (I'm used to running the "syslog" client from anywhere)
<pmatulis> j416: use 'tail -f /var/log/whatever' to view new messages being appended
<j416> pmatulis: yes, I am aware, thanks. Just thought there might be a log viewer app :)
<pmatulis> j416: no idea what you mean by your last comment
<pmatulis> j416: (syslog client from anywhere)
<j416> maybe it's an apple thing
<j416> pmatulis: http://developer.apple.com/Mac/library/documentation/Darwin/Reference/ManPages/man1/syslog.1.html
<j416> apparently.
<j416> thank you for your help!
<pmatulis> j416: ok, keep on truckin'
<j416> :)
<alvin> Where can I find the log after a crash (crash of the whole server that needed reboot)
<pmatulis> alvin: did you enable apport in /etc/default/apport?
<j416> I don't seem to have the "host" program to look up dns info. How do I find which package it is in?
<j416> sorry if this is a stupid question...
<alvin> pmatulis: I didn't know about that. It's probably what I'm looking for
<pmatulis> j416: 'aptitude install apt-file; apt-file update; apt-file search /usr/bin/host'
<alvin> pmatulis: ok, I enabled it and started apport. Now I just wait for a crash? Where will I know what happened now?
<pmatulis> alvin: under /var/crash
<j416> apt-file?
<j416> ah
<j416> hm
<alvin> pmatulis: Thank you. I'll just wait for the next crash than. Doesn't happen every day.
<alvin> s/than/then
<j416> pmatulis: neat thing. thank you!
<pmatulis> j416: for an installed package you can do: 'dpkg -S /usr/bin/host'
<j416> pmatulis: good to know! thank you
<j416> bind9-host was the package, installed and working now. Cool.
<Freeaqingme> why does -server by default boot in runlevel 2?
<_ruben> are runlevels even used these days?
<Pici> !runlevels
<ubottu> In Ubuntu all runlevels except 0,1 and 6 are by default equal. Also keep in mind that Ubuntu now uses !Upstart instead of System V init so there is normally no /etc/inittab.
<Freeaqingme> !upstart
<ubottu> Upstart is meant to replace the old Sys V Init system with an event-driven init model.  For more information please see: http://upstart.ubuntu.com/
<Freeaqingme> tnx Pici
<Pici> yw
<smoser> good morning all.
<ttx> smoser: yo
<Freeaqingme> Pici, care helping out here for a sec? I am on9.10 server edition, and need to run /etc/init.d/networking restart before my networking becomes available. How would I fix that through upstart? (I should have a /etc/event? Well, I dont...)
<Pici> Freeaqingme: Er.. I'm not sure how to change the ordering, but networking is what brings up your network, why would you restart it?
<Freeaqingme> Pici, cause for some reason I cannot use my NIC's until I run that command (after rebooting)
<zul> ttx: ping
<ttx> zul: pong
<zul> ttx: for the eucalyptus apport hook what is missing or what else would you like to see there?
<zul> ttx: i ask since I dont do eucalyptus
<ttx> can't think of anything right now
<ttx> zul: ideally some topology info
<ttx> zul: but I don't see any easy way to get to that information
<zul> maybe ask the user?
<nijaba> ttx: aren't we getting a topology api in 10.04?
<ttx> hmm, right
<ttx> nijaba: yes, but I didn't see anything landed yet
<nijaba> ttx: you would now better than me
<nijaba> know even
<ttx> nijaba: received my private cloud box yesterday, btw
<nijaba> ttx: zul did too
<nijaba> ttx: do you like it?
<ttx> zul: asking the user to describe his cloud network topology might be the best move right now
<zul> it looks professional
<zul> ttx: ack
<ttx> nijaba: sure, looks slick
<nijaba> Glad you like it
<ttx> zul: wes hould have better ideas after we do the Big Eucalyptus Bug Scrub
<zul> gotcha
<ttx> (when Dustin comes back from upside-world)
<bogeyd6> anyone have experience running squid in the cloud?
<epinky> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<bogeyd6> epinky, ty bro
<bogeyd6> unfortunately squid is very picky in a virtual environment epinky, and i was hoping someone would already know the pitfalls before i get started
<ttx> smoser: so you plan a karmic cloud image update this week to fix bug 494185 ?
<uvirtbot`> Launchpad bug 494185 in ec2-init "ec2-init selects us-east-1 mirror when running in us-west-1 region" [High,Fix committed] https://launchpad.net/bugs/494185
<smoser> i just did a test. i was looking at SRU path from here. (it is currently in proposed)
<ttx> smoser: The SRU needs to be validated (tagged verification-done)
<bogeyd6> Does the frontend server in a UEC do any processing? I am asking because I need to know if I should put in a really good server for the front end or let one of the cheaper servers run the front end
<smoser> ok.
<ttx> smoser: then it will be picked up by the SRU team and copied to updates
<smoser> i'm going to go ahead and do one more final test of it. bu tthen will do that.
<uvirtbot`> New bug: #509667 in mysql-dfsg-5.1 (main) "mysql-server 5.1 not starting after upgrade" [Undecided,New] https://launchpad.net/bugs/509667
<ttx> smoser: it's not affecting anything else but the not-created-yet cloud image updates
<smoser> ?
<ttx> smoser: can it have any bad effects on existing users ?
<ttx> smoser: or does it just affect the soon-to-be-created karmic cloud image
<smoser> soon-to-be-created
<ttx> ok
<smoser> if you did an upgrade and got the new version, it would not re-write your sources.list
<kees> zul: why didn't you just sync openbsd-inetd ?
<zul> kees: i should have
<zul> in hindsight
<kees> heh
<kpettit> Anybody know of some good tools to convert XHTML to PDF?  I need one that will know how to read CSS 2
<kpettit> I've found lots of converters, but none so far that deal with css2 and above correctly
<screen-x> kpettit: depends what your doing, if firefox is an option, then you could try http://www.abeel.be/content/command-line-printing-firefox
<mathiaz> zul: something when wrong in the mysql-5.1 merge: https://bugs.launchpad.net/bugs/509667
<uvirtbot`> Launchpad bug 509667 in mysql-dfsg-5.1 "mysql-server 5.1 not starting after upgrade" [Undecided,New]
<screen-x> I would also like a html+css-->pdf solution that doesn't involve firefox..
<zul> mathiaz: yeah i saw ill have a look
<mathiaz> nijaba: private cloud box - is this the package I'm supposed to receive?
<ttx> mathiaz: only if you're leet
<kpettit> screen-x, ohhh that sounds perfect.
<kpettit> If I can figure out how to mess with the headers and footers of the PDF that would be perfect
<mathiaz> ttx: well - I've been woken up by the delivery guy on Friday *and* Monday because of this!
<mathiaz> ttx: it better be some cool stuff!
<zul> mathiaz: you got two? you are very elite then ;)
<kpettit> screen-x, at this point I'll take what I can get.  It sucks CSS is so poorly supported in the PDF tools out there
<mathiaz> zul: no! I didn't get any - I was *woken* up - I decided to not bother opening the door
<zul> heh
<screen-x> kpettit: yeah, I'm not sure how configurable firefox's output is, may have to post-process the output with something else.
<kpettit> fun fun fun.  I love doing docs and such in XHTML, but making that work well in the print world sucks
<genii> screen-x: My friend uses this: http://www.princexml.com/overview/    There are Ubuntu versions available on their download page
<alvin> Freeaqingme: Did you find a solution?
<kpettit> genii, I was actually looking at that a few minutes ago, but I think the license was very very step.
<kpettit> Expensive I mean
<kpettit> 3800 for server license
<screen-x> genii: $3800 for a license to use it on a webserver!
<screen-x> too slow..
<kpettit> I can see 500 if it works, but not 4k.  Some of these guys price themselves way out of the game for any normal company to use them
<genii> Well, she uses the non-commercial version. I didn't bother looking into the other licensing available. $3800 is pretty darn steep
<ball> hello jono
<jono> hey
<Freeaqingme> alvin, not really
<ball> genii: what costs $3,800 ?
<genii> ball: An XML/XHTML to PDF converter program
<ttx> mathiaz: where are the eucalyptus test scripts available right now ?
<ball> genii: That sounds a bit steep.
<mathiaz> ttx: https://code.launchpad.net/~eucalyptus-maintainers/eucalyptus-devel/eucalyptus-ubuntu-tests
<mathiaz> ttx: ^^ this upstream tests
<mathiaz> ttx: https://code.launchpad.net/~mathiaz/eucalyptus-devel/tests-for-uec-images
<mathiaz> ttx: ^^ this is a script I wrote up
<genii> ball: Yes, I agree. They do have a free non-commercial license, but looks like thats only for personal desktop usage, etc
<ttx> mathiaz: and you've been integrating the upstreal tests directly, right
<mathiaz> ttx: my version is an rewrite of upstream tests
<mathiaz> ttx: they're doing the same thing
<mathiaz> ttx: my goal was to make the tests more flexible
<mathiaz> ttx: and more extensible
<ttx> mathiaz: https://code.launchpad.net/~mathiaz/eucalyptus-devel/tests-for-uec-images appears empty to me
<alvin> Freeaqingme: After you boot, there is no network? (ifconfig) Or are there certain services not available?
<ttx> mathiaz: your version lives there ^
<ttx> ?
<Freeaqingme> alvin, I just have no connectivity. ifconfig tells me the nics do have an ip
<mathiaz> ttx: hm my bad wrong url - https://code.launchpad.net/~mathiaz/+junk/uec-testing-scripts
<Freeaqingme> i however can't ping anything
<ttx> mathiaz: ok, thanks
<zul> ttx: what are we suppose to put under status in the whiteboard?
<ttx> zul: "On track"
<zul> ok
<nijaba> ttx: so far, which version of likewise are we likely to get in 10.04?
<ttx> 5.4
<ttx> It's in already.
<nijaba> ttx: ok, thanks a lot
<alvin> Freeaqingme: What happens if you 'wait' a bit after you see the boot prompt. Does the network comu up by itself eventually?
<Freeaqingme> alvin, I've waited over 10 mins several times, seems like long enough?
<alvin> Is that Likewise Open thing also useable as server? Or can it only connect to Windows domains?
<alvin> Freeaqingme: I also noticed the network comes up slower now, but your service probably crashes somewhere during boot.
<Freeaqingme> alvin, I'm completely new to the startup thingy that was introduced with karmic, is there any way I can reproduce it after booting?
<alvin> Freeaqingme: I think you'll have to wait for bug #328881 to be solved to know for sure.
<uvirtbot`> Launchpad bug 328881 in upstart "init: support logging of job output" [Medium,Triaged] https://launchpad.net/bugs/328881
<alvin> No, that wasn't nice of me. (I love that bug). There must be a way. Let me think.
<Freeaqingme> :P
<Freeaqingme> I dont know c, so I'm not going to fix upstart myself, jfyi ;)
<Xbert_eee> hi, has anyone got a link to info on what differences there are in the server kernel and generic kernel?
<ball> Fewer owls?
<alvin> Freeaqingme: Are you using Network-Manager?
<Freeaqingme> Not that I know of. I installed ubuntu server, with only the openssh-server installed
<Freeaqingme> hmm, what's interesting is that when I remove the other nic entries from my interfaces file (leaving eth0 and lo), it does work
<Freeaqingme> while I'm 100% confident there's no parsing errors in the entries of eth1 or eth2
<atomic__> screw NetworkManager, can't handle multiple NICs properly
<uvirtbot`> New bug: #509705 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1. Mysql did not stop" [Undecided,New] https://launchpad.net/bugs/509705
<atomic__> which is cool, since i'm used to /etc/network/interfaces
<Freeaqingme> atomic__, as said, I'm not using networkmanager (unless it's installed by default on the server stuff?)
<atomic__> but then, udev starts randomly renaming my NICs upon each reboot
<atomic__> it's not installed on server
<atomic__> im talking about my desktop at home which runs 9.10
<Freeaqingme> atomic__, that's a known bug in udev with some nic's who randomly change their UUID. Can be stopped by using wildcards in the id's udev uses
<alvin> Freeaqingme: You will probably not use NM then. Maybe your bug is bug #497299 ?
<uvirtbot`> Launchpad bug 497299 in upstart "upstart not starting init-scripts (event net-device-up IFACE=lo missing)" [Undecided,Confirmed] https://launchpad.net/bugs/497299
<Freeaqingme> alvin, could be, but it's weird that it only doesn't do that in case I have multiple interfaces defined
<atomic__> Freeaqingme: what file should i edit? i've tried blanking 80-persistent-net-generator.rules and 70-persistent-net.rules in /etc/udev/rules.d
<atomic__> even go chattr on them )
<atomic__> :)
<Freeaqingme> atomic__, I dunno, has been like months ago that I encountered it
<Freeaqingme> I guess some networking-related udev file
<Freeaqingme> alvin, tnx for the help, I'm afk
<alvin> ok Freeaqingme. Btw, there are multiple people in that bug report that claim that changing /etc/network/interfaced to the default file solved their problem
<alvin> A while ago, there was someone in this channel who mentioned a command line tool that could continuously do a traceroute. Any idea what program that was?
<zul> mathiaz: should be fixed now
<kpettit> screen-x, I found a cool XHTML to PDF that does CSS correctly
<kpettit> http://code.google.com/p/wkhtmltopdf/
<kpettit> It uses a browser to render the page and prints it.  Very good commandline options and works in Linux / Mac / Windows
<screen-x> kpettit: thanks, will have a look :)
<au> me also
<screen-x> ahh webkit, thought someone must have wrapped that in a scriptable package
<kpettit> I've got it working on LInux now, and the XHTML stuff with my funcky CSS looks good.  We're installing in on Winblows not to give that a try
<au> got any screenshots to share? :)
<kpettit> it's not to intersting.  Just a CLI app.  give it a url and PDF file to output
<kpettit> The PDF's I'm generating I can't share.  But what was hosing me before was the CSS pseudo tags Before/after and the css couter tag. Which works well in this
<screen-x> kpettit: sounds promising
<aubre> I'm going to attend the Deploying Ubuntu Enterprise Cloud course next week and I am pumped!
<uvirtbot`> New bug: #509736 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/509736
<jjohansen> smoser: re Bug #494565
<uvirtbot`> Launchpad bug 494565 in linux "support ramdiskless boot for relevant kvm drive interfaces in -virtual" [High,Triaged] https://launchpad.net/bugs/494565
<jjohansen> smoser: we either need to build modules into the server kernel, or create a new flavour
<jjohansen> we can't roll it into -virtual as things stand
<smoser> yeah, since -virtual == -server or -generic-pae with less modules
<jjohansen> yep, and the way the kernel packaging works is that we can't change configs for sub flavours (which virtual is)
<smoser> i think the kernel team has to decide if maintaining a -virtual that is not a subset is acceptable.
<smoser> s/subset/sub flavour/
<zul> hmmm
<smoser> obviously it was originally done as a sub flavour because its lighter on maintainence
<smoser> and many other things
<jjohansen> smoser: well it somewhat depends on 1. how important it is, 2. can -server have a few extra modules builtin
<smoser> i think its possible that the virtio drivers would not have negative affects if built in, but i would understand people not wanting to build the other required drivers in.
<smoser> i don't really know how important it is.  personally, i dont think that ramdiskless boot is all that terribly important for kvm (or for ec2).  However, others decided to have this blueprint as 'High'
<jjohansen> smoser: well its always a trade off, there is going to always be something some one doesn't want builtin
<smoser> if it was enough to just build in virtio, it'd be great
<smoser> however, its not. because euc does not use virtio
<jjohansen> right
<smoser> i think we should rpbobaly discuss this at the server team meeting tomorrow
<jjohansen> yep, that was the plan just looking for some earlier feedback
<smoser> well, this is what i expected you would tell me
<smoser> :)
<smoser> i do think, though, that a '-virtual' kernel that doesn't have drivers for kvm virtio is somewhat of a bad name :)
<jjohansen> I would agree
<smoser> jjohansen, i think you have to know how much maintainecne this is going to be for the kernel team
<smoser> how hard is it to say "take -generic-pae (or -server)" and modify this list of CONFIG vars
<smoser> i really woudlnt think that run-time you'd see a lot of differences after boot and modules loaded between the 2 config settings
<smoser> its really all about "remove ramdisk"
<jjohansen> smoser: it isn't as bad as the EC2 kernel, but more than what -virtual is currently
<smoser> so, jiboumans/ttx, we need to add discussion of this issue to meeting tomorrow (this issue == 494565)
<jiboumans> smoser: tack it onto the agenda
<smoser> jjohansen, i really woud'nt expect that the different kenrel configs would end up with different behavior (ie, need to fix bugs on one that didn't exist on the other)
<jjohansen> smoser: well it can happen with different configs, but at least they are all the same code base
<zul> -virtual is kind of a hack isnt it?
<smoser> its basically just a whitelist of modules to include in the sub-package
<jjohansen> yep
<smoser> uses the same kernel and does not package some modules
<smoser> s/kernel/config/
<zul> meh and sometimes users expec something to be there when it isnt
<smoser> jjohansen, so is it decided that it is unacceptable to change the list of CONFIG_* to 'y' ?
<au> any ideas on a lightweight blogging thing like wordpress ?
<jjohansen> smoser: you mean for -server?  I was going to defer that decision to the server team
<smoser> hm... ok.
<smoser> i figured that was a kernel tem discussion.
<smoser> and note that it affects -generic-pae on i386
<smoser> as -virtual comes from that.
<jjohansen> well in this case we already carry a -server kernel with custom configs, that would just be modifying the existing flavour as opposed to creating a new one
<jjohansen> hrmm, yeah so it does
<jjohansen> well either way server team input will go into the decision
<smoser> i personally think that 'CONFIG_VIRTIO*' would have little to no negative. but i have no exact experience. just seems less risky.
<smoser> getting CONFIG_SCSI_SYM53C8XX_2=y could possibly have some issues if, for example, it was blacklisted for any reason
<jjohansen> right
<smoser> do you have a config diff of the entire set of changes that i'm asking for?
<jjohansen> not yet
<jjohansen> it is a very small diff though
<smoser> can you possibly get the entire fallout of changing the following options on both -server and -generic-pae:
<smoser> CONFIG_VIRTIO_NET=y
<smoser> CONFIG_VIRTIO_BLK=y
<smoser> CONFIG_SCSI_SYM53C8XX_2=y
<smoser> that last one is the highest risk, IMHO, and it has right now
<smoser> CONFIG_SCSI_SYM53C8XX_2=m
<smoser> CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
<smoser> CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16
<smoser> CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64
<smoser> CONFIG_SCSI_SYM53C8XX_MMIO=y
<jjohansen> smoser: yeah, I am going to build a kernel once my chroot is done updating
<smoser> i dont know if those options are configurable at module load time and *not* configurable if built in. that would be a functionality loss if it was the case.
<jjohansen> they are configurable when builtin
<smoser> http://ubuntuforums.org/showthread.php?t=762480 is the best hit i can find for "blacklist sym53c8xx"
<smoser> and there isn't much info there.
<smoser> (the idea was to see if anyone was suggesting to blacklist it and for what reasons)
<smoser> http://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg634444.html
<uvirtbot`> New bug: #501807 in debconf (main) "actualizacion para reproducir un video de youtube en  RHYTHMBOX" [Undecided,Incomplete] https://launchpad.net/bugs/501807
<Elad> I am trying to have a script add ip's to iptables, and they are getting in the table, but look different than when I manually put them in, so I was curious if an iptables guru could tell me if the IP Chain rule is doing anything
<Elad> besides taking up space :)
<smoser> who wants to package up libguestfs for ubuntu. news in december that it is now functionoing.  this is an extremely useful package that allwos you to modify disk images without being root (ie, no need for mount -o loop)
<koolhead17> hi all
<koolhead17> "can selinux be booted on a cloud system running ubuntu as OS?"
<zul> smoser: i will if i hae time
<smoser> well that was easy :)
<bogeyd6> I rebooted my uec server after setting up the cloud with the admin/admin credentials. Now I set a new password but the username is no longer admin
<bogeyd6> How do I show a list of users in eucalyptus
<Freeaqingme> alvin, re my networking issue, using the default config isn't possible of course when wanting to use 3 NIC's. Just decided to use an other version that does not suffer this issue. Thank you for your advice btw
<alvin> Freeaqingme: yes, Karmic is suffering from a lot of boot issues. I'm sure it will be fixed in Lucid. Good luck.
<Freeaqingme> heh, not waiting another 3 monts (and not using a pre alpha either)
<zul> smoser: ping
<smoser> here
<zul> smoser: do you have something for me?
<smoser> no. sorry.
<zul> ok
<addisonj> anyone here use HP RGS?
<Skaag> I'm in Grub Rescue, how do I boot from md0? :)
<Skaag> I can see it when I type: ls
<Skaag> the prefix is: prefix=(md0)/boot/grub
<Skaag> and root is set: root=md0,1
<marks256> How can i set a user's password to a pre-encrypted md5 sum via command line?
<Jeeves_> marks256: usermod, i believe
<guntbert> marks256: in that case edit (with root rights) /etc/shadow (but be careful)
<marks256> guntbert, needs to be done from a script
<marks256> Jeepbeats, thanks. i'll check that out
<marks256> it keeps dropping the first character of the encrypted password?
<marks256> When i type in usermod -p $1$5VSNNaUR$7dUcIw5R9jrxfW3oQk86O. dan into the console, it works, but this is what's put in /etc/shadow VSNNaURdUcIw5R9jrxfW3oQk86O. What gives?
<guntbert> marks256: put "" around it
<marks256> guntbert, did. that did nothing
<guntbert> marks256: then I don't know - sorry
<marks256> it works when i manually paste the string into /etc/shadow, so the encrypted password is right
<marks256> guntbert, thanks anyway
<guntbert> marks256: try with '
<marks256> wait. could it be that the console is interpreting $1 and $5 as variables?
<guntbert> marks256: that was my idea too
<marks256> bingo. that's the problem!
<marks256> works now :)
<marks256> ' fixed it
<guntbert> !yai
<marks256> thanks :)
<unit3> Hey, all, trying to follow the docs at help.ubuntu.com for karmic/server on setting up slapd with the new cn=config setup...
<unit3> but it claims "dpkg-reconfigure slapd" will let you set an admin password... and it's not, on my system, so I have no idea what bind DN or admin password to use.
<unit3> the ones I've found in independent docs (cn=admin,cn=config, password=config) don't seem to work.
<unit3> anyone in here familiar with the current openldap stuff?
<smoser> anyone here able to help me out and veirfy https://bugs.launchpad.net/bugs/494185
<uvirtbot> Launchpad bug 494185 in ec2-init "ec2-init selects us-east-1 mirror when running in us-west-1 region" [High,Fix committed]
<Aison`> everytime a device is going up / down where dhcp is listen on, dhcp stops working
<Aison`> that's really ennoying
<erichammond> smoser: I confirmed that the IS fix worked yesterday using ami-7d3c6d38 (ubuntu-images-us-west-1/ubuntu-karmic-9.10-i386-server-20091027.1.manifest.xml)
<erichammond> Is there more to do?
<smoser> erichammond, we want to refresh the images, so i need someone to confirm the fix.
<smoser> i added instructions on how to do so.
<erichammond> (reading the bug notes) I see
<erichammond> smoser: What's the timeframe on this?  I can definitely get to it this evening if nobody has done it by then.
<smoser> this evening would be fine. and then when you do, tag it as verification-done
<smoser> and remove verification-needed
<erichammond> smoser: noted
<Roger_> algien habla espaÃ±ol?
<erichammond> Roger_: #ubuntu-es
<isg> Hi.  Any cloud experts in here?
<jkakar> Interesting, I'm reinstalling my UEC with the installer, using the alpha2 ISO's.
<jacob_> an anyone tell me what would cause this error message Could not reliably determine the server's fully qualified domain name
<jkakar> I started by rebuilding my node controller... when it got to component selection it told me it detected a cloud controller and blocked me from setting one up.
<unit3> jacob_: is that from apache, and your local ip isn't in reverse dns?
<jkakar> I ended up turning off the machine with cloud controller and restarting the install, because when this happens, the installer give you no way to go back or rescan for UEC components.
<unit3> and you haven't manually set a hostname?
<jacob_> unit3: yes sorry forgot to add that...it is latest verison of apache, this is the first server i've set up, so far none of the walkthroughs i've looked at have said anything about revers dns
<unit3> jacob_: it's usually easier to just define a local hostname in /etc/apache2/conf.d/local-options or whatever.
<unit3> not that it really matters, that's just apache complaining, it has no real affect on server operation.
<unit3> which is probably why the howtos don't cover it.
<unit3> just put in "ServerName my.fqdn.com" somewhere in your config to make it stop. ;)
<jacob_> unit3: can you explain what servername my.fqdn.com does...and in which config should it be
<unit3> errr... it assigns a server name manually to apache, so that it'll stop complaining about not being able to figure out its name. isn't that what you asked about?
<unit3> and like I said, you can just stick it in the global configs, so maybe a file like "/etc/apache2/conf.d/local-options" or similar.
<tonyyarusso> I'm having trouble connecting/authenticating to my Samba file server share.  Log entry is here:  http://paste.ubuntu.com/359266/
<jacob_> unit3: kk..just wanted to make sure i understood what it did....and i might have done something wrong my conf.d only gives me the files charset, localized-error-pages and security
<tonyyarusso> (Note:  It is a remote server, not on the local network.)
<unit3> jacob_: those are config chunks, apache will just include anything in there. I wasn't suggesting the local-config file exists, I was simply suggesting it'd be a convenient name to put some local options into.
<unit3> *.d directories on debian/ubuntu are often just directories where you can dump files with config snippets into, so they're easier to manage.
<jacob_> unit3: ahhh i understand now...sorry for the confusion
<unit3> no prob, everyone's gotta learn some time. ;)
<unit3> apache has pretty specific conventions for that which you should learn, also.
<unit3> such as the modules and sites available and enabled .d directories.
<jacob_> unit3: i've been reading up on them from the apache site, alot of it is still over my head, but i'm getting there
<unit3> They allow you to define apache module configs and virtual hosts, and then easily enable and disable them by symlinking them into the enable.d directories.
<unit3> yeah, it'll probably take a long time to wrap your head around if you're just starting, there's a lot there. :)
<unit3> apache's been around a long time, and does a lot of stuff. :)
<tonyyarusso> The issue seems to be "NT_STATUS_LOGON_FAILURE"
<jacob_> lol yea...i have a solid understanding of html now..but wanted to get into php, so teaching myself
<unit3> tonyyarusso: looks like samba thinks the share you're trying to connect to isn't defined in the config. can you pastebot the chunk of your config dealing with that etnh share?
<tonyyarusso> unit3: http://paste.ubuntu.com/359268/
 * tonyyarusso may have posted a different error before, is confused
<unit3> tonyyarusso: oh, that's probably conflicting with the default [homes] share, which automatically maps [username] to /home/username with only access from that user.
<unit3> can you make a subdirectory and share that, instead?
<tonyyarusso> unit3: but I thought [homes] was commented out by default?
<tonyyarusso> unit3: Or is ; not really a comment in smb.conf?
<tonyyarusso> (I don't actually want to share all homes; just this one)
<unit3> it is. if you've got it commented out, then yeah, that should work.
<unit3> how've you got the samba authentication setup? did you set your password with smbpasswd and stuff?
<tonyyarusso> well, I get a different error now...
<tonyyarusso> unit3: with libpam-smbpass
<tonyyarusso> unit3: real error this time - http://paste.ubuntu.com/359273/
<unit3> are you sure you want libpam-smbpass on there? because that authenticates system accounts against samba, not the reverse.
<tonyyarusso> wait, really?
<unit3> yeah.
<tonyyarusso> What I want to do is create system accounts, and make samba use them.
<unit3> yeah, you can do that, but samba needs to have its own database of passwords... because Microsoft's password formats for SMB are pretty insecure, so you can't use the secure unix ones. ;)
<tonyyarusso> oh lordy
<tonyyarusso> Well, how can I sync them easily?
<tonyyarusso> (I thought I had what I want, since 'pdbedit -L' lists all of the system accounts.)
<jacob_> unit3: ty for you help....i might be messageing again if a few if i get stuck
<unit3> yeah, by default it'll pull in system account names, but they won't have any passwords.
<unit3> jacob_: sure, if I'm around. :)
<tonyyarusso> oh...lol
<unit3> tonyyarusso: so you have to run "smbpasswd username" for each account, and set them.
<tonyyarusso> And this is why I hate samba.  Maintaining dual account registries :(
<unit3> totally. it's not really samba's fault though. you know who designed the protocol. ;P
<unit3> I believe you can actually setup libpam-smbpass or similar to *change* samba passwords with the regular ones , so the next time users run normal passwd it'll be in sync.
<tonyyarusso> That'd be good.
<unit3> yeah, just did a little google, that's what libpam-smbpass is good for.
<unit3> problem is, it doesn't do anything until the user actually changes their password.
<unit3> so you were probably expecting it to already have the passwords migrated and set up, which isn't the case.
<jacob_> unit3: ok well i just remember my other question now.........documentroot to a folder in my home folder, but the php files i have in that folder still won't run......did i forget a step
<unit3> jacob_: have you installed libapache2-mod-php5?
<jacob_> unit3: that would probably be the step i forgot
<unit3> jacob_: heh, yeah, you'll need php installed.
<unit3> tonyyarusso: so... use smbpasswd to manually assign a samba password for a specific account, make sure the rest of your samba config works, and then get your users to change their passwords so libpam-smbpass can do its magic.
<unit3> this is why samba 4 will be good, if it ever comes out.
<unit3> full ADS replacement, you can just use it as the auth source for linux as well as windows, have all the passwords in one place.
<unit3> too bad it's in perpetual alpha.
<jacob_> unit3: is that available in synaptic's?
<jacob_> unit3: and if so would it be the php5?
<unit3> jacob_: yeah, should be, look for that package name.
<unit3> erm... not sure what you mean by "the php5"
<jacob__> does anyone know the name of the php package needed to run php script in apache?...the only one i can find is php5 and it doesn't appear to be working
<unit3> jacob__: I already told you the package name. libapache2-mod-php5.
<jacob__> unit3: nice your still here.....and for some reason it found it that time.....very odd...and i already had it installed
<unit3> ok, and is it enabled in apache?
<jacob__> not sure how i do that
<unit3> a2enmod command is used to enable apache mods.
<unit3> and a2dismod to disable.
<jacob__> says its already enabled....i'm assuming i use that for the php5 module..since that was the only thing listed that envolved php
<unit3> yeah.
<unit3> well then, it should work.
<jacob__> let me restart apache and will try again
<unit3> is it just showing you the code when you go to a php page with your browser?
<jacob__> unit3: nope still doesn't show me text.... all i'm trying to load is a blank page that has one line of php on it
<unit3> so what does it show you instead?
<jacob__> just a blank page
<unit3> can you view source, and see for sure that it's blank?
<unit3> and can you also pastebot the full php code you're trying out?
<jacob__> <?php echo "Hello ";?> lol this is all i'm trying to get it to show me
<jacob__> unit3: it's literally just a blank page..with one line of php code
<unit3> yeah. it should be working. do the apache logs say anything is wrong with that? specifically, the error log?
<jacob__> unit3: sorry how do i check the logs?
<unit3> errr, you just ... look at them? they're in /var/log/apache2?
<unit3> i think, perhaps, you need to spend a little more time with google. ;)
<jacob__> unit3: :) i found it....
<jacob__> these are only two log messages [Tue Jan 19 18:41:03 2010] [error] mod_log_sql: insufficient configuration info to establish database link
<jacob__> [Tue Jan 19 18:41:03 2010] [error] mod_log_sql: child spawned but unable to open database link
<unit3> errr... mod_log_sql? why would you have that in there?
<jacob__> oh wait
<unit3> I mean, that's nothing to do with php, but that's not part of the default install.
<unit3> you haven't just been randomly installing mods, have you? ;)
<jacob__> lol old logs...
<unit3> "old"? it says Jan 19th, 2010.
<jacob__> old as in when i was getting erros b/c it couldn't find a server name (i'm guessing by the time its showing
<wish^> am i gone have a stable system with ubuntu on a 800 mhz p3 with 768 mb sdram running as a server?
<unit3> wish^: as long as your hardware's stable, sure. if it's that old, that's not guaranteed.
<wish^> ofcourse not
<unit3> i'd do a loooooong memtest run on before comitting it to anything. :)
<jacob__> unit3: and no, no error's when running the php
<wish^> but the question is, is ubuntu gone give me the stability in software i need?
<unit3> wish^: as compared to what? modern linux distros are quite stable, so I'm not sure what you're asking.
<wish^> compared to say, debian or fedora
<wish^> im running with old scsi disks
<unit3> wish^: stability will be very similar, although for a server you'd be better running centos than fedora.
<unit3> and the disks don't really enter in, since they all use the same kernels with the same drivers.
<unit3> choosing a distro is really about choosing an environment you're comfortable in.
<unit3> these days, there isn't much variance with the software offered, or what you can do with it.
<wish^> well, ive used ubuntu on one of my desktops
<unit3> there's just slightly different ways of doing it with each distro.
<wish^> and i am familiar with freeBSD
<wish^> and mandrake 7
<unit3> ok, so, do you like Ubuntu the best for doing commandline management? if so, then put that on your server. if not, use whichever you like best.
<wish^> well id say freeBSD cause its the only thing ive ran on a server before
<wish^> but i havent been keeping up with it really
<jacob__> clearly i scewed up somewhere...gonna wipe it and start over...ty for your help unit3
<unit3> jacob__: no prob.
<unit3> good luck.
<unit3> wish^: freebsd I find has a lot less package management, which IMO isn't the best thing for process and manageability, but it also has some very nice server features that Linux distros lack, such as (now stable!) ZFS support.
<unit3> if you don't care about niche features, then I'd recommend Ubuntu, as long as you're familiar with the package system.
<unit3> mmmm and pf. pf is nice. wish Linux had pf.
<wish^> ubuntu doesnt use rpm right?
<unit3> nope, it uses the debian package format, so it generally follows the debian way of doing things.
<unit3> and gets access to most of the packages available in debian, which is nice, because debian's list of packages is huuuuuge. ;)
<unit3> but it means that specific apps may not have packages. 389 directory server is one off the top of my head that'd be handy, but there's no uptodate packages for.
<unit3> again, niche stuff.
#ubuntu-server 2010-01-20
<wish^> well rpm is a bitch so i guess thats good
<unit3> haha yeah. sort of my feeling.
<unit3> well, current rpm + yum isn't too bad, but dpkg + apt-get is generally nicer.
<fallous> I still prefer ports to aptitude, but that's more crotchety old habits instead of anything inherent in the two systems
<wish^> apt-get is nice yea
<unit3> fallous: yeah, i sort of ditched aptitude these days, i just use apt-get and prevu directly, and don't really miss ports anymore.
<unit3> but then again, i'm pretty much not into building packages myself anymore either. too much to do.
<unit3> i'd rather just get signed good packages from upstream 99% of the time.
<fallous> yeah
<unit3> although maybe ports has better selection of binary packages these days? I dunno, I haven't used freebsd for anything serious in ages.
<fallous> I never much bothered with binary packages in ports since compiling assured things were built to my system setup and worked pretty much flawlessly
<unit3> yeah. that's sort of the ports way of things. it's just not the best for big rollouts. especially when the compiling gets hairy.
<unit3> hell, even backporting packages with prevu sometimes gets a little crazy these days. I'm glad there's people upstream working to sort that out for me. :)
<unit3> I mostly just have a ton of systems to patch and upgrade, and if upstream has binary packages, then awesome. Ubuntu's good for that. :)
<fallous> yeah
<jacob__> unit3: hey back again...hoping you might have some other idea why its not working...i unistalled everything related to apache,php,mysql, and only installed bare essentials, apache and the php...still nothing
<jacob__> google is also natually unhelpful on the subject
<unit3> jacob__: without taking a look at the server, it's hard to say.
<unit3> can you put more debugging info into your test file? make it some text, then some php, then some more text, so you can see if it even reads the file or not?
<unit3> perhaps you have permission issues.
<unit3> as well, I'd suggest *not* setting some random directory in your home dir to your document root. use default settings for everything until you've got the basics working, then make changes one at a time and make sure they don't break anything.
<jacob__> kk..will run test and try to get more info to you....i know i'm not giving alot of to go on
<jacob__> unit3: information on this isn't very clear....i'm getting this error [notice] caught SIGTERM, shutting down
<unit3> what's not clear? that's just an informational notice telling you apache shut down at that time.
<unit3> it's not an error.
<jacob__> unit3: ok maybe now i have some usefull info.....when i go to the default server is list my webpages andd i can click on them they open just fine...but still no php
<jacob__> also no error messages
<unit3> not sure what you mean by "they open just fine".
<jkakar> isg: So, I have a running cloud controller/cluster controller/storage cluster/walrus.  Am installing the node controller now.
<jkakar> isg: I forgot to mention earlier that I've been following these instructions: http://testcases.qa.ubuntu.com/Install/ServerECluster http://testcases.qa.ubuntu.com/Install/ServerENode http://testcases.qa.ubuntu.com/Install/ServerEConfig
<jkakar> isg: I'm on the second one now.
<jacob__> sorry....i made a random web page with links to a few other pages added a bunch of text, and a few pictures...all of that works...when i go to the http://127.0.0.1/ is shows me a index of...then all of my sites info is listed below it as in name, size and descriptions of each
<unit3> jacob__: right, so did you try to create a test.php or whatever that had some more content and php in it, like i recommended, to see what happens with it?
<jacob__> unit3: wow just realized the walkthrought i had been looking at was stupid....may have solved it
<unit3> haha ok
<unit3> you're generally best off reading the docs on help.ubuntu.com and wiki.ubuntu.com before looking at generic documentation.
<jacob__> lol yea this was  a w3school, they are usually pretty good about it....but sadly didn't fix it
<jacob__> and still no errors
<unit3> w3school is just for writing web pages, they shouldn't really have any info about apache configuration... and if they do, I suspect it's massively out of date.
<unit3> in any case, can you try setting up a test page with more content in it like i suggested?
<jacob__> i did that, added a bunch of text, variables for the text...and working on adding a few more things to it atm
<unit3> ok, so, you've got some text, some php, and some more txt. can you pastebin the results of "view source" from that?
<jacob__> yep give me a sec and i will link it to yo
<jacob__> you(
<jacob__> unit3: http://pastebin.com/m6f92adc0
<unit3> errr... ok, that's the code, and is that the same output you get from the web server, or is it different?
<jacob__> lol ignore my comment i figured out why those other two didnt work
<unit3> ok...? so it's working now?
<unit3> well, good luck, I'm out.
<jacob__> ty
<wish^> unit3
<wish^> ports wins out
<wish^> unix ftw
<jkakar> Should it take long for a UEC node controller to register with a cluster?
<jkakar> I've been following the instructions (http://testcases.qa.ubuntu.com/Install/), but my node controller doesn't seem to be finding its cluster.
<wish^> how long?
<jkakar> wish^: 10 minutes?
<jkakar> I'll try registering it manually.
<wish^> im no expert with ubuntu but it shouldnt take that long
<jkakar> Hrm.
<jkakar> Even after running euca_conf --register-nodes $IP it still doesn't work.
<jkakar> Hmm, key synchronization might be the issue.
<uvirtbot> New bug: #495249 in clamav (main) "ClamAV 0.94 end-of-life announced" [Undecided,Fix released] https://launchpad.net/bugs/495249
<uvirtbot> New bug: #509934 in likewise-open (main) "password caching no longer works" [Undecided,New] https://launchpad.net/bugs/509934
<mike3> weird issue. when i boot up i don't get the login prompt. I have to hit ctrl+alt+f2
<mike3> a different tty or whatever
<bogeyd6> mike3, did you check the logs to find the error?
<bogeyd6> also, this is a server channel and we assume you didnt install a GUI desktop
<mike3> this is ubuntu server
<mike3> no errors that i can find
<mike3> nothing that shows me why it's just sitting there
<usrv> ok ubuntu geniuses, I've got a challenge for you. "/dev/sdc is apparently in use by the system; will not make a filesystem here!" but it's not mounted or in use
<usrv> i'm using ubuntu server
<Vanhalt> Hello there !!
<Vanhalt> does the ubuntu server edition comes with a GUI packed to install or it must be downloaded ? sorry newbie question
<usrv> must be downloaded
<Vanhalt> estimated size ? ...
<usrv> hmm... not sure
<usrv>  sudo apt-get install ubuntu-desktop and it should tell you how much space
<usrv> you'll have the option to continue or not
<Vanhalt> mmm ...
<Vanhalt> have to try that ..
<Vanhalt> 2nd newbie question... Ubuntu cloud it's a local cloud or you have to be connected to the internet ? login in a web or something ?
<gQuash> well ... thanks =)
<gQuash> going to read the docs
<mike3> weird issue. when i boot up i don't get the login prompt. I have to hit ctrl+alt+f2
<marks256> How can i return a user's id? I want to be able to (as root) type in "getid bob" and have it return me the UID
<marks256> got it. id -u <username>
<j416> is acpi-support the right package for 9.10 to enable acpi?
<domito> evening
<marks256> i tried adding the user "apache" to the sudoers list in the following fassion
<marks256> apache  ALL = NOPASSWD: /usr/sbin/useradd
<twb> j416: acpid enables acpi support.  acpi-support-base and acpi-support include some rules which are, generally, Good Things.
<marks256> but when i try to run it, it says permission denied
<twb> j416: if you only need to power button to trigger shutdown -h now, just get acpi-support-base.
<j416> twb: ok! thank you. I only need a way to power down my machine externally (I'm running it inside virtualbox).
<j416> so that should be enough then!
<marks256> Anyone have any ideas why the user account apache isn't running useradd as root, as it has been instructed to do in /etc/sudoers?
<j416> twb: I tried: sudo apt-get install acpi-support-base
<j416> and I get: "E: Package acpi-support-base has no installation candidate"
<j416> does this mean I have to install the acpi-support package afterall?
<twb> j416: maybe it's called something different where you are
<j416> where I am?
<j416> are package names dependent on .. location?
<twb> Bleh, I don't have apt-file(8) on any Ubuntu hosts, and (bleh) ubuntu-server doesn't support the power button by default.
<twb> j416: FSVO location = distro and release.
<j416> ok
<j416> sorry
<twb> np
<twb> j416: which release are you using?
<j416> 9.10 32-bit
<j416> there seems to be a package called acpid, I wonder if that will do what I need?
<twb> acpid is just the daemon
<j416> yeah, seems so.
<twb> It needs config files to tell it what to do
<j416> need scripts for it eh
<j416> I guess I'll just install acpi-support then
<twb> Yeah, the main problem with that is that it's so bloody bloated, and it pulls in a heap of useless shite
<j416> aah...
<twb> j416: ah, it seems that in Ubuntu 9.10, acpid includes acpi-support-base
<j416> maybe I can just install acpid and make a config file myself?
<j416> oh
<j416> cool
<j416> I'll try that first then
<twb> Because ultimately power button support is these two files: acpid: /etc/acpi/events/powerbtn /etc/acpi/powerbtn.sh
<j416> hah it works
<twb> apt-file is your friend
<j416> yeah :) found that
<j416> thanks
<j416> The system is going down for halt NOW! Power button pressed
<j416> woho
<error404notfound> [REPOST from #ubuntu] i am following https://help.ubuntu.com/community/InstallCDCustomization and when i try to build iso i get http://pastebin.com/m64a867e8, any ideas?
<twb> error404notfound: ow.
<jmarsden> error404notfound: I'd guess the genisoimage command expects to find an hfs.map file and it's not there?
<error404notfound> jmarsden, can't say anything, my first experience with building a custom iso
<twb> error404notfound: it's much easier to just roll a bootable USB key
<jmarsden> And you're doing it for an older Mac... wow... I'd start with customized images for a boring x86 PC if I were you (and I had a boring PC, of course)...
<error404notfound> twb, hmmm, thats also fine, i can try that in vbox as well
<twb> jmarsden: since he's blessing an HFS partition for PowerPC, I'm guessing NewWorld
<error404notfound> jmarsden, me? nope, i am on ubuntu, no hfs stuff, i just copy paste commands from community wiki :)
<jmarsden> error404notfound: Then you copied the wrong stuff.
<error404notfound> jmarsden, good point, let me get to the other LCD
<error404notfound> jmarsden, aah, yes, sorry, dumb me, 4 LCDs are too much for 2 eyes, right?
<jmarsden> error404notfound: As a general rule, you will learn more by using man and actually trying to understand the commands you find in any tutorial type page like taht, *before* you try them out.  Especially as root!
<error404notfound> jmarsden, aah yes, agree, but i am of the type that learn by doing instead of reading, which doesn't mean that i never read man pages.
<jmarsden> Maybe I'm just old fashioned, but I simply do not trust random people who create web pages enough to type in commands as root that I do not understand... it is very very dangerous to your system to do that.
<andol> jmarsden: Well, copy-n-pastying random commands as root might actually turn into a very learnable leasons :)
<error404notfound> jmarsden, you are right, but i am about to format this little thinganyway :)
<error404notfound> andol, exactly :)
<twb> jmarsden: that's basically your wetware virus protection system
<jmarsden> andol: ... lessons in how good your backups are :)
<andol> jmarsden: exactly :)
<andol> error404notfound: On a more serious note, you really should be listenting to what jmarsden is trying to tell you.
 * error404notfound is a sysadmin, and understand this but sometimes i am just fine with "whatever", just see if it works if i have gotta format anwyay :)
<error404notfound> andol, i do, i actually never login as root, except when i am using console on servers and recovering data
<jmarsden> error404notfound: That's not what your pastebin suggests... :)
<error404notfound> jmarsden, this isn't a server and i am not recovering data, but this machine is pretty screwed up already, and its not mine, i was handed this over for a fresh ubuntu install :P
<domito> Any experts on bridging/transparent firewalls here?  I have an odd issue which is that arp from the inside segment gets out, but only about 33% is replies get back to the requestor
<twb> domito: proxyarp?
<domito> proxy_arp did not help
<twb> Oops, I don't think that's for bridges.
<domito> no that's for nat
<domito> the traffic coming back hits the eth0 and the br0, but not all get to eth1 on the inside
<domito> very bizarre
<domito> been banging my head on it for days
<twb> domito: does dmesg say anything?
<twb> Have you tried swapping in a different NIC (with a different chipset)?
<domito> twb: no, but it is currently full of ebtables logging :)
<twb> If it's a shitty old machine, I suppose it could be overloaded
<twb> domito: it sounds like you're already at least as competent as I am, so I don't have any other ideas.
<domito> twb: no, it's running under ESX ... I have ensured that the vmxnet driver is working and pcnet32 is no longer in the mod stack
<domito> twb: it's not old, running 8.04 server
<domito> lts
<twb> I meant old as in old hardware, but if it's running under ESX then I dunno
<domito> anyone ever used parprouted?  would that work?
<twb> You should also talk to #vmware, it might just be a known suck with vmware
<domito> you really gotta dig for any info on bridging firewalls
<domito> ya I may try that channel
<twb> FWIW I have OpenVZ hosts on the same 192.168.1/24 as the physical machines, and I remember that I had to turn on proxy arp to make that work.
<twb> Because the bridge is at layer 3, not layer 2, if you follow me
<domito> I can't really snoop the physical interfaces from the vhost shell, which sucks
<twb> domito: get a hub (not a switch) and force everything to promiscuous?
<domito> twb: switching is all done via vmware ... it's a virtual switch
<twb> Oops, of course
<domito> to make matters worse, the co-lo thinks that giving ppl 12 IPs out of a /24 is a good idea, no proper subnetting which would probably have fixed the whole thing
<twb> Ah, then the solution is simple!  Switch provider! :-)
<domito> working on them to do so
<domito> in the meantime I have to give all servers inside the bridge static arp entries to keep the lights on
<domito> which brings me here to see if anyone around these parts have done bridging and maybe fixed the same issue
<domito> never hurts to ask heh
<twb> Not me, sorry.
<domito> well thanks for trying, I appreciate it
<milestone> hi all
<milestone> is it possible to disable a ssh password login for a user and only allow him pubkey authentication? Only for one user though, not server-wide
<twb> milestone: if that user is root, yes
<twb> milestone: otherwise, I think you can do it by giving that user the "null" password, which will prevent all pam password auth for that user unless they're on a "trusted" tty, as defined by /etc/securetty
<twb> You might be able to get that effect by "locking" the account or giving it an invalid password, too -- try it and see.
<twb> Note that in either of the latter two approaches, sudo won't work, either.
<twb> (Er, assuming you've got sudo configured to prompt for a password.)
<milestone> twb: i have setup sudo
<milestone> but for this certain account
<milestone> with NOPASSWD
<milestone> will this work after "locking" the account?
<twb> I don't know.
<twb> Of course, it would be far simpler to disable sshd's password-based auth outright.
<milestone> twb: i know
<milestone> but it is a customers machine for whom i do remote services
<milestone> he needs password based auth
<milestone> i don't
<milestone> and i usually disable it on my machines
<milestone> for security reasons
<soren> milestone: What do you mean by "locking"?
<twb> It is a good idea to teach him how to use keys
<twb> soren: sticking an "x" or so in /etc/shadow
<soren> milestone: If the account is locked such that you can't log into it, it can't get to use sudo anyway.
<a_ok> What is the easiest way to migrate an existing 32bit instalation to 64bit?
<twb> a_ok: reinstall
<a_ok> ok
<a_ok> twb: I take it I can install over the existing installation
<soren> a_ok: I don't recommend that.
<soren> a_ok: I would take the list of installed packages (using dpkg --get-selections), store it in a file, install a 64 bit version of ubuntu, install all the same packages (using dpkg --set-selections < selections.txt ; dselect install), and move all my data (/home, relevant parts of /etc and /var, etc.) to the new system.
<da65> Hi, is there a Ubuntu Sever secruity update mail list I can join,
<a_ok> soren: Thanks I was thinking the same.
<da65> just found it, thanks https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
<kwork> i cant find dccd from apt, is it included in ubuntus version of dcc ?
<uvirtbot> New bug: #510038 in squid (main) "[patch] Please provide a example refresh_pattern for debs" [Undecided,New] https://launchpad.net/bugs/510038
<da65> anyone know of some open source software I can use on a domain tha will allow people to automatically create an email account from the web browser?
<au> da65: citadel groupware I believe
<da65> ty, will take a look
<uvirtbot> New bug: #510065 in freeradius (main) "dynamic-client support doesn't work" [Undecided,New] https://launchpad.net/bugs/510065
<zul> morning
<szczym> morning, how i could link https://bugs.launchpad.net/ubuntu/+source/mc/+bug/263442 as a Server usability papercut ?
<uvirtbot`> Launchpad bug 263442 in mc "mcedit is not longer the default editor" [Undecided,Confirmed]
<vish> ttx: hi... could you add https://launchpad.net/bugs/194472 to the server papercuts?
<uvirtbot`> Launchpad bug 194472 in sudo "Entering password in Terminal gives no visual feedback" [Unknown,Fix released]
<vish> i brought it up a few days back.. you asked me to remind you when server papercuts were started ;)
<ttx> vish: can't you use "Affect project" yourself ?
<ttx> and point to "server-papercuts" as the affcetd project ?
<vish> ttx: i can , but just wanted to make sure  , if i was allowed :)
<ttx> That would track more accurately /who/ proposed it
 * vish adding task
<ttx> thanks
<vish> ty
<mathiaz> ttx: hi!
<ttx> mathiaz: o/
<mathiaz> ttx: should the server team be still subscribed to likewise-open bugs?
<ttx> mathiaz: probably not. Let's trade it against python-boto
<ttx> mathiaz: I'll stay subscribed to those for a few
<mathiaz> ttx: ok. I've swaped likewise-open for python-boto
<coffeedude> ttx, mathiaz: I've picked up the two new bugs that will filed against likewise-open.  I'll get a repro in the day hopefully.
<ttx> coffeedude: cool, thx
<BillyBoy> hi boys need little help, don't know how to start php extensions gd-bundled and imagemagick library.. could someone help me? show me the way?
<mathiaz> zul: hi - any reason to sync munin from unstable rather than testing?
<zul> mathiaz: upstream prefers us to use the version in unstable
<mathiaz> zul: is that the best option given we're targeting an LTS?
<zul> mathiaz: i think so
<zul> it has a whole bunch of bug fixes as well
<zul> and it has all of our changes
<smoser> ttx, soren, mathiaz is ubuntu-devel appropriate place for this discusion, rather than a more kernel specific list
<ttx> ubuntu-devel is ok
<ttx> smoser: you might want to wait until I publish the minutes though, to have some background
<ttx> (for free)
<smoser> will do
<Bullterd> Hey All.
<Bullterd> Stupid question time
<Bullterd> I have a 8 disc RAID array (RAID 5) - if for whatever reason, power gets cut to like 4 discs
<Bullterd> I know the RAID has failed
<Bullterd> however, if I think restore power to the 4 discs that lost power, would the RAID come back online?
<Bullterd> *if I then
<dasunsru1e32> Wrong forum, if the disks come back on, the array should be able to rebuild
<Bullterd> would it need to rebuild?
<dasunsru1e32> you could suffer data loss though
<dasunsru1e32> depends on your adapter
<Bullterd> I mean, if you lost 4 discs it couldnt rebuild a RAID 5 array
<Bullterd> but then if all the discs came back, surly if I reboote the server it'd recognise the array and chug along?
<dasunsru1e32> as long as those disks are readable
<dasunsru1e32> it "should" work
<Bullterd> k
<screen-x> Bullterd: although they probably will be inconsistent
<screen-x> too late..
<dasunsru1e32> he legt
<dasunsru1e32> left
<dasunsru1e32> lol
<dasunsru1e32> I hope he isn't trying something stupid
<dasunsru1e32> lol
<dasunsru1e32> sounds like somebody messed up and doesn't know how to fix it
<screen-x> Raid failure is a nightmare :(
<dasunsru1e32> Yep
<domito_> hi folks
<screen-x> so use rsnapshot!
<dasunsru1e32> backup, and you won't have to worry about it
<dasunsru1e32> lol
<dasunsru1e32> yep
<dasunsru1e32> just replace the disk(s), doesn't rebuild, restore it from a new snapshot
<dasunsru1e32> ;-)
<smoser> jjohansen, ping
<jjohansen> pong
<jjohansen> smoser: ^
<smoser> do you know how /dev is mounted in the kernel?
<smoser> without ramdisk, I still get a 'evtmpfs /dev devtmpfs rw,size=251292k,nr_inodes=62823 0 0'
<smoser> mounted
<domito_> Any experts on bridging/transparent firewalls here?  I have an odd issue which is that arp from the inside segment gets out, but only about 33% of replies get back to the requestor
<smoser> the kernel is doign it, as I verifiy its there by an 'init=' program
<domito_> the traffic coming back hits the eth0 and the br0, but not all get to eth1 on the inside
<smoser> is it possible that the ec2 kernel is failing to do that devtmpfs mount?
<jjohansen> smoser: hrmm, no I don't know how its mounted, I'll need to look into it
<jjohansen> smoser: possibly, but I need to figure out what it is doing first
<smoser> just looked, on the uec kernel i get a line like:
<smoser> [    0.660664] devtmpfs: mounted
<smoser> i do not see anything like that in the ec2 kernel's boot log
<jjohansen> hrmm, okay I'll poke and see what I can find
<jjohansen> smoser: http://lwn.net/Articles/345480/
<marks256> I added the user apache to the sudoers file (apache	ALL = NOPASSWD: /usr/sbin/useradd) to be able to use the command useradd without a password. When i run my command via PHP, it doesn't work. But if i log in as apache, and paste the line into the console, it works. Is something wrong with my sudoers entry?
<smoser> jjohansen, https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/510130
<uvirtbot`> Launchpad bug 510130 in upstart "ec2 instance fails to boot if registered without ramdisk" [Undecided,New]
<smoser> i think this is related to "# CONFIG_DEVTMPFS is not set"
<killaxxl> l
<jjohansen> smoser: hrmm, yep.  Will look into it, expect an EC2 update this week
<pmatulis> re kvm dhcp-enabled guests, is there any decent way to discover ip addresses (w/o going through the vnc console)?
<killaxxl> terminal ifconfig ?
<jtrimmer> I might be in the wrong place to ask this question and if so please excuse me.  I have 5 servers at our central office 2 running ubuntu 3 running other flavors.  We have a site2site vpn which connects our remote office into our domain controller and all of our internal resources.  Well my problem is this.  I can ping and connect to every device from the remote office except the ubuntu boxes.
<jtrimmer> I've checked iptables and it is flushed and I can ping the box from the central office maches.  Any suggestions what I might check?
<smoser> jjohansen, i cant' easily get debug logs without a ramdisk (I'd have to rebundle and upload, which is just time consuming), but at very least its a difference that should be removed.
<killaxxl> jtrimmer: ifconfig in console
<jjohansen> smoser: yep there are a few other config differences to resolve as well
<Reepicheep> pmatulis: do you have access to the DHCP server log?
<pmatulis> Reepicheep: nope  :)
<Reepicheep> man .. that would be to easy wouldn't it
<killaxxl> pmatulis: dig <servername>
<Reepicheep> pmatulis: then do you have access to sniff the traffic?
<Reepicheep> for instance .. the bridge interface on the KVM machine..
<pmatulis> Reepicheep: that's what i tried (tcpdump on the bridge interface) but i have a lot of guests!
<Reepicheep> that is assuming that it is on the bridge
<jtrimmer> eth1      Link encap:Ethernet  HWaddr 00:1e:c9:fd:9a:d7 / inet addr:10.1.0.15  Bcast:10.1.1.255  Mask:255.255.254.0 / inet6 addr: fe80::21e:c9ff:fefd:9ad7/64 Scope:Link / UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 / RX packets:39168 errors:0 dropped:0 overruns:0 frame:0 / TX packets:24173 errors:0 dropped:0 overruns:0 carrier:0 / collisions:0 txqueuelen:1000
<jtrimmer> RX bytes:16177505 (15.4 MB)  TX bytes:6110109 (5.8 MB) / Interrupt:16 Memory:f4000000-f4012100
<smoser> jjohansen, i assigned that bug to you.
<Reepicheep> you should be able to use filter on tcpdump to show you only the DHCP traffic
<pmatulis> Reepicheep: i'm working remote right now, usually i would bow down and check the vnc console
<marks256> As root, when i type in sudo -u apache /usr/sbin/useradd, i get a permission denied, yet apache is added to the sudoers file, why?
<smoser> scream loudly if you object.
<jjohansen> smoser: okay
<jjohansen> smoser: nope, I need to fix the kernel config
<pmatulis> Reepicheep: my b/w seems low b/c i can't x-forward the console
<domito_> marks256: it sounds environment related ... processes do not always get the full shell env when running from apache
<pmatulis> Reepicheep: yes, i suppose i could try rebooting and checking dhcp traffic
<domito_> last time I had this exact same issue tho it was selinux related
<marks256> domito_, any ideas on how to fix that?
<domito_> might be apparmor if you are using that
<domito_> add a wrapper around your call to the shell and trap the error messages might help
<Reepicheep> pmatulis: maybe something like "tcpdump -i bridgeinterface port 67 and port 68"
<marks256> domito_, i'll have to look into that
<domito_> if you are using selinux then check the audit log using audit2why
<domito_> create rules with audit2allow
<domito_> if you can create a simple script to pump out the env as well as the results of 'sudo -l' it may shed some light
<pmatulis> Reepicheep: hell of a way though... rebooting.  thanks
<jtrimmer> any thoughts?
<Reepicheep> pmatulis: you may need to add -n to make it not resolve IPs and ports
<marks256> domito_, well i'm using centos, but selinux is disabled
<Reepicheep> also.. I just tried it and by default tcpdump is not decoding the data of the response
<jdstrand> marks256, domito_: this should not be apparmor related-- useradd is not confined by apparmor in Ubuntu
<jdstrand> you can check /var/log/kern.log to be sure
<marks256> jdstrand, i'm using centos *hangs head in shame for being on #ubuntu-server*
<domito_> marks256: disabled or permissive?
<jdstrand> ah, ok
<marks256> domito_, disabled
<domito_> ah ok
<jdstrand> then it *definitely* isn't apparmor
<jdstrand> ;)
<marks256> hmm
<domito_> then I would check the env
<sbeattie> marks256: are you able to to run any commands via sudo -u apache?
<marks256> meaning?
<marks256> sbeattie, well. that's the thing. i get permission denied when i type in sudo -u apache /usr/sbin/useradd -d /home/dusty -p '$1$r6Gu3ZU/$QpuDJOUcf13xDfPgh724b.' --shell=/bin/bash dusty
<marks256> sbeattie, but if i log in as apache, and paste that in (minus the -u apache), it works fine
<domito_> what does your sudoers line look like?
<domito_> did you specify the path to useradd?
<domito_> you may need to use /usr/sbin/useradd* to catch the parms
<sbeattie> oh wait, you're trying to run useradd as user apache and not as root; that's surely not going to work, no
<marks256> apache	ALL = NOPASSWD: /usr/sbin/useradd
<marks256> domito_, ^
<jdstrand> (that sounds kinda scary)
<marks256> yeah i know. i've got quite a bit of catches around the command though to keep out as much riffraff as possible
<marks256> if all else fails, i'll create a file with the user information in it, and have a cron job run once a minute or so to create the user
<domito_> try this
<sbeattie> marks256: "sudo -u apache" changes you *to* user apache. useradd still needs to run as root, your sudoer config allows user apache to sudo *to* the root user to run adduser with root's privilege.
<domito_> apache ALL = NOPASSWD: /usr/sbin/useradd*
<domito_> or you chould suid useradd, but that would be a bad idea
<marks256> sbeattie, aah... you might be on to something there
<marks256> domito_, what does the * mean at the end of the line then?
<sbeattie> for example, under your config (I think) sudo -u apache sudo useradd [blah...] should work.
<marks256> sbeattie, i'll try that quick. when you say under the config, what do you mean? just my command to run?
<domito_> marks256: it does not work for all sudo implementations, but it's a wildcard so you can add parameters
<marks256> domito_, ok i'll try that
<domito_> I have had to add that on a couple boxes, not sure which OS those were offhand tho
<sbeattie> under your sudoers config that allows the apache user to sudo to root to run the adduser command.
<domito_> sbeattie: I see what you are saying ... not sudo -u apache, apache runs sudo
<domito_> so the apache user should not be running "sudo -u apache"
<marks256> sbeattie, domito_ right, but i don't understand why i can run my command fine sshed into the apache account, but not from apache its self
<marks256> as root i typed in sudo -u apache sudo /usr/sbin/useradd -d /home/dusty -p '$1$r6Gu3ZU/$QpuDJOUcf13xDfPgh724b.' --shell=/bin/bash dusty and it worked
<domito_> what does 'sudo -u apache -l' give you?
<marks256> that -u and -l cannot be used together :)
<domito_> d'oh
<sbeattie> marks256: right, in that command you've gone from user root --[sudo -u]--> user apache --[sudo]--> user root where adduser gets run.
<marks256> sbeattie, right. that makes sense
<marks256> domito_, i logged in as apache and typed in 'sudo -l' here is the output (root) NOPASSWD: /usr/sbin/useradd
<domito_> and if you run the 'sudo /usr/sbin/useradd ...' in that shell it works?
<domito_> not sudo -u apache mind you, it already knows it's apache
<marks256> Correct.
<smoser> jjohansen, so how do would you  bypass CONFIG_SCSI_SYM53C8XX_2=y, if you didn't like it?
<smoser> (ie, if it was buggy for your hardware)
<Reepicheep> pmatulis: using tcpdump with the -X flag and increasing the snaplenth will show you the data.. but you will have to decode the IP address returned by hand..
<domito_> ok then my previous advise stands, change your script to capture the environment and full output and then see what it shows you
<jjohansen> smoser: hrmm give me a minute need to look up how to do it again
<marks256> domito_, i do have it returning all output. There is no return.
<Reepicheep> pmatulis: but I just tried an app called dnstop.. it decode it.. if you have a lot of dns traffic you will just need to figure out which one it is
<resno> question, im thinking about running ubuntu server as my router. on this server i am storing backups of my machines, pictures, etc. is there anything i should keep my stuff safe?
<domito_> marks256: does it return the `env` command output?  if not, can you redirect the output to a file?
<domito_> resno: if it's connected to the internet then it's not safe period
<domito_> you can lock them down by permissions etc but a root sploit will still give someone access
<marks256> domito_, yes. env returns values
<domito_> if you want them safe find a network nas appliance or something
<domito_> marks256: are the env the same as when you are in a shell?
<resno> domito_: so just forget about running the server and use the router instead?
<resno> server within the home netowkr isntead of outside it
<paulus68> are there any known issues concerning nfs-server in server 9.10?
<marks256> domito_, no. There is much less returned from the php vs the shell
<pmatulis> Reepicheep: thanks for the info
<marks256> domito_, essentially the only thing that the php script returns for env is path and TERM. the shell returns hostname, term, shell, user, and a bunch of other stuff
<domito_> and user = apache?
<domito_> is there anything in your apache error_log?
<marks256> domito_, in the shell, yes, from the script, user doesn't exist
<domito_> then capture `echo $USER` in the script
<domito_> silly question, but your httpd is running as apache right?  not running as nobody or another user?
<marks256> domito_, you know... that is a VERY good question!
<marks256> domito_, it should be...
<domito_> ps aux|grep httpd
<marks256> domito_, yes apache
<marks256> domito_, echo $USER in the script returns nothing
<domito_> ok, good to clear that possibility anyways :)
<domito_> that's very strange
<marks256> domito_, whoami returns apache though
<domito_> ok
<domito_> do you get any output from `sudo -l`?
<jjohansen> smoser: sym53c8xx.blacklist=true at the root prompt might do it /me has to test yet
<domito_> does sudo need the $USER to work?  perhaps you need to force the variable in your script?
<marks256> domito_, no output from sudo -l...
<marks256> domito_, that's what i was just thinking...
<marks256> domito_, export $USER = "apache" right?
<smoser> jjohansen, i assumed such things only hinted to userspace to populate modules.blacklist (or respond similarly) and tha tthey didnt' work for builtin
<domito_> marks256: that's right
<domito_> or you could `USER=apache /usr/sbin/sudo ....`
<jjohansen> smoser: maybe I am not sure about .blacklist I need to look at it more
<marks256> domito_, aah. no $ on the export command
<domito_> d'oh!  right you are
<domito_> was up all night banging my head againt a bridge
<domito_> speaking of which ...
<domito_> Any experts on bridging/transparent firewalls here?  I have an odd issue which is that arp from the inside segment gets out, but only about 33% of replies get back to the requestor
<domito_> the traffic coming back hits the eth0 and the br0, but not all get to eth1 on the inside
 * domito_ has been fighting this for a week now ... someone please hit me with some ideas :)
<marks256> domito_, hmm... setting $USER to 'apache' doesn't do squat. export USER='apache'; echo $USER returned nothing
<domito_> dam
<marks256> domito_, well. this idea clearly bad, so i think i'll just do that cron job. Bit extra work, but more likely to actually work :)
<marks256> domito_, thanks for the help though!
<domito_> for what it was ... you may also have luck calling a different script from php, which is a wrapper for useradd that has a !#/bin/bash
<bogeyd6> how can you make the system information shown on the first login of a system after install show everytime you login to the console?
<domito_> which may help populate the env
<domito_> bogeyd6: /etc/motd
<marks256> domito_, ok. i'll give that a go. i've already got a wrapper written, so maybe it'll work.
<bogeyd6> domito, think along these lines http://ubuntuforums.org/showthread.php?t=1202331
<marks256> domito_, although the reason i was running the adduser from the php directly is because i had no luck wiht my wrapper either.
<bogeyd6> domito, enough googling reveals this http://joshmoles.com/2009/01/21/supercharge-the-ubuntu-motd/
<jeremydei> hi guys, I am sortof fighting with this mysqld_safe bug, on ubuntu hardy server.  it seems rather well known, was wondering if anyone here had any advise on how to fix it in a scriptable fashion ..
<jeremydei> basically, you install mysql-server-5.0, then the next time you restart mysqld_safe is runaway consuming 100%cpu
<jeremydei> found a ton of bug reports on this, but no real resolution!
<domito_> list
<domito_> d'oh
<domito_> bogeyd6: cool
<zul> http://gregdekspeaks.wordpress.com/2010/01/20/announcing-the-fedora-cloud-sig/
<mealstrom> \clear
<mealstrom> oops
<tjaalton> mathiaz: hey, I couldn't resist to try the new sssd. there's a problem though; error: /usr/lib/sssd/libsss_krb5.so: undefined symbol: krb5_cc_retrieve_cred
<tjaalton> so the krb provider doesn't work
<tjaalton> ldd libsss_krb5.so looks wrong
<tjaalton> http://pastebin.ubuntu.com/359648/
<domito_> anyone know how I can capture just packet fragments in tcpdump/tshark?
<Lns> Hi everyone
<Lns> I'm coming from the Edubuntu / LTSP community here, decided to add #ubuntu-server to my idle chan list ;)
<au> :)
<unit3> heya
<Lns> Sounds like it'd be a good idea since most LTSP and a lot of Edubuntu installs are multi-user and require some heavy lifting (not to mention some good tools for admin)
<unit3> makes sense.
<Lns> Has anyone got any opinion on a good LDAP setup/admin GUI?
<Lns> We've been struggling to come up with something for the longest time.
<unit3> 389 (was fedora) directory server looks nice, but the Ubuntu packaging seems to have stalled, so you'd probably have to run it on CentOS or Fedora.
<unit3> alternatively (and better in the long run) would be to poke at the 389 packaging team (https://launchpad.net/~ubuntu-389-directory-server)
<unit3> and get them to update their packages.
<unit3> ;)
<unit3> hell, help them out. I'm sure it's just a matter of manpower, really.
<Lns> unit3: thank you! That's some good info
<unit3> no problem. i'd like there to be a decent, graphically managed directory server OOTB in Ubuntu too.
<unit3> it'd certainly make my life easier. :)
<kaffien> how can i edit my network settings from the console?
<domito_> kaffien: ifconfig
<domito_> what do you need to edit?
<unit3> kaffien: look in the /etc/network directory.
<unit3> interfaces has a man page.
<kaffien> ip address and host name
<unit3> /etc/hostname too then.
<Lns> unit3: indeed. =)
<kaffien> kk
<unit3> kaffien: if you change the hostname, you'll likely have to doublecheck /etc/hosts as well, to make sure your ip in there matches the new hostname.
<kaffien> yep
<kaffien> the problem is this is a duped VM.  it almost looks like it booted up without an eth0 device
<unit3> that'd be weird. oh, but it might have!
<kaffien> perhaps another reboot with a different host name will help things along
<unit3> because udev assigns eth names based on mac address.
<unit3> if you cloned the hd, it's likely got a different mac assigned, and so that interface would become eth1.
<unit3> check output of "ifconfig -a" and see if it's there.
<unit3> if it's there as eth1, I can tell you how to correct that.
<domito_> Any experts on bridging/transparent firewalls here?  I have an odd issue which is that arp from the inside segment gets out, but only about 33% of replies get back to the requestor
<domito_> the traffic coming back hits the eth0 and the br0, but not all get to eth1 on the inside
<domito_> ubuntu-server 8.04 btw
<kaffien> vmware tools was botched due to kernel upgrade ... silly me.
<kaffien> it's been far to long since i got my 'hands dirty'.
<kaffien> ah well at lest its not gentoo
<kaffien> I know it's not exactly a good idea but i need an older version of mysql  is it as simple as removing 5.0 and apt-get mysql-4.x ?
<kaffien> apt-get install mysql-4.x that is.
<unit3> kaffien: no, it's probably been dropped from the repos for the current releases. however, you should be able to grab and install from packages.ubuntu.com.
<kaffien> hopefully the dependacy list isn't to large
<kaffien> 5.0 upgraded some of the calls which basically screwed over our old CRM.
<kaffien> so we had to switch back to our ancient server that likes to die whenever it feelsl ike it
<unit3> kaffien: yeah, it'll be an old package, depending on old libs, so as long as it doesn't conflict with new ones, you should be alright.
<unit3> also, you could use prevu on the .dsc and forward-port it.
<unit3> if deps are a problem, anyway.
<mathiaz> tjaalton: thanks - I've filed bug 510295
<uvirtbot`> Launchpad bug 510295 in sssd "/usr/lib/sssd/libsss_krb5.so: undefined symbol: krb5_cc_retrieve_cred" [Undecided,New] https://launchpad.net/bugs/510295
<tjaalton> mathiaz: heh, and I filed 510290 :)
<tjaalton> mathiaz: sgallach has an idea about it.. I'll keep you posted
<mathiaz> tjaalton: great - seems like things are looked at
<mathiaz> tjaalton: I'll mark my bug a duplicate
<tjaalton> mathiaz: ok, cool
<uvirtbot`> New bug: #510299 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/510299
<tjaalton> mathiaz: seems to be a tarball bug, fedora builds it with -lkrb5 which shouldn't be necessary
<technicallyrite> Hello all, any of you running Jeos in a production environment?
<technicallyrite> It's been merged into server now, have been experimenting with it here.
<Aison> can I put ubuntu onto an SD-Card and install from there?
<RoyK> sure
<RoyK> I've got an usb plug for that
<unit3> Aison: you can as long as your system will boot off SD.
<Aison> i'm not ;) i've got only a sd card slot^^
<RoyK> Aison: you can install on an sd card just as you can install on a spinning drive
<Aison> I don't want to install it on an sd card, I would like to install it FROM an sd card ;)
<Aison> so I need to copy the install cd to the sd card
<unit3> Aison: yeah, the default tools to make bootable usb keys should work just as well for an SD card.
<unit3> but you'll have to make sure your system boots off SD.
<Aison> ok
<Aison> I guess that works
<unit3> should, yeah.
<technicallyrite> Jeos, anyone?
<Aison> the howto says, that I have to use usbcreator on linux, to create the bootable usbstick
<Aison> but where can I get this tool on non-ubuntu linux platform? ^^
<Aison> I mounted the ISO file and there's a usbcreator.exe for windows ;) that's not really a help
<RoyK> technicallyrite: I've been running jeos in production, yes
<RoyK> same thing as the not-so-stripped-down version
<unit3> Aison: there's other tools that run on other variants, like unetbootin or whatever.
<unit3> they're slightly more work, but they'll do the job.
<technicallyrite> royk: sweet, thanks. I'm assuming you like it, did you add much other than your app dependencies?
<RoyK> no
<RoyK> and shortly after, I switched back to standard ubuntu server, since it's not really very big anyway
<marks256> what is the command to return the full path of the current directory?
<kaffien> can i remove JUST the mysql-common package?
<kaffien> when i try it tries to remove like 175 packages
<kaffien> wierdness
<technicallyrite> marks256: pwd?
<kaffien> i remove it and it takes kde with it
<technicallyrite> kaffien: perhaps kde came with it or vice-versa, try reinstalling kde after mysql-common is gone.
<kaffien> so i did it (removed it) then i went to install php5 and it wants mysql-common
<kaffien> lol
<kaffien> i might not be able to get away with using mysql 4.1
<unit3> Maybe not.
<kaffien> hrrrm
<kaffien> i have remove all the mysql packages that i can figure
<kaffien> then i tried dpkg -i mysql 4.1 and its spouting about an upgrade still
<kaffien> i wonder if i would be able to use hard haron for this
<kaffien> i should be able to downgrade mysql  as it would still be the hardy repositories in theory
<unit3> well, use packages.ubuntu.com and check to see if it's in hardy still.
<kaffien> its in dapper for sure
<kaffien> cant seem to find it in hardy
<BeardedChimp> I have ubuntu-server installed on a mac-mini. Occasionally on boot grub appears and without a timeout. This results in a non-booting server. Massive problem and I really don't know how to sort it with grub2
<BeardedChimp> Its running ubuntu server 9.10
<nuckable> hey everyone, i'm having problems compiling drivers for my nic (which is messing around)
<nuckable> when doing "sudo make all" i get "no rule to make kernel/bounds.c"
<nuckable> and i can't seem to get the proper kernel source =/
<nuckable> i tried following these instructions http://ubuntuforums.org/showthread.php?t=1047374
<nuckable> but when i did "sudo tar -xvjf linux-source-2.6.31-17-server.tar.bz" it told me that file couldn't be opened because it couldn't be found (sorry am translating from german)
<frenzy_usa> has anyone run QuickBooks in a virtual machine?
<BeardedChimp> Ok, I found a work around to my problem but I tried something similar earlier today, and upon doing update-grub it resulted in just grub with a flashing _ after rebooting. It required reinstalling grub from a cd. I want to avoid that but I dont know how
<Lns> frenzy_usa: yes
<frenzy_usa> Lns: What vm program are you using? VirtualBox, VMware, other?
<Lns> frenzy_usa: vmware server
<Lns> It works fine for a single person using it....
<frenzy_usa> Lns: Planning on installing the QB database server and start testing tomorrow for multi-user
<Lns> frenzy_usa: i'm sorry :(
 * Lns has had nothing but major issues w/qb database server
<Lns> (not on my own install, but one of my clients)
<frenzy_usa> Single user didn't give me any trouble so I'm gonna hope multi-user will behave as well.
<Lns> uh huh... ;)
<Aison> ach, now I managed to get ubuntu netinstall cd to run from USB stick, but now, my networkdevice AR8132 is not detected ;)
<nuckable> *sigh*
<nuckable> does really nobody have a clue?
<unit3> nuckable: why are you compiling drivers, what kind of NIC do you have?
<nuckable> it's an asus nx1101
<nuckable> and it's jerking around if load is put on it
<nuckable> so i'm hoping the official drivers might fix that, otherwise i'd have to send it back =/
<nuckable> i got the latest version and the README just tells me to make all
<unit3> not helpful.
<nuckable> but it keeps complaining about having "no rule to make kernel/bounds.s
<nuckable> i mean kernel/bounds.c
<unit3> you've got the kernel headers package for your kernel installed, right?
<nuckable> yup
<nuckable> and the build-essentials
<nuckable> and the linux-source
<nuckable> apt-get installed them all
<unit3> well then, I suspect their build scripts just suck.
<mealstrom> hi, I've got some problems with pptpd server. I've managed to set up with static ip's in chap-secrets and some dynamic pool.  Works fine. client gets IP from chap secrets, but (!!!)  I don't know how can I kill that connection (pppX).
<mealstrom> ps ax | grep ppp shows ip from dynamic pool, not static.
<mealstrom>  (ubuntu 9.10_amd_x64)
<unit3> can you tell me what nic it says you have in lspci?
<nuckable> unit3, theres 2
<nuckable> not sure which one is this one
<nuckable> one is "01:05.0 Ethernet controller: Sundance Technology Inc / IC Plus Corp IP1000 Family Gigabit Ethernet (rev 41)"
<nuckable> the other is "04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)"
<unit3> well, the realtek one will be well supported in-kernel, so it's probably the weird sundance one. I see a lot of problems listed with that one online.
<nuckable> *sigh*
<unit3> yeah.
<nuckable> the other problem i run into is that i'm using the german version of ubuntu, so i'm not always 100% how to translate stuff to get more info =/
<unit3> ahhhh...
<nuckable> looks like asus really sucks at network devices
<unit3> yep, I think they do.
<unit3> i've avoided the eee stuff since other netbook options came out, because of that.
<unit3> Is Ubuntu's lvm built without support for locking type 3 (internal clustered locking)?
<unit3> it doesn't seem to be working here.
<nuckable> unit3, sorry was that question for me?
<nuckable> *sigh* well good night people, off to bed =/
<unit3> no, that was just a general question for the channel. ;)
<unit3> later.
<mealstrom> who works with pptpd server on ubuntu for windows clients ?
<killaxxl> goes any one know of samba sharing with xbox360
<unit3> mealstrom: probably not most people in here. given its history of security problems as a protocol, most people tend towards things like openvpn these days, or ipsec if you're getting fancy. ;)
<unit3> killaxxl: no, 360 only supports a upnp server, not samba. There's a supported on in Ubuntu though.
<unit3> as long as your files are in the right format, anyway.
<unit3> ushare is the one. it has a 360 compatibility option, and I've used it recently.
<alex_joni> mealstrom: why are you asking?
<unit3> aleks: he's having trouble with his pptp setup, he posted above.
<mealstrom> in chap-secrets I put static ips for users
<killaxxl> thx, i'll look into it
<mealstrom> and set one dynamic ip range
<mealstrom> and when user conencts with static ip -- it takes that ip ,  but in ps ax | grep ppp --- it has ip from dynamic range
<unit3> killaxxl: note that it won't convert media, so it'll only work if your files are in formats the 360 already understands.
<alex_joni> hmm I only used dynamic ip's
<mealstrom> I don't know how to kill user by his login or static ip :(
<alex_joni> you should have a process for each connection
<mealstrom> yes. I've got pppX for each connection
<alex_joni> I get this:  /usr/sbin/pppd local file /etc/ppp/pptpd-options 115200 192.168.0.1:192.168.0.200
<mealstrom> /usr/sbin/pppd local file /etc/ppp/pptpd-options 115200 192.168.3.1:192.168.3.21 ipparam 109.86.31.222 plugin /usr/lib/pptpd/pptpd-logwtmp.so pptpd-original-ip 109.86.31.222
<mealstrom> ppp1      Link encap:Point-to-Point Protocol
<mealstrom>           inet addr:192.168.3.1  P-t-P:192.168.3.25  Mask:255.255.255.255
<mealstrom> ppp1 from ifconfig
<alex_joni> yeah, figured asmuch
<mealstrom> there is different ip's 192.168.3.25 and 192.168.3.21 | 21 is from dynamic range / 25 from static
<mealstrom> and I cannt take login parameter for ip-up script :(
<mealstrom> hmmm
<unit3> hrm... what are the potential problems with using lvm on a shared device without using clvm (since it's a POS that won't stay working without dying for more than a week)
<unit3> presumably after doing a change on one machine, I'd need to rescan things on the other.
<unit3> and it won't coordinate locking between them, so I'd have to be careful about accessing resources.
<unit3> other than that...?
<alex_joni> mealstrom: maybe you can cause pptpd or pppd to dump the username to syslog
<alex_joni> you have the ip and process number there
<mealstrom> it is possible to connect interface to users ip address in ip-up script.
<alex_joni> mealstrom: I also notice my pptpd is configure to log users to wtmp
<mealstrom> ifconfig pppX down doesn't disconnect user :(
<alex_joni> no, but tail/whatever syslog | grep pppX -> find the process and kill it surely will
<alex_joni> you could just record the pid of ppp into a /foo/%U file
<genii> I'd like to replace the default shell for certain users who ssh in to something like: script -aqf /var/log/theirname     ... seems problemmatic however. Any other kind of solution like this?
#ubuntu-server 2010-01-21
<mealstrom> genii: vim /etc/passwd
<genii> mealstrom: I'm aware of how to change their shell. But if you do something like try to use: script -aqf /some-logname   and call it from in /etc/passwd as their shell, it behaves like a forkbomb when ssh is used
<mealstrom> and what about ~/.bashrc ?
<mealstrom> if default is bash
<genii> mealstrom: When you login from console replacing the default shell with script works. When ssh in, kaboom
<mealstrom> genii: what the script is?
<mealstrom> genii: if you use some command it will call your's script  -- run many times, problem with this ?
<genii> mealstrom: There may be some confusion. I'm talking about a command whose name is "script"
<mealstrom> genii: I can't understand exactly what you want to do. say default shell is /bin/sh or /bin/bash . And what you want to do?
<mealstrom> make something like /bin/somescript ?
<genii> mealstrom: If for instance at command prompt you enter exactly: script -a /somelog           everything you type as you enter commands will be recorded as like a keyboard logger into the file called /somelog
<genii> eg: all your bash/sh/dash/ksh   etc commands
<genii> Which is that: I want to have a record of what some users are doing at commandline when ssh in because they are deleting their bash_history files
<mealstrom> genii: chattr +au /home/user/.bash_history
<uvirtbot`> New bug: #510418 in dovecot (main) "Don't add user `dovecot` to group mail" [Undecided,New] https://launchpad.net/bugs/510418
<Lns> mealstrom: wow...that's pretty awesome
<Lns> didn't know you could do that w/chattr
<ruben23> hi guys..
<ruben23> i got same problem as i asked here mounting a cifs on a windows, working good but its not mounted automatically upon reboot
<genii> ruben23: You made some fstab entry for it?
<ruben23> yes
<ruben23> this is my fstab entry--->//192.168.2.27/recordings2 /media/share cifs username=AGENT,password=3tr 0 0
<genii> Probably tries to mount before network is up
<ruben23> genii: but the winodws client is already power up before the server reboots
<ruben23> genii:what can i do.
<uvirtbot`> New bug: #510427 in elinks (main) "Please merge elinks 0.12~pre5-2(main) from debian squeeze(main)" [Undecided,Confirmed] https://launchpad.net/bugs/510427
<zlx> å¤§å®¶å¥½
<zlx> è¯·æä¸ä¸ªé®é¢ï¼å¦ä½æ¥çdnsmasqçæ¥å¿
<michael____> hello?
<michael____> i was wondering if anyone can helpe me
<j416> michael____: you should read the topic first.
<j416> michael____: http://www.sabi.co.uk/Notes/linuxHelpAsk.html
<j416> section two.
<michael____> thankyou..... It it worth it to install Ubuntu Server if i am just going to use apache and MySQL? should i just stick with regular Ubuntu and install something like xampp?
<j416> michael____: it would depend on what you're going to use it for
<j416> if you don't need a GUI (desktop), there is no reason to install it..
<j416> the ubuntu server setup is pretty straightforward. But you have to be familiar with the command line.
<michael____> what is in the GUI?
<j416> michael____: http://ubuntuserver.info/images/6.10_install/first_reboot.png
<j416> this is what ubuntu server looks like
<j416> michael____: http://www.appscout.com/images/ubuntu-penguin.jpg
<j416> this is what ubuntu desktop looks like
<j416> (google imaged to find these, they are not the latest versions)
<j416> michael____: "GUI" means "Graphical User Interface"
<j416> ubuntu server does not have that.
<jmarsden> michael____: There is no GUI in the Ubuntu server install.  You *can* add one later, but it's not generally recommended practice for servers.  If you are new to Linux and Ubuntu, you will probably find it easier to use Ubuntu Desktop.
<michael____> ahh i see, i will just install Koala with something like xampp
<michael____> thank you
<jmarsden> DOn't use xampp, install the LAMP stack .
<jmarsden> XAMPP is a Windows concept not a Linux one.
<qman__> ubuntu server is extremely well suited to this single minded purpose
<qman__> one checkbox during install and you have a ready-to-use apache/mysql/PHP server
<j416> qman__: but without knowing how to use it without a GUI it would be hard to set up anything more advanced...
<j416> (not that ubuntu desktop has a GUI for setting up apache/mysql/php, does it?)
<qman__> no, it doesn't
<qman__> a GUI does not provide any real advantage
<qman__> except maybe file management
<j416> to a newbie it might.
<qman__> the tools and configuration are all command line anyway
<twb> j416: newbies aren't sysadmins.
<j416> twb: good point. :D
<qman__> I guess my point is, you have to learn the same commands and configuration with or without a GUI, so there's really no benefit to having one in this case
<michael____> well, i am a newbie and i am a sysadmin for my robotics team. nothing big but thats why i am asking for help
<j416> qman__: very true.
<qman__> but some people feel better by working in a gnome-terminal than a tty
<twb> michael____: then you have an excellent opportunity to learn how to administer a system properly, i.e. without a GUI to hold your hand.
<j416> well, you could always ssh in from another machine with a proper terminal app..
<michael____> ok, besides the GUI, are there any significant differences
<j416> michael____: try ubuntu server if you have the time. :)
<michael____> i do
<qman__> server and desktop use the same repositories and you would be installing the same software packages
<qman__> so no, besides the GUI and a few unrelated tweaks, they're the same
<j416> I would guess ubuntu server is faster. It has a smaller footprint because there are fewer apps running, and no graphics to handle.
<twb> michael____: in terms of packaging, the main differences between a stock Ubuntu Server and Desktop install are: different kernel compile-time options (sometimes), the absence of ubuntu-desktop and its dependencies, and the absence of localization for GUI apps, myspell, etc.
<michael____> less things to go wrong
<twb> j416: it'd only be "faster" if the hardware wasn't specced for desktop
<j416> twb: ok :)
<twb> Otherwise it's just a question of how much of the RAM and CPU is idle.
<qman__> definitely less things to go wrong, especially from a security perspective
<j416> in my case, I'm running the server inside a virtual machine, so I would think there is a difference there.
<j416> nothing confirmed though..
<twb> j416: well, only because your VM probably has 128MB of RAM instead of 4GB
<j416> yep :)
<qman__> well, there would be fewer services running, but a bunch of idle processes have very little performance impact on a fast enough system
<twb> qman__: if you had swap, they'd be swapped out anyway.
<uvirtbot`> New bug: #510497 in bind9 (main) "Update manager failed - package bind9 1:9.6.1.dfsg.P1-3ubuntu0.2 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/510497
<maxagaz> I need a cheap machine (server) in which i can plug a lot of hard drive to put backups, do you have something to suggest me (with atom proc perhaps) ?
<foxbuntu> maxagaz, I assume from your description you are trying to build a custom NAS?
<maxagaz> foxbuntu, yes
<maxagaz> foxbuntu, I only need to put bacula's backup on it
<foxbuntu> maxagaz, well the atom is a desktop based processor
<foxbuntu> maxagaz, also are you looking a fully assembled option or build your own (bare bone type of thing)?
<twb> Why not just buy a NAS that can run Ubuntu
<twb> I'm thinking along the lines of the NSLU2 or the newer SheevaPlug
<twb> foxbuntu: I think he picked atom specifically because it's relatively low power
<maxagaz> twb, I don't understand what's SheevaPlug
<twb> jfgi
<maxagaz> twb, how do you plus many hard disk on it ?
<twb> Well, yeah, that's an issue.
<twb> I expect there's a NAS-oriented variant.
<foxbuntu> twb, I assumed that...just wanted to point out that atom != server
<twb> Well, as far as whiteboxes NASs go, it doesn't matter a damn what CPU it has.
<maxagaz> i need a machine in which i can put up to 5T of hard drives
<foxbuntu> twb, that depends on how you want to build the box, if its just for at home, I agree, if its going to be used as a critical piece of hardware (first go buy a NAS) but second if building it, it should be using enterprise class hardware at the very least
<maxagaz> foxbuntu, it's for enterprise
<foxbuntu> twb, just my opinion on it, wont stop me from helping someone that wants to do it
<maxagaz> by the way, there's no repositories to install bacula 3 on karmic ?
<foxbuntu> maxagaz, then you need to evaluate how critical this device will be to your enterprise
<foxbuntu> martin-, that will help you to pick the correct hardware for you
<foxbuntu> martin-, sorry, I meant maxagaz
<twb> Eh, if you're buying enterprise-class hardware, you do it by ringing up IBM or HP or Dell and saying "hi, please send me a model NNN by next Tuesday", not by asking IRC
<twb> (Of course, that's *my* opinion. :-)
<foxbuntu> twb, I would agree, not my previous contention
<foxbuntu> s/not/note
<twb> maxagaz: I wouldn't be deploying non-LTS releases in an enterprise environment.
<foxbuntu> maxagaz, second that
<maxagaz> i want to test it, not to deploy it
<twb> maxagaz: what are you testing?
<maxagaz> twb, for instant, i have a buggy bacula 2.2.8 on hardy
<maxagaz> twb, i would like to test bacula 3.0.3 on karmic
<twb> maxagaz: why?
<maxagaz> twb, to deploy it once karmic will become 9.04
<twb> maxagaz: erm, your messages are taking a really long time to reach me.
<twb> It's January 2010 here, and 9.04 and 9.10 were released many months ago.
<maxagaz> twb, sorry, i meant 10.04
<twb> maxagaz: Karmic will never be 10.04.
<twb> maxagaz: Lucid is targeted for release in 10.04.
<twb> If you want to see if bugs are fixed in Lucid's bacula, you should install Lucid.
<twb> And lucid *does* have bacula 3: http://packages.ubuntu.com/lucid/bacula
<maxagaz> twb, bacula 3.0.3 is the latest stable version while lucid isn't stable
<maxagaz> twb, also karmic looks stable although it's not stamped LTS
<twb> maxagaz: I've told you what you should do.  If you want to ignore me and try to run Bacula 3.0.3 on Karmic instead, I'm not going to stop you.
<maxagaz> twb, you would install bacula 2.4 on hardy ?
<twb> I would not deploy a non-LTS release in an enterprise environment.
<twb> I would DEFINITELY not install non-standard packages in an enterprise environment.
<twb> That is, I'd use whatever version of bacula came with the release.
<twb> For pre-production right now, aiming for deployment around June, I would target 10.04 with whatever bacula it ends up with, which will probably be 3.0.2.
<kwork> can anyone suggest is there some tool to monitor directory with svn for changes and commit them, or svn + cron script is the way to go ?
<Jeeves_> kwork: What do you actually want to do? :)
<twb> kwork: I think you're trying to solve a policy problem with technology, which will never work.
<kwork> actualy i have bind configs what change few times a day, i would like to have that data in svn
<twb> kwork: who changes them?
<kwork> twb,  dns admins
<kwork> i know that i cant know who made the changes with cron solution
<twb> kwork: do they edit the files directly, or do they use some sort of shitty web front-end?
<kwork> directly
<twb> OK, then the solution is to teach the DNS admins how to use "svn commit".
<twb> And to put in place a piece of policy that says "you gotta do it."
<kwork> it would be painful to force them to use it after every change i cant be sure that i get all the changes
<Jeeves_> kwork: What twb says :)
<Jeeves_> kwork: Sure you can be sure.
<Jeeves_> You create a script that periodically svn up's your bind config
<kwork> i was thinking of hourly cron script that would commit it
<jerico> hmm..  everytime I come here people are talking about stuff I don't understand. Is there a #ubuntu-server-noobs?
<Jeeves_> You let the admins commit the zones in the repo
<twb> jerico: #ubuntu is for noobs
<Jeeves_> If they work on the files directly, your svn up will fail, and you can use the cluebat
<Jeeves_> Or you just make sure they can't login :)
<twb> Being smart enough to add -server is the first test
<kwork> okey thanks for input
<kwork> lol @ twb
<twb> Jeeves_: oh yeah!  I forgot that svn actually enforced separation of the main repo from the working trees.
<twb> I was imagining more like a single-repo RCS or git
<twb> "To edit records, run co -l foo.zone, ed foo.zone, ci foo.zone'
<kwork> i think im going to add bind dir to svn then, and then commit it daily and then i can get nice overview from websvn
<kwork> because i dont actualy care who changed what
<kwork> rather what was changed generally
<twb> kwork: so basically you're going to ignore our advice and do what you originally intended :P
<kwork> yep :P
<twb> You may want to look at etckeeper
<kwork> hmmmz okey thanks
<kwork> ill check it out
<kwork> twb,  forcing them to commit would be right choice if it would mater who changed what
<kwork> then i would actualy have no other way
<kwork> uu etckeeper seems cool
<kwork> nice suggestion
<kwork> thou it seems i need to set up git
<j416> /etc should have a directory with _all_ default settings, and then you would just override them in new, clean files. That would be something..
<twb> kwork: it works with a bunch of VCSs
<kwork> git, mercurial, darcs, or bzr repository
<kwork> actualy only one i have heard about is git there
<twb> j416: here, have unionfs.
<twb> kwork: if you're still using svn, that doesn't surprise me
<j416> twb: cool
<j416> twb: do you use it?
<twb> I'm the Darcs Debian maintainer and upstream documentation manager, and I work with hg daily and git weekly.
<twb> bzr is only for arch refugees and canonical employees.
<twb> Come to think of it, most arch refugees have probably died at sea by now anyway.
<jiboumans> good morning
<jerico> Does anyone know of a good guide for learning iptables?
<jerico> heh. actually I should probably just read the man pages on it.
<twb> jerico: the PDF linked from /topic
<uvirtbot`> New bug: #358703 in php5 (main) "Wrong/insecure configuration of PHP module" [Wishlist,Triaged] https://launchpad.net/bugs/358703
<beric> Hello guys. Is there a solution for automatic http proxy detection so  that I won't have to enter proxy address manually for apt-get
<beric> I know this thing called WPAD but don't know the tooling for that under ubuntu.
<cx> man  get tor
<cx> apt-get install tor
<mealstrom> http://ubuntuforums.org/showpost.php?p=743244&postcount=6
<beric> thank you both. I'm looking for something that can configure the proxy system wide automatically but getting the address from DHCP like WPAD does.
<mealstrom> and what about transparent proxy ?
<mealstrom> squid + portforward 80-> 3128 ?
<beric> can't touch the network settings . think about a student in a collage
<mealstrom> ÐµÐºÐ½ ÐµÑÑÑ http://linux.derkeiler.com/Mailing-Lists/Debian/2006-07/msg00916.html
<mealstrom> *try this
<beric> hmmm find another interesting stuff here:http://wiki.debian.org/ProxyAutodetectConf
<ghostlines> anyone got experience with powernowd? it isn't saving changes i set
<mealstrom> check config files permissions
<ghostlines> i havae permissions to access it
<sommer> morning
<infidel> i have a laptop with a hdd raid 5 array and i'm trying to install server and it finds the raid but when i go to partition disk it wants to configure iscsi and asks for an ip address and port number. how can i get around this and create raid patitions?
<mealstrom> is it possibele to do this with vsftpd? :
<mealstrom> 1. incoming (anononymoyus dir with 0777 rights)
<mealstrom> 2. pub (anonymous with read and one ftpuser with 0777 rights) ?
<mealstrom> (1) I've done. but got troubles with second ^(
<mealstrom> or how can I limit user access with local_enables = yes for only 1 user ?
<pmatulis> infidel: a laptop with RAID 5?  interesting
<infidel> ok, nice but what about the iscsi issue?
<pmatulis> infidel: you're claiming that the installer (for what release?) is imposing an iSCSI install on you?
<infidel> pmatulis, stand by please
<pmatulis> standing by...
<infidel> 9.10
<pmatulis> infidel: provide me a picture of your screen
<pmatulis> infidel: or open a bug (i'm assuming you've checked whether such a bug exists already)
<infidel> can i boot this disk as a live linux disk and connect to the internet and send you the data?
<infidel> i see you can't
<pmatulis> infidel: take a picture
<ttx> kirkland: you didn't commit your latest eucalyptus upload to the packaging branch, so it's out of sync now...
 * ttx cleans up
<lool> zul, soren: I changed the minimal seed to depend on netcat-traditional instead of netcat since I see netcat is a transitional package; however this means netcat-traditional is hard to remove; I see there are also some netcat provides, but I'm not sure how to permit this with seeds
<lool> zul, soren: Do you two have any idea on how to best address this?
<lool> (Or anybody else of course)
<infidel> pmatulis, what do you want me to take a picture of?
<soren> lool: Why did you choose that one over netcat-openbsd?
<pmatulis> infidel: your screen
<lool> soren: Because that's the one which is currently in the minimal task and the one netcat depends on
<lool> On a related note, I think this ought to be higher than minimal, perhaps standard
<soren> lool: Hm... I think netcat-openbsd is really a better default choice.
<lool> soren: I would be fine with this; I don't know what that implies though
<soren> lool: I made netcat depend on netcat-traditional back in the day because it was the smallest change.
<lool> soren: Apparently you did some research on this
<soren> Yes.
<soren> Two years ago.
<soren> :)
<lool> I saw your name in the MIR and in the README.Debian
<lool> soren: Would you mind proposing this change?
<lool> soren: Or I can just do it for you if you think that's safe; it would be an improvement over having two netcat in mains
<lool> And two netcats installed in the server install (at least after my latest change)
<soren> lool: "do it" as in make the proposal?
<lool> soren: As in do the changes
<soren> lool: I wouldn't mind that at all.
<lool> soren: I know how to change the default, just not whether it's safe to do
<soren> lool: Still plenty of time to fix things if anything blows up.
<soren> I don't expect anything to blow up. I'm just saying.
<lool> Apparently you mention a dep on glib
<lool> But it's already in minimal
<infidel> pmatulis, what page would you like to see
<lool> udev depends on libglib2.0-0
<lool> and shared-mime-info
<infidel> anbbl
<lool> soren: I changed the seeds; I see we have the transitional netcat since hardy, do you think we should leave it alone, drop it, or move it to netcat-openbsd?
<uvirtbot`> New bug: #510671 in drbd8 (main) "kernel 2.6.27.15 generic drbd8 not found" [Undecided,New] https://launchpad.net/bugs/510671
<tue> hey guys, could someone help me how to login with roundcube in ebox? dunno no what is the user and the password :/ ...
<tue> and btw great work with ebox loveeee it!
<lool> soren: Hmm sorry; got netsplit; I sent an email to ubuntu-devel
 * zul feels like a motu today
<JimiDini> Hi. I am from midgard-project (content repository). Our next version of php-bindings is going to be php-5.3 targeted. What are the chances of 5.3 going to Lucid?
<JimiDini> We spoke with Mathias Gug and he told us to contact server team :)
<JimiDini> Debian has 5.3.1-2 in "experimental" and they are going to move it to "unstable" soon
<JimiDini> ubuntu is our main deployment target (even ubuntu-lts), so this question is rather critical for us
<ttx> kirkland: fixed.
<zul> JimiDini: not great right now if 5.3.1 gets out of experimental then maybe
<uvirtbot`> New bug: #510683 in likewise-open5 (universe) "'lsassd' has to be restarted in order to login" [Undecided,New] https://launchpad.net/bugs/510683
<zul> JimiDini: i have to see what debian is doing
<JimiDini> zul: debian maintainer recently contacted php dev-team and looks like they are serious about putting 5.3 in next stable
<JimiDini> zul: see http://news.php.net/php.internals/46657 and http://news.php.net/php.internals/46697
<JimiDini> I can write him email to ask "when?"
<JimiDini> would that be useful?
<zul> JimDini: afaik they are are doing the transition as well so if you want to send an email to ask when and cc me that would be great (to keep me in the loop)
<JimiDini> zul: ok. will compose it now
<zul> JimiDini: zulcss @ ubuntu.com
<JimiDini> zul: sent
<zul> JimiDini: thanks
<ttx> smoser: ping
<smoser> ttx, here.
<ttx> smoser: what's the status on the karmic cloud image refresh ? in progress ?
<smoser> i have ran through 2 of 6 ami tests, 1 is in progress.
<ttx> smoser: ok, so we are still on track for delivery today or tomorrow
<smoser> yeah, i think its good
<tesseracter> ive got a dev box in virtualbox, and the date will not get updated for the life of me. ive got it set for a cron.hourly, but it only changes time when i do sudo ntpdate pool.ntp.org
<infidel> anyone here know how to setup raid on u-server?
<zul> ttx: has the server team meeting agenda been cleared yet?
<ttx> yes
<infidel> ok i think i solved the problem
<Xpistos|work> how can I create my own ssh key that is say 1024-bits
<jiboumans> Xpistos|work: man ssh-keygen will tell you. you want -b probably
<Xpistos|work> thanks
<marks256> When i try to LS one of my directories, i get this error: ls: reading directory .: Identifier removed. What does it mean?
<Xpistos|work> wow 20480-bit keys take a long time to generate
<infidel> ok i think i solved the problem i sw
<infidel> ok i think i solved the problem i switched distros
<zul> ttx: k
<pmatulis> Reepicheep: all you need is: 'sudo tcpdump -i br0 -qtn -c1 src port 67'
<pmatulis> Reepicheep: sample ouput: 'IP 10.100.100.1.67 > 10.100.100.123.68: UDP, length 300'
<marks256> Solved the "identifier removed" problem. Basically a few group errors on my Lustre FS.
<Baversjo> Hi! I'm very new to public / private key authentication in SSH. I've successfully setup my server and desktop so that I can access the server without a password. My question is: Is there any way to generate another private key from a public key on the server so that I can login in without a password on another machiene?
<zul> hi mathiaz so i have a couple of mysql cluster 7 questions for you
<mathiaz> zul: sure
<zul> mathiaz: so its basically like a mysql server with ndb turned on right?
<mathiaz> zul: yes - for a high level perspective
<zul> mathiaz: so the packaging would be very similar to the mysql-dfsg-5.1 packaging right?
<mathiaz> zul: packaging wise, you'd need two binary packages at least: one to install a managment node and one to install a data node
<mathiaz> zul: not necessarly
<zul> mathiaz: gotcha
<mathiaz> zul: once packages for the cluster are available, we should also make sure that the ndb engine is enabled in mysql-server-5.1
<mathiaz> zul: as this is the package that would used on the SQL nodes
<mathiaz> zul: I'm using the same terminology outlined in the MySQL Cluster guide
<mathiaz> zul: I'd recommend having a quick look at it
<zul> im reading through it
<mathiaz> zul: it gives a good overview on how to setup a MySQL Cluster and has a small tutorial;
<mathiaz> zul: there are three components: Management node (1 package from mysql-cluster src pkg), Data node (1 package from the mysql-cluster src package) and MySQL node (mysql-server-5.1)
<mathiaz> zul: I would also suggest to drop an email to the Debian maintainers
<mathiaz> zul: they may have started to work on packaging MySQL Cluster
<mathiaz> zul: and have some code to share
<zul> ok
<zul> thanks
<mathiaz> zul: or some thoughts on how things should be done
<soren> Baversjo: No. What you do is..
<soren> Gah..
<zul> too slow soren
<soren> Story of my life.
 * soren goes to dinner.
<ehazlett> greetings... i'm having NFS trouble... i cannot create files/directories on an NFS mounted share using LDAP groups... (and i have less than 16 groups...)
<mathiaz> zul: apparently php 5.3 should hit unstable soon
<Reepicheep> pmatulis: where you looking for what server is acting as the DHCP server or what IP address the client received?
<pmatulis> Reepicheep: the latter
<Reepicheep> yeah that's what I thought
<pmatulis> Reepicheep: in my example, that address would be 10.100.100.123
<Reepicheep> pmatulis: that is interesting .. when I run it it does not show the clients assigned address on the right.. it shows the target as a broadcast address
<pmatulis> Reepicheep: weird
<Reepicheep> for instance  'IP 10.100.100.1.67 > 255.255.255.255.68: UDP, length 300'
<Reepicheep> actually my length is 314 not 300 .. but that isn't the difference.
<Reepicheep> I'm testing it with a virtualbox machine not a KVM.. but again that shouldn't matter
<JimiDini> mathiaz: zul: and what is even more important, php-5.3 will be the version officially actively supported by php-team in next N years. while 5.2 will soon go under the carpet
<JimiDini> and LTS release is supposed to be used for quite a long timeâ¦ better not to have officially outdated stuff there
<pmatulis> Reepicheep: maybe it depends on the DHCP server.  i believe we have a cisco unit
<mathiaz> JimiDini: do you have any pointer where upstream explains their maintainance policy?
<Reepicheep> pmatulis: what version of tcpdump and libcap are you using? i'm using 4.0.0 and 1.0.0
<mathiaz> JimiDini: well - things will always get outdated on LTS
<Reepicheep> in this instance we are using a windowz server as DHCP.. let me try it on a different vlan with a different type of DHCP server
<pmatulis> Reepicheep: libpcap is at 1.0.0-1 on Ubuntu
<JimiDini> mathiaz: good question. I will look for it
<JimiDini> mathiaz: I understand that things will get outdated, but it's the question of "how fast"
<Reepicheep> pmatulis: it is the DHCP server I get this on a bridge attached to a vlan using dnsmasq as a server:
<Reepicheep> IP 192.168.125.254.67 > 192.168.125.96.68: UDP, length 318
<pmatulis> Reepicheep: thanks for the confirmation, i guess the most reliable method would involve filtering on the payload
<Reepicheep> yesterday when I was testing it.. I only used a bridge with a windows DHCP server..
<Reepicheep> I was wondering how you where going to determine the IP address received.. that is where dnstop came in
<Reepicheep> even when I showed the payload with -X on tcpdump.. it was not decoded
<ehazlett> any reason why NFS won't recognize secondary groups via LDAP?
<uvirtbot`> New bug: #510732 in openssh (main) "OpenSSH server sshd_config PermitRootLogin -> NO" [Wishlist,Incomplete] https://launchpad.net/bugs/510732
<pmatulis> Reepicheep: what version of Windows (running DHCP) did not work for you?
<zul> mathiaz: shouldnt the mysqladmin be in a server package?
<mathiaz> zul: where is it now?
<zul> mysql-client
<mathiaz> zul: isn't mysql-client installed on every mysql-server?
<mealstrom> no
<mealstrom> it can be installed as recommended
<hartwigj> Hi there
<hartwigj> just a little question: Each apache2 process is consuming 175MB of virtual ram on my x86_64 servers (I guess this memory is shared with all other apache processes). Is that normal?
<eagles0513875> hey guys im having issues trying to pull gutsy from its given mirror to setup on xen the log file for the vm is here
<eagles0513875> http://pastebin.com/f8eee500
<eagles0513875> can someone point me in the right direction of what i can do to remedy the situation
<pmatulis> eagles0513875: gutsy is EOL
<eagles0513875> O_o :(
<pmatulis> eagles0513875: there is some site that hosts such things i believe
<eagles0513875> what mirror can i use to pull any newer release of ubuntu server
<pmatulis> oldreleases something or other
<pmatulis> google it
<eagles0513875> its not a big deal in that case ill use debian then, but i need something prior to karmic due to issues with grub2 and xen
<eagles0513875> pmatulis: do you know the mirrors or anythign for hardy or intrepid?
<eagles0513875> !mirrors
<ubottu> Ubuntu installation CDs can be downloaded from http://releases.ubuntu.com - Mirrors can be found at http://wiki.ubuntu.com/Mirrors - PLEASE use the !torrents to download !Karmic, and help keeping the servers' load low!
<zul> mathiaz: re php 5.3.1 http://drupal.org/requirements
<mealstrom> has anyone problem with mounting samba share in fstab ? (there is no cifs/smbfs type) ?
<hartwigj> No one who experiences the same thing?
<mathiaz> zul: well - drupal6 is available in universe
<zul> is there popcon stats?
<jpds> eagles0513875: All official mirrors have hardy.
<eagles0513875> the problem is adding it to xen-tools for xen to pull and install it on the vm
<eagles0513875> im guessing i would need the minimal install
<jpds> eagles0513875: And intrepid.
<eagles0513875> jpds: intrepid has grub 1 right
<jpds> Yep, karmic was the first one with grub2.
<eagles0513875> ok cuz from what im hearing grub 2 is giving people on xen hell
<mealstrom> but only with clean install
<jpds> xen isn't really supported on Ubuntu.
<eagles0513875> im setting up ubuntu on a guest
<eagles0513875> host os is debian
<NotTooSmart> how do I keep my monitor from turning off?
<hartwigj> what should be the normal apache2 VIRT mem consumption on x86_64? Can anybody tell me his / hers?
<jjohansen> smoser: hey was there a mail thread started about booting without the ramdisk
<smoser> yes.
<smoser> on -devel
<jjohansen> smoser: ah, I was looking for it on server
<NotTooSmart> how do I keep my monitor from turning off?
<smoser> https://lists.ubuntu.com/archives/ubuntu-devel/2010-January/thread.html#30018
<jjohansen> smoser: indeed I found it
<nucking> hey everyone, i'm having big problems compiling and installing a driver for my nic =(
<nucking> it tells me that there is no rule to make kernel/bound.c
<nucking> when i "make all" as told by the README
<nucking> i alread got build-essentials, linux-headers and linux-source
<nucking> nucking
<nucking> whoops
<nucking> i'm really clueless and in desperate need of help D=
<jjohansen> smoser: so how do you want to proceed on testing these kernels, and deciding whether we need another flavour
<smoser> well... you certainly have a better "feel" for how risky this is.
<smoser> i really can't imagine any fallout from CONFIG_VIRTUAL, but if there is, we can revert it.
<smoser> ttx's point is valid though about the scsi hardware... somehow we need to see how likely that is to cause regression
<Disconnect> soren: so if i'm gonna submit a ton of cleanup patches for ec2-init do you have a preferred source ver to start from?
<jjohansen> smoser: the scsi driver should only cause a regression if there is a bug
<smoser> well, yes.
<smoser> :) lots of things only cause problems if there are bugs
<jjohansen> smoser: possible but unlikely, I dug around looking for a way to disable it when builtin but it looks like that I was mistaken.
<jjohansen> smoser: it is possible to add a switch to disable if we run into problems
<Disconnect> smoser: is ec2-init yours? soren is listed on the packages page but i'm being told you might be the actual owner
<smoser> Disconnect, yeah, problably its me now.
<jjohansen> smoser: do you want to test the kernels I have?  Right now I am close to saying ship it, and see what happens and if we need then spin off a new flavour
<smoser> Disconnect, start from (heavily revised and in-progress) lp:~smoser/ec2-init/ec2-init.devel
<Disconnect> cool
<smoser> Disconnect, i really would be interested in feedback you have.  its definitely work in progress.
<Disconnect> well i'm starting with typo fixing (reserveration-id) and moving on to revoking os.system privs ;)
<smoser> jjohansen, then i saw we test it earlier rather than later.
<smoser> so "ship it".
<smoser> my only real draw towards -virtual as being a full flavour (maybe we'll go there eventually) is including as many other guest drivers as possible
<jjohansen> smoser: definitely, I am going to do another round of build and test.  ie install on a couple of machines
<smoser> if we ever did go that route, there'd probably be lots of things to change, throw out stuff that doesn't make sense.
<smoser> jjohansen, and what about ec2 kernel ?
<jjohansen> I am not done its refresh yet, some time today though
<smoser> the DEVTMPFS is what i'm interested in there.
<jjohansen> smoser: right, I won't forget it
<smoser> just an fyi, recently ec2 kernels have been very stable
<smoser> and console output is very stable too
<jjohansen> hrmm, strange - though they have gone through a rebase.  It could have been a general kernel bug
<soren> Disconnect: Yeah, smoser's your man these days, I suppose.
<NotTooSmart> what can I do if sudo -setterm powersave off     does nothing for me?
<Disconnect> smoser: https://bugs.launchpad.net/ec2-init/+bug/510825 you get one just like the one i gave smoser about an hour ago ;)
<uvirtbot`> Launchpad bug 510825 in ec2-init "ec2-get-info typos (with patch)" [Undecided,New]
<hartwigj> setterm -powersave off -blank 0
<stickystyle> Has anyone experienced mod_proxy_html working?  I have what should be a simple swap of ProxyHTMLURLMap /magnoliaPublic/demo-project/     /  but it just doesn't seem to do anything (as in matching and replacing).  And the "ProxyHTMLLogVerbose On" does nothing either :-|
<mdeslaur> mathiaz, zul: guess what? the mysql test certs expire again in 7 days
<mathiaz> mdeslaur: ahhh
<mdeslaur> mathiaz: you may scream if it'll make you feel better
<mathiaz> mdeslaur: we should ping them asking wether they have no faith in their proejct
<mdeslaur> they should generate them for 10 years or something...it's just for build testing
<smoser> jjohansen, i see tim's mail about lucid pull request, will that build soon?
<jjohansen> smoser: I can kick off a new build and have a kernel to play with soonish
<zul> mathiaz: yay!!!!!!!
<smoser> ok. i can test for you easily enough.
<nucking> does really nobody have any clue what i'm missing to compile those drivers?
<Disconnect> smoser: whats the method of turning this pile of scripts into a package? or is it not that far along yet.
<smoser> Disconnect, i was hoping to get a new package sponsored today, but dont knwo that i'll get there.
<mdeslaur> mathiaz, zul: is one of you going to contact them to get updates certs?
<smoser> but the debian/ directory in the ubuntu branch will be close to working
<smoser> ie
<jMyles> If I mount a drive through SSHD, I get very reasonable speeds (70-100 K), but if I mount it through OpenVPN, it slows down to 12-20.  Anybody know why?
<smoser> bzr branch lp:ubuntu/ec2-init
<mathiaz> mdeslaur: jiboumans ^^ - can we talk about the cert expiration with mysql?
<smoser> Disconnect, that make sense?
<Disconnect> smoser: yah
 * Disconnect will be going with lp:~ubuntu-on-ec2/ec2-init/ec2-init.jauntyppa since its jaunty servers anyway
<Disconnect> also, updated within the past year
<mathiaz> mdeslaur: I'd file a bug with the upstream bug tracker
<mathiaz> mdeslaur: and we can take it from there
<mdeslaur> mathiaz: you are going to file the bug?
<Disconnect> er, scratch that. wrong branch :)
<mathiaz> mdeslaur: I can have a look at it
<mdeslaur> thanks mathiaz
<nucking> this is the readme for the driver
<nucking> http://pastebin.org/79829
<smoser> Disconnect, yes. i recommend you not use the development for jaunty.
<smoser> i dont know where ec2-init.jauntyppa is though. i would recommend starting at the karmic ubuntu package
<Disconnect> smoser: yah i didn't realize the ubuntu branch wasn't listed there, the branch you listed looks to be in pretty good shape
<smoser> lp:ubuntu/ec2-init/karmic i think is the right branch name.
<nucking> this is what i get when i try "make all"
<nucking> http://pastebin.org/79830
<kpettit> I wanted to install nagios in 9.10.  Is it better to install the package that's in the ubuntu repository or download and manual install?
<tonyyarusso> kpettit: If you want to use the open source version and don't *need* anything mentioned in the changelog between the repo version and upstream, use the repo one.  If you need a new feature, use upstream.  If you want to use the proprietary version, it's not in the repo.
<kpettit> sounds good.  I'm wanting a easy upgrade path and don't need any of the new stuff
<Edgan> kpettit: Or you can do what I often do. Take the source package, grab the new version, tweak it a bit, and make an updated package.
<Edgan> kpettit: It is often not that hard
<kpettit> DO you make the package for your own needs, or do you submit it to ubuntu?
<kpettit> I've been wanting to learn the package system better,  just haven't go around to learning it yet
<Edgan> I generally just do it for my own needs. They are often pretty picky about the details of what they will accept.
<Edgan> kpettit: Often times they also get around to it.
<Edgan> kpettit: I was just making firefox 3.6 packages that will probably be out shortly.
<Reepicheep> pmatulis: I think it is windows server 2003.. but I'm not sure I don't maintain that box
<pmatulis> Reepicheep: ok
<Reepicheep> I will find out.
<Reepicheep> pmatulis: Another guy.. that would know thinks it is 2003 also, but it's not his box either
<pmatulis> Reepicheep: ok, i'll put it down as 2003
<Elad> if I have the following command in /etc/sudoers -- ALL ALL=NOPASSWD: /root/script.php
<Elad> shouldn't that allow anyone to run the script without having to log in as admin
<Elad> or root
<tonyyarusso> Elad: I believe that is correct.
<tonyyarusso> Elad: however, I suspect that /root/script.php does not know how to run.  You may want to replace it with: php /root/script.php
<Elad> I have another script that is browsed to, and thenthat script calls /usr/bin/php /root/script.php
<Elad> but in the error.log I am seeing that www-data needs to supply a password
<Elad> I think I am just going to re-work the way it works
<Elad> thanks for the input
<tonyyarusso> um, obviously that wouldn't work.  You would need your script to call 'sudo /usr/bin/php /root/script.php' and your sudoers to say 'ALL ALL=NOPASSWD: /usr/bin/php /root/script.php'
<nucking> is anybody around that could help me with compiling a driver for my nic please? i've been trying for days to get it compiled and weeks to get my lan to work properly
<nucking> whenever i try to "make all" the driver it tells me that there is "no rule to make kernel/bounds.c"
<kindofabuzz> is it possible to set a dir to automatically set permissions on a file once it is put there? does that make sense?
<kindofabuzz> System:    Host mint Kernel 2.6.31-17-generic i686 (32 bit) Distro Linux Mint 8 Helena - Main Edition
<ghostlines> hi all, anyone has experience with powernowd? I can't get it to save my settings
<magic_1> hi all
<magic_1> hope everyone is having a great evening
<magic_1> wondering
<magic_1> would would be the best proxy server to use with ubuntu, i know its a bit of an open ended question, quite surprised ubuntu-server does come with a proxy option
<dantalizing> magic_1: depends on your requirments ... good old squid works well
<magic_1> that was my thinking as well
<dantalizing> haproxy and willowng are in the repos, depending on what you need
<magic_1> needs to integrate into AD
<magic_1> need logging , restriction, grouping
<magic_1> etc....
#ubuntu-server 2010-01-22
<gregcoit> hi all - i think I found a bug.  If you have cacti installed in either karmic or jaunty server, type php /usr/share/cacti/cli/add_device.php --help and a bunch of errors will scroll by - looks like incorrect paths for includes.  Am I crazy or should I report this? (not reported yet for either jauunty or karmic - hard to beleive)
<jiboumans> gregcoit: a pastebin with the errors would be useful ofc.. and make sure your php.ini doesn't contain custom entries
<gregcoit> jiboumans: of course - sorry
<jiboumans> gregcoit: no need to appologize ;) but if everything is vanilla and errors are popping up, it'd warrant a bug report
<gregcoit> jiboumans: vanilla php:
<gregcoit> http://pastebin.com/d4d9c3ad3
<gregcoit> all those files exist in /usr/share/cacti/site/lib/
<jiboumans> hmm, that does look suspicious.. can you pastebin add_graphs.php as well please?
<jiboumans> (dont have the source handy)
<gregcoit> jiboumans: np - the relevant section: http://pastebin.com/d5a1595e3
<gregcoit> jiboumans: thta's also the top of the script minus the copyright - nothing is processed before thos lines
<jiboumans> gregcoit: hmm, this obviously isn't set: include_once($config["base_path"]."/lib/api_automation_tools.php");
<jiboumans> since your previous paste shows /lib/...php
<gregcoit> agreed
<DDwi> this is with apache2?
<gregcoit> yes
<DDwi> how are you accessing it ?
<gregcoit> but these script are for cli only
<DDwi> virtualhost ?
<gregcoit> now via apache
<gregcoit> er, not
<jiboumans> gregcoit: how does a  'find /usr/share/cacti -type f' look like?
<gregcoit> spits out 272 files
<jiboumans> mind pastebin'ing those too? last one, i promise :)
<gregcoit> jiboumans: np
<gregcoit> http://pastebin.com/d30b37dcd
<jiboumans> gregcoit: ok, i'm happy to say 'bug' at this point
<jiboumans> gregcoit: those 3 pastes + a dpkg -l for the relevant packages should make a good report
<gregcoit> :(  i was hoping you were going to say I'm crazy...  Ok, I'll file.  Thanks for the support!
<gregcoit> jiboumans: you got it
<jiboumans> gregcoit: the workaround is pretty straightforward (but i guess you saw that already); it's not ../include/global.php it's ../site/include/global.php
<gregcoit> funny thing.  I searched for cacti bugs on launchpad-  found none.  as soon as i type the problem in "file a bug" - up pops the exact issue.  So, alrady filed.  And yeah, thanks for the answer!
<gregcoit> jiboumans: sorry to take your time
<jiboumans> gregcoit: no worries. don't forget to hit the 'this affects me' button :)
<jiboumans> and with that, it's time for sleep...nn
<gregcoit> jiboumans: si.  and subscribed!
<maxagaz> I have a server which hard drive is to small (80GB), I want to change it for a 160 GB, but without having to reinstall the filesystem
<maxagaz> can I just move the content to another disk ?
<maxagaz> what else do I need to do to make this work ?
<qman__> maxagaz, you need to install grub to the new disk, which is fairly simple to do
<qman__> and then modify /etc/fstab to update the UUIDs
<maxagaz> qman__, what command should i use to have the same content on the new disk with permissions... ?
<twb> maxagaz: you can just move content from one disk to another.
<twb> maxagaz: simply boot some third medium (e.g. a live CD), then dd the entire 80GB from the first disk to the second.
<twb> maxagaz: then, increase the partition and filesystem size (or simply allocate another partition).
<maxagaz> twb, will dd also take the swap ?
<twb> maxagaz: dd is copying the contents of the disk bit-for-bit.
<maxagaz> twb, dd isn't convenient as I need free space somewhere to put the generaed image
<twb> maxagaz: just put both disks in the system at once
<qman__> and dd one whole disk to the other whole disk, like /dev/sda to /dev/sdb
<qman__> then resize the partitions or create a new one
<twb> Yup
<qman__> if you do that, grub copies too, and you only need to edit /etc/fstab
<twb> qman__: I was assuming this was a disk REPLACEMENT -- in which case, /dev/sda is still /dev/sda and the UUID and LABEL are unchanged
<maxagaz> twb, ok so, during the dd, I have /dev/sda and /dev/sdb, and after removing /dev/sda, /dev/sdb becomes /dev/sda, right?
<maxagaz> so non need to change /etc/fstab
<qman__> I was under the impression that the UUID would change anyway, but I haven't tested it myself
<qman__> I thought the whole point of the UUID was that it is unique to the disk, and wouldn't change if you plugged it into a different channel
<twb> maxagaz: just so.
<twb> qman__: the UUID would be DD'd, too.  It's a property of the filesystem, not the disk.
<qman__> ah, that's true
<twb> At least, the UUIDs that fstab cares about
<qman__> yeah
<twb> Disks have serial numbers
<maxagaz> what's the dd command syntax to use to make the copy ?
<qman__> dd if=/dev/sda of=/dev/sdb
<twb> dd if=/dev/sda of=/dev/sdb, where sda is the source and sdb is the target
<qman__> you could add tweaks like bs=1M if you want, too
<twb> make sure they're the right way around before you start.
<qman__> though I'm pretty sure it defaults to a sensible block size anyway
<maxagaz> qman__, what does bs=1M means ?
<qman__> sets the block size to one megabyte
<qman__> it may or may not make the transfer faster
<qman__> it all depends on the hardware, and it's not really needed
<maxagaz> how to change the partition size ?
<maxagaz> with parted, by just resetting the last block ?
<qman__> no, you need to resize
<qman__> I usually do it with gparted
<qman__> from a live disc
<twb> You need to write a new partition table, and then to run resize2fs (or equivalent).
<twb> parted can do both operations at once for ext2 filesystems, but I don't really trust it.
<twb> qman__: both operations can be done online, as long as you restart after editing the partition table.
<TVrotsurbrain> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz or tom
<maxagaz> qman__, twb, thanks a lot
<uvirtbot`> New bug: #511020 in postfix (main) "package postfix None [modified: /var/lib/dpkg/info/postfix.list] failed to install/upgrade: subprocess pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/511020
<blaenk> hey guys, I have an sqlite database that I need to access as its owner in order to modify it
<blaenk> how can I do this?
<blaenk> I just did sudo chmod ug+s thefile.db but that didn't seem to work
<uvirtbot`> New bug: #511058 in vsftpd (main) "/etc/init/vsftpd.conf contains an error." [Undecided,New] https://launchpad.net/bugs/511058
<uvirtbot`> New bug: #511057 in vsftpd (main) "/etc/init/vsftpd.conf contains an error." [Undecided,New] https://launchpad.net/bugs/511057
<NublaII> good morning. I am running a server with apache2-mpm-prefork, and every day it goes down a couple of times, and I can't quite figure out why it is... I know it runs out of memory, when too many children are left open. How can I troubleshoot it?
<NublaII> the machine is faily big, and it all happens in less than a minute... everything is fine and next minute it's gone
<acalvo> did you check apache's logs?
<NublaII> yeah, but I couldn't find anything out of the ordinary...
<NublaII> not even on the error.log
<acalvo> did you increase log verbosity?
<NublaII> LogLevel debug
<NublaII> I don't think I can go much further on that end...
<acalvo> how does it breaks, with a segmentation fault?
<NublaII> nope... it just hangs with too many children
<NublaII> swapping out...
<NublaII> 99% of the day it's fine
<NublaII> but then a couple of times a day it just goes bersecker
<NublaII> it hovers around 70 servers all day long
<NublaII> and it goes all the way up to 140 (the limit) and dies...
<NublaII> I've done a little math and tried to make it so the max number of servers never gets all the available ram...
<NublaII> but it fluctuates a little, so from time to time I starts swapping like crazy and I have to kill it all
<acalvo> is it always at the same time of day?
<acalvo> (just trying to see if you have some background process)
<NublaII> mmm... not always the same
<NublaII> but kind of similar...
<acalvo> maybe you've some cron job or something
<NublaII> between 11.30pm and 12.30am
<acalvo> that eats some RAM
<NublaII> checked that, and I have nothing running at that time...
<NublaII> I am tempted of just setting a cronjob to restart apache every 6 hours...
<NublaII> :P
<acalvo> I did one time to solve one problem
<acalvo> is it related to a peek hour?
<NublaII> not really... peak time for us is before that... it's sleep time in theory ;)
<NublaII> yesterday I was monitoring it and it was running fine, 70 processes chugging along... and in 20 seconds it just went through the roof
<acalvo> well, you could really use some kind of report
<acalvo> of the system
<acalvo> and check that
<acalvo> I've had some problems with openLDAP
<acalvo> eventually I've found out that was something related to another program
<acalvo> I've my domain.com set up with BIND. However, I want that if someone loads domain.com on a browser it redirects to www.domain.com. If I ping domain.com on any computer it resolves to 127.0.0.1. How can I add an entry in the main BIND file to link domain.com to a computer?
<_ruben> acalvo: the actual redirection will need to be done by your webserver, concerning bind you'll probably want to specify the same ip address for @ as for www
<qman__> acalvo, you can't redirect from bind, you have to do that on the website, but the DNS entry you want to modify is the root
<qman__> to refer to the root, use an @
<acalvo> well, I've thought that if I can't ping domain.com and resolve it, I'll can't browse http://domain.com
<acalvo> now it's fixed, I guess I just have to find where to put the .htaccess file
<acalvo> I've thought that I could put the redirection in the definition of the site (in /etc/apache/sites-available)
<_ruben> acalvo: wouldnt surprise me if you could (never tried myself)
<_ruben> i'd probably do the redirection using php/perl/whatever im using for the site
<acalvo> good option, btw
<acalvo> I'll give it a try if I can't do it using apache's config files
<qman__> you can do it either way, even in plain HTML if you want
<qman__> each option has its own advantages and disadvantages
<qman__> but it's done with the website/web server, not in DNS
<acalvo> I know, but if the DNS wasn't resolving correctly, it could not work
<acalvo> however
<acalvo> I've tried setting up this site in apache
<acalvo> <VirtualHost *:80>
<acalvo>     ServerAlias example.com
<acalvo>     RedirectMatch permanent ^/(.*) http://www.example.com/$1
<acalvo> </VirtualHost>
<acalvo> it kills the actual www.example.com
<uvirtbot`> New bug: #502071 in spamassassin "FH_DATE_PAST_20XX scores on all mails dated 2010 or later" [High,Fix released] https://launchpad.net/bugs/502071
<_ruben> you dont have a servername for that vhost
<acalvo> well, I do
<acalvo> I have a site domain.com and a www.domain.com
<acalvo> I'm trying to use the ServerAlias directive
<acalvo> but it screws up more all the things
<acalvo> this is the www.domain.com file: http://paste.ubuntu.com/360589/
<qman__> you can't have two sites that listen on *:80
<qman__> each site must listen on a separate IP or domain name
<qman__> so, domain.com:80 and www.domain.com:80
<acalvo> well, I've a lot of sites, and all of them are listening on *:80 (and are working great...)
<acalvo> if I need to have more than one domain name, should I specify it?
<au> it never worked for me with *:80
<au> only worked with ip:80
<acalvo> http://paste.ubuntu.com/360591/
<acalvo> this is another working on the same server
<acalvo> I've a bunch more
<acalvo> should I fix that?
<NublaII> I have mine working with <VirtualHost *>
<NublaII> do you have anything running with ssl?
<NublaII> if you wanna use that syntax I believe you need to have the line
<NublaII> NameVirtualHost *
<NublaII> on the default vhost file
<acalvo> I do have some sites under SSL
<acalvo> where should I put the namevirtualhost?
<acalvo> in the default site (/etc/apache/sites-available/default)?
<NublaII> mmm... I have it on the first line of the default one
<neriberto> hi everybody!!
<NublaII> /etc/apache2/sites-available/default
<acalvo> well, I've tried and now:
<acalvo>  * Reloading web server config apache2                                                                                                                       [Fri Jan 22 12:16:41 2010] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
<neriberto> someone rebuild the ubuntu server from source and recompile to a new ISO?
<NublaII> I guess you have to use * or *:80 on all of them...
<NublaII> and since you have ssl on there you shoud use *:80... I guess :)
<acalvo> let's see
<acalvo> *:80 on all of them?
<acalvo> or in the namevirtualhost directive?
<acalvo> now:  * Reloading web server config apache2                                                                                                                       [Fri Jan 22 12:18:31 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
<NublaII> how many virtualhosts do you have?
<acalvo> 7
<acalvo> and 2 ssl
<NublaII> I *believe* if you have "NameVirtualHost *:80" on the default vhost
<NublaII> I think you need to use the *:80 on all the <VirtualHost *:80>
<acalvo> ok, it is working like this
<NublaII> I was asking how many to see how much trouble would it be for you to try it
<acalvo> however I can't redirecty from domain.com to www.domain.com
<NublaII> since you can't mix
<acalvo> if I try to open domain.com it tries to download the typical "it works" file
<NublaII> and I'm guessing your domain.com config goes to a vhost that is different from 000-default, right?
<acalvo> should go, yes
<NublaII> can you resend the config file for domain.com? I lost the scrollback
<acalvo> this is www.domain.com: http://paste.ubuntu.com/360589/
<acalvo> now I'm using some redirection matches in the default site of apache
<acalvo> there is no domain.com now
<ycy___> hi there
<ycy___> on my system there's always active x11vnc
<ycy___> and I don't know where, on startup, it is launched
<ycy___> how do I know where x11vnc is launched?
<ycy___> I mean, in which file...
<soren> ycy___: Try asking in #ubuntu.
<neriberto> i've been download a ISO of source...how can I rebuild this?
<joegardner> Hello guys! I have installed ubuntu-server on my server computer but I have a problem I have set up a NFS server and while transfering files to and from the server the speed is really poor
<joegardner> and i have 100mb card
<mealstrom> joegardner: check with iperf real speed.
<joegardner> mealstrom: sry what do you meen?
<mealstrom> joegardner: if it is a problem with data cable you ll see it with iperf utility (client server)
<mealstrom> if not -- you ve got some wrong option in conf
<joegardner> mealstrom: well i've tried both with cable and wifi
<joegardner> mealstrom: but you know it's like it's getting stucked
<joegardner> mealstrom: and streaming movies from the server works fine
<mealstrom> joegardner: I've got some similar problem with vsftp when wasn't using passive ports or passive ports range was small
<joegardner> mealstrom: okey...I've also got vsftp
<mealstrom> you can check how many ports / conenctions it opens
<pmatulis> with quotas, if i set a user quota for /home/user and a group quota (where user is member of group) for /home/share/user which quota will be enforced when touching either of these directories?
<Disconnect> smoser: got a sec? not quite understanding how get_data_source is expected to work.
<smoser> sure
<smoser> (it probably shoudl be part of the constructor)
<smoser> but the general idea is to search through a list of "cloud data providers" and find one.
<smoser> right now that list is only ec2.
<Disconnect> firing everything at S20 (so after network, etc etc etc) but its bailing immediately with Could not find data source / Failed to get instance data.
<Disconnect> although as I was about to explain the path I followed I realized it was really wrong. so maybe i'm ok :)
 * Disconnect missed the datasource-map entirely somehow :(
<smoser> i will admit that I hven't  made a concerted effort at thinking about anything other than lucid.
<smoser> i know there are some lucid specific things.
<smoser> the idea is that /etc/cloud/cloud.cfg contains 'cloud_type', which is a comma delimited list (maybe it should be a proper YAML list)
<smoser> if that type is 'auto', then search through the available "cloud types" to find one.
<smoser> if it is "ec2" (or possibly other in the future) , use that.
<Disconnect> yah the jaunty part is mostly ok I think. upgraded a couple of minor python dependencies and created an old-style init script to fire cloud-config-ready, which then replaces the existing network/mounts test. (old upstart doesn't have the network-is-up tests or anythign good like that)
<Disconnect> I think where I went wrong tracking it landed me in the cache directories, which don't exist yet :)
<smoser> wow. you've made a lot of effort.
<smoser> yeah, so 2 things there.
<smoser> a.) the goal is to cache the ec2 crawl after the first time and store off th objects after we've processed evertyhign, so the later scripts don't have to do that.
<smoser> b.) you may have noticed in 'get_data' in ec2, it will read from ec2init.cachedir/ec2//user-data.raw and /meta-data.pkl
<smoser> which are not written anywhere.
<smoser> i'm using those to supply a mock ec2 datasource
<smoser> i put those files into an image and boot.
<smoser> Disconnect, i took your ec2-get-data patch also
<Disconnect> yah saw that :)
<Disconnect> looks like a conflict between boto_utils and boto.utils. wheee
 * Disconnect doesn't see any good way to tie the two branches together (my jaunty patches and your upstream) .. maybe through creative use of quilt. 
<Disconnect> somewhere along the way i'm not getting into DataSourceEC2
<Disconnect> yah dslist is empty. hmm.
<Disconnect> oh.
<Disconnect>         if not conf.has_key("cloud_type"):
<Disconnect>             conf["cloud_type"]=None <------ shouldn't that be auto?
<Disconnect> smoser: in boto_utils retry_url whats with the sleep? if i'm reading it correctly, it tries, continues-on-error and then reports an error and delays 2*n seconds even on success..?
<smoser> hm... that is copied verbatim from boto
<smoser> on success it 'return resp.read()' no?
<Disconnect> i gotcha. (fyi 'import time')
<Disconnect> hmm. so it logs the error, waits retries*2 seconds and tries again. that makes more sense.
<Disconnect> hmmm. except empty user-data returns 200-OK with len 0
<jiboumans> mathiaz: ping?
 * jiboumans blinks
<orudie> how can I check which version of java i have installed ?
<uvirtbot`> New bug: #511205 in ntp (main) "Computer reboots when enabling/disabling ntp" [Medium,Confirmed] https://launchpad.net/bugs/511205
<genii> That sounds like a really nasty bug
<screen-x> orudie: java -version
<smoser> Disconnect, "except empty user-data returns 200-OK with len 0" ?
<smoser> you're saying that is the response from Eucalyptus?
<Disconnect> smoser: it was a bug on my end, urllib2 doesn't take proxies arg. (the lack of error output was leading me astray)
<smoser> ok
<Disconnect> but yah, if there is no userdata euca returns 200 with length 0 (http://pastebin.ca/1761659) this is, i suspect, entirely correct :)
<jjohansen> smoser: re test kernels failing, so it is succeeding in direct kvm boot but failing euca cloud? right
<smoser> sorry. bad english
<smoser> "In each of the above cases, the included kernel fails."
<smoser> s/included/not-your-testing-kernel/
<smoser> included in the image/archive, jjohansen
<smoser> yours pass my tests.
<jjohansen> ah, I was taking from the email that it was failing and trying to figure it out
<jjohansen> smoser: in that case if you are happy, I will issue a pull request
<smoser> note, limited testing, i just booted, saw that it booted to successful login prompt and then killed it.
<smoser> it could have been on fire at the time
<smoser> :)
<jjohansen> :)
<smoser> but from a "did we turn the right noptions on" perspective, the answer is yes, it looks good.
<uvirtbot`> New bug: #511245 in autofs (main) "portmap is not started during boot process before autofs and hence autofs does not work properly" [Undecided,New] https://launchpad.net/bugs/511245
<grapple> have a prob with permissions... have ubuntu server with instructor and 20 students. inst wants to cp files from his home dir to theirs, but the users cannot get write access even tho the files are set for 777
<grapple> anyone have a clue as to why?
<Pici> grapple: Are the destination files set with those permissions? or just the source file.  If just the latter then you need to make sure you are using cp -a
<grapple> anyone help with permissions?
<ScottK> grapple: Did you see Pici's reply to you?
<grapple> oh, ok... newbie here
<grapple> so then i would do this: sudo cp-a file /home/username
<grapple> er, cp -a file /home/username
<grapple> works thanks...
<grapple> woot!
<mathiaz> jiboumans: do you have access to the ubuntuserver blog?
<jiboumans> mathiaz: still not (as per last email)
<mathiaz> jiboumans: hmmm... wired - I need to investigate that then
<mathiaz> jiboumans: I've already invited three times - but it seems to work correclty :(
<jiboumans> i get the invite, i accept it.. but then... nothing shows up on the dashboard / etc
<madcat1990> I'm in need of assistance, can someone help me?
<madcat1990> hmm just ask.... ok
<madcat1990> Anyways, I am in need of help with a network bridge on ubuntu server 9.10
<madcat1990> namingly, bringing the internet of a wireless connection to a wired connection
<madcat1990> but giving the wired connection a ip through a DHCP server on said server
<madcat1990> in other words, making the server work as a router x)
<mealstrom> haven't understand what you need
<mealstrom> dhcp server -  wifi - network - client  ?
<TeTeT> aubre: hey there :)
<uvirtbot`> New bug: #511295 in dovecot (main) "dovecot -n silently reports wrong configuration when using dovecot-postfix" [Undecided,New] https://launchpad.net/bugs/511295
<mathiaz> smoser: I'm thinking about existing images that rely on 169.254.169.254 being reachable
<mathiaz> smoser: on a related note, is the InstanceId available from the meta-data service?
<smoser> yes.
<mathiaz> smoser: awesome - that's gonna help in my big puppet master plan :)
<mathiaz> smoser: so you plan to enable or disable by default access to 169.254.169.254 on a lucid image?
<smoser> enable by default.
<smoser> mathiaz, "instance id" is also available to you as a part of the "DataSource" object in ec2init.
<Disconnect> smoser: any idea what would cause self.cfg to be None?
<mathiaz> smoser: how do you plan to make the meta-data information available in the filesystem?
 * Disconnect has got everything running on time and in order, or so it seems, except for the fact that its not getting a config.
<smoser> Disconnect, i just am fixing that :)
<smoser> if there is no "cloud-config" user data.
<Disconnect> oh. well good lemme know, been arguing with it all day ;)
<smoser> mathiaz, right now, the metadata information is available in filesystem as pickle format python object
<mathiaz> smoser: yeah - I'd suggest to go for a more inter-operable format
<mathiaz> smoser: other whise only python script will be able to load the configuration
<mathiaz> smoser: I'd suggest yaml
<smoser> i think that would be in keeping, with yaml usage elsewhere. i can dump it along side the pckl file.
<mathiaz> smoser: so that we don't restrict which langage should be used
<mathiaz> smoser: why would keep the pckl file?
<mathiaz> smoser: you can reload the yaml data from other python script
<smoser> i dont know.
<smoser> only if it were speed
<mathiaz> smoser: or are their more information in the objects that could not be represented in a yaml file?
<smoser> which may or may not be a.) true b.) a worry
<smoser> no more info than can be represented in a hierarchical key/value set
<smoser> remember, it all comes from a web "filessytem"
<mathiaz> smoser: well - is the metadata service providing such a huge amount of data?
<mealstrom> how to mount samba guest (+rw) share using fstab to local system (/var/shares or /media/shares) with rw ? ..
<mealstrom> have tried but didn't solve it :(
<mathiaz> smoser: right - another option would to actually use directories and files
<mathiaz> smoser: I prefer yaml though - as it translates into native objects in most languages
<mathiaz> smoser: if you'd use directories and files you couldn't easily use map, filters on the data structure
<mathiaz> smoser: whereas if you already have everything as a hash table, it may be easier
<Disconnect> at the end of the day though, python is only a small part of what might be using this information
<mathiaz> smoser: the up side of directories+files is that you can easily write shell scripts to leverage that information
<Disconnect> random binary files that can only be read by the originating app or derivatives is hardly the unix way :)
<mathiaz> smoser: and upstart jobs are the first users of that information
<mathiaz> smoser: so you could write upstart jobs that do things like: [ -e /etc/cloud-config/puppet ] && apt-get install puppet
<mathiaz> smoser: the problem with yaml is that using it from shell scripts is hard
<mathiaz> smoser: and upstart jobs are mainly shell scripts
<smoser> i'm not disabreeing
<smoser> but i will disagree that yaml is easily usable by shell
<mealstrom> .//192.168.1.1/incoming	/media/shares/incoming	cifs	guest,rw		0	0 -- only READ works :(. But when connecting via gnome commander smb -- RW works.
<mathiaz> smoser: right - yaml and shell don't play well together
<mathiaz> smoser: so may as first iteration, provide a directory/file layout for the meta-data service
<smoser> hm... i think we're miscommunicating here
<smoser> there are 2 things. or possibly 3 things
<smoser> a.) metadata service
<Disconnect> smoser: how do i get it to detect text/cloud-config userdata?
<smoser> (Disconnect, hold on)
<smoser> meta data service has info like: http://paste.ubuntu.com/360818/
<smoser> b.) user data
<smoser> user data is essentially binary blob , whatever the user wnats to put there can go there.
<smoser> c.) cloud config
<smoser> cloud config is transported to ec2 inside of user data.
<Disconnect> ..you changed the ssh key on that paste right? :)
<smoser> ec2-init rips it out, yaml configuration and writes that yaml config file to a file on the filesystem that can be then read by antying reading yaml
<mathiaz> smoser: isn't user-data part of the meta-data info?
<smoser> the metadata service will be cached on disk, now that is in python pickle, but i agree yaml would be more useful.
<smoser> mathiaz, not really. you get at them from the same "service", but they're different.
<smoser> Disconnect, funny, no
<smoser> :)
<Disconnect> metadata needs to be updated periodically though - i could attach and detach storage, for example, without warning.
<smoser> but thats just my public key
<smoser> you can put that wherever you want!
<Disconnect> heh
<smoser> Disconnect, do you know that metadata service is updated?
<smoser> i didn't think that that changed previously.
<smoser> but now with ebs volumes that cna be turned off, it can (and user data) can change on restart.
<mathiaz> smoser: right - the whole reason to remove access to the meta-data service after boot is based on the assumption that it's static information
<mathiaz> smoser: user data can change on reboots?
<mathiaz> smoser: I though it would stay the same during the whole instance life
<smoser> mathiaz, on re-starts
<smoser> not reboots
<smoser> you can stop/start an ebs root instance
<mathiaz> smoser: re-starts == new instance?
<smoser> yeah, and you do get a new instance id.
<mathiaz> smoser: ah right - ebs root instance
<smoser> but the filesystem "kept"
<smoser> so that is somethign that has to be addressed.
<smoser> but i dont know if metadata service changes when you attach a volume. should check that.
<mathiaz> smoser: is http://paste.ubuntu.com/360818/ the actually data received when do a wget on the metadata service?
<mathiaz> smoser: or is it delivered in a different format at the http level?
<smoser> no. its delivered in an annoyying format
<smoser> you do a get, either get data or a list
<smoser> and then you do a get for each item in the list
<smoser> adn repeat
<Disconnect> smoser: doesn't look like it changes.
<mathiaz> smoser: ok - the meta data crawler is reponsible for creating a dictionary like you've pasted
<smoser> yes
<smoser> so, if you like, we can put that data in a yaml format
<mathiaz> smoser: it seems that providing a directory/file structure representation would be trivial then
<mathiaz> smoser: I'm trying to address the issue that shell and yaml don't play well together
<Disconnect> btw if you want a quick commandline look at the metadata 'M_URL=http://169.254.169.254/2009-04-04/meta-data/ ; wget -O - -q $M_URL | while read a; do wget -O "$a" "$M_URL$a";done' works. doesn't keep following trees (so public keys won't work) but its a start.
<smoser> well, your example of 'puppet-config' is not going to exist.  puppet-config will come from cloud-config, not metadata
<Disconnect> that also suggests a format that might work for shell - present it locally exactly as its found on the http server.
<smoser> cloud-config, by your suggestion, is yaml
<smoser> we can dump it to disk too in some directory format, but i dont know that it is necissary
<Disconnect> smoser: real quick tho, getting ec2-init to detect cloud-config data..? hoping to demo in a few mins :)
<smoser> user data
<smoser> https://wiki.ubuntu.com/ServerLucidCloudConfig
<smoser> take that example, and put add to the top "#cloud-config"
<Disconnect> ah ok. thats the part i was missing :)
<smoser> then pass that as your user data (you can compress it too with gzip)
<Disconnect> cool. i just need to feed it the user and tell it not to apt-get and all should be well.
<Disconnect> oh. a thought on that actually.
<Disconnect> the user config belongs in the image, not in the instance, unless you are going to create the user at firstboot. the name is fixed when the image is made.
<smoser> Disconnect, yeah. i know that.
<Disconnect> ok :)
<smoser> so that doesn't fit all that wlel, but in general i liked that we just merged /etc/clouc/cloud.cfg and whatever came from the user
<smoser> so that you can create an image with the /etc/cloud/cloud.cfg that you always send in user data.
<mathiaz> smoser: you're right wrt to puppet
<Disconnect> sweeet i'm set for an actual demo now :)
<racquad> hi guys, I have just installed 9.10 server, but it keeps changings the screen resolution. I want a plai text resolution. How can I do it?
<racquad> please, any idea?
<smoser> blacklist vga16fb maybe
<racquad> smoser, where?
<smoser> /etc/modprobe.d/bad-vga.conf
<racquad> smoser, vga16fb is not listed on lsmod
<smoser> hm...
<uvirtbot`> New bug: #511314 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/511314
<racquad> smoser, I have tried also vga=771 to force a lower resolution, didn't work
<smoser> racquad, try 'nomodeset' on kernel config line?
<racquad> not yet
<smoser> sorry for not knowing off the top of my head
<racquad> smoser, it worked. thanks a lot
<smoser> Disconnect, fyi, the exceptions for 'None' cloud config should be fixed in my branch now.
<Disconnect> cool
<Disconnect> i'll prolly have another patch to send up before the weekend
<smoser> i am still hoping to get a package together and sponsored and into the lucid images tonight.
<Disconnect> smoser: i'll post the patch now. some whitespace fixes, better error messages and cloud_type should default auto, not None
<smoser> Disconnect, no, it should be default 'None' :-(
<smoser> as if you default it to auto, then people 'apt-get install ec2-init' and it hangs their system for minutes on boot looking for ec2 data service
<Disconnect> least-surprise (and sane defaults) both say "try to determine which of the one cloud types we're in"
<smoser> it used to behave that way, people complained, so heres where we are.
<Disconnect> thats a need for sane timeouts
<smoser> sane timeouts are i think hard to comebuy
<smoser> its better now, i think i wait like 20 seconds or something
<smoser> it did wait > 1/2 hour
<smoser> (and tried multiple times :)
<smoser> the problem is that you can come up and check for the metadata service before it is up
<Disconnect> not including the urllib2 timeout its 2+4+8+16+..seconds. bad :(
<smoser> so you cant rely on it.
<smoser> but for now lets leave it at None. the images will have it configured to 'auto'
<Disconnect> actually looks like that is changed. so its 10s plus urllib.
<Disconnect> but in any case, 'the images' could have all this stuff configured to begin with. the fact that this is a package says they might not :)
<mealstrom> can you help me figure out where is the problem with fstab on mounting samba share (guest) with RW rights?
<mealstrom> after mounting only ROOT can write/delete files or directories there. And user only can CHANGE files (RW) but not create or delete
<mealstrom> fstab //192.168.1.1/incoming	/media/shares/incoming	cifs	rw,guest	0 0
<mealstrom> mtab //192.168.1.1/incoming /media/shares/incoming cifs rw,mand 0 0
<dthacker> In ntp.conf, what is the name of the setting that limits correction if the time is too far off from the sync server?
<unit3> man page doesn't say?
<dthacker> unit3: only if you look at the correct man page.  Found it! :)
<unit3> haha what was it?
<dthacker> sanity limit, but it's set with a cl parameter when you invoke ntpd, not in the .conf
<unit3> ahhh
<erichammond> smoser, mathiaz: The EC2 instance id stays the same through EBS boot instance stop/start cycles.
<smoser> oh really.
<smoser> yeah, i guess i knew that.
<Disconnect> smoser: couldn't it wait in the background if it can't get the metadata? until it issues the cluster-config event nothing will happen, and it can either background for a few mins and exit or wait until it finds the controller..
<Disconnect> (sorry, was afk)
<smoser> well, fo rnow that woud'nt be so bad, and i like the idea. bu tthe general goal is for ec2-init to block all things on boot. such that you could modify anything you wanted in the system prior to those things coming up
<Disconnect> submitted the patch #511348
<Disconnect> think i got all the jaunty-specific bits out
<erichammond> smoser: As you know, I am skeptical of the proposal to block access to meta-data and user-data because there are other EC2 software applications written out there that Ubuntu developers do not control and which access these resources.
<erichammond> FYI, at least public-hostname and public-ipv4 can change while an instance is running.
<smoser> and they change in the metadata ?
<erichammond> Now that Amazon has shown they are open to meta-data and user-data being changed, I would not assume that it will always take an instance stop/start to do this.
<erichammond> smoser: running a quick test
<smoser> erichammond, i agree that it might be problematic to turn it off. it is default not disabled. so theres really nothing to worry about.
<erichammond> smoser: Ok, thanks
<smoser> there absolutely is an issue with the metadata service, though.
<smoser> it possibly contains sensitive data and there is no method of controlling access to it.
<smoser> such that a compromise of any user that could do an http request could get at it.
<erichammond> This is an EC2-wide issue that has been under a lot of discussion.  Shlomo did a great study on the various ways you can pass sensitive info to an instance and the tradeoffs.
<resno> is it a security risk to run a router and data backup on the same machine?
<resno> router and actually data. for a home network
<erichammond> smoser: Yes, I just verified that public-hostname changes when an elastic IP address is associated or disassociated with an instance.
<smoser> thank you for verifying that erichammond
<smoser> it seems wierd to speak a full name in irc.  like i'm very formal with "mr erichammond"
<erichammond> smoser: I used to have "esh" but somebody else took it after I left IRC for a while.
<erichammond> I figured this way people would know who I was.
<erichammond> mr_scott_moser_sir: Heading off to the office on my long commute through rain (always makes traffic more fun in LA)
<unit3> kickban vtf plz.
<guntbert> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz or tom
<th0mz_> ./ignore vtf
<guntbert> th0mz_: thanks - forgot ignore :)
<th0mz_> stupid spammer
<th0mz_> ..;
<th0mz_> .
<guntbert> th0mz_: and remember and tell: don't ever click on such a link :)
<guntbert> !ops | ctcp flood - please set +R
<ubottu> ctcp flood - please set +R: Help! Channel emergency! soren, lamont, mathiaz or tom
<niko> guntbert: already done
<guntbert> niko: see it , thank you
<smoser> mathiaz, ping
<mathiaz> smoser: hi
<smoser> woudl you be willing to sponsor an ec2-init upload for me ?
<smoser> just uploaded build to ppa, i want to give it a quick final test from there and then be good.
<mathiaz> smoser: sure - np
<mathiaz> smoser: if you could post the bzr branch, or the debdiff
<smoser> branch coming
<smoser> mathiaz, lp:~smoser/ec2-init/ec2-init.devel.pkg
<smoser> mathiaz, its "start in 9 hours" https://launchpad.net/~smoser/+archive/ppa/+builds?build_state=pending
<gcleric> exit
<smoser> i just checked it builds in a sbuild here. so that shouldn't be a problem
<smoser> mathiaz, i've got to step out, and will check back later. let me know if you need anything else.  i know that its annoying that my branch has no common ancesstor with lp:ubuntu/ec2init. i have to fix that.
<pting> is there a designated script to reset the mysql debian-sys-maint user?
<unit3> do you mean reset its password?
<unit3> I don't think so, I think you've just gotta edit the conf file and the mysql database entry.
<unit3> but I could be wrong.
<pting> unit3, ya, the password. i just wanted to sync up all the db user/passwords in my farm
<unit3> gotcha. well, that's not that hard.
<unit3> if you sync the "mysql" table between then, then the mysql auth info is synced.
<unit3> and then you just need to sync the less /etc/mysql/debian.cnf file.
<pting> unit3, true. it would be nice if it was in the preseed process
<pting> ya, i'll do that. thx
<unit3> erm -less. ;)
<Hypnoz> I have a few nfs mounts in /etc/fstab that aren't mounting on bootup, but mount -a works
<Hypnoz> anyone know a better way to put the line in fstab so it doesn't timeout
<unit3> do you have the _netdev option on them so it knows to mount them only after the network is up?
<Hypnoz> nah i heard about that
<Hypnoz> so it would be NFSpath localpath nfs _netdev 0 0
<Hypnoz> ?
<unit3> Hypnoz: yeah, or nfs4 for the filesystem type.
<unit3> depending on your server.
#ubuntu-server 2010-01-23
<Sky[x]> how to turn monitor ON over SSH without X, keyboard, mouse ?
<mathiaz> smoser: is normal that python-boto is no longer required on ec2-init 0.5.1?
<mathiaz> smoser: ec2-init sponsored to lucid
<Xpistos> Can some one help figure out how to see my samba shares in karmic. I get "unable to mount location. Failed to retrieve share list from server"
<agentk> Hi guys. I have a pair of storage servers mirrored with drbd and a pair of vm (kvm/libvirt) servers using iScsi exports. Has anybody gone through the process of integrating krb/ldap with a setup like this?
<agentk> Should the krb/ldap services run on the storage servers and store just the domain information for the storage and vm pair?
<wortbit> It it possible to run instances on the UEC cloud controller?
<richards> Hi, i have a new ubuntu server 9.10 install on which i'd like to set up multiple IP's on different vlans.  however only the IP address with which i specify a gateway is accessible to anything beyond the subnet.  If i specify a gateway for each vlan, only the last gateway in the interfaces file works
<richards> i've tried looking at traffic with tcpdump, and when pinging one of the non-working address es from outside the subnet, the incoming pings can be seen but the reply can not be seen
<richards> found it
<richards> looks like rp_filter is on by default now
<RoyK> what is rp_filter?
<richards> reverse path filter
<richards> its some form of ip spoofing detection
<RoyK> k
<richards> just trying to find a working way to apply it on boot
<RoyK> vi /etc/sysctl.conf
<richards> yeah, i know, just wasn't sure what to put in there
<richards> figured it out now, it's
<richards> net.ipv4.conf.default.rp_filter=0
<richards> net.ipv4.conf.all.rp_filter=0
<RoyK> yep
<RoyK> :)
<RoyK> sysctl -p to parse it
<RoyK> add vm.swappiness = 100 while you're at it
<richards> what does that do?
<RoyK> richards: it tells Linux to start swapping out early instead of keeping too much in RAM all the time
<RoyK> meaning if a process has allocated a bunch of memory "just in case", it gets written to disk if not in use, and the memory is used for something useful
<Jeeves_> richards: echo 1 > /proc/sys/net/ipv4/ip_forward
<Jeeves_> You want the machine to route all interfaces, right?
<richards> Jeeves_: not after the machine to be a router, no
<richards> just need it to be able to talk on multiple IPs
<richards> which is wasn't doing with rp_filter on
<richards> but its working quite nicely now
<frostedflake> im a nub, got a vps and locked myself out(ssh is dead). But i can still access (through virtuozzo) the filesystem and read/write from/to it and restart the server. Is there a way i can get ssh running with this limited acess?
<frostedflake> im a nub, got a vps and locked myself out(ssh is dead). But i can still access (through virtuozzo) the filesystem and read/write from/to it and restart the server. Is there a way i can get ssh running with this limited acess?
<frostedflake> Hi, i got a vps and locked myself out(ssh connection refused). But i can still access the filesystem (through virtuozzo) and read/write from/to it and restart the server. Is there a way i can get ssh running with this limited access?
<frostedflake> ops sry
<richards> frostedflake: probs the easiest thing to do is going to be to get n contact with your host
<richards> unless you've done something to /etc/ssh/sshd_config to break it
<frostedflake> should i see sshd in the proces list, or is it started when a connection is requested?
<richards> you should see it in the process list yes
<frostedflake> ok then it is not running anymore.
<richards> you may also have done something to rc.d or init.d to cause it to not start
<frostedflake> i thought i could maybe place a line in a file which is executed on reboot and start sshd that way
<richards> can you start sshd with /etc/init.d/sshd start
<frostedflake> if i had shell access, i could. I looked at rc0/1/2.d and ssh is there, but it seems to not get started.
<Jeeves_> richards: You can only have one single default gateway
<Jeeves_> If you want to reach ip's outside a subnet's ip, you have to set specific routers
<Jeeves_> s/routers/routes
<richards> Kernel IP routing table
<richards> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
<richards> 202.60.90.0     0.0.0.0         255.255.255.192 U     0      0        0 vlan8
<richards> 110.44.26.0     0.0.0.0         255.255.255.192 U     0      0        0 vlan26
<richards> 192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 bond0
<richards> 192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 bond0
<richards> 192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan6
<richards> 192.168.254.0   0.0.0.0         255.255.255.0   U     0      0        0 vlan3
<richards> 0.0.0.0         192.168.254.1   0.0.0.0         UG    100    0        0 vlan3
<richards> 0.0.0.0         110.44.26.1     0.0.0.0         UG    100    0        0 vlan26
<Jeeves_> So now you have two default gateways
<richards> only one will be active tho
<Jeeves_> And the kernel will somewhat loadbalance between those two
<richards> well looks like i have to head out
<richards> thanks guys
<RoyK> load balancing between two gateways doesn't really sound like a very good idea
<Disconnect> kinda OT but is anyone using a commercial web load-balancing system they like? we've hit the limits of what 3 year old big-ips can do (500mbit limits, we're pushing about 4-500 outside and 200 inside at peak)
<Xqtftqx_> Hi, can anybody help me set up pureftpd. i get: Fatal: unable to load module 'mod_lang.c': Operation not permitted
<ivoks> in apache?
<Xqtftqx_> when i try to start pureftpd
<Xqtftqx_> /etc/init.d/proftpd restart
<RoyK> Xqtftqx_: that was proftpd
<RoyK> not pureftpd
<Xqtftqx_> oh yeah >_>
<Xqtftqx_> sorry its proftpd
<ivoks> Xqtftqx_: are you restarting as user?
<Xqtftqx_> no
<Xqtftqx_> root
<Xqtftqx_> http://pastebin.com/m37bd4a32
<ivoks> error in configuration
<ivoks> (i haven't used proftpd for years)
<Xqtftqx_> How do i fix it?
<ivoks> check configuration
<ivoks> and find the error
<RoyK> http://discuss.joyent.com/viewtopic.php?id=24427
<RoyK> seems to be an old issue
<RoyK> or might be
<RoyK> http://www.maedness.de/doku.php?id=linux:problems
<RoyK> that one lists the solution
<RoyK> conclusion: dependency problems in apt
 * RoyK hands ivoks a win98 cd
<RoyK> Xqtftqx_: if it works, keep in mind that since I found that after 1-2 minutes of googling, it might be a good idea to start there instead of asking on irc ;)
<Xqtftqx_> i honestly have been googling all night
<Xqtftqx_> came across that same page i believe
<RoyK> does it help to install locales?
<Xqtftqx_> how do i _install_ a  locale?
<RoyK> from that page
<RoyK> Solution: If locales is already installed run as root:  "dpkg-reconfigure locales" Otherwise you firstly have to run:  "aptitude install locales"
<Xqtftqx_> locales is already installed
<RoyK> and dpkg-reconfigure doesn't help?
<Xqtftqx_> hold on ill pastebin
<Xqtftqx_> http://pastebin.com/m4772744e
<tuxcrafter> hello everybody
<RoyK> Xqtftqx_: env | grep LANG
<tuxcrafter> does somebody knows how /etc/motd is generated and how to cusomise it
<RoyK> Xqtftqx_: env | egrep 'LANG|LC_'
<Xqtftqx_> LANG=en_US.UTF-8
<Xqtftqx_> second command is the same thing
<RoyK> tuxcrafter: /etc/init.d/bootmisc.sh
<RoyK> Xqtftqx_: for a test - try to unset LANG
<Xqtftqx_> and now dpkg-reconfigure works
<tuxcrafter>  update-motd tools
<Xqtftqx_> and everything is working, idk how i missed that
<RoyK> Xqtftqx_: and proftpd?
<Xqtftqx_> thank you RoyK
<RoyK> Xqtftqx_: it won't last
<RoyK> LANG is set somewhere else
<tuxcrafter> RoyK: got no /etc/init.d/bootmisc.sh on my system
<RoyK> unsetting it is only for your current shell
<RoyK> tuxcrafter: sudo grep -rw motd /etc
<Xqtftqx_> can i set it at boot
<RoyK> and look through that :)
<Xqtftqx_> or how to i found out where its set
<RoyK> don't remember how to set that
<RoyK> sorry
<ivoks>  /etc/update-motd.d
<Xqtftqx_> alright, thanks for your help though
<Xqtftqx_> alright, so i moved to vsftpd
<Xqtftqx_> but whenever i try to login i get: 530 Login incorrect.
<ivoks> configure it
<ivoks> by default it doesn't allow login for local users
<ivoks> byw
<ivoks> bye
<Xqtftqx_> Ive done that
<RoyK> Xqtftqx_: first, allow local user
<RoyK> second, set a valid shell on that user
<Xqtftqx_> its good now, i can login
<RoyK> vsftpd won't allow a user to login if the shell is wrong
<Xqtftqx_> and i can view and download files, but i cant modify anything
<RoyK> # Uncomment this to enable any form of FTP write command.
<RoyK> write_enable=YES
<RoyK> tried that?
<Xqtftqx_> dir, i had to uncomment that
<Xqtftqx_> i was up till 2am working on this, but now its workin all nicely :D Thanks for all your help
<RoyK> Xqtftqx_: next time, try to use something over ssh instead
<RoyK> ftp is insecure by design
<Xqtftqx_> alright
<RoyK> ftp over ssh works well, though
<Xqtftqx_> ill set that up later, im just getting bugged out getting stuff uploaded
<RoyK> also, (something) over ssh is far easier to setup
<RoyK> more or less zero config
<RoyK> if sshd is installed, ftp or rsync or something will work well over ssh
<Xqtftqx_> RoyK, i have one more problem. i enabled write but i still cant write
<Xqtftqx_> the user is ftp and its dir is /var/www
<Xqtftqx_> i chowned /var/www but still nothing
<RoyK> still nothing what?
<Xqtftqx_> i cant do anything
<Xqtftqx_> i can download and what not
<Xqtftqx_> but if i try to make a directory i get a 550 error
<Xqtftqx_> (Perm Denied)
<RoyK> restarted vsftpd?
<Xqtftqx_> yes
<RoyK> checked the logs?
<sergevn> hi
<Xqtftqx_> yeah
<Xqtftqx_> permission error
<sergevn> does someone has any experience with mod_fcgid
<sergevn> configured an apache server with it, but it gives back plain php files
<sergevn> could someone poke me in a direction? :)
<usrv> If you have 3 nics installed in your ubuntu-server machine (all of which are setup with manual ip address configs on 2 different networks) how does ubuntu figure out the default path to access the internet?
<usrv> or what defines that path
<cemc> usrv: you should have one 'gateway' line in /etc/network/interfaces, under the nic to the internet
<guntbert> usrv: for once you set it with route add default ....
<usrv> cemc: ahhh. so if i have a gateway line for all 3 it will just go with the last one in the list?
<cemc> usrv: good question... take a look at 'ip r' output
<usrv> the one I don't want it going through is the last one in the list
<usrv> i'll make some edits and restart networking
<usrv> cemc: I removed the gateway line and restarted networking... turns out I needed to remove the network line as well because ip still had the network I didn't want listed last
<usrv> all is well now
<usrv> thanks for your help
<RoyK> there should only be one default gateway
<RoyK> in a multipath scenario, you'll need a routing protocol in the network
<RoyK> such as ospf or rip
<usrv> thanks royk
<RoyK> and that's not an ubuntu or linux thing ;)
<coffeedude> killall -9 netlogond lwregd
<coffeedude> Heheh...Ooops.
<cemc> ;)
<crimsun> hi, does anyone know of a reason not to merge corosync 1.2.0-1 from Debian testing for Lucid?
<zul> i was waiting for the ubuntu-ha folks to do it
<crimsun> ok, any ETA? I'm happy to not worry about it.
<ruben23> hi
<RoyK> ho
<RoyK> omg, you're on #asteirsk
 * RoyK hides
<ruben23>  RoyK:yeah
<ruben23>  RoyK: asterisk geek..?
<RoyK> once upon a time
<RoyK> and I'll probably work with it again
<ruben23> RoyK:how come now..?
<ruben23> not with asterisk
<RoyK> that is, if someone decides to pay me $1M a year or something, I will
<RoyK> maybe
<ruben23>  RoyK: what your work now..?
<RoyK> operations
<RoyK> unix stuff
<RoyK> linux and solaris and sometimes even windoze
<ruben23> RoyK:you an administrator..? i have not yet tested solaris, im planning to try it-i have already a colletions of book
<RoyK> we're using solaris for some stuff
<RoyK> it's great for storage
<ruben23> solaris have server and desktop..
<ruben23> ?
<RoyK> this new $11k box with 30TiB storage is a good idea of why one want to use opensolaris
<RoyK> solaris/opensolaris is like any other OS, it can be used for client and server
<RoyK> we have some solaris workstations too
<RoyK> some people stick with that
<ruben23> ow ok..and all other services too,like mail server, and other stuff.
<RoyK> currently we're using solaris for mail, but we're moving to a new system. dunno what yet, though
 * RoyK prays to random gods it's not going to be Exchange
<ruben23> whats basically the difference between linux and solaris, is it not hard to go for solaris while your doing linux.
<RoyK> it's another OS, but a lot of stuff is similar
<ruben23> why you dont want exchanges.
<RoyK> I don't
<RoyK> I've been running exchange for some time
<ruben23> are you on a datacenter..?
<RoyK> I know what it can do and how it can fail
<ruben23> working
<RoyK> no
<RoyK> just a company, research institute
<ruben23> just a corporation
<ruben23> ow ok
<ruben23> very nice
<ruben23> me hope i can have co-employee like you..or even friend who ahve the knwoledge stuff like you.
<ruben23> expert level, im a biggener
<ruben23> but i love this work..
<ruben23> RoyK: do you have IM account
<ruben23> can i add up you
<RoyK> I use irc :)
<ruben23> how about skype..? you do accept apprenticeship..:-D on your free time.
<RoyK> nah - just irc
<ruben23> ok
<RoyK> so are you using asstrix?
<RoyK> http://karlsbakk.net/fun/asterisk_architecture.jpg
<RoyK> http://karlsbakk.net/fun/asterisk-installation.wav
<ruben23> i have dreamned to setup my own email server, how i wish- but im on my own here- hope i could find a mentor to guide
<ruben23> yes on our operation, we do asterisk
<RoyK> k
<ruben23> im working on a call center
<RoyK> about asterisk - see those two links ;)
<ruben23> RoyK:this is nice
<RoyK> ruben23: as for opensolaris, I suggest downloading the install iso, some virtualisation software and testing it a little - the learning curve might be a little steep, but it's ok
<ruben23> RoyK:yes i will test it..and update you someday..
<uvirtbot`> New bug: #256062 in openldap "dapper to hardy: Directory /var/lib/ldap not empty, aborting." [Undecided,Incomplete] https://launchpad.net/bugs/256062
<ScottK> ls
<Xpistos> Hi everyone
<Xpistos> Can I get a hand with some file permissions? I have an SSHFS share but I am getting errors when I try to move things
<PatrickDK> I need to do some amazon ec3 stuff soon
<PatrickDK> I was wondering how compatable uec is with ec2
<PatrickDK> damn, ec3 :)
<PatrickDK> If I was to build a uec cluster, and tested/setup/... what I wanted to do on it
<PatrickDK> how easy would it be to move them to ec2?
<PatrickDK> just image it? or do I need to use different kernels/...
#ubuntu-server 2010-01-24
<uvirtbot`> New bug: #511743 in ntp (main) "typo in ntpdate manpage (patch included)" [Undecided,New] https://launchpad.net/bugs/511743
<erichammond> PatrickDK: If your end goal is using EC2, then I'd recommend using EC2 from the start.  You skip a big Eucalyptus learning curve which is not necessary for using EC2 and you avoid various Eucalyptus-specific issues and incompatibilities.  They keep getting fixed and a lot of progress is being made, but I think your life would be simpler not getting into it if you don't have to.  EC2 is pretty cheap to fool around with if you don't l
<MTecknology> Any idea how I can stop these messages from winding up in /var/mail/michael ?
<MTecknology> not there - but just not generated
<jpds> MTecknology: Cron messages?
<MTecknology> ya
<MTecknology> I know I can set MAILTO="" in crontab; but I do want messages from some of them
<jpds> Pipe the ones you don't want to /dev/null
<MTecknology> pipe or redirect?
<jpds> The latter.
<MTecknology> so this? @daily /home/michael/.bin/sync-logs 2>&1 > /dev/null
<MTecknology> or do I not need the 2>&1 anymore?
<jpds> Shouldn't be necessary.
<MTecknology> ok, thanks :)
<PatrickDK> erichammond, hmm, I was estimating costs, and it looked like around 2k for 2 days
<PatrickDK> and if I scaled ec2 up to a development + testing time of 1week, heh
<MTecknology> PatrickDK: what's that for?
<PatrickDK> to mirror a production envioment, so it can stay live, while the physical infrastructure is moved
<MTecknology> fun..
<usrv> what's the best way to encrypt a raid that will just be used for storage under ubuntu server?
<erichammond> usrv: I'm not sure about "best", but I use cryptsetup with LUKS.  Once I find something that works, I tend to stick with it, so I'm probably a few years behind the hottest new encryption setup.
<erichammond> usrv: This won't apply directly to every situation and you should understand every aspect of the tools you are using when security is at stake, but it might give you some pointers to follow: http://alestic.com/2009/10/ec2-disk-encryption
<erichammond> usrv: If you're talking "server" there is a big question about where you store your decryption key and if you need to re-enter it manually on a reboot.
<sabgenton> !network install
<sabgenton> I want to install sever over the netowork as  you can make a usbstick of ubuntu-server
<sabgenton> !tcp install
<wortbit> It it possible to run instances on the uec clc?
<cHarNe2> hi guys, dont know if am at the right place, but ill give it a shot,
<cHarNe2> i got a ubuntu server at witch i am using as file-server etc.
<cHarNe2> and im doing a _lot_ mv, rm, rar, you name it. but i want to make this easier.
<cHarNe2> i want to make C-w erase untill '/' or ' ', not just ' '.
<cHarNe2> how or where do i fix this?
<dayo> how do i undo the rules i've added to iptables from this tutorial and then restart iptables? http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
<dayo> how do i restart iptables in ubuntu? `/etc/init.d/iptables restart` doesn't work.
<mealstrom> check iptables-save iptables-restore
<mealstrom> and iptables-apply
<DrNick_> does anyone know what happened to ubuntu server on Sun hardware? I'm assuming that idea kinna died a death...
<uvirtbot`> New bug: #511888 in samba (main) "Samba Panic" [Undecided,New] https://launchpad.net/bugs/511888
<uvirtbot`> New bug: #511893 in mysql-dfsg-5.0 (universe) "install of mysql-server-5.0 fails" [Undecided,New] https://launchpad.net/bugs/511893
<au> hm, I am running ubuntu 9.10 server with apache and it appears to ignore my server tokens that I have put in the apache2.conf, is this normal?
<au> I have ServerSignature On
<au> and ServerTokens Prod
<au> in apache2.conf but it still says Apache/2.2.12 (Ubuntu) Server at 10.0.0.3 Port 80 -- I have restarted Apache, still the same
<wortbit> Is it possible to run isntances on the same machine that runs e.g. the clc?
<ckontros> With "unattended-upgrades" is "Ubuntu karmic-main"; a proper "Allowed-Origins"
<ckontros> ?
<wortbit> Is it possible to run the node software/instances on the same machine that runs the cluster controller?
<jpds> ckontros: No.
<jpds> ckontros: Just "Ubuntu karmic-updates"; - should do it.
<ckontros> jpds: That should get me any updates from main,universe and so on? I also want to add a PPA. What should the formatting be like for them?
<jpds> ckontros: All in your sources.list, yeah.
<jpds> Never have used it for a PPA though.
<ckontros> jpds: Even an enabled PPA? Neat.
<ckontros> Oh
<resno> whats the best way method of databack up on a home server.
<jMyles> I'm running ubuntu-server as a gateway / router with two NICs.  It's working great, but I think some traffic is being blocked by iptables that I don't want blocked.  I am logging it and tailing the log, but I'm not sure what I'm looking at.  For example, I'm running wifidog (a captive portal auth and gateway) and it is supposed to ping clients once a minute.  However, the pings are not arriving.
<MTecknology> Anyone know offhand a directory I can't use ls on if I'm not root?
<guntbert> MTecknology: what do you want to test?
<MTecknology> guntbert: I'm trying to show the difference between root and not root to a user - I'm trying to explain what sudo does
<guntbert> MTecknology: well you could/should set the permissions for /root to 700 - or you try to cat /etc/shadow
<MTecknology> I found one - /etc/ssl/private
<MTecknology> guntbert: thanks
<guntbert> MTecknology: you're welcome :-)
<MTecknology> I always seem to need to type my password in twice to do anything :S
<jMyles> I have some questions about iptables - can I send my iptables -L -v to somebody and ask some questions?
<guntbert> jMyles: in any case (I cannot assist at the moment) you could !pastebin it
<guntbert> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://ubuntu.pastebin.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<jMyles> guntbert, yeah, I'm hoping somebody can work with me one-on-one for a little while and help me firmly grasp what I'm looking at.
<jMyles> btw, I just started using pastebinit - what an awesome little piece of software!
<guntbert> isn't it?
<Tobi_2> hey guys, have a question to server networking. have in my intranet some devices with static ip adresses in a specified subnet. is it possible to handle 2 subnets with one network interface (eth0)
<Tobi_2> hope you can help me
<sub> yes, using an alias/sub-interface
<Tobi_2> is there an article in man or web?
<Tobi_2> i tryed with iface eth0:1 inet static address 196.168.0.1..stuff but ifconfig only shows the direct eth0 configuration - and i can't ping devices in this 196... subnet
<sub> try starting with eth0:0
<Bizzeh> is it possible with ubuntu server to set up your own cloud?
<andol> Bizzeh: Actually, that is *possible* with pretty much any operating system. That said, using ubuntu server might give you a few more building blocks in place.
<DrNick_> there's loads of cloudy stuff up on the ubuntu website about it at the moment.  you get the impression they seem to rather like the idea.
<internalkernel> Does anyone have any good online references for setting up Quotas in Dovecot referencing mysql? (Ubu 9.10, Dovecot 1.1, postfixadmin)
<internalkernel> I've read http://wiki.dovecot.org/Quota/1.1 over and over and over... to no avail
<internalkernel> and google produces a lot of garbage that brings me back to that page...
#ubuntu-server 2011-01-17
<mrroth> hmm seem ebox is als outdated
<mrroth> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<mrroth> oh it called Zentyal
<fuho> Hi, I am probably having permision issues because I get forbiddden when I try to access my website. The directory was created by "username" but apache runs as "www-data" what would be the correct setup?
<fuho> I mean if Apache is "www-data":"www-data", should every user with access to FTP from which the websites are served be in "www-data" group?
<mrroth> hi
<mrroth> is thier a way I can proxy apache
<mrroth> say if I make a front end loading page
<mrroth> that I want to have login page, and then it aloows me to launch links from my internal network
<mrroth> like websites that are internal  is tha thow it done
<mrroth> with out doing vpn
<twb> They renamed it for some silly reason
<mrroth> oh
<twb> (ebox)
<mrroth> is it any good
<mrroth> as a soultion to be sold to small bussiness
<twb> No.
<twb> No web UI is any good
<mrroth> or would I have to be troubleshooting it all da
<mrroth> best just with ubuntu server
<twb> Especially web UIs intende to turn idiots into sysadmins without the intermediary "learning" phase.
<mrroth> if all they need is file sharing, or a nas or
<mrroth> so best it just a server with ubuntu server or widnows stnadarfd server
<fuho> I tried webmin, it worked.
<twb> It "works" provided you are happy to have badly-written, insecure perl scripts writing config files that no longer work the way they were coded to expect.
<twb> There's a reason Debian and Ubuntu don't ship webmin.
<mrroth> oh thier is
<fuho> But I agree with TWB, thats why I formatted my VPS and started from scratch configuring everything myself, its btter because you actually know what is happening, at least mos of the time :)
<mrroth> oh yea
<mrroth> I had freenas before
<twb> If you need to manage a whole lot of hosts, I would be looking at something like puppet
<mrroth> but I gave i tup, it did not allow me to do stuff on my own as much or it would break
<twb> I can't comment on FreeNAS.
<mrroth> freenas is good
<mrroth> but unbuntu out of the box offer freenas stuff if you like the cli
<mrroth> and has updated packages
<fuho> Quick question: What group should the FTP users be in so they can server websites? I am getting Forbiden in the newly created folder.
<twb> fuho: that depends what FTP daemon you're using.
<fuho> vsftpd
<twb> fuho: I would STRONGLY recommend you use SFTP rather than FTP (for uploads).
<twb> fuho: vsftpd defaults to only allowing anonymous read-only access.
<fuho> twb: i reconfigured it.
<twb> IIRC there's an option in there to say what group to allow
<fuho> twb: I can connect anc create directories, files and anything.
<twb> fuho: oh, OK,  maybe it's a permission/ownership issue on the new folder?
<twb> fuho: or maybe that dir is outside the chroot in which vsftpd is running?
<twb> fuho: have a look at ls -lids /proc/`pidof vsftpd`/root
<fuho> twb: I am using SFTP for anything important, I know about the plain password, so for root I never use FTP, but for generic web user I do, because Notepadd++ doesn't support SFTP
<twb> fuho: bleh
<twb> fuho: well, I'm not gonna cmoe around and break your legs to stop you
<twb> But see http://mywiki.wooledge.org/FtpMustDie for other reasons than security.
<fuho> twb: :) Thanks. I really try to be secure, so as I said root password was never sent in plaintext
<twb> fuho: sure, but root isn't the only attack vector.  For example, someone could still upload a .php script to /var/www as your FTP upload user, and then run it to turn your box into a mail relay.
<fuho> twb: I do agree, unfortunately it is still the industry standard. I was thinking about using Samba for that, do you have any experience?
<twb> fuho: I wouldn't expose samba on an untrusted network
<fuho> So what is left then? I can run everything through VPN, that would solve a bunch of problems
<twb> SFTP or a VPN
<twb> AFAIK most FTP clients for WIndows will talk SFTP
<twb> Pity Notepad++ doesn't; you probably can't force your devs to use a better editor :-(
<mrroth> oh
<twb> In theory you could use something exotic like AFS instead, but IMO that's not worth the hassle
<fuho> twb: I DO use SFTP for actual FTP work, moving files, editing configs and so on, but when coding I use Notepad++ to edit files on server straight away and for that I have to use FTP unfortunately
<mrroth> what is best setup for a ubuntu home server made from scratch twb
<fuho> twb: Better editor? Show me one :D
<twb> fuho: emacs, or I suppose eclipse
<twb> I *know* Emacs supports transparent remote writes over SFTP.
<twb> mrroth: that's too vague for me to answer.
<twb> mrroth: do you have a specific goal?  Like, say, "I need to share files with Windows and proxy web browsing"
<mrroth> like as a home fileserver + media
<mrroth> somewhere I can remote to and grab my pictures, home moives, and documents
<mrroth> at hoome and on the road
<twb> mrroth: for unix to unix, NFS is cheap, fast and easy.  If you need to talk to Windows, you need Samba.
<mrroth> bassically I want a webfront end, with login
<twb> mrroth: for remote access, you should use SFTP -- on the client side you can use sshfs to make it easier.
<mrroth> so I can logon to a webpage on my ubuntu server, that then will allow me to use other websites running locally on my ubuntu box
<twb> mrroth: I don't support or approve of web UIs; you can always log in remotely using SSH.
<mrroth> ahh k
<mrroth> but is it possible to have a webfrontend that will proxy the remote pc to use internal stuff
<twb> mrroth: to get to web UIs on the *internal* network, you can use SOCKS proxying or port forwarding via your SSH login
<twb> mrroth: or you could set up a simple VPN tunnel
<mrroth> ahh or hamachi
<fuho> mroth: You need VPN probably, if you are trying to look like you are accessing the websites from your server (or home desktop)
<mrroth> Yea I have hamachi  on the laotp that allows me to also connect a linux box with hamachi and use ssh sshfs
<twb> mrroth: e.g. "ssh -L 8080:www:80 login.example.net" will connect www:80 within example.net  to localhost:8080
<mrroth> fuho like when I am at work, I want to access my home network to see stuff I am wrking on home
<mrroth> thanks
<twb> mrroth: hamachi appears to be a "shareware VPN".  I would suggest instead either OpenVPN (easy) or l2tp/ipsec (future-proof).
<mrroth> it free up to 16 clients
<mrroth> for home use
<mrroth> oh I see
<mrroth> I have pfsense firewall, I could probally do l2tp/ipsec on my laptop to it
<twb> mrroth: it might be gratis, but because it's (presumably) closed-source, it's less likely to be scrutinized by security analysts.
<twb> ipsec is a required part of IPv6, so I think it's a good thing to learn it
<fuho> twb: I think he will have enough problems setting up OpenVPN
<mrroth> Sweet
<mrroth> twb oh I see
<mrroth> last and final question for use use I want to replace my clam shell dell p4, with something smaller and probally have lower power what would u suggest :)
<fuho> mrroth: OpenVPN was do-able, took me a while to get it working though, but I am unix noob
<twb> I set up a point-to-point OpenVPN connection using pre-shared keys in about thirty seconds
<twb> If you need a hub-and-spoke OpenVPN setup (i.e. >1 client), then you need to set up SSL, which is a bit harder.
<fuho> It took me 30 minutes just to generate the key ;Ãº
<fuho> twb: Not to figure out how to generate it but actually computing time.
<twb> fuho: do it on a faster box, then
<twb> a Pentium III should be fast enough
<fuho> 4096 RSA?
<twb> http://paste.debian.net/104828/
<twb> Maybe you didn't have enough entropy on the host?
<twb> (I couldn't find a PIII quickly, sorry.)
<fuho> twb: :D Wow, now I am either an idiot or didn't remmeber the encryption correctly, let me check, now I have to be sure.
<twb> fuho: unless it was, say, a 200MHz MIPS WRT, you probably just didn't have enough entropy
<twb> Mashing the keyboard is enough to fix that
<fuho> twb: Really? I had no clue, I thought it always takes lot longer. But mine "Image" was a lot bigger
<fuho> twb: Yeah, when I did "buil-key-server" using dh4096.pem I could have just "mashed" keyboard and save myself half an hour? The server is quad core with 2GB of RAM
<Alan> I'm having a pretty annoying problem at the moment, could somebody maybe help me track down what's causing it?
<Alan> The problem: occasionally, my server likes to completely freeze for between 10 and 30 seconds
<Alan> it'll do it maybe once every few hours
<Nafallo> Alan: what disk drives do you use?
<Alan> by "freeze" i mean that pretty much all IO stops
<Alan> and anything depending on IO
<Alan> Nafallo: RAID5 on top of Samsung 1TB drives (F1, F2 and F3 editions)
<Alan> I can do a few things
<Nafallo> Alan: dang. I suspected WDC Green or so. they have that problem.
<Alan> in fact... hmmm, maybe it's my RAID stalling somehow
<Alan> I just realised
<Alan> everything that still works would be on the OS disk
<Alan> everything that stalls is waiting forever for something on the RAID
<Alan> for example, i can login via SSH, but can't spawn a shell because it's trying to read ~/.bashrc
<Alan> I can run "top" ,but not "htop" (because it has a settings file)
<Alan> and my minecraft server completely stops too
<Alan> How could I go about debugging the problem?
<Alan> It's a reasonably recent problem, but the only thing that's really changed is a different minecraft server version
<Alan> A single application shouldn't be able to stall IO on an entire filesystem, should it?
<Alan> I've checked the usual places (dmesg, /var/log) and nothing happens that corresponds to the stalls
<twb> fuho: yes
<fuho> twb: Well, thanks then I will know next time.
<twb> The BEST one of those I had was firefox
<twb> It generates a key at boot if there isn't one in /home, using /dev/random
<VoiDeT> Hi there, basic question. I've added a user to a group, www-data, but the user can't write files to a directory owned by www-data:www-data with 755 as permissions. What am i missing.
<twb> So for my netboot live desktop system, EVERY TIME you booted, firefox would appear to "just hang" unless you mashed the keyboard like a spastic
<mrroth> oh
<mrroth> thanks
<fuho> twb: :D
<twb> mrroth: 755 is user rwx, GROUP rw.
<twb> Sorry, GROUP rx
<twb> And that was at VoiDeT
<mrroth> oh I se
<VoiDeT> right, so 775 is more like it
<twb> VoiDeT: yes.
<twb> VoiDeT: also, if "groups" doesn't report www-data, that user will need to log out and back in
<twb> VoiDeT: (groupship is only applied at login time.)
<VoiDeT> yeh it does :) thanks twb, seeing as though only the users www-data and myself are in that group, is that fairly safe to us
<twb> VoiDeT: I suppose so
<fuho> Gotta go, bye
<joebob777as7> I can't mount usb devices with a user account getting errors. Error mounting: mount exited with exit code 1: helper failed with:mount: only root can mount /dev/sde1 on /media/backup_1
<twb> That's not an error, that's security.
<joebob777as7> the user has fuse permissions
<twb> fuse is not needed to mount USB mass storage devices
<twb> Privilege escalation is.
<joebob777as7> twb, and isn't that supposed to be set up by default? 10.04 64 bit server edition with desktop installed
<twb> If you're using a GUI, I think there's some kind of GNOME udisks/hal/pmount shit to give users such permissions, but that's out-of-scope for this channel.
<areay> hi all.. in the ubuntu server guide, under UEC it states "by default, Eucalyptus will only run 1 VM per CPU core on a Node." --how do i change this "default"?
<joebob777as7> twb, i don't need the gui. I just need the usb drives to automount when plugged in but not stop boot if not plugged in
<twb> joebob777as7: automount as root?
<areay> in essence i'm wondering if it's possible to run multiple VMs on a single core using UEC
<twb> areay: I suppose so, but I'm not familiar with UEC.
<joebob777as7> twb, yes or user i don't care
<twb> joebob777as7: write a udev rule that matches on the device's serial number, and have it run the mount command
<joebob777as7> twb, no simpler way?
<twb> That's pretty bloody simple
<areay> twb, the language used would suggest it.. i've spent some time googling to see if this is possible but i haven't had much luck :/
<twb> Er, note that it'll automount at all times -- not only at boot.  You might not want that
<joebob777as7> ok i'll look into it. never used custom udev rules
<pmatulis> joebob777as7: maybe the 'usbmount' package?
<joebob777as7> pmatulis, ok i'll look into it thx
<pmatulis> !info usbmount
<ubottu> usbmount (source: usbmount): automatically mount and unmount USB mass storage devices. In component universe, is extra. Version 0.0.20ubuntu1 (maverick), package size 16 kB, installed size 120 kB
<twb> pmatulis: that appears to work via udev rules, so yeah
<twb> It mounts them on /media/usbN instead of using the device name, but whatever
<clusty> hey
<clusty> anybody using transmission-daemon ?
<clusty> after the last update it stopped working properly
<airtonix> no i'm using deluge-daemon
<clusty> while it might sound funny, i am boycotting deluge cause the devs are assholes :D
<twb> I don't use bt at all, because they only have popular stuff
<clusty> twb: you're one of those people that think mainstream is zoo beneath them?
<twb> I don't *think* so.
<airtonix> wut?
<patdk-lap> whoa, launchpad is fast tonight
<airtonix> whats with the rt_ioctl_giwscan logspam ?
<a7ndrew> How do I know if apport is running properly? ps aux | grep apport returns nothing, but service apport restart reports 'apport start/running'
<a7ndrew> apport-cli tells me there are no pending crash reports, and /var/crash/ exists and is empty
<twb> a7ndrew: it's probably a task
<twb> Ah, it's a pre-start and post-stop script.
<a7ndrew> does that mean i need to crash something to confirm apport works?
<twb> I don't know, man
<twb> I report bugs to Debian because I hate launchpad
<Flam> too many ubuntu channels i got confused :/
<Flam> Hi I'm trying to SSH to my server without a password (for rsync).  I ran "sudo ssh-keygen -t rsa -b 4096 -f /home/Flam/cron/a-rsync-key" on Ubuntu 10.04 and got the .pub file and the private key, then I did "sudo cat a-rsync-key.pub >>.ssh/authorized_keys" on the remote host.  Now I'm stumped :P  Some guidance as to what to do next would be appreciated.  Also, where do I put the private
<Flam> key?
<gobbe> why did you specify file?
<gobbe> if you run it without -f it will put keys to proper place, and then you just upload your public key to server
<Flam> oh
<openstandards> hi all
<ignarps> hi
<openstandards> currently experiencing a seg fault when using both apt-get and aptitude
<gobbe> is your hdd ok?
<openstandards> Segmentation faultsts... 0% its not even trying to load the list
<openstandards> should be its a remote server
<gobbe> that sound like my ssd :-D
<gobbe> it just started to seg fault and then *boom* :-D
<gobbe> is everything else working?
<Flam> Can I backup mysql by just copying /var/lib/mysql or must I use mysqldump?
<gobbe> mysqldump, it wont be consistent without it
<Flam> So if I want to backup my site and its DB with rsync, I should run the mysqldump command on cron locally, and then fetch it with rsync correct?
<gobbe> yep
<Flam> thanks
<GatorAlli> Hello, my internet disconnected. :P Where is the best location to store .jar files for use on Ubuntu server?
<jmarsden> GatorAlli: Consider /usr/share/java/ but I am not sure if that is the officially correct answer.  It's just where a lot of them are.
<gobbe> you can store them where you want, there's no "correct" place for them
<GatorAlli> kk
<gobbe> but /usr/share/java is ok
<GatorAlli> I'm sorta new to web servers. im running a lamp server and would like no one on the other side of the server to acess tham
<gobbe> well, then anything that is not shared with apache is safe
<gobbe> like /usr/share/java
<openstandards> no strace either
<openstandards> fuck, any suggestions?
<airtonix> openstandards, how do you know the hdd is ok?
<airtonix> or are you just assuming ?
<Flam> Shit after installing rsync I discover rsnapshot.  sigh
<airtonix> Flam, did you fix your keybase ssh login ?
<openstandards> airtonix, i'm assuming the hdd is ok
<Flam> yeah, doing it your way helped.  also I was prepending sudo to it, which made root keys :/
<openstandards> airtonix, seems linux can be solved the windows way
<Flam> s/your/gobbe
<openstandards> A simple restart has cured it for now
<airtonix> Flam, for next time you can just generate your key and use ssh-add user@remotehost
<Flam> Oh sweet.  I'll keep that in mind
<airtonix> Flam, but for specifics, one of the things you might not find out is that authorized_keys gets ignore if its not chmod 600
<airtonix> but i think ssh-add takes care of that for you
<Flam> Mine is at 700 and works
<Flam> just set it to 600 however.
<Flam> just for neatness :P
<airtonix> might want to double check it just in case
<Flam> I did, 600/700 both work, so I'm keeping 600
<airtonix> i think the main thing is that it chokes if group or other can read it
<airtonix> which is perfectly understandable
<twb> 600 is for files; 700 is for dirs
<Flam> I see @ both
<areay> hi all.. i'm using UEC -- is it possible to have more than one VM per cpu core? i understand this is the default but is there a way to override it?
<twb> areay: does #ubuntu-cloud still exist?
<areay> it does ;) thanks twb :D
<jfb_h20> if I want to copy my previous printer settings across to a new machine (identical 10.10 release) what files to copy?
<twb> jfb_h20: /etc/cups, I imagine
<twb> Stupid drive-bys...
<Kiall> twb, lol
<uvirtbot> New bug: #703859 in autofs5 (main) "package autofs5-ldap 5.0.4-3.1ubuntu5.1 failed to install/upgrade: trying to overwrite '/usr/lib/autofs/lookup_ldap.so', which is also in package autofs-ldap 0:4.1.4 debian-2.1ubuntu2" [Undecided,New] https://launchpad.net/bugs/703859
<uvirtbot> New bug: #703868 in nagios3 (main) "package nagios3-cgi 3.2.1-2ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/703868
<uvirtbot> New bug: #703008 in ocfs2-tools (main) "Please merge ocfs2-tools 1.6.3-1 (main) from Debian unstable (main)" [Wishlist,Fix released] https://launchpad.net/bugs/703008
<uvirtbot> New bug: #703942 in clamav (main) "package clamav-daemon 0.96.5 dfsg-1ubuntu1.10.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/703942
<clusty> hey
<clusty> are universe packages maintained by ubuntu?
<pmatulis> clusty: what do you mean by 'ubuntu'?
<clusty> as in can i file a bug for a universe package?
<pmatulis> clusty: of course
<clusty> thanks
<pmatulis> clusty: the vast majority of packages are in universe
<clusty> ohh multiverse is the "anything goes" one :D?
<pmatulis> clusty: not free, yeah
<pmatulis> clusty: https://help.ubuntu.com/community/Repositories/Ubuntu
<uvirtbot> New bug: #703977 in bacula (main) "bat from bacula-console-qt. not showing menu" [Undecided,New] https://launchpad.net/bugs/703977
<uvirtbot> New bug: #244994 in ocfs2-tools (main) "missing python-vte recommends/depends" [Low,Incomplete] https://launchpad.net/bugs/244994
<uvirtbot> New bug: #246613 in ocfs2-tools (main) "ocfs2 startup link prior to open-iscsi" [Low,Incomplete] https://launchpad.net/bugs/246613
<uvirtbot> New bug: #427518 in ocfs2-tools (main) "OCFS2 rejects mount option uhelper=hal" [Undecided,Won't fix] https://launchpad.net/bugs/427518
<uvirtbot> New bug: #474215 in ocfs2-tools (main) "mountall-net tries to mount ocfs2 before o2cb is started" [Low,Confirmed] https://launchpad.net/bugs/474215
<uvirtbot> New bug: #583309 in ocfs2-tools (main) "fsck.ocfs2 not supporting "-a" option, causing os boot to stall" [Low,Incomplete] https://launchpad.net/bugs/583309
<uvirtbot> New bug: #613793 in ocfs2-tools (main) "o2cb stopping Failed" [Medium,Confirmed] https://launchpad.net/bugs/613793
<uvirtbot> New bug: #489272 in linux (main) "bug in ocfs2 for linux-2.6.31" [Undecided,New] https://launchpad.net/bugs/489272
<zul> Daviey: ping i was thinking can you do your ftbfs from test for the server seed again?
<Daviey> zul, I was thinking about doing it at the start of A3.
<zul> Daviey: coolio..
<Join-D2> Hi everyone, i am trying to access an AFP volume on my ubuntu-server machine (netatalk), but when connecting tru Mac OS it always gives me an "wrong username/password" error
<Join-D2> i think it has something to do with the password encryption.. any ideas?
<cemc> hi. I have an ubuntu 8.04 with ebox on it. how could I get a list of email users/addresses without knowing anything about ebox? I just need a save/backup, it will all be reinstalled
<internalkernel> Can somebody clear something up for me? I'm confused on this one point:
<internalkernel> If Im running postfix + dovecot and trying to use dovecot's sasl auth - I shouldn't need to configure saslauthd? Is this correct? Or does dovecot depend on the saslauthd mechanism?
<internalkernel> I picked up the impression that saslauthd is part of the cyrus auth, and therefore would be redundant if used with dovecot
<vulgarcito> hello every1!
<vulgarcito> i have a server with two hard disks, first one have openSUSE 11.1 and in second and new (1TB) i has installed Ubuntu 10.10....    ....first it's was booting well but after instalation of Ubuntu just boot by GRUB; How i can't fix it for boot from first HD (OpenSUSE) again?
<pmatulis> vulgarcito: what boots now?  just ubuntu?
<Error404NotFound> the other sysadmin screwed up sudo, there is no root password set, atleast not that i know, and root ssh is blocked, any way to fix it? Its a cloud server
<gobbe> Error404NotFound: some cloud servers have ability to boot in single user thru terminal
<gobbe> if you don't know root password, and sudo is fucked up, you have to boot in single user
<b0gatyr_> greetings!
<anternat> hi
<anternat>  is phpmyadmin included in jaunty?
<gobbe> apt-cache search phpmyadmin?-)
<anternat> yields no results ...
<anternat> thanx for the answer
<gobbe> packages.ubuntu.com has also all packages related to release
<anternat> thanx gobbe, was trying on a non BW consuming solution but seemingly repo is the only choice ...
<anternat> that page has an error
<RoyK> anternat: iirc it is, but as always, I'd recommend learning to use the command line utilities - it's basically the same as using some fancy GUI, exept you learn more
<anternat> true Roy, havent setup gui for that reason, totally agree
<anternat> altho all is a mit much new to me :)
<EvilPhoenix> !jaunty
<ubottu> Ubuntu 9.04 (Jaunty Jackalope) was the tenth release of Ubuntu. End Of Life: October 23, 2010. See !eol and !upgrade for more details.
<EvilPhoenix> anternat:  jaunty isnt supported anymore
<EvilPhoenix> you should upgrade
<anternat> may be next month as dsl quota is almost over
<EvilPhoenix> uh...
<EvilPhoenix> what?
<anternat> sad but true :)
<zul> Daviey: you still around?
<pmatulis> is it possible to store encryption keys (dm-crypt) on the network and somehow access them when booting machines with encrypted drives?
<Thirtysixway> Does anyone know how to change the package  mirror used during the server install
<RoyK> Thirtysixway: _during_ install?
<Thirtysixway> yes
<RoyK> I doubt that's possible
<RoyK> apt will read the file on startup and continue until it's done or interrupted
<Thirtysixway> well i know it's possible to do it with a preseed file
<Thirtysixway> i was just wondering because i'm at a university that hosts an ubuntu mirror for packages, and it would be a lot faster to use that instead of the default apt sources
<Thirtysixway> oh i found it. hitting F6 and choosing expert mode should be able to let me pick the mirror to download packages from
<b0gatyr> so how is this possible, trying to mount an external HD..plug it in a centos box fdisk -l shows it, plug it in an ubuntu server fdisk -l does not show the HD, what am i missing ?
<b0gatyr> nm
<pmatulis> b0gatyr: and the answer is...?
<b0gatyr> pmatulis: did not realize i had virtual box running on my second workspace which was mounting the drive for me automatically onto a windows xp machine =\
<pmatulis> b0gatyr: so it didn't "exist" at that time.  ok
<b0gatyr> yup
<ejat> hi .. i doesnt get virtual ip after starting up heartbeat ..
<ejat> anyone can help me trouble shoot ..
<aleronl16x> does anybody here know what would be a good server for me
<guntbert> aleronl16x: good in what way?
<aleronl16x> for a social networking site im kinda a newbie
<Maleko> meh. does anyone here ever used ksplice on ubuntu server?
<guntbert> aleronl16x: not sure that I understand what you want - maybe you look at turnkey linux, there are some fine appliances there
<Maleko> im wondering whether or not i should install both ksplice and uptrack packages or just enough with ksplice package
<aleronl16x> turkey linux is an os?
<guntbert> aleronl16x: those are ready made linux servers  - download, configure,run
<aleronl16x> im not talking about software im talking about hardware
<aleronl16x> what is a good server for ubuntu
<Pici> 'turnkey' not 'turkey'
<guntbert> aleronl16x: then this channel is wrong for you - this is for ubuntu support
<aleronl16x> wow the other ubuntu channel sent me heah
<guntbert> aleronl16x: it was actually I - but I said you might ask a specific question :-)
<guntbert> !hardware | aleronl16x
<ubottu> aleronl16x: For lists of supported hardware on Ubuntu see https://wiki.ubuntu.com/HardwareSupport - To help debugging and improving hardware detection, see https://wiki.ubuntu.com/DebuggingHardwareDetection
<gjiorkvak> http://tinyurl.com/5sagy6u
<genii-around> Stupid ad-bot
<e_t_> Where could I find a Samba init script from before Ubuntu's switch to Upstart?
<twb> e_t_: 8.04?  Or Debian, of course.
<e_t_> Thank you. I wasn't sure how far back the change went.
<e_t_> I'm trying to set up two Samba daemons on a machine. This guide (http://wiki.samba.org/index.php/Multiple_Server_Instances) is, by its own admission, Red Hat-centric. Is there a way I could accomplish this with Upstart?
<uvirtbot> New bug: #704220 in pptpd (main) "add "delegate" and "connections" options to default /etc/pptpd.conf" [Undecided,New] https://launchpad.net/bugs/704220
#ubuntu-server 2011-01-18
<twb> e_t_: why?
<e_t_> I've got a multi-homed server. I'd like to set up Active Directory integration on one interface while leaving the configuration alone on the other interfaces.
<twb> Hum, OK.
<twb> Surely you can just have two upstart jobs, each calling smbd -C /etc/samba/smb-foo.conf?
<twb> Not that I know much about samba specifically...
<e_t_> I was looking at upstart-job, but I didn't see where I could introduce options. That's why I asked earlier about the pre-Upstart init script.
<twb> e_t_: you add them to the exec line
<twb> It's just passed to /bin/sh -c
<fluvvell> I need to reallocate a bad sector of this 640G drive so I can clone the data off.  What ubuntu programs do the job
<e_t_> twb: I'm looking at /lib/init/upstart-job, but I don't see any exec. To what are you referring?
<twb> e_t_: uh?
<twb> e_t_: you should be looking at /etc/init/samba.conf
<twb> Oh, apparently as at lucid, samba is not using upstart.
<e_t_> Oh. I was looking at /etc/init.d/smbd, which is a link to upstart-job.
<twb> Nooo, it is.  /etc/init/{smbd,nmbd}.conf
<twb> The file /etc/init.d/smbd is a backwards-compatibility thing so that "/etc/init.d/foo restart" does the same as "restart foo"
<twb> And the scripts /etc/init.d/samba{,4} are there in case you want/need to do it the old way, I guess...
<twb> So yeah: you need /etc/init/[sn]mbd.conf
<e_t_> OK. I did not know about /etc/init. I never read anything that referenced that.
<twb> e_t_: that's upstart
<e_t_> twb: Will any script I put in /etc/init be run by upstart, or do I need update-rc.d?
<twb> If you read the upstart manpages, they cover the format of /etc/init/foo.conf entries
<twb> And no, update-rc.d only applies to sysvinit jobs
<twb> Basically any job in /etc/init/foo.conf will be started/stopped in response to the events it's declared to care about, e.g. "stop on runlevel [06]"
<e_t_> OK. This will be easier than I thought.
<twb> HOORAY
<arrrghhh> hey all.  i have access to  my server via ssh, but only on my windows box.  how can i add access if i've already disabled password auth?  seems there's no 'good' way to update the key, but i guess that's the price i pay for security?  haha
<twb> arrrghhh: unless you use OTP instead of an asymmetric key.
<arrrghhh> well i have access to the box from windows
<arrrghhh> can i just add it to the known_hosts?
<twb> OK, I no longer have any clue what you're talking about.
<twb> known_hosts is a client-side MITM defense -- what does it have to do with anything?
<fluvvell> twb, you don't need any gumboots sent over?
<twb> I do not.
<fluvvell> good to hear
<uvirtbot> New bug: #704245 in pptpd (main) "caller station id (remotenumber) for pppd" [Undecided,New] https://launchpad.net/bugs/704245
<arrrghhh> twb, sorry, got a little sidetracked there.  obviously i don't know much about ssh or more specifically how keys work with ssh.  i understand there's a public and a private key, and that i need to put my private key from the client onto the server so i can authenticate.  i'm just wondering how i can do that manually if you will.
<twb> arrrghhh: ssh-copy-id?
<twb> Or just add it to ~/.ssh/authorized_keys on the server
<twb> And it's the *public* key you upload, *not* the private key
<arrrghhh> ah, figures i'd get that backwards.
<arrrghhh> that's what i'm looking for
<twb> The private key must be kept secret -- if somone gets it, it is GAME OVER
<arrrghhh> twb, understood.
<twb> i.e. it is the weakest link of the asymmetric crypto mode
<twb> *model
<arrrghhh> yea
<arrrghhh> twb, i don't seem to have an authorized_keys in my .ssh folder.
<arrrghhh> on the server
<twb> arrrghhh: you must create one
<twb> arrrghhh: if you can ssh in with a password, the ssh-copy-id program does all this for you
<arrrghhh> i have password logins disabled
<arrrghhh> i thought that was part of the point of using keys
<arrrghhh> i guess i need to get all clients configured before i disable password logins?
<arrrghhh> hrm.  i thought it just appended to the authorized_keys file
<twb> It *is* part of the pint
<twb> *point
<twb> Often they're still turned on during migration, though
<arrrghhh> yea
<arrrghhh> so what's the "best practices" method of adding clients after the fact?
<arrrghhh> tacacs?  lol
<twb> You *can* do it by hand, but newbies tend to forget to chown or chmod or whatever
<arrrghhh> alright.  i guess i'll just re-enable password logins and get this client up
<arrrghhh> i just know that i'll have more
<jmarsden> arrrghhh: You can create a group called say hasnosshkey and then use a Match block in sshd_config so folks in that group can use password login.  Then remove people from that group once they have a public key pair in place and tested.
<arrrghhh> jmarsden, i'm the only one that logs into it, but that is a good solution for multi-user setups.
<jmarsden> I though you said "I just know I'll have more"?  I thought that meant "more users"?
<twb> I think he means more hosts
<arrrghhh> sorry.  different devices that i want to connect into the box.
<CppIsWeird> im having some strange issues with a mdadm raid5. i have two raid 5's. every time i reboot my computer, mdadm seems to have some device called md_d1 that is associated with one of the drives from the first array. the second weird issue is that it has started to rebuild the second raid every time i boot up.
<ignarps> CppIsWeird, you need to setup proper entries in mdadm.conf
<CppIsWeird> just to clear up my understanding. i recently reinstalled from scratch ubuntu. one of the raids ive had for a while (prior to the new install), the other has been made since. when i installed ubuntu the old one poped right up and worked without any issues so i assumed no further configuration was required. is this an incorrect assumption?
<ignarps> yes,  always have an up to date mdadm.conf whenever the raid changes
<CppIsWeird> ok. further, for some strange reason my device associations keep changing (/dev/sda, /dev/sdb) etc. is this also reason for the trouble?
<ignarps> I don't understand.  you can verify the settings in mdadm.conf with
<ignarps> mdadm --examine --scan --config=mdadm.conf
<CppIsWeird> ok, i will work with that, thank you.
<s2s2d2> hello I have installed ubuntu server on ec2 via official ami image
<s2s2d2> but I am not able login into ssh with importing my ssh  certificate
<s2s2d2> is possible
<s2s2d2> lo login without that darned ssh certificate ...with username and password only
<s2s2d2> pl tell me asap
<s2s2d2> anybody there
<s2s2d2> yoooooooo hooooooooooooooooooooooooooooooooooo
<s2s2d2> dead channel
<s2s2d2> ??
<e_t_> Oh no. This channel is quite lively. Please be patient. If someone knows the answer to your question, they will answer.
<jmarsden> s2s2d2: Doesn't https://help.ubuntu.com/community/EC2StartersGuide have enough info to get you started?  Are you talking about an SSH login to ec2, or to your resulting Ubuntu server image once it is started?
<Datz> !seen suihkulokki
<ubottu> I have no seen command
<Datz> darn
<uvirtbot> New bug: #704283 in cloud-init (main) "insufficient details for "a newer build available" message" [Undecided,New] https://launchpad.net/bugs/704283
<Flam> Hey, I've almost got rsnapshot but I'm a little confused with backing up my MySQL DB.  I've googled around and come up with this command: "backup_script   /usr/bin/ssh -i /home/rsnapshot/.ssh/id_rsa -p 12341 rsnapshot@host.com 'mysqldump -u root -pXXXXXXXXXXX --all-databases | gzip > ~/all.sql.gz'         relative/path/here" to be put in my /etc/rsnapshot.conf, but what is the point of
<Flam> the "relative/path/here" part at the end?
<e_t_> It looks to me like it would be the local directory to which backup_script transfers the all.sql.gz once it is created on the remote machine.
<Flam> It isn't in /home/rsnapshot dir on the remote machine, and my mysqldump specifies gzip > ~/all.sql.gz'
<Flam> and on the destination machine /home/rsnapshot/hourly.0/mysqldump    (mysqldump being what i put for relative/path/here) is empty
<Flam> but it created that folder itself
<Flam> I think it's just a required argument to be passed into a rsnapshot function perhaps?  Even if it isn't needed by the function
<twb> Huh, look at that.
<twb> sadms appears to be a turnkey packaging for being a client in an AD network
<gobbe> yes
<Zeu5> hi there, i have installed a ubuntu server on amazon web services ec2 successfully
<Zeu5> i need to create another user called deploy
<Zeu5> i did sudo useradd -d /home/deploy -m deploy
<Zeu5> and i copied the .ssh folder over from the initial user to deploy home folder
<Zeu5> however, when i logged in via ssh i do not see deploy@ip-123-123-12-12
<Zeu5> please advise
<e_t_> Zeu5: So you were able to log in, you just didn't see deploy@... ?
<Thorn> hello
<Thorn> I have a tested and working exim.conf which I need to move to an ubuntu server
<Thorn> is it possible to use it with the ubuntu exim package or will I have to install exim from sources?
<gobbe> if the versions are not too far away it should be
<gobbe> usually configs are usable thru versions
<Thorn> but there's no /etc/exim/exim.conf or similar in ubuntu, is it?
<StrangeCharm> how can i make a symlink in . to each file in /some/dir ?
<Thorn> StrangeCharm: ln -s /some/dir/* .
<Thorn> there's some kind of autoconfiguration system instead which generates the actual config
<StrangeCharm> thanks Thorn
<Thorn> and I can't find a way to plug my exim.conf into it
<gobbe> Thorn: well, configuration is somewhere
<gobbe> Thorn: i don't use exim so cannot answer where the file is located
<Thorn> it's in /var and is rewritten on every startup
<gobbe> https://help.ubuntu.com/community/Exim4
<gobbe> ok, so you need to do it otherway
<gobbe> or compile your own exim
<Thorn> I've read that already, and several forum threads too
<Thorn> all they advise is to run dpkg-reconfigure exim4-config and answer some questions
<Thorn> unfortunately my config is somewhat more complicated than that
<Thorn> that's right, exim -bP configure_file says /var/lib/exim4/config.autogenerated
<Thorn> looks like I'll have to hack /etc/init.d/exim to add -C /etc/exim4/exim.conf
<lau> Thorn: may be look at /etc/default/exim4 first ?
<Thorn> lau: I'm installing exim from source now
<uvirtbot> New bug: #704338 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.2 failed to install/upgrade: subproses installed post-installation script menghasilkan kesalahan status 'exit': 10" [Undecided,New] https://launchpad.net/bugs/704338
<a7ndrew> This is a bit of a long shot, but would anyone know if there is a way to rate-limit the network bandwidth used by a process while keeping it running?
<twister004> hi guys.. i have ipsec tunnels setup on my Ubuntu server 10.04
<twister004> I am implementing destination NAT for the first time.. i.e. .. I am creating a new tunnel (other VPN endpoint is a sonicwall) where the destination subnet is NATed.. i activated the tunnel , key exchange takes place, but Im not able to communicate with the destination subnet.. any idea if IPsec is capable of NAT?
<a7ndrew> I think it is but I haven't done that on linux, only cisco gear, sorry :(
<a7ndrew> Is there a route in your gateweay that points to the destination subnet?
<twister004> a7ndrew... what route?.. could you elaborate pl;ease?
<a7ndrew> twister004: if you type the route command on your machine, is the subnet you want to connect to listed? Also is it a private ip address ie 192.168.X.X or 172.3X.X.X or 10.X.X.X ?
<a7ndrew> also are you trying to pass all your traffic through this tunnel, or only traffic to particular subnet(s)?
<twister004> a7ndrew.. the remote subnet is(192.168.1.0/24).. im NATin it to (192.168.25.0/24).... on my gateway, the route is such that any traffic to 192.168.25.0/24 goes through my gateway
<twister004> all traffic is not going through the tunnel
<a7ndrew> So you should have an entry in your routing table that says 192.168.1.0   <end point of IPSEC tunnel>  <255.255.255.0>
<Rno> Hello, sorry to ask my question about apparmor here, it's not related to ubuntu server but ubuntu. I'm using the guest login of ubuntu, and so the guest aparmor profile and I'm not able to use google chrome within a guest session. I would like to know if it's possible to add a sub profile to the guest apparmor profile which has no security rule for google chrome?
<twister004> a7ndrew... i didnt get you.. what's the point of NATing... 192.168.1.0 is getting NATed to 192.168.25.0/24 at the other end.. so my endpoint should see it as 192.168.25.0/24
<a7ndrew> ok as I understand it you have one network, 192.168.25.0 which you are trying to connect to 192.168.1.0. Each of these networks has a gateway, which would have a public interface. NAT translates all traffic from the inside to that on the outside. When you set up your IPSEC tunnel you need to define the interesting traffic to go through the tunnel, and it needs to know where to go.
<a7ndrew> You can't send your traffic to 192.168.1.0 out your default gateway because 192.168.25.0 won't be in any internet routing tables.
<a7ndrew> You need to specify that it needs to use the tunnel.
<uvirtbot> New bug: #704377 in nagios3 (main) "nagios3 requires smbclient, tries to uninstall samba4-clients" [Undecided,New] https://launchpad.net/bugs/704377
<freddy__> Hi - I have a probelm with my ubuntu server - suddenly the filesystem is mounted ro without my doing anything ...
<freddy__> is it possible to see when it was mounted ro, mabe why, and how to get back in rw ?
<patdk-lap> freddy, that would be the, erros=remount-ro option
<patdk-lap> use dmesg
<patdk-lap> and it means something is probably really screwed up
<patdk-lap> I've only ever had that issue so far, due to a wifi driver gone wrong, and corrupting the ext3 driver
<s2s2d2> hello I have installed ubuntu server on ec2 via official ami image
<s2s2d2> is possible
<s2s2d2> lo login without that darned ssh certificate ...with username and password only
<a7ndrew> I've had a crappy power supply cause that issue. At least I'm pretty sure it was the power supply.
<s2s2d2> ??
<a7ndrew> s2s2d2: try looking up the man page for sshd_config I think its in there
<a7ndrew> /etc/ssh/sshd_config is probably a good place to start
<s2s2d2> a7ndrew: what to change in that
<freddy__> patdk-lap: ok
<freddy__> patdk-lap: dmesg says EXT3-fs error (device md0) in ext3_new_inode: IO failure
<freddy__> patdk-lap: and: EXT3-fs error (device md0): read_inode_bitmap: Cannot read inode bitmap - block_gr                                                                                                           oup = 532, inode_bitmap = 17432577
<a7ndrew> s2s2d2: I've got a line in mine that says: PasswordAuthentication no
<a7ndrew> perhaps try changing that to yes and restarting sshd ;)
<binBASH> passwords are overrated :)
<binBASH> lo patdk-lap btw.
<a7ndrew> why not use certificates though? It is a little harder to set up but once that's done its much nicer
<a7ndrew> not to mention safer!
<binBASH> here I'm using OpenVPN and ssh is only possible when OpenVPN is connected ;)
<tsarles> Anyone here able to help with an IET / ISCSITarget problem?
<pmatulis> !ask | tsarles
<ubottu> tsarles: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<tsarles> I had been running the ubuntu repo version 1.4.19 for a while, but kept getting reservation conflicts, so I decided to update to the current 1.4.20.2...... and now when i start the service it says it can't find the target
<tsarles> fortunately I was able to failover to my backup DRBD node, which is still running the old version
<tsarles> but, I would like to get this thing figured out
<pmatulis> tsarles: how did you update to the new version?
<tsarles> apt-get build-dep iscsitarget. make. make install
<pmatulis> tsarles: not supposed to do that
<HackeMate> hello, I have installed the webdav server, and using cadaver i can access it but from windows i cant using the connect to a shared folder
<tsarles> oh...
<HackeMate> i can access it from an iphone tough
<HackeMate> do i need enable something i missed in somewhere?
<tsarles> is there an updated .deb or something like that?
<HackeMate> talking to me?
<pmatulis> tsarles: what release are you using?
<tsarles> 10.04 64 server
<tsarles> nope, sorry, never used webdav
<HackeMate> k
<pmatulis> tsarles: no, unless you want to run 10.10
<tsarles> hmm
<tsarles> guess i'm not completely opposed
<pmatulis> tsarles: did you check the changelogs of the upstream source to see if that version would help you?  is there a known bug related to your initial problem?
<zul> Daviey: do how did you extract the java stuff?
<tsarles> I did look at the release notes, and it did seem to make me think it would help
<pmatulis> tsarles: are you able to reproduce the problem in a test environment?
<tsarles> well... unfortunately I don't have a deticated test environment, but yes, I can reproduce it
<tsarles> I have two VMWare nodes accessing this iscsitarget, and ocassionally, the iscsi service will come to a complete lock, and my switch LEDs go nuts. I wiresharked the thing, and it was giving reservation conflict errors. temporary fix is to restart the iscsitarget service when this happens
<tsarles> it is semi-random, but the one thing I have found that will reproduce this condition fast is trying to load Solaris inside VMWare to a disk on the iscsi service
<pmatulis> tsarles: and a bug?
<tsarles> i believe it is a bug with the iscsi service, which is why i was trying to update...... and of course, you never know until you try it
<pmatulis> tsarles: what i mean is, did you search for an existing bug?  and if there isn't one, it should be reported
<tsarles> i have been searching google for related information, but i havn't reported it to canonical
<tsarles> I was going to check ubuntu forums, but it seems my login is broken - unrelated
<tsarles> where should i report this?
<zoopster> tsarles: report the bug on launchpad.net!
<tsarles> Will do
<tsarles> until then, i guess the only solution i'm going to get here is to upgrade to 10.10?
<patdk-wk> tsarles, why bother with iscsi for that?
<patdk-wk> nfs will make your life simpler, and probably even make backups easier
<tsarles> I guess I'm not opposed to that line of thinking
<tsarles> NFS will multi-access? I can still V-Motion between boxes without one machine locking the file?
<tsarles> Well, got a service call to run to. Thanks for the advice
<henkjan__> with 2.6.35 in repo for lucid, is it easy to install that kernel from the installer?
<pmatulis> henkjan__: i don't see a 2.6.35 kernel available for lucid unless you're talking about the lts backports kernel
<henkjan__> % apt-cache policy linux-image-server-lts-backport-maverick
<henkjan__> linux-image-server-lts-backport-maverick:
<henkjan__>   Installed: (none)
<henkjan__>   Candidate: 2.6.35.22.34
<henkjan__>   Version table:
<pmatulis> henkjan__: 'xactly, so what's the problem?
<henkjan__>      2.6.35.22.34 0
<henkjan__>         500 http://nl.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
<henkjan__> pmatulis: its in lucid-updates
<pmatulis> henkjan__: what's the problem?
<henkjan__> new fujitsu servers have unsupported (in 2.6.32) sascontrollers
<henkjan__> currently i'm booting maverick, and debootstrapping lucid
<pmatulis> henkjan__: what's the problem?
<pmatulis> henkjan__: install it if you want it
<pmatulis> henkjan__: oh, from the installer
<henkjan__> i would like to do that from the installer yes :)
<pmatulis> henkjan__: not 'till 10.04.2 i'm afraid.  pretty sure there will be a special question whether you want this kernel
<pmatulis> henkjan__: that's in a couple of weeks
<henkjan__> ah
<henkjan__> i'll wait a couple of weeks and whine again if its not in the installer ;)
<pmatulis> henkjan__: i'm sure you can hack something up if you really need it that badly
<zul> Daviey: i re-added debmirror in cobbler just now
<uvirtbot> New bug: #704435 in xinetd (main) "xinetd init script - reload terminates redirected services" [Undecided,New] https://launchpad.net/bugs/704435
<skorv> i wonder how to share usb printer for both windows and linux clients using nothing but the shell
<skorv> (so far i resisted installing ubuntu-desktop in my servers
<evdvelde>  Hi all, does anybody have experience with zoneedit or another free DNS service? I would like to start using one, but dont know how to choose...
<hallyn> evdvelde: i use zoneedit.  no complaints.  works well
<evdvelde> thx hallyn, i found there site too, but did not want to start using it without a bit of info and such
<zul> JamesPage: hi can you rebase your cobbler-4j branch please?
<JamesPage> zul: already on it
<zul> JamesPage: thanks
<evdvelde> hallyn: do they have e-mail forwarding? i have mail with google at the moment and would like to keep it there
<JamesPage> zul: done
<zul> JamesPage: thanks
<JamesPage> zul: just spotted some cruft in the diff - don't review yet...
<andreserl> kirkland_: howdy!! The InputMonitor works amazingly!!
<freddy__> exit
<freddy__> exit
<freddy__> exit
<kirkland_> andreserl: that's great to hear :-)
<zul> JamesPage: ack
<andreserl> kirkland_: btw.. I don't yet have acces to the powernap branch right?
<hallyn> evdvelde: yes, they do
<JamesPage> zul: OK - it looks a bit odd because I used wrap-and-sort to order the Depends but should be OK for review now.
<zul> JamesPage: merci
<JamesPage> zul: np ping me if anything needs a change
<kirkland_> andreserl: huh?  i thought you did
<Daviey> zul, is git needed as a build dep?
<andreserl> kirkland_: nope, couldn't upload :/
<kirkland_> andreserl: i'll fix that
<kirkland_> andreserl: gimme a minute, i'm working on somehting for zul at the moment
<andreserl> kirkland_: sure, It is not urgent :)
<Thirtysixway> ignore -channels #ubuntu-server * JOINS PARTS QUITS NICKS
<Thirtysixway> oops
<kirkland> andreserl: okay, lp:powernap now points to lp:~powernap/powernap/trunk which you have access to
<andreserl> kirkland: awesome, thanks!
<zul> JamesPage: *cough* http://pastebin.ubuntu.com/555452/ *cough*
<JamesPage> zul: ta
<kpettit> how to do a search like "apt-cache search apache" but be able to tell which of those packages is installed?
<kpettit> I know how to tell if a individual one is there, but not how to do a wildcard type of search to see what's installed
<baggar11> kpettit: dpkg -l | grep apache
<kpettit> ah, thanks.  exactly what I was looking for
<JamesPage> zul: just sorting the one in debian/control as well
<zul> JamesPage: k i would like to finish this today
<zul> kirkland: i put the debmirroring back in cobbler last night as well
<JamesPage> zul: all good - let me test that the binary package was OK as well so good to go
<zul> JamesPage: cool ill hunt you down after lunch if anything goes wrong
<JamesPage> zul: sorry but build time is going to go up as java pulls in a load of extra deps....
<zul> JamesPage: grrrrrrr...;)
<uvirtbot> New bug: #704505 in nagios3 (main) "no service recovery notifications after host-check was just in soft-state" [Undecided,New] https://launchpad.net/bugs/704505
<uvirtbot> New bug: #704509 in cloud-init (main) "syslog logging is broken in natty" [Undecided,New] https://launchpad.net/bugs/704509
<JamesPage> zul: I just spotted a mistake - arch for libcobbler4j-java is incorrect
<JamesPage> zul: fixed in proposed merge
<zul> JamesPage: thanks
<zul> die java die!
<andreserl> zul: +1 lol
<oCean> :)
<andreserl> zul: hold up the cluster-agents bug fix  couple more days I wanna see if upstream commits few patches for the RA's I'm patching
<zul> andreserl: consider it done
<andreserl> zul: but you can take a look at bug #525287 though :)
<uvirtbot> Launchpad bug 525287 in lvm2 "Add support for corosync based clusters in clvm" [High,Confirmed] https://launchpad.net/bugs/525287
<zul> andreserl: i rather have someone on foundations look at that
<andreserl> zul: ok :)
<zul> JamesPage: looks good
<zul> SpamapS: ping
<SpamapS> zul: pong, wazzzzzahhhhhh
<zul> SpamapS: hi, the jar file in cobbler is gone now does have to be renamed dfsg?
<SpamapS> zul: good question. Given that we are building the orig tarball from the git repository, I think we should say no, and just report it as a bug upstream (or get a license clarification for the jar file, at which point we don't have to strip it out)
<zul> SpamapS: okies
<SpamapS> actually.. hmm
<SpamapS> If its built from entirely GPL software, then it has a license and doesn't have to be removed (though we still have to build it for the binary packages)
<zul> meh...well see what jdstrand says
<zul> SpamapS: just uploaded it
<SpamapS> zul: ok.. cool :)
<jdstrand> zul, SpamapS: so, does cobbler have an 'official' release tarball or is it just git?
<jdstrand> zul, SpamapS: I realize you are just using git, but in general
<zul> jdstrand: its just git for now SpamapS is talking to them about cutting a 2.1 tarball in the futre
<jdstrand> zul: those files are all DFSG compatible?
<zul> jdstrand: i believe so
<zul> SpamapS: ^^^
<jdstrand> zul: well, this isn't like stripping out swf files, per se, it is that the jar should be buildable from source
<zul> jdstrand: it is...
<jdstrand> zul: as such, I don't think it needs dfsg
<zul> jdstrand: k cool
<jdstrand> zul: if you are using a 'get-orig' type thing in the Makefile, then perhaps you can exclude the jar file
<jdstrand> zul: s/Makefile/rules file/
<zul> jdstrand: ok i think we can do that in the futre
<jdstrand> zul: just a suggestion
<zul> jdstrand: sure
<SpamapS> jdstrand: the jar file will be in the release tarballs when they arrive.
<SpamapS> so stripping in get-orig means altering the release tarballs, which I'm hoping we can avoid.
<SpamapS> zul: I think there are some files that don't have a license that were supposed to be manually removed from .orig.tar.gz .. but I don't recall actually telling you which files.
<SpamapS> zul: like the pres/ directory
<SpamapS> zul: is get-orig-source from git working again? Like.. can I modify that bit to remove those files?
<zul> SpamapS; no it got removed
 * jdstrand wonders why the jar can't just be built during the build
<SpamapS> jdstrand: it is!
<jdstrand> so why are they shipping it?
<SpamapS> jdstrand: because jdk's are hated in the sysadmin community. ;)
<SpamapS> so yeah already I can see a few files that need stripping .. guess we got unsynced on that one
<SpamapS> zul: how do you want to do this? I have some files that needs tripping out of that orig tarball? should I just bzr rm them from the build branch and tag the rev as a new upstream-XX ?
<zul> SpamapS: yes please and document them in the commit so we know going forward
<SpamapS> zul: should I start working in a side branch and do MP's like James and Dave did?
<zul> SpamapS: sounds like a plan
<SpamapS> zul: actually I think all we need to do is use setup.py dist
<SpamapS> sdist rather
<SpamapS> zul: that is the method they use to produce the source rpms upstream, and so is likely all we'll need.
<zul> SpamapS: really sweet..
<SpamapS> wish I'd thought of that sooner the copyright file would have been a lot smaller and easier to generate. ;)
<andreserl> kirkland: ok, integration with the monitors is pretty much done. Just need to figure out some things out first.
<andreserl> kirkland: if I use a RemoteMonitor in port7, and we are the selected action is PowerSave. then the WoL Monitor won't work given that it listens to Port7. What do you think should be done here? I was thinking something like "If action is powersave, then don't use RemoteMonitor in port 7"
<kirkland> andreserl: hmm, i don't think i understand yet ...
<kirkland> andreserl: can you clarify
<andreserl> kirkland: ok, so at the Rally, you saw that when entering to Powersave method, PowerNap started a WoL Monitor to be able to "wakeup" and un-do what pm-powersave did. This WoL monitor listens at port udp 7.
<kirkland> andreserl: right
<kirkland> andreserl: and why did you choose port 7?
<andreserl> kirkland: WoL, it is either 7 or 9
<kirkland> andreserl: okay
<andreserl> kirkland: and powerwake by default sends to port 7
<andreserl> kirkland: ok so anyways, I have integrated Adams RemoteMonitor. What this monitor does is listen for *any* traffic in a given port (Can be 7, 9, 80, or all at once)
<kirkland> andreserl: awesome,
<kirkland> andreserl: that's very cool
<patdk-wk> hmm, wol doesn't use ports, the port is just to make it easier to send the packet
<andreserl> kirkland: indeed... it is limited to UDP only though. But anyway, if we select action method as powersave (which will start a WoL monitor in udp7 when entering to powersave), and if we have a RemoteMonitor listening in port7, the WoL monitor will fail to bind the port
<patdk-wk> wouldn't the wol monitor be useless? as that udp that did the wol would be lost anyways
<andreserl> patdk-wk: a WoL datagram is a UDP datagram sent to either port 7 or 9
<patdk-wk> actually, no :)
<patdk-wk> it's a packet that contains a specially crafted stream of bytes
<andreserl> kirkland: so the solution I was thinking is "If ACTION_METHOD is PowerSave, then ignore a RemoteMonitor in port 7 to be able to launch the WoL Monitor"
<patdk-wk> nothing to do with what port
<patdk-wk> it doesn't even need to be IP :)
<andreserl> patdk-wk: yes but they are still sent to an specific port, which is usually 7 or 9, but can be any port
<kirkland> andreserl: sounds reasonable, i think
<andreserl> patdk-wk: and in what we are doing, we need to know the port and having a RemoteMonitor and a "WoLMonitor" are two different things used for two different purposes
<andreserl> kirkland: alright, other than the The InputMonitor (tracks usb/mouse input), ProcessMonitor, and IOMonitor also work. Will be uploading it in a while for your testing ;)
<kirkland> andreserl: saaaaweeeeet
<kirkland> andreserl: looking forward to it
<zul> jdstrand: did you reject the upload?
<jdstrand> zul: I haven't done anything with the upload. is it there now?
<zul> jdstrand: not yet gimme a few can you reject the upload that is the queue now please?
<jdstrand> zul: rejected
<larsemil> hey! anyone here used amazon s3 in any way?
<zul> jdstrand: thanks
<larsemil> and by using s3 i mean amazon s3
<b0gatyr> larsemil: i host some images for a website
<zul> SpamapS: *cough*
<SpamapS> wha?
<SpamapS> jdstrand: so there are a few python files in the upstream tarball that were copied direct from python 2.4 .. but we don't install them in binary packages..
<SpamapS> jdstrand: should we strip them out of the tarball, or document their license in the debian/copyright file, or just ignore them?
<jdstrand> SpamapS: just document their license
<SpamapS> jdstrand: ok cool
<hallyn> zul: hey, do you have strong feelings on ntp package?
<zul> hallyn: not really
<hallyn> zul, i'm trying to decide what to do with bug #697676
<uvirtbot> Launchpad bug 697676 in ntp "ntp kills polar bears" [Low,Triaged] https://launchpad.net/bugs/697676
<hallyn> debian ntp maintainers want someone to work a real fix upstream, which seems sensible to me
<hallyn> but with kirkland feeling all save-the-world-like with powernap, i wasn't sure whether we'd want to have a patch to reduce power usage in our package :)
<zul> hallyn: did you file a bug with debian?
<kirkland> hallyn: :-)  +1 for sensible defaults
<hallyn> zul: i emailed the package maintainers
<hallyn> kirkland: yeah, but this isn't just defaults, it hacks the code
<andreserl> lol
<kirkland> hallyn: looking at the patch ...
<hallyn> patch is used in fedora, but i didn't feel qualified to ack it by eye
 * kirkland reading
<zul> hallyn: i rather have it in debian if it changes the functionaily then i would say nack
<kirkland> hallyn: yikes
<kirkland> hallyn: that's um, invasive
<kirkland> hallyn: yeah, zul is right ... we'll follow or work with debian on this one
<hallyn> kirkland: :)  yeah, i don't *usually* admit to being unqualified to judge a patch, but in my email to ntp maintainers i did
<hallyn> thanks, guys
<kirkland> hallyn: are you joining us at Opal D's?
<kirkland> hallyn: -> pm
<zul> hallyn: besides fedora isnt always right even though they may think that
<hallyn> zul: i wasn't saying that :)
<hallyn> zul: just that they apparently think it's at least safe
<patdk-wk> I vote, kill the polar bears
<patdk-wk> :) not that I can vote :)
<zul> hallyn: i know i was joking :0
<hallyn> kirkland: d'oh, i shoulda left teh reply to you :)
<kirkland> hallyn: ?
<kirkland> hallyn: oh, to that bug?
<kirkland> hallyn: i was just "supporting" you
<hallyn> yeah
<kirkland> hallyn: i haven't seen yours yet
<hallyn> much more diplomatically :)
<kirkland> hallyn: my experience is a) thank them profusely for their bug report/patch, etc, b) explain why we are advising against it, c) leave room for changing that opinion if $SOMETHING happens in the future to change that, d) thank them over again :-)
<SpamapS> kirkland: reading cobbler devel? They just accepted a patch to query APC power switches for On/Off status.
<SpamapS> adds a "power_status" api call. kind of cool
<kirkland> SpamapS: rock!
<kirkland> SpamapS: that is cool
<andreserl> kirkland: if for example, for whatever reason, the WoL monitor is unable to start but the "powersave" action is taken, should the powersave be reverted?
<SpamapS> andreserl: no more RoAkSoAx ? ;)
<andreserl> SpamapS: hehe RoAkSoAx is still there though I've been trying to figure out if I use this nick instead for quite a while now lol :P
<kirkland> andreserl: yeah, we don't want to enter a situation that we can't get out of
<kirkland> SpamapS: heh, yeah, we have to type a lot more letters to tab complete :-)
 * SpamapS tried to shake off SpamapS a couple years ago. It felt like shaking off a piece of my soul.
<andreserl> kirkland: yeah, though we could fallback to a different port though. Btw.. does powerwake support using a different port?
<kirkland> andreserl: it does not currently
<kirkland> andreserl: i suppose it could though ....
<andreserl> kirkland: I guess it will make more sense to use a fallback port when powerwaked exists, so it can keep track of that info
<andreserl> kirkland: so that powerwake knows what port to use when sending the magic packet
<andreserl> SpamapS: I know what you mean!! I'
<andreserl> been using RoAkSoAx for quite a while now
<kirkland> andreserl: right
<fluvvell> 24th of June, world IPv6 day.  How ready are people for IPv6 testing?
<bittin> fluvvell: that sounds awesome, maybe i should switch to IPv6 at home by then :p
<fluvvell> bittin, I'm not even sure if my home router is configured for it!
<bittin> i have a FON with OpenWRT so i think i can do it
<nkv> Hello all.  I need to replace an outbound mailserver for the service provider I work for.  Back, 5 or so years ago I used Postfix to fill this role.  Is that still a fairly sane choice, or has something new and shiny come up and replaced it?  This has no local delivery, just queuing mail from authorized subnets and relaying it to external mail servers.
<fluvvell> bittin, yeah mines more of just a gateway, the main routing is done by ubuntu server. Allocating addresses? Won't we need addresses allocated?
<SpamapS> nkv: postfix is the preferred choice in ubuntu server as it is the one MTA in main
<SpamapS> oops
<SpamapS> I lied
<SpamapS> nkv: rather, its the better one in main
 * SpamapS didn't realize exim4 was in main
 * nkv shudders... Exim.... :)
<nkv> Ok... Well I figured a fairly solved problem like SMTP servers wouldn't have shifted much in the last 5 years.
<patdk-lap> heh, when ever I install a package that needs mail
<patdk-lap> ubuntu always recommends exim
<kirkland> zul: yo
<zul> kirkland: whats up?
<kirkland> zul: just checking on the cobbler upload
<zul> kirkland: im waiting for SpamapS
<kirkland> zul: coolio
<andreserl> kirkland: done! Monitors integrated. Though, need to update the packaging! but it is still testable without having to really install it
<hallyn> all right, time to try an online ext4fs resize.  wish me luck
<kirkland> andreserl: cool
<kirkland> hallyn: hmm, check with kees
<kees> hallyn: wait wait
 * hallyn waits
<kees> hallyn: make *sure* you're running .37-12 or later
<kees> otherwise it will _destroy_ your filesystem
<hallyn> kees: 2.6.37-12-generic
<hallyn> define destroy :)
<kees> -12 you'll be fine. destroy, as in, fills the extended area with arbitrary bitmap entries and the fs starts writing all over the place
<kees> as in, fsck CANNOT fix it in some cases.
<hallyn> jinkeys
<kees> I was extremely lucky in that I only destroy my apt mirror. easy to find the wrecked directories and files since there's a separate db of hashes to compare against :)
<kees> *destroyed
<hallyn> kees: funny thing is, i was doing this to make room for a btrfs partition to test a fast lxc-based schroot alternative to show you :)
<kees> but -12 has ted's fixes
<kees> haha
<hallyn> kees: rockin', i'll do an extra rsync and then give it a shot then, thanks
<kees> well, i'm certainly excited about that, but yeah, the online resize regress was scary :)
<kees> cool
 * hallyn goes to rsync
<hallyn> drat: Filesystem at /dev/sda1 is mounted on /; on-line resizing required
<hallyn> resize2fs: On-line shrinking not supported
 * hallyn scratches his head and goes to look at the source
<Grubulous> I have an ubuntu 10.04 server running on vmware and I notice that after 48 days of uptime the server appears to become unresponsive. I can ping it, but I cannot ssh in or access any other services (apache on 80, couchdb on 5984, etc). nothing seems amiss in the logs
<ideaman> I have a basic networking question. How can I get from subnet to subnet?
<nkv> That is the canonical job of a router.
<nkv> ideaman: I was replying to you, in case it wasn't clear :)
<AdamDV> I'm running Ubuntu 10.10. php5-gd is listed as installed. I'm getting "The function imageantialias() is not available in your PHP installation. Use the GD version that comes with PHP and not the standalone version." when using jpgraph. Any one wanna lend a hand?
<Devo-Kun> AdamDV: did you just install php5-gd?
<AdamDV> Yes.
<Devo-Kun> AdamDV: did you restart Apache after install PHP-gd?
<AdamDV> Yes. I'm not a noob. I think its because the maintainers dont want to use the gd version bundled with PHP and insist on using the ainstream one?
<Devo-Kun> AdamDV: can you create a quick PHP script with the phpinfo function in it: <?php phpinfo(); ?>
<Devo-Kun> Then paste the results of the GD section here
<AdamDV> Yea one sec
<AdamDV> http://pastebin.com/kSApU6VA
<AdamDV> Devo-Kun: See above
<Devo-Kun> Are you able to run the Examples?
<AdamDV> hmm?
<Devo-Kun> When I run the jpgraph examples I get font errors
<skorv> can a usb printer be shared on ubuntu server for windows & linux clients using nothing but the console (using gui is easy, same as desktop)
<Devo-Kun> AdamDV: http://paste.ubuntu.com/555596/
#ubuntu-server 2011-01-19
<Devo-Kun> skorv: connect to the CUPS admin webpage
<AdamDV> Ah. No I am not able to run the examples. I get the error that the function does not exist, as before
<Devo-Kun> Interesting. You have the same GD version as I do. When I run the example on the PHP.net website (http://www.php.net/imageantialias) I get the same error.
<AdamDV> What software do the Ubuntu repos use for management? apt-mirror?
<StrangeCharm> i'm having some trouble using ssh-agent. when i pidof ssh-agent, it seems to be running, but ssh-add -l claims not to be able to connect to the agent
<twb> StrangeCharm: that's because you're using screen
<StrangeCharm> twb, interesting. can you tell me more?
<twb> Sorry, I'm busy just now
<twb> http://code.haskell.org/~twb/Preferences/.bin/twb-agents
<twb> Hmm, not much documentation there
<twb> http://code.haskell.org/~twb/Preferences/.bin/.bash_profile shows how I create it
<StrangeCharm> twb, bottom line: i shouldn't have trouble if i just start a non-screen session?
<StrangeCharm> also, your bash profile is a 4040
<twb> Sorry,
<twb> http://code.haskell.org/~twb/Preferences/..bash_profile shows how I create it
<twb> ARGH
<twb> http://code.haskell.org/~twb/Preferences/.bash_profile
<twb> re short answer -- yes
<twb> The problem is that your screen session outlives your agent session, so screen still points to the one that existed LAST time you logged in
<twb> You need to either update environment variables (nontrivial), or start ssh-agent by hand
<twb> The gentoo keychain docs might explain more
<StrangeCharm> so your bash-profile has a trick in it for keeping screen pointed at the right agent?
<ignarps> http://superuser.com/questions/141044/sharing-the-same-ssh-agent-among-multiple-login-sessions
<kieppie> hi guys. I'm trying to help someone with a windows network, who's experiencing periodic lock-up. they might be working, or simply open large files over the local LAN & their system would simply lock up (they describe it as "going off to la-la-land"). I've rebuild their Ubuntu server, running *only* SSH, Samba & Webmin, and *nothing* else. load it pretty good, so now I'm trying to find other possible causes or remedies (I've set 
<Chrystopher> hi guys
<Chrystopher> anybody here ?
<thesheff17> I'm here...you have a question?
<Chrystopher> yes hi
<Chrystopher> i am having issues installing ubuntu server 10.10
<Chrystopher> am I in the right channel ?
<thesheff17> yes
<Chrystopher> ok
<Chrystopher> i have downloaded the latest iso file from the official site itself
<Chrystopher> made a bootable usb key out of it
<Chrystopher> booted comp on it
<Chrystopher> followed steps normally
<Chrystopher> and then at some phase, the "Select and isntall software" phase
<Chrystopher> instlaler just hangs at 5%
<Chrystopher> for no apparent reason
<Chrystopher> tried to reboot and instlal in expert mode changing a couple of settings but nothing will do
<thesheff17> Chrystopher: There is a log file during the install that may tell you more about what is going on.
<thesheff17> Chrystopher: I would also try ubuntu 10.04 since it is a long term support unless  you need something specific on 10.10
<Chrystopher> i actually don't really
<Chrystopher> I'll try with the older version
<Chrystopher> it's much more stable or ?
<thesheff17> Chrystopher: 10.10 is only support for 6 months...yes 10.04 server is supported for 5 years.
<Chrystopher> ok will try and let you know
<thesheff17> 10.10 just has newer software
<Chrystopher> but 10.04 still has the same basic packages ?
<thesheff17> yea for sure
<Chrystopher> ok I guess I could be good with that
<thesheff17> I actually still run a ton of 8.04 and it works fine for me.
<Chrystopher> oh one thing though
<Chrystopher> Which software would you recommend to create bootable device ?
<Chrystopher> i've been using the one proposed by ubuntu
<Chrystopher> but i've heard unet bootin is good as well
<thesheff17> usb-creator-gtk ?
<thesheff17> I have used that a bunch.
<Chrystopher> oh ok
<Chrystopher> problem is i must do it on a windows machine though
<thesheff17> ah I admit I haven't done it much on windows but if you are getting to the installer you are doing it correctly.
<kieppie> hi guys. I have a few disks I'm about to scratch. should I continue using ext4, or should I risk btrfs?
<thesheff17> Chrystopher: sorry I was having tons of problems with my wireless...the last thing I typed was usb-creator-gtk
<Chrystopher> hm nope
<Chrystopher> the last thing you typed
<Chrystopher> concerned your lack of experience with windows
<Chrystopher> lack is a bit strong but.. anyway you get me
<Chrystopher> still donwloading
<thesheff17> yea if you are getting to the installer it sounds like the install is going fine....try the 10.04 version and see what happens...if it hangs again I would start checking logs.
<uvirtbot> New bug: #704766 in nagios3 (main) "unable to install nagios3" [Undecided,New] https://launchpad.net/bugs/704766
<Chrystopher> formatting live
<Chrystopher> theshedd17: are you still here ?
<Chrystopher> ff*
<thesheff17> yea
<thesheff17> if you type the username correctly I will be notified :)
<thesheff17> because I'm usually have a bunch of stuff going on.
<Chrystopher> np
<thesheff17> Did 10.04 work?
<Chrystopher> it's weird there's either a problem with the software creating the usb key or the distro itself
<Chrystopher> I've loaded the key
<Chrystopher> now the only thing displaying is: "SYSLINUX 3.06 2010-04-01 EBIOS Copyright [...] "
<Chrystopher> and command prompt
<Chrystopher> but I can't type crap
<Chrystopher> and nothing's going on
<Chrystopher> lol
<thesheff17> hmm..when it is booting?
<Chrystopher> yeah
<Chrystopher> well i manually select usb key to boot it from
<Chrystopher> and there it is..
<Chrystopher> i will try with an alternative software
<gobbe> Chrystopher: how did you do the stick?
<Chrystopher> on windows with universal-usb-installer-1.8.2.5
<thesheff17> Chrystopher: I load up ubuntu desktop version X and use usb-creator-gtk :-/
<Chrystopher> should i try to format it to make sure ?
<gobbe> Chrystopher: did you select ubuntu from list or other linux?
<thesheff17> Chrystopher: can you link me to the web site you are using for windows I will take a look..
<thesheff17> Chrystopher: yea the usb-creator-gtk you select the iso and the usb drive and click create. :-/
<Chrystopher> i followed the link to download the software form this page : http://www.ubuntu.com/server/get-ubuntu/download
<Chrystopher> it leads to this page: http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
<gobbe> Chrystopher: if you didnt select ubuntu from dropdown but other linux it wont work
<Chrystopher> i will format and start again just to make sure
<Chrystopher> distro i choose is
<Chrystopher> Ubuntu Server 10.04.1 32bit installer
<gobbe> i mean from dropdown of installerÃ¤
<gobbe> i have noticed that if you dont select it from dropdown but select other linux it wont boot, just syslinux appears
<lambda_x> anybody here uses libvirt with kvm? I got problems with virsh restore - 50% of change it will succed, 50% it will hang (it is logged as causing INFO: task kvm:6431 blocked for more than 120 seconds)
<lambda_x> is this problem normal that there is no safe way to restore saved vm?
<[diablo]> afternoon all... anyone running Ubuntu Server with rsyslog being used for centralized logging please?
<gobbe> me
<[diablo]> hi gobbe
<[diablo]> gobbe, did you go with RELP, TCP or UDP, etc please?
<gobbe> with syslog?
<[diablo]> yep
<[diablo]> well, rsyslog
<gobbe> http://www.google.fi/url?sa=t&source=web&cd=1&ved=0CBkQFjAA&url=http%3A%2F%2Fwww.ubuntu.com%2Fsystem%2Ffiles%2FCentralLogging-v4-20090901-03.pdf&rct=j&q=ubuntu%20rsyslog&ei=gOs2TbyeGcqfOpvI4JgE&usg=AFQjCNEL3sc8W3FDTyyFUyG4alXFQP8o2w
<gobbe> uuh
<gobbe> sorry
<gobbe> but however, that's pdf for rsyslog, quite good howto
<gobbe> i'm doing with
<gobbe> TCP
<[diablo]> yeah I am looking at that atm
<gobbe> RELP would be good also
<[diablo]> yep
<[diablo]> thats what interests me atm
<[diablo]> RELP
<doko_> SpamapS: did you test the eglibc/upstart fix for maverick and lucid too?
<Fidelix> Hello guys. For a big files download server, what's the most important part for being able to handle big traffic? CPU? RAM?
<EvilPhoenix> Fidelix:  extremely high bandwidth limits, CPU, RAM, hard disk space, etc.
<Fidelix> EvilPhoenix, but what does the webserver (nginx) use the most? CPU or RAM?
<Fidelix> I've got space and I've got bandwidth. I'm concerned about the speed though
<Fidelix> And being able to support all requests
<gobbe> fast disks is also quite important
<gobbe> so if you have lots of downloads disk-io is critical also
<Fidelix> gobbe, good point...
<Fidelix> But what I'm really concerned is if CPU is critical for this. I've got a relatively cheap server, and all its specs are good, except for the CPU.
<gobbe> i would say that cpu isn't so critical
<andreasf> Fidelix: I have a file server that has delivered about 5.5 million images today. CPU is not an issue on that box.
 * zul grumbles
<Fidelix> This is golden information. Thank you very much gobbe, andreasf
<andreasf> Fidelix: No problem :-)
<Fidelix> andreasf, what web server do you use to serve these images?
 * andreserl Morning!!
<andreasf> Fidelix: Apache, actually.
<Fidelix> andreasf, well, that's surprising. Are you using a reverse proxy? Serving files through x-filesend ?
<andreasf> Fidelix: You might consider putting av caching server in front of your web server. Varnish, for instance.
<Fidelix> andreasf, is that what you do? And does varnish help for big files? (by big, i mean, 60MB +
<andreasf> Fidelix: This particular server does not use a reverse proxy / cache, just Apache. If you use a Varnish server, images will be delivered from RAM, not disk.
<andreasf> Fidelix: Well, after they have been fetched from the backend.
<patdk-wk> heh, I totally don't get that
<Fidelix> andreasf, that would be a good idea for small files i believe. But not for big files
<patdk-wk> wouldn't just putting more ram into the apache server do the same, havine more cache ram
<andreasf> Fidelix: Depends on how much ram you have :-)
<Fidelix> andreasf, 32GB
<andreasf> Fidelix: You can configure Apache or Varnish to keep objects (images) in the cache for a specified amount of time, for instance 10 seconds or 10 hours.
<Fidelix> But there are  a lot of big files. They would fill 32GB in a second
<[diablo]> anyone know how to rsyslog to RELP? TCP and UDP are @ and @@ ... find no info on what clients use for RELP
<andreasf> Fidelix: Have a look here: http://www.varnish-cache.org/docs/2.1/
<hallyn> is anyone here running a maverick desktop with virt-manager?
<andreserl> hallyn: i am
<andreserl> hallyn: you mean virt-manager in maverick or a maverick dekstop VM with virt-manager?
<gobbe> hallyn: this is server-channel, so desktop discussion should be on #ubuntu
<andreserl> lol
<ahs3> hallyn: i am, too
<milligan> When I receive messages in pidgin,  the message pops up in the top right corner unless the chat is active. How can I disable that ?
<Pici> milligan: Have you asked in #ubuntu ? #ubuntu-server is really for Server questions (cli).
<milligan> alright - my bad :)
<Pici> :)
<SpamapS> doko_: no I have not tested it on lucid or maverick yet.
<doko_> SpamapS: could you do this? I prepared uploads. Maybe I should upload these to a PPA first
<hallyn> gr, started a vm-clone before remembering the nbd hang in current kernel.  now i have to reboot.
<SpamapS> doko_: Yes I'll test in the next 2 hours in VMs.
<SpamapS> doko_: and thanks!
<SpamapS> doko_: if you were to upload yours to a ppa, that would certainly make it easier for me to do that testing.
<doko_> SpamapS: will take more than 2h to build
<SpamapS> doko_: do you have a branch I can just branch/bzr bd ?
<doko_> SpamapS: so if you have a faster machine, I can point you to the sources instead
<doko_> SpamapS: no
<SpamapS> doko_: right.. eglibc... since we're just changing the maintainer scripts.. does it allow building with nocheck?
<SpamapS> I think it takes my machine about an hour to build eglibc
<doko_> SpamapS: yes
<SpamapS> doko_: ok well if you can point me to the eglibc and upstart sources I'll start the build before I have to run an errand that will take about an hour. :)
<doko_> SpamapS: see chinstrap:~doko
<robbiew> kirkland: nice interview....and nice props to the team ;)
<robbiew> http://www.talkincloud.com/ubuntu-server-and-the-cloud-notes-from-a-developer/
<kirkland> robbiew: thanks, this author did a good job recapping the interview
<kirkland> (seems like too often an article like this gets it all wrong -- not the case here!)
<robbiew> yeah...and sometimes they spin it completely wrong...glad that didn't happen
<robbiew> whew!
<SpamapS> doko_: sorry I don't know how chinstrap works.. help?
<doko_> SpamapS: copied to http://people.canonical.com/~doko/tmp/
<SpamapS> doko_: ack, building
<doko_> SpamapS: not the ~ppa version
<zul> Daviey SpamapS: so the cobbler "pristine" source doesnt use the Makefile so i been scrambling a bit more
<SpamapS> doko_: right, 2.11.1-0ubuntu7.8 is building now in a lucid chroot
<andreserl> kirkland: howdy!! Should I create a new powernap-common package that installs the class that manages the config, plus the Monitors? (not that powernapd daemon instantiates this class)
<elb0w> Are there cloud AMI's for 10.10
<SpamapS> elb0w: http://uec-images.ubuntu.com/maverick/current/
<elb0w> ty
<kirkland> andreserl: yes, definitely
<kirkland> andreserl: also, let's bump the version to 2.x
<kirkland> andreserl: these are significant new features
<andreserl> kirkland: ok cool :)
<andreserl> kirkland: will finish updating the manpages then. But if you wanna test before I finish, go ahead since the packaging has already been updated to install the new stuff
<kirkland> andreserl: cool
<zul> SpamapS Daviey: ok uploaded again
<knixy> hello
<knixy> I am trying to install avamar agento on my ubuntu server.  It is asking for libcap1 which I cannot find in apt-get.  Any thoughts?
<knixy> says libcap1 is not available.  Package libcap1 has no installation candidate?
<RoyK> hi all. I have an ubuntu server that seems to be in trouble - it restarted twice today without anything useful in the logs except two lines that I don't understand http://pastebin.com/yALsFcYE
<gobbe> knixy: libcap2 - support for getting/setting POSIX.1e capabilities
<RoyK> knixy: iirc libcap2 is the one used on ubuntu
<gobbe> knixy: libcap1 is quite old
<knixy> ok, let me try again
<RoyK> knixy: if avamar needs libcap1, I guess finding a pre-built lib somewhere is the way to go
 * SpamapS returns
<SpamapS> hmm.. eglibc still building
 * RoyK flees
 * SpamapS pursues
<gobbe> RoyK: are you running proprietary display drivers?-)
<hggdh> JamesPage: it seems d-i changed again
<knixy> this is what I get when I try to install the avamar deb
<RoyK> gobbe: just 10.04 server - no fancy stuff except for those two 8-core CPUs and 64gigs of memory
<JamesPage> hggdh: whats the impact?
<knixy> http://pastebin.com/wFtuRGw6
<hggdh> JamesPage: all tests failed; running one local I see d-i stopping and asking about what type of partition I want (Sun, msdos, AIX, etc)
<gobbe> RoyK: ok, kernel taint happens usually with weird drivers :)
<gobbe> RoyK: have you run memory checks?
<RoyK> knixy: unless there's a lot of data or specific services, I would recommend using nfs for this one
<hggdh> JamesPage: it seems my saving of d-i log is now functional (see http://204.236.234.12/job/AKT-DBench/25/artifact/25/test-results/)
<RoyK> gobbe: not yet - I'm not at the office - but I just can't beleive I get those taint messages now - nothing's changed
<knixy> RoyK, ok.  Debian is supported for avamar, but ubuntu is not, which makes me sad :p
<RoyK> gobbe: it's basically a compute node...
<RoyK> knixy: it's about time EMC wakes up :)
<knixy> damn right
 * RoyK uses bacula
<gobbe> RoyK: yeah, that's just something, but i have seen several cases where kernel taint's are coming with display or wireless drivers
<JamesPage> hggdh: excellent; looking at the daily tests I think xango3 is suffering from its file permissions issue on the iso images
<knixy> we use avamar on all our servers here, 70+, if I don't get this working, then I have to switch the server to redhat., sigh
<RoyK> gobbe: it should at least have told me which driver was loaded
<hggdh> JamesPage: the change (where the preseed stops) can be seen here: http://pastebin.ubuntu.com/555844/
<RoyK> or _what_ tainted the kernel
<gobbe> RoyK: that's true
<hggdh> JamesPage: yes, I need to grab the current libvirt and rebuild it with the permission patch
 * hggdh goes to get it done
<JamesPage> hggdh: I had some local success on maverick using the /etc/libvirt/qemu.conf settings
<hggdh> JamesPage: setting 'dynamic_ownership=0' ?
<andreserl> mdeslaur: could you please take a look at bug #525287
<uvirtbot> Launchpad bug 525287 in lvm2 "Add support for corosync based clusters in clvm" [High,Confirmed] https://launchpad.net/bugs/525287
<JamesPage> hggdh: yes - I also configured it to run as root
<hggdh> JamesPage: hum. Will try it again -- I remember setting dyn_own to zero, but I do not remember is onwer was root, and it did not work
<mdeslaur> andreserl: please ask someone from the server team...zul?
<zul> nope...foundations i dont want to touch lvm2
<andreserl> mdeslaur: ^^
<andreserl> zul: who do you think I should contact from foundations?
<JamesPage> hggdh: yes - I think that you need the change to root otherwise the normal libvirt account can't access the files r/w
<JamesPage> hggdh: root just trounces everything :-)
<zul> andreserl: colin maybe
<hggdh> JamesPage: All hail root :-)
<knixy> what is the cmd to find out how to remove avamar?
<hggdh> trying now
<hggdh> JamesPage: I will try to zero in this debian-installer change
<gobbe> knixy: apt-get remove?
<mdeslaur> zul: this would be clustering...who on the server team does clustering?
<JamesPage> hggdh: of course I would never recommend doing this on a piece of production infrastructure but hey - its my laptop :-)
<andreserl> mdeslaur: me!!
<andreserl> zul: ok thanks
<knixy> gobbe, im not sure the whole name.  isnt there a grep cmd to find out the exact name of it?
<hggdh> JamesPage: exactly my view ;-)
<mdeslaur> andreserl: hehe, sorry about that :)
<andreserl> mdeslaur: no probs :) just changed nicks btw, I'm RoAkSoAx :)
<JamesPage> hggdh: not sure about the d-i issue; the one test that ran on mercury AM today did pass....
<mdeslaur> andreserl: ah! that would explain my confusion :)
<hggdh> oooohhh andreserl is RoAkSoAx...
 * hggdh jots it down
<andreserl> mdeslaur: yeah... it indeed is confusing and hggdh just proved lol!
<andreserl> hggdh: xD
<hggdh> andreserl: yeah, we should select nicks that anyone can pronounce
 * hggdh disregards the implicit irony of previous statement
<dany123456> buona sera
<dany123456> !list
<ubottu> This is not a file sharing channel (or network); be sure to read the channel topic. If you're looking for information about me, type Â« /msg ubottu !bot Â»
<andreserl> hggdh, lol!! that's why I indeed changed to this nick... though noone ever recognizes me with it lol
<hggdh> heh
<gobbe> knixy: dpkg-query
<knixy> well i fixed it
<knixy> lol, i was alien a redhat rpm to deb
<knixy> so I got the real debian deb, and booom.  installed
<knixy> thanks guys!
<Daviey> zul, hmm.. looking at the get-orig-source stanza, how come you switched back?
<zul> Daviey: because the new get-orig-source generates the pristine tarball
<RoyK> any linux wiz around that might help me understand these? http://pastebin.com/yALsFcYE - it's a server system, no graphics card or anything needing fancy drivers, and it happened during run time, server rebooted half an hour later for reasons unknown.....
<Daviey> zul, Aye, i just wondered if you worked out what was wrong with the other way?
<zul> Daviey: dont know really
<zul> Daviey: im happy with it the way it is now
<SpamapS> zul: do I see that we're actually adding cobbler4j back in?
<zul> SpamapS: er yep
<SpamapS> zul: maybe the cobbler project publishes it with different artifacts?
<zul> SpamapS; nope i checked
<SpamapS> zul: so it just sits in git and rots? :(
<zul> SpamapS: pretty much
<SpamapS> zul: well I'm glad we're including it. :)
<SpamapS> will suggest then that they 1) remove the jar from git, and 2) publish the rest in the sdist.
<patdk-wk> royk, http://fonality.com/trixbox/wiki/kernel-tainted
<RoyK> patdk-wk: I know, but nothing happened on the box except the normal runs during that time - no su/sudo - nothing
<patdk-wk> that page looks to be saying, probably hardware issue
<wizardslovak> hello people
<patdk-wk> but need more logs to know what
<wizardslovak> i just recently installed webmin  , and tried to login with root
<wizardslovak> but now i got "Error - Access denied for 127.0.1.1"
<compdoc> 127.0.1.1?
<compdoc> thats an odd address
<patdk-wk> why? it's perfectly valid
<wizardslovak> well thats error what i got
<patdk-wk> lo by default has a /8 netmask
<compdoc> dont you mean 127.0.0.1 ?
<patdk-wk> so 127.x will work :)
<wizardslovak> man i copied it
<wizardslovak> its 127.0.1.1
<RoyK> patdk-wk: there are no more logs - nothing more than those two lines - but I guess it may be a hardware issue
<patdk-wk> royk, this seems to be the only thing that can cause a hardware issue, that sets taint
<patdk-wk> http://en.wikipedia.org/wiki/Machine_Check_Exception
<cole> andreserl: you are the cluster expert right?
<patdk-wk> dunno :(
<andreserl> cole, I'd not consider myself an expert, but highly knowledgeable, yes :)
<SpamapS> Build needed 01:34:19, 1775336k disc space
 * SpamapS fires up a fresh test VM
<SpamapS> btw, does anybody know how to remove vms from virt-manager?
<SpamapS> kind of annoying that you can create, but not destroy, from it
<hallyn> <shrug> virsh undefine...
<andreserl> cole, what can I help you with?
<thesheff17_> SpamapS: I use virsh
<SpamapS> they're not listed in virsh
<thesheff17_> list --all
<hallyn> SpamapS: right click, delete is an option
<SpamapS> oh thats annoying
<hallyn> why would they not show up?
<thesheff17_> destroy server
<SpamapS> hallyn: its not on mine
<thesheff17_> undefine server
<andreserl> SpamapS, is the VM stopped?
<hallyn> SpamapS: then connect to the one where they are (virsh -c qemu:///etc)
<SpamapS> wait
<SpamapS> now it is
<SpamapS> or maybe it was..
<SpamapS> and my hatred of hiding everything in context menus prevented me from finding it
<andreserl> SpamapS, lol you have to shutdown the VM before being able to delete it  :)
<hallyn> you were doing virsh list --all to show the ones that are down?
<SpamapS> I think I was just being blind
<hallyn> k
<SpamapS> forget everything I've said since "btw, does anybody know how"
<SpamapS> :)
<hallyn> i'm good at amnesia
<andreserl> SpamapS, Dallas left you blind man? Too much golden hair xD
<Daviey> !
 * SpamapS still seeing Stars after two nights near the Lemon Bar ;)
<andreserl> SpamapS, +1
<cole> andreserl: would there be any value in adding crm to keepalive pkg or does it only talk to services provided by pacemaker?
<cole> andreserl: poorly stated, obviously meant adding crm deb as a dep for keepalive
<hallyn> jdstrand: i'm trynig to reproduce your kvm instability on ecryptfs, fwiw.  (no luck yet, but trying)
<andreserl> cole, pacemaker and keepalived are two totally different things. In fact, keepalived can be seen as some kind of Resource Manager/Messaging layer, such as would pacemaker/corosync or pacemaker/heartbeat are
<jiboumans> smoser: this is quite awesome: http://ubuntu-smoser.blogspot.com/2011/01/failsafe-and-manual-management-of.html
<jiboumans> also, hi folks
<SpamapS> jiboumans: o/
<smoser> its less valuable than it used to be. if you're using ebs root, catastrophe can be fixed.
<jiboumans> smoser: the awesomeness is in the upgrades + failsafe together
<RoAkSoAx> jiboumans: o/
<jiboumans> smoser: <insert desire for this feature on lucid here>
<smoser> its there, almost.
<smoser> did you see that ?
<jiboumans> RoAkSoAx: hey, and belated congrats
<jiboumans> smoser: not in details
<smoser> the latest images can be launched with grub-pv kernel, they just don't do it by default.
<jiboumans> nice
<jiboumans> where can i RTFM?
<smoser> and the latest dailies use it by default.
<smoser> really only i my release announcement
<smoser> <jiboumans> smoser: the awesomeness is in the
<smoser> oops
<smoser> https://lists.ubuntu.com/archives/ubuntu-cloud/2010-December/000466.html
<smoser> paste fail
<jiboumans> smoser: awesome. safe enough to launch a production service with you reckon?
<RoAkSoAx> jiboumans: thank you!!
<wizardslovak> what are you guys using for web interface?
<wizardslovak> like webmin
<wizardslovak> is there anything else?
<knixy> maudI use that
<smoser> jiboumans, yeah, its solid. i would recommend using the pv-grub kernels.
<knixy> sorry, i use webmin
<wizardslovak> just curious
<jiboumans> smoser: nice. are you switching default aki's at some point you think?
<smoser> the idea is to do that in next round.. the dailies do it now.
<hallyn> jdstrand: oh, but i'm NOT using encrypted filenames.  you're using ext4 right?
<jdstrand> hallyn: I am using ext3 for /home, with encrypted home
<jiboumans> smoser: looking forward to it.. it's an awesome feature for us and i'm sure for many more folks on aws
<jiboumans> smoser++
<hallyn> jdstrand: d'oh, i'm testing ext4, but that likely won't matter.  but are you using encrypted filenames?
<jdstrand> hallyn: I am
<hallyn> jdstrand: hm, well all 3 vm's appear to be hung.  i didn't witness any segfaults, but they won't budge
<jdstrand> hallyn: try logging into a console
<jdstrand> hallyn: I saw something similar, and logging into a console and trying to run some commands showed things were really wrong
<hallyn> jdstrand: i had previously installed ubuntu-desktop, which is also hung
<jdstrand> hallyn: it could just be networking-- I've seen it as somewhat flaky occassionally
 * jdstrand wonders if it is virtio net...
<hallyn> but gdm is hung in all 3, so i can't log in
<jdstrand> hallyn: I meant on tty1
<hallyn> right but i can't get to tty1
<jdstrand> hallyn: but gdm hung is definitely interesting
<hallyn> well no, not gdm per se,
<hallyn> the whoel vnc session
<hallyn> so having gvncviewer send ctrl-alt-f1 does nothing either
<jdstrand> hallyn: I see. can you disconnect the vnc and reconnect? what about sshing in?
<hallyn> no route to host - but i was ssh'd in when they hung
<hallyn> i had been disconnected from vnc, so each time i'm reconnecting
<hallyn> hm,
<hallyn> i'm out of space on the ecryptfs partition (8K to spare)
<hallyn> drat
<jdstrand> ah
<jdstrand> that could do it
<jdstrand> I was always able to vnc, fwiw
<hallyn> yeah, which means i haven't reproduced your bug :(
<hallyn> lunchtime.   will try again later.  i guess with just two vms :)
<jdstrand> heh
<RoAkSoAx> kirkland: done! Everything should be fine now at the branch :). Almost ready to release
<wizardslovak> weird
<wizardslovak> i just installed new system with lamp and ssh
<wizardslovak> and i cant start mysql
<wizardslovak> cant start it from webmin not terminal
<Fidelix> wizardslovak, have you checked the logs?
<wizardslovak> "Rather than invoking init scripts through /etc/init.d, use the service(8)
<wizardslovak> utility, e.g. service mysql start
<wizardslovak> Since the script you are attempting to invoke has been converted to an
<wizardslovak> Upstart job, you may also use the start(8) utility, e.g. start mysql
<wizardslovak> start: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
<wizardslovak> "
<Fidelix> wizardslovak, I'd really like to know how you managed to remove this socket, or to misconfigure mysql's socket.
<wizardslovak> man i just installed userver in virtual box , changed ip to static and installed webmin
<wizardslovak> thats it , didnt even touch mysql
 * RoAkSoAx might have to Update RHCS to latest release and keep delta with Debian
<zul> SpamapS: around?
<wizardslovak> Fidelix, and i cant find help online
<Fidelix> wizardslovak, I'm also not sure how to help you. If you just installed mysql and webmin, it should've worked.
<wizardslovak> well hour ago i installed same think on other pc and it worked so i am pretty suprissed
<SpamapS> zul: yeah wassup?
<zul> SpamapS: so i was looking at the mysql bugs and a lot of them are fixed in newer versions of mysql but we are still using 5.1.49
<zul> SpamapS: so i was thinking of updating to latest and greatest so we can close a whole bunch of them, but for natty+1 we move to mysql 5.5
<zul> what state is your package in?
<SpamapS> zul: I just uploaded 5.5 to my PPA. :)
<SpamapS> zul: like, 30 minutes before you said "around" ;)
<zul> url?
<zul> its my esp
<SpamapS> https://launchpad.net/~clint-fewbar/+archive/fixes/+sourcepub/1448330/+listing-archive-extra
<SpamapS> hrm a test may have failed on the amd64 build.. doh
<ignarps> does anyone know about this bug and why it does not seem to be getting any attention ?  bug 683640 in lsb scripts
<uvirtbot> Launchpad bug 683640 in spamassassin "status_of_proc is returning incorrect error code" [Undecided,Invalid] https://launchpad.net/bugs/683640
<ignarps> same issue effects #702159
<RoyK> erm.... just started boinc on this server - top shows 75% load per core, but sar shows 100%
<wizardslovak>  Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
<wizardslovak> anyone ?
<Fidelix> wizardslovak, if i were in your position, I'd just reinstall ubuntu. I'm not telling you to do that, just what I'd do.
<wizardslovak> hmmm
<tsimpson> I'd just start the dbus service
<wizardslovak> tsimpson, and what would be command for that?
<tsimpson> wizardslovak: try "sudo /etc/init.d/dbus start" assuming you have dbus installed
<wizardslovak> command not found
<wizardslovak> installing it now
<wizardslovak> same error
<zul> jdstrand: thanks for accepting cobbler
<RoAkSoAx> \o/ cobbler!!
<jdstrand> sure :)
<SpamapS> w00000t cobbler uploaded!
<\sh> cobbler is using kickstart in the background, right?
<SpamapS> it can, but we added some preseed files :)
<SpamapS> it will feed back whatever the template contains when the client makes a request.
<\sh> so kickstart or preseeding...which means for debian/ubuntu/redhat/opensuse mostly use the installer automation
<\sh> how does cobbler handle problems during kernel network boot with ipconfig?
<SpamapS> \sh: it really doesn't know about them.
<binBASH> Hi \sh
<SpamapS> \sh: I believe it disables auto-install once the preseed/kickstart have been requested once though.
<binBASH> Hope your nightly admining session went fine ;)
<\sh> SpamapS: the problem is not the installation, but the "how do I get my packages without having ip connectivity" which comes first .. mostly when you are telling the kernel to dhcp on your dhcp /pxe enabled interfaces...just asking, because most of the problems with automating linux installs is during kernel boottime (means jumping into initramfs + doing ipconfig dhcp magic)
<\sh> binBASH: see blog :)
<\sh> binBASH: yes...success :)
<SpamapS> \sh: cobbler doesn't get in the way of the OS auto install.. it just feeds it configurations.
<\sh> SpamapS: ok..so you can't overcome the problems without tweaking your underlaying OS (which means, replace some boot initrds of your installation media, e..g which is inside the netboot image of debian/ubuntu)
<\sh> add "easily" here ;)
<thesheff17_> \sh https://www.frackingtubes.com/wiki/index.php/Ubuntu_preseed.cfg_installs_off_PXE_Boot is a how to I did for preseed and 10.04
<binBASH> dc2? :)
<\sh> thesheff17_: what NICs?
<\sh> s/what/which/
<SpamapS> \sh: baby steps. We just added a provisioning system which allows large scale orchestration of network installations, and works for the common case. It sounds to me like you're talking about edge cases.
<\sh> SpamapS: I wonder if Flex10 Fabrics are edge cases...ask HP how many G7 blade servers they were selling in 2010 and are selling in 2011  ;)
<SpamapS> \sh: Whats so special about them that they can't use normal network semantics?
<\sh> SpamapS: they can...but ipconfig doesn't work with them properly, whysoever...I had a lot of problems..and checking google, many users of those NICs do have problems too
<\sh> SpamapS: replacing ipconfig with udhcpd helped here...but I wonder if it's easily done without tweaking the netboot image
<SpamapS> \sh: if its not in the upstream kernel yet.. its highly likely either a) companies like Canonical and/or RedHat have to be paid to integrate these things, or b) its not going to happen.
<SpamapS> \sh: and even if it is popular, I consider new hardware (meaning, created in the last 12 months) as an edge case.
<\sh> SpamapS: be2net / be2scsi are upstream, but the problem here is ipconfig (eventually not working nicely with cisco iphelper or something like that)
<SpamapS> I think its pretty crazy that end users would ever need to tweak their netboot imags!
<SpamapS> images even
<SpamapS> btw, cobbler imports the whole CD onto disk.. you have the option to tweak the netboot image at that point.
<SpamapS> But, yeah, not easily.
<\sh> SpamapS: yeah...loop mount the iso...unzip the initrd, uncpio the resulting file, and re-configure initramfs ;)
<\sh> SpamapS: it's actually easy when you know how...but I don't think that the normal user will ever netboot linux, only crazy admins ;)
<zul> oops...did i open a can of words
 * patdk-wk blames the netsplit on zul
<slicslak> hey, i have a really slow running box
<slicslak> i can't even get top to come up
<patdk-wk> check swap :)
<slicslak> i would like to find out the culprit, any advice on juist getting the top 3 proc consuming processes?
<thesheff17_> slicslak: are the drives full df -h ?
<patdk-wk> you can't find the culprit, till you know what is wrong
<slicslak> drive space is looking fine
<patdk-wk> and slow, isn't that is wrong, it's the result of what is wrong
<slicslak> <nod>  patdk-wk how do you check swap?
<patdk-wk> free -m
<patdk-wk> vmstat 10
<RoyK> top
<patdk-wk> I never liked it in top :)
<slicslak> ya, of course, free.  ya, swap is fine
<RoyK> slicslak: install sysstat, enable it, and you'll get performance data logged every 15 minutes or whatever you set it to
<slicslak> RoyK, i'll check that out
<RoyK> the important thing isn't the amount of swap used
<slicslak> mmm, everything is fine again now.  wierd.
<slicslak> RoyK, oh?
<patdk-wk> it's how much is going out, how often :)
<RoyK> indeed
<patdk-wk> why I like to watch it with vmstat
<RoyK> slicslak: for some systems, setting vm.swappiness = 100 can be very good
<slicslak> right, so use vmstat and watch the io col
<RoyK> if some applications allocate a bunch of memory not used much, swap is good
<patdk-wk> well, for swap, si so
<RoyK> slicslak: I'd recommend sysstat/sar
<patdk-wk> for disk usage, bi bo
<RoyK> that logs perf data over time
 * patdk-wk uses munin for that
<RoyK> well, sar is a bit simpler
<patdk-wk> most of these type of issues don't last long enough though to cause 5/15min averages to jump
<RoyK> no need for a fancy gui if you just want the data :P
<patdk-wk> never used sar before :)
<RoyK> it's simple, logs the data, and you can get all sorts of goodies out of it
<uvirtbot> New bug: #655548 in ocfs2-tools (main) "ocfs2console fails with python errors" [Medium,Triaged] https://launchpad.net/bugs/655548
<wizardslovak> mysql hostname is hostname of server right?
<Pici> Wherever mysqld is running.
<wizardslovak> is there any gui client to copy files from desktop to userver?
<wizardslovak> i am using xubuntu
<jMCg> Hey folks. I'm looking for a way to set persistently the group permissions on a disk to the webserver user, who'll be using these devices (raw) as cache.
<jMCg> I was thinking that'll be doable in udev, but I'm not fluent in udev.
<nishttal2> Hi guys, one of our servers running Ubuntu 10.10 rebooted around 50 mins ago.. how do I investigate why that happened
<jMCg> nishttal2: syslog.
<jMCg> Check your crash-dump!
<nishttal2> jMCg, how do i check that?
<jMCg> nishttal2: less /var/log/syslog
<nishttal2> jMCg, http://www.fpaste.org/XC0d/ in syslog
<nishttal2> jMCg, what should i look for
<nishttal2> jMCg, i dont see anything here that stands out
<qman__> nishttal2, you should look for things that happened around the time of the crash
<nishttal2> jMCg, qman__ : http://www.fpaste.org/9YwA/ is the messages
<qman__> nishttal2, nothing of interest there, all normal in a reboot situation
<nishttal2> qman__, yeah but question is why did it reboot :-/
<nishttal2> qman__, do you think it was power failure?
<qman__> power outage or hardware failure is most likely
<nishttal2> qman__, hardware failure ..ouch!!!
<qman__> software issues usually leave evidence behind
<nishttal2> qman__, and thre is no way to check for hardware failure?
<qman__> there are tests you can run but they're not definitive
<nishttal2> qman__, i see.. thanks
<qman__> if the problem persists with no other explanation, assume that
<nishttal2> ok
<qman__> if it's not on UPS or you have people working near the power cord, power loss is just as likely
<fbc_> How do I install the HTML DOM Parser libs?
<jMCg> fbc_: apt-cache search something.. apt(-get|itude) install whatever...
 * Datz wonders if there is a package "whatever" by chance
<jMCg> ad udev: I suppose something like  ENV{ID_PATH}=="pci-0000:00:01.1-scsi-1:0:0:0" (With the right id) might work.. but the problem is does /dev/sdc7 have such an ID?
<wizardslovak> how do i check if i have ftp installed on server?
<wizardslovak> i installed wordpress and i need to install few plugins
<wizardslovak> it asks me for hostname username and password
<wizardslovak> and still cant connect to it
<hallyn> wizardslovak: you could 'dpkg -l | grep ftp' to see if the package is installed
<wizardslovak> dpkg -l | grep ftp
<wizardslovak> ii  ftp                                   0.17-19build1                                   The FTP client
<wizardslovak> ii  lftp                                  4.0.2-1ubuntu0.1                                Sophisticated command-line FTP/HTTP client programs
<wizardslovak> hostname i should use my wan server ip ?
<uvirtbot> New bug: #596993 in cloud-init (main) "hostname handling needs improvement for elastic-ip and ebs start-stop" [Medium,Fix released] https://launchpad.net/bugs/596993
<RoyK> wizardslovak: just install vsftpd - best thing there is
<wizardslovak> thank you
<kirkland> marrusl: yo
<stiv2k> help, i set up gitosis but i'm locked out of it
<stiv2k> how can I check out the gitosis-admin repo as the gitosis user to fix it?
 * hallyn humbly suggests that apport hook for bind9 should append 'grep named /var/log/syslog' to bugs
<hallyn> is there a reason not to do that?  too dangerous privacy-wise?
<wizardslovak> i got blog setup on web.com/blog but i want blog to be seeing when people will go to web.com
<wizardslovak> i gotta change it in apache right?
<doko_> zul: ping
<doko_> zul: irqbalance: debian/rules still includes quilt.mk and ftbfs
<wizardslovak> i am getting this error
<wizardslovak> Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
<RoAkSoAx> Anyone experiencing issues similar to "E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/h/heartbeat/libheartbeat2_3.0.4-1ubuntu1_amd64.deb: Size mismatch"  in pbuilders?
<wizardslovak> how to point apache to read index.php insted of index.html
<wizardslovak> now thats weird
<soren> wizardslovak: It does so automatically.
<froek> I'm getting a euca-register connection refused when trying to download images.. any hints?
<uvirtbot> New bug: #641504 in cloud-init (main) "cloud-init should support additional multi-part format" [Medium,Triaged] https://launchpad.net/bugs/641504
<juven> hi
<Tellmarch> hi, which is better to use with tomcat in ubuntu 10.04LTS, the open-jre or sun-jre?
<juven> can someone give me some adcie
<juven> i have 10.10 and want some kind of gui so i installed the gui version
<juven> and i want remote access
<juven> how can i set remote access on ubuntu 10.10 desktop when i am logged in a root
<juven> they say that it should be under the system tab but dont see it
<juven> 1 quick dumb question, i have ubuntu 10.10 enterprise server i am able to login to ubuntu enterprise cloud web but how do i install vm in it
<juven> i am a big
<juven> newbie*
<RoyK> http://www.b3tards.com/u/d81a83cf6d5a93144ba7/usb_laptop_self-charger_cable.jpg
<jMCg> juven: then you shouldn't be running Enterprise Servers.
<Tellmarch> jMCg, what a stupid answer that is.
<juven> so this is another stupid question :D why cant the cloud servers run vm
<juven> is there like other help sites i can read things from
<geekbri> juven: did you try the ubuntu help site?
<juven> yeaa
<juven> i couldnt get anything only information they have is to download xen server
<geekbri> juven: what exactly are you trying to do, are you using amazon EC2? im a bit confused but it seems like you want to install a VM server into a cloud server... which seems a bit unnecessary since if youre using ec2 you can just spin up new cloud servers cheaply
<juven> ok i am actually in the learning phase so i bought a server and installed ubuntu 10.10 cloud
<geekbri> well if you own one server, why not install ubuntu 10.04 LTS
<juven> and what i want to do is learn the whole linux system as i want to get certified :)
<juven> bc the place i am working for they are moving to cloud
<juven> so trying to learn
<geekbri> juven: install ubuntu 10.04 onto that server, sign up for an amazon AWS account and get an EC2 account if you want to learn how to install things onto a cloud server.
<RoyK> juven: I don't know any certification programs for ubuntu yet, but I'm sure you'll find some if you check canonical's pages
<zul> doko: right ill get to it tonight
<juven> no i meant general certification like linux+ but b4 that i want to learn about cloud with linux
<geekbri> juven: you are all sorts of confused my friend.  just install ubuntu 10.04 LTS onto that physical server ou bought and worry about EC2 after you figure out how to do that
<geekbri> am i being trolled?
<juven> i know about vm already but just one quick question so from the cloud server how do i install like regular server
<geekbri> juven: that depends on what cloud service you are using. If you are using ec2 you can use google.com and find plenty of articles on how to spin up an ubuntu EC2 instance of your own.
<juven> ok thx if i have any question please help me but thx alot though i will do some self research on ec2
<RoyK> http://www.b3tards.com/u/d81a83cf6d5a93144ba7/usb_laptop_self-charger_cable.jpg
<twb> My lucid router serves NTP to downstream networks.  Occasionally (ref hourly samples: http://paste.debian.net/105104/), the jitter goes through the roof.  Why?
 * RoyK blames solar output
#ubuntu-server 2011-01-20
<fbc_> after installing php5-curl my server still won't execute curl statements in my PHP
<fbc_> any ideas why?
<Tellmarch> did you restart it? '^^
<fbc_> Tellmarch, yeah
<Tellmarch> maybe there is some module to enable with a2enmod? truth is i don't even know what is curl :p
<fbc_> Tellmarch, hmm let me check
<TheRealJeanLuc> Hey, I'm having a bit of an issue with Ubuntu 10.10 Server (32-bit). I'd like to install the ubuntu-desktop package, but when I run 'sudo apt-get install ubuntu-desktop' I'm told that the package could not be found. When I run 'sudo apt-get update' it takes  VERY long time, but ultimately only "Ign" and a couple of "Err" lines are listed
<pmatulis> TheRealJeanLuc: pastebin your sources.list file
<fbc_> TheRealJeanLuc,  does the server have an internet connection?
<pmatulis> TheRealJeanLuc: and, yes, you need an internet connection
<fbc_> TheRealJeanLuc,  if you ssh into the server and type "ping yahoo.com" do you get replies?
<twb> Bah, you should test against example.net
<fbc_> Tellmarch, doesn't look like there are any curl related modules to enable with a2enmod.
<Tellmarch> sorry, don't know what can be missing then '^^
<TheRealJeanLuc> here's the sources.list:
<TheRealJeanLuc> http://www.texticle.us/9/
<TheRealJeanLuc> I can't ping out due to campus network security restrictions (that's normal), but I can ping devices on-campus
<TheRealJeanLuc> there's definitely an internet connection, I can wget files on the internet fine
<pmatulis> testicle?
<Tellmarch> can you paste the result of the sudo apt-get update?
<Tellmarch> maybe not if it's VERY long time;.. :p
<TheRealJeanLuc> I would paste the result, but I've let it run for about a half hour without it finishing (which I'm sure is due to the same problem)
<twb> pmatulis: OBVIOUSLY you're meant to read it "Text Icleus"
<Tellmarch> do you at least get a few lines fast enough?
<twb> Boy, that pastebin is dumb.  It puts all the line numbers first, then has all the lines underneath
<TheRealJeanLuc> Tellmarch, I do. a Get, two Ign, a Get, and then it goes in to the long series of ignores
<Tellmarch> just ignores, no errors?
<TheRealJeanLuc> just ignores.
<Tellmarch> strange.
<TheRealJeanLuc> when I let it run for a very long time, I saw a couple of Errs eventually, after probably 30-45 minutes
<TheRealJeanLuc> but not continuous errors, just on occasion
<Tellmarch> Connection failed errors?
<TheRealJeanLuc> yeah.
<Tellmarch> and wget fetch those files without trouble?
<Tellmarch> wget http://archive.ubuntu.com/ubuntu/dists/maverick/Release.gpg
<Tellmarch> for instance?
<TheRealJeanLuc> yeah. it saved fine.
<Tellmarch> straaaaaaaaaange
<TheRealJeanLuc> my first thought was that the repo servers had gone down somehow, but they seem to be working fine
<Tellmarch> must be something wrong in your configs.
<Tellmarch> in /etc/apt/apt.conf or something
<TheRealJeanLuc> I don't know apt well enough to know if this is normal, but in /etc/apt I have no apt.conf, just an apt.conf.d with a few files with some individual configuration blocks
<Tellmarch> ye that's normal
<Tellmarch> but "something" must be wrong in it, i don't know what though '^^
<Tellmarch> maybe you can try temporirarly to just move the apt.conf.d folder to apt.conf.d.back, create an empty apt.conf.d or something and try the apt-get update...
<Tellmarch> or i just don't know :p
<TheRealJeanLuc> hahah. k. it's a really weird problem, particularly odd since this is a fresh install. I'm starting to wonder if the install messed up.
<Tellmarch> if it's a fresh install you can try reinstalling all, it's fast :p
<fbc_> Sounds like you need an open internet connection.. somethign is being filtered.
<TheRealJeanLuc> that's what I was thinking, but when I wget files manually they come through just fine
<TheRealJeanLuc> and the university uses Ubuntu desktop and server heavily, I can't think they wouldn't have noticed if they're network devices are screwing with updates
<TheRealJeanLuc> *their
<fbc_> Not sure if repo fetched are UDP or not..
<fbc_> WGET I'm pretty sure is TCP.
<fbc_> Kinda like a triviaftp which is why they are blocked.
<fbc_> maybe...
<fbc_> I know that you can try switching your repos from http to ftp and see it that helps.
<TheRealJeanLuc> I'll give that a shot. thanks for the tip.
<Tellmarch> i'm no expert, but there is a lot of tcp traffic when i do apt-get update. so looks like tcp to me...
<Tellmarch> but yeah you can try ftp
<Tellmarch> though usually http has more chance of going through than ftp...
<TheRealJeanLuc> well, I at least know that I can FTP out (from this machine, even)
<TheRealJeanLuc> huh. that had mixed results. it started out with a bunch of error lines, but it appears to actually be working despite the errors.
<fbc_> +1 for me
<bcessa> hi there, is there a channel where I can ask specific questions about running an ubuntu server on the cloud, particularlly using aws?
<erichammond> bcessa: You might try #ubuntu-cloud or ##aws
<bcessa> erichammond: thnx, I'll do that
<fluvvell> What do the processes ksoftirqd/n and watchdog/n and migration/n  provide in the 10.04 server installations ?
<fluvvell> I have 7 such groups run by root.
<jmarsden> 7 is a little odd.  One per CPU core is usual.  Are you sure you don't have 8?
<fluvvell> jmarsden, to be clear I should have noted 0-7 ie 8 groups ;-)
<jmarsden> fluvvell: I don't know exactly what these processes/tasks do, but they are normal in Ubuntu, desktop or server.
<jmarsden> On my quadcore desktop here I see 0-3...
<fluvvell> jmarsden, i must have two quadcore cpus in this ibm System x3100 M3-4253D2X   - I hadn't really noted properly when I installed it.
<jmarsden> fluvvell: grep ^processor /proc/cpuinfo   # will confirm that
<twb> grep -c, even?
<fluvvell> Count shows 8.  Pleasing, but a little disturbing, Its displaying some slowness for win clients accessing samba, thought I'd configured it the same as its predecessor,
<fluvvell> Not much good when the new server appears to run slower than the old.
<jmarsden> fluvvell: Time to tune it.  Meanwhile, http://www.tin.org/bin/man.cgi?section=9&topic=ksoftirqd has info on what ksoftirqd is.
<jmarsden> http://linux.die.net/man/8/watchdog  # has info on watchdog
<jmarsden> The samba docs include a chapter (45) on performance tuning, might be worth exploring for your slowness issue: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/speed.html
<twb> So guess what I just discovered
<twb> Purging ufw from lucid causes it to disable the firewall -- EVEN IF ufw wasn't involved in firewalling
<twb> This is especially great when I happen to be removing ufw from a chroot, on a production server running AT A PRISON
<jmarsden> Grin!  This is why we should do our learning and trying out new things on a test machine in a safe and controlled environment... I don't think a live production server in a prison counts as a "safe and controlled environment" :)
<fluvvell> jmarsden, thanks - reading it now - urr once samba.org wakes up!
<jmarsden> fluvvell: You're welcome
<twb> jmarsden: well, yes, we did test things
<twb> jmarsden: but you tend not to notice when the firewall falls into "allow all" mode on the test box, or you just assume it was one of the other idiot devs that did it
<fluvvell> urk, ufw is installed by default! I never noticed that when I installed shorewall
<twb> fluvvell: it's installed but not enabled
<twb> fluvvell: BUT, purging it doesn't check whether it's enabled first
<twb> IMO its postrm should say "am I enabled?  If not, leave the firewall the hell alone"
<jetole> Hey guys. I don't know if this is off topic or not but I am not getting much help in #ubuntu. I have many servers. I also just installed ubuntu 10.10 to my workstation at the office. I did ssh-keygen and created a passphrase-less key. I copied this key to the server (either through ssh-copy-id or manually editing the authorized_keys file). I am being prompted for a passphrase for my key. Whatever this pass phrase is supposed to be, I don't know it. ...
<jetole> ... doing ssh -v shows that this happens after we send the key to the server once already. Does anyone know what the hell is going on?
<gobbe> if it asks passphrase it seems that you gave passphrase during key-generation?
<gobbe> or did you just press enter when it asked passphrase?
<_ruben> !jaunty
<ubottu> Ubuntu 9.04 (Jaunty Jackalope) was the tenth release of Ubuntu. End Of Life: October 23, 2010. See !eol and !upgrade for more details.
<jetole> gobbe: I just pressed enter and I have re-created the key probably a dozen times tonight
<_ruben> figured it'd be eol'ed, time to slap some fellow sysadmins
<jmarsden> jetole: Also check which keypair is being used here, do you have another keypair (since you have many servers) that it might be asking for a passphrase for?
<jetole> _ruben: if it's on a server then slap them for installing it in the first place. A server should only have a LTS edition i.e. 6.06, 8.04, 10.04
<jetole> jmarsden: no. This is a new install after a reformat on a work station. I am doing the initial setup for everything. Using ssh -v I can see that it is sending the key to the server, then it asks for a passphrase afterwards like perhaps the server didn't like the key so it's assuming the key is encrypted and then asking
<twb> GRAAH
<jetole> I have completely deleted and re created the ~/.ssh directory tonight and the workstation might as well be new so I don't think it's getting keys from anywhere else
<twb> I just noticed that upgrading ifupdown on my lucid router MADE IT WRONG
<jetole> lemme pastebin something and see if maybe that helps
<twb> To wit: it added an "auto lo" line, when there was already a PERFECTLY GOOD line "allow-auto      lo unmanaged managed sandbox dmz isp0 internode"
<twb> Stupid ubuntu! >>>:-/
<jetole> twb: it happens
<twb> Good thing this headless router didn't *reboot* before I caught the error, otherwise it'd be bricked.
<jetole> and Stupid Ubuntu seems to be a common phrase these days but still better then RHEL/Fedora/CentOS/SuSE
<twb> jetole: yes, but not as good as Debian
<twb> At least they *test* their releases first :P
<jetole> twb: I thought so but debian can't seem to install on lvm on crypt on raid 0 as I just found out since I was going to install debian on this machine
<jetole> I tried 5.07 and 6rc1 and both failed what ubuntu did years ago
<jetole> I was pretty let down
<jmarsden> jetole: pastebin output from an ssh -vv you@server.example.com attempt might reveal something...
<jetole> jmarsden: oh... ok, I was just reviewing an ssh -v in vim but I can redo it with -vv
<twb> jetole: well, Debian 6 is the same vintage as 8.04
<jetole> twb: ok. I don't know if 8.04 handled this but I used this same setup on two other machines except raid1 instead of raid0 since ubuntu 9.10
<jetole> jmarsden: http://pastebin.com/vB9uRnVs
<twb> jetole: There's no Debian equivalent of 9.10
<twb> jetole: the next release (squeeze) will equate to 10.04
<jetole> twb: I didn't know but the rc1 that failed was the next release
<jetole> it was dated 01/12/11
<twb> Oh right
<twb> Did you report the bug?
<jetole> twb: no but I had a thurough conversation with it about both issues with a few people in #debian who can report it
<jetole> I know. poor answer
<twb> jetole: should've used #debian-boot; they're the installer guys
<jetole> jmarsden: see lines 73 and 74 @ http://pastebin.com/vB9uRnVs
<jetole> twb: wish I knew. I really wanted to move to debian because I wanted the rolling releases and I was very let down
<jetole> I hate upgrading ubuntu (which always breaks something) or being stuck with a system that doesn't have the latest packages
<twb> Sounds like you want arch
<jetole> I used debian about a 6 - 8 years ago and was thinking about migrating back but I will have to wait to the next time I reinstall an OS to try again
<jetole> no I don't
<jetole> debian does rolling releases in the testing branch
<jmarsden> jetole: I think lines 77 and 78 are "interesting", and that is where this diverges from my ssh -vv trace...
<jetole> jmarsden: they are very interesting indeed. Don't suppose you know what it means?
<jmarsden> not yet, googling :)
<jetole> jmarsden: I am too. also, does debug1 refer to the first -v and debug2 to the second / -vv ?
<jmarsden> Yes
<jetole> jmarsden: "This is not an error. OpenSSH first tries to read the private key with a no encryption. That fails, so it prompts for a passphrase." http://fixunix.com/ssh/73558-pem_read_privatekey-failed.html
<jetole> jmarsden: I don't have ssh-agent running. Do you think this is the issue?
<jetole> ah nevermind. I am going to test it
<jmarsden> That is a difference between your setup and mine, so sure, test it :)
<jetole> Well that didn't work
<jetole> be back in 10. I need to step out for a smoke quickly
<jmarsden> OK.  Just tested here setting my passphrase to empty (using sshkeygen -p ) and it worked fine.
<jetole> jmarsden: yeah it has always worked fine for me too. I have done this for a long time with empty passphrase ssh key
<jmarsden> If you do it with an actual passphrase for the same workstation and server, does it work fine?
<jmarsden> (in other words, is the zero-length passphrase really the issue here, or is the problem elsewhere?)
<jetole> Got it
<jetole> I don't know what it had to do with what but here are the startup services I initially disabled and just re-enabled now
<jetole> Certificate and Key Storage, Secret Storage Service, SSH Key Agent
<twb> jetole: try with -oBatchMode=yes
<jetole> twb: I got it working by re-enabling those startup applications in gnome
<twb> Sigh
<twb> Flipping gnome crunk
<jetole> Sigh is right. Why should my openssh client be compiled against gnome
<jetole> jmarsden: thanks a ton though for the help
<jmarsden> jetole: No problem, glad you found it.
<jetole> still a little upset because of where I found it
<jetole> but hey, at least it's working
<twb> jetole: it's not, but gnome will be hijacking shit
<twb> jetole: if you didn't run gnome, you wouldn't have any problems at all
<jetole> twb: yeah well I tried kde again for the first time in a while tonight and... meh. Don't feel like going back to xfce, haven't used fluxbox in a decade though I did like it then but it seems pretty minimal still... I don't know
<twb> jetole: no, I mean don't run a GUI
<jetole> and the new ubuntu one.. epiphany, entropy, whats it called
<jetole> oh well yeah
<jetole> then there's that option
<jetole> lol
<twb> What is the point of going through preschool and learning to read and write if you're going to click on things
<jetole> twb: I don't know. The voice recognition on my cell phone is probably more literate then I am
<jetole> heh
<twb> Kids these days
<jetole> twb: what ripe old age are you?
<twb> Yes.
 * jetole rolls eyes
<jetole> I've been using ubuntu for 13 years since I was 13 so I think I have surpassed kid status
<jetole> also took my first programming class, C++ (not C but thank god it wasn't basic) when I was 13
 * jetole wonders what else I want to customize on this workstation
<jetole> hmmmm... considering going back to fluxbox
<jetole> off topic though so never mind
<erwin_wahl> hello
<erwin_wahl> is here anyone active
<erwin_wahl> quit
<shey> Can anyone assist with apache2 setup? php pages will not load. Mods are all enabled... restarted, still no go..
<gobbe> have you followed docs from ubuntu.com?
<shey> all of them.
<gobbe> !lamp
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<shey> I've been reading for hours now..
<gobbe> that one
<shey> giving it a shot now. thx.
<shey> I got all that done already, even userdir works.
<shey> but php pages refuse to load.
<binBASH> moin \sh
<\sh> moins
<sidd_mak> how is ubuntu server different the desktop ??
<Tellmarch> sidd_mak, no graphical interface (in the default installation)
<Tellmarch> and few different options in the kernel
<sidd_mak> Tellmarch : but we can install X on server right
<Tellmarch> yes, it's possible
<Tellmarch> it's the same packages, so...
<Tellmarch> you can have the same as on your desktop
<sidd_mak> Tellmarch : is the kernel enhanced for server
<Tellmarch> yes
<sidd_mak> so desktop n server uses different kernels right??
<Tellmarch> â¢ The Server Edition uses the Deadline I/O scheduler instead of the CFQ scheduler used by the
<Tellmarch> Desktop Edition.
<Tellmarch> â¢ Preemption is turned off in the Server Edition.
<Tellmarch> â¢ The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the Desktop Edition.
<Tellmarch> same kernel, but different options
<sidd_mak> so if preemption is not there so no jobs are preempted n they a processed at once
<Tellmarch> honestly, i don't even know what it means, i'm no specialist of this :p
<Tellmarch> but i trust that it's better for servers :)
<sidd_mak> ok thanx man
<lambda_x> anybody here is using libvirt/kvm? Mine virtual machines hang during virsh save, I need to restart libvirt to get access to them again, virsh resume brings it back - i can access them through vnc but I cannot type, network interface does not answer too
<\sh> zul: your feed aggregation is somehwat broken on p.u.c
<HelpMeSamba> hello everyone, i just updated my karmic koala to lucid and I can't connect to my samba shares anymore can anyone help me please? I've tried unstalling the 3 packages to enable personal file sharing and ticked the share box and i'm still unable to access my samba server shares
<Tellmarch> i'm trying to use rails on ubuntu-server 10.04... should i install the packages of ubuntu for rails etc., or use gem install instead?
<gobbe> i would go with ubuntu-ones if there's no special need to use gem ones
<Tellmarch> well, apparently they aren't exactly up to date... and i can't follow my tutorial because of this...
<Tellmarch> for instance 'rails server' doesn't work.
<Tellmarch> bon ok j'ai trouvÃ© le guide pour la vielle version :p
<Tellmarch> je vais voir si Ã§a suffit Ã  faire tourner l'application que j'ai...
<Tellmarch> ratÃ©.
<ara> hello guys!
<ara> I am trying to install ubuntu server (natty daily) in some servers with preseed, but in most of the systems it is stuck because it asks for a partition table to use
<ara>  could it be that the prior installation (also natty) corrupted the partition table somehow?
<ara>  this is the preseed file that I am using: http://paste.ubuntu.com/556098/
<pmatulis> ara: try to install non-natty
<JamesPage> Hi ara: hggdh spotted this yesterday in the automated server ISO testing.
<binBASH> Hi all, I setup openvpn to accept duplicate cn in certificates. I need some clients to have static ips so I've setup own certifates for these and put them in the client config dir. They are getting static ips now. For  the other clients I use a cert with a generic common name. But for those clients the ips of the static clients get assigned as well. What is wrong?
<JamesPage> it looks like d-i has changed in someway - I'm not sure how far he got investigating it.
<ara> JamesPage, thanks, I am also with Colin having a look to this. I will talk with hggdh when he gets in
<JamesPage> ara: np - shout if I can help in any way
<JamesPage> does anyone have any experience in setting up ipv6 in virtual machines running under qemu-kvm/libvirt?
<TREllis> horrah for cobbler in the archive \o/
<lynxman> yay for cobbler
<Name141> What is it you put after your crontab for it not to send you mail? > /dev/null 0 or something ?
<greppy> Name141: > /dev/null
<Name141> greppy: that's all I need? like /home/name141/bnc/bncchk > /dev/null
<Name141> and it'll stop sending me mail after it restarts it?
<greppy> yes.
<Name141> greppy: I'm seeing '>/dev/null 2>&1' on google searches , what's the difference ?
<greppy> that lets stderror through to be emailed but not stdout.
<Name141> I'm not understanding ?
<greppy> Some programs will output errors on a different file handle, known as STDERROR instead of STDOUT.
<pmatulis> Name141: http://tinyurl.com/6ar7yrz
<Name141> pmatulis: bbq
<Name141> so anyway, to stop it fully > /dev/null ?
<greppy> yes
<_ruben> not really, just >/dev/null would only "ignore" stdout, not stderr
<ara> JamesPage, hggdh: bug 705377
<uvirtbot> Launchpad bug 705377 in debian-installer "Debian installer prompts for partition type when installing Ubuntu server" [Undecided,New] https://launchpad.net/bugs/705377
<ara> colin is having a look to it
<hggdh> ara: yes, just bypassed it on my local version of Hudson
<hggdh> ara: and... good morning :-)
<iclebyte-work> has anyone used openqrm before?
<pmatulis> Name141: bbq?
<Name141> [06:18:49:AM] <Name141> greppy: I'm seeing '>/dev/null 2>&1' on GOOGLE searches , what's the difference ? [06:21:28:AM] <pmatulis> Name141: http://tinyurl.com/6ar7yrz
<Name141> yeah , made the same sense
<Name141> (as telling me to use google when I was using google)
<jdstrand> twb: re ufw purge-- this is bug #581744, fixed in maverick. would you mind adding a comment to that bug, saying it affects you on lucid, and I can do an SRU
<uvirtbot> Launchpad bug 581744 in ufw "Purging should not set reset policies/chains if ufw wasn't enabled" [Low,Fix released] https://launchpad.net/bugs/581744
<twb> jdstrand: thanks
 * twb tries to log into lp
<pmatulis> Name141: the first hit from the search i gave you contains the answer
<twb> jdstrand: done via signed email
<lambda_x> is there anyone who have libvirt/kvm with *working* save and restore vm?
<jdstrand> twb: thanks
<twb> lambda_x: I think I did it once with plain qemu
<twb> lambda_x: a long time ago
<lambda_x> twb: thats my point. nobody uses ubuntu-server default libvirt / kvm virtualisation technology because it is unstable and does not fit any production environment
<lambda_x> 1.5 a year and none of important issues have been solved wtf...
<twb> I don't use it because 1) I don't have hardware VT; and 2) I hate libvirt getting in my way.
<twb> AFAICT libvirt's mainly for people who like XML and don't like knowing what they're doing
<lambda_x> nah
<lambda_x> its unix way
<lambda_x> you have a tool, then another tool to manage first one, then graphical tool
<lambda_x> its all ok
<twb> No, only losers have a graphical tool
<lambda_x> but libvirt sucks
<twb> libvirt is the webmin of virtualization.
<lambda_x> twb: some losers have bosses who need graphical tool to see it is working
<twb> You can't solve a social problem (the boss' stupidity) with technology.
<twb> It'd be far better to swap in a new boss
<twb> jdstrand: that's odd, the ticket says *I* created it.
<greppy> twb: not always a possibility, which is too bad.
<jdstrand> twb: I think it is cause you didn't creat a separate task, but a bug against a different 'distribution'. that's fine, I cleaned it up
<twb> OK.
<uvirtbot> New bug: #705425 in php5 (main) "package libapache2-mod-php5 5.3.2-1ubuntu4.7 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 139 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/705425
<zul> jdstrand: umm...cobbler is still in binary new?
<jdstrand> zul: yes, it wasn't ready when I last checked before eod yesterday. I can look at it now
<zul> jdstrand: thanks
<uvirtbot> New bug: #705429 in irqbalance (main) "Latest update disables  irqbalance  with no offer to configure" [Undecided,New] https://launchpad.net/bugs/705429
<RoAkSoAx> Morning
<iclebyte-work> morning
<iclebyte-work> or afternoon as it is in my case
<jdstrand> zul: fyi, this looks weird to me:
<jdstrand>   -rwxr-xr-x root/root      3411 2011-01-19 15:40 ./etc/cobbler/cobblerd
<jdstrand> zul: looking at it, it seems to be a sysv init script. I'm thinking it is misplaced?
<zul> jdstrand: interesting
<jdstrand> zul: I won't nak it, but will file a bug
<zul> jdstrand: thanks ill get it fixed
<uvirtbot> New bug: #705431 in openssh (main) "publickey authentication on dropbear server fails" [Undecided,New] https://launchpad.net/bugs/705431
<jdstrand> zul: fyi bug #705441
<uvirtbot> Launchpad bug 705441 in cobbler "/etc/cobbler/cobblerd executable in cobbler-common" [Undecided,New] https://launchpad.net/bugs/705441
<zul> jdstrand: thanks
<jdstrand> sure
<uvirtbot> New bug: #705436 in cobbler (universe) "cobbler not lintian clean (lot's of warnings)" [Undecided,New] https://launchpad.net/bugs/705436
<jdstrand> zul: accepted
<zul> jdstrand, \o/
<uvirtbot> New bug: #705441 in cobbler (universe) "/etc/cobbler/cobblerd executable in cobbler-common" [Undecided,New] https://launchpad.net/bugs/705441
<raubvogel> Easy question of the day: how do I define a /28 network in bind? Specifically, how do I do the zone definition in named.conf.local?
<RoyK> bind/dns doesn't care about netmasks
<gobbe> just configure ips
<m_tadeu> hi...my server stops after a day or so...it loses the ethernet connection, so no ssh, webserver, no ping...I try to connect a screen with no success. I try to reboot with the 'reboot' command, nothing happens. The logs don't say a thing
<m_tadeu> what can  this be, or where can I check for trouble?
<gobbe> eh
<gobbe> so it does nothing?
<gobbe> i would go and chek memory
<m_tadeu> nothing at all...at least at the interfaces
<gobbe> well...reboot does nothing?
<m_tadeu> nothing....I mean the reboot command...
<m_tadeu> pressing the shutdown button does nothing, which means the APM is not responding
<m_tadeu> hot shutdown works hehe
<raubvogel> So, gobbe and Royk, if I have, say, 128.122.42.80/24, my reverse zone will be simply called 42.122.128.in-addr.arpa
<patdk-wk> sure
<patdk-wk> anything smaller than a /24 you have to define it per ip
<raubvogel> The ip for the network itself (.80)?
<RoyK> 128.122.42.80/24 isn't a valid network
<RoyK> 128.122.42.0/24 is, though, and 128.122.42.80/28 is (iirc)
<m_tadeu> what's the command for mem check?
<RoyK> but bind doesn't care - just create the zone file for 128.122.42.0/24 and just register the hosts
<RoyK> m_tadeu: reboot and choose memtest86 :P
<m_tadeu> RoyK: that I know....but isn't there a command for that?
<RoyK> m_tadeu: no - because kernel has already control over the memory after bootup, and you don't want that
<blackxored> Hello guys, any of you have experience associating an iphone client to a freeradius-enabled wireless setup?
<m_tadeu> RoyK: I see...well the grub menu is not showing up...the timeout is set for 10secs
<raubvogel> Royk, I meant 28 :)
<RoyK> m_tadeu: hold down shift
<m_tadeu> RoyK: thanx...now as I remember this is a non-stop memcheck, right?
<compdoc> you running memtest86?
<m_tadeu> I am
<compdoc> yeah, its non-stop, but if you suspect ram, you should let it run a few passes
<m_tadeu> ok...finished the first pass now
<compdoc> Ive seen ram pass one test, but fail after a few
<compdoc> but its also possible your ram is ok
<m_tadeu> I'll leave it for the afternoon, then
<compdoc> its nice to run over-night to test a system. they also have programs that stress-test a system
<m_tadeu> can you point me to those?
<m_tadeu> guess I'll write a doc for testing procedures
<compdoc> I dont use any - I look for bad caps on older systems, or burned components. If they look ok, I just run memtest86+
<compdoc> having a problem?
<m_tadeu> in deed...the server completely stops responding after a day or so...not a fixed time
<m_tadeu> but I must not use it for a day or so
<compdoc> how old is it?
<m_tadeu> 3months old
<compdoc> so its all new parts?
<m_tadeu> yep
<jeremytoo> I have recently built a 10.04.01 LTS server with / on a RAID1 setup.  When I boot it, I never get a grub prompt -- it simply goes straight to booting.  Is this by design, or have I misconfigured something?
<compdoc> some ram needs the voltage set higher than normal - its usually printed on the module. make sure you set it righ
<compdoc> right
<compdoc> theres also a bios setting that causes raid controllers to not work right, at least for me
<m_tadeu> I'll check after memtest
<compdoc> its called PCI Latency Timer
<sjm> jeremytoo, now that you mention it, I think I had the same thing happen to me recently (RAID off a 3ware card).
<jeremytoo> sjm:  did you ever get it to show the grub menu?
<sjm> jeremytoo, let me boot it up, it's here beside me.
<m_tadeu> I'm having the same thing happening here...no grub menu
<compdoc> what partition type you guys using? msdos? gpt?
<sjm> nope, no grub
<jeremytoo> compdoc:  I set everything up through the GUI -- so whatever the default installer uses
<sjm> I installed off the mini.iso:  bare minimum and then added things through aptitude.
<compdoc> that should work
<m_tadeu> ext4
<compdoc> Im running memtest on a system Im building right now
<jeremytoo> I booted off the server install CD and set it up, two 1 TB SATA drives in a raid1 array.
<jeremytoo> yeah, I'd like to be able to access memtest86 in a pinch...
<kirkland> smoser: ping
<compdoc> is it a software raid?
<jeremytoo> compdoc:  yes
<sjm> Yes, I'd like the grub menu too.  Mine's hardware raid
<compdoc> I use 3ware - great controller
<sjm> I have a 3ware too
<compdoc> but I dont boot off my arrays. I like a small drive for the OS
<sjm> I have a two drive raid 1 for the OS and a 4 drive raid 10 for data.
<sjm> but it's all off the 3ware controller.
<sjm> but, back to the question... what happened to the grub menu?
<compdoc> yours was working?
<sjm> no, It was a new install (off the mini.iso)
<compdoc> oh
<sjm> (I had a debian install before that did show the menu, IIRC)
<compdoc> dont remember - is there a setting in the 3ware bios to set a drive to bootable?
<sjm> But it's not just 3ware, jeremytoo has software RAID
<compdoc> yeah, and you could both have completely different problems for that reason
<jeremytoo> it would appear that on bootraid setups, the grub-installer is doing SOMETHING to grub.cfg which precludes a grub menu being displayed
<jeremytoo> I'm trying to find out if that's a happenstance thing, or by design?
<jeremytoo> my previous 10.04.01 box booted off RAID1, but was an upgrade, so it had a grub boot menu
<compdoc> in the mobo bios, it sees the raid and you have the system set to boot it?
<jeremytoo> it boots 100% fine
<JamesPage> zul: when do you reckon Samba 4 might make it to the main archive?
<jeremytoo> the bios do not see the raid, compdoc, because I'm using softraid
<jeremytoo> (boot partition is on /dev/md0)
<zul> JamesPage; hehehee
<zul> JamesPage; its still alpha
<JamesPage> zul: yep; thought that might be your response :-)
<sjm> compdoc, yes, the mobo bios sees the 3ware raid and it is set in the boot order.  my boot partition is "/dev/sda1"
<compdoc> well, if no one in here can help, you might try the mailing list - lots of ppl read it
<gyppo> hello?
 * genii-around hands gyppo a coffee
<gyppo> thanks...
<gyppo> I was wondering if someone here could point me straighrt
<gyppo> I'm trying to set up postfix...
<compdoc> point to what?
 * jeremytoo points due west for gyppo
<gyppo> and, while I can telnet 192.168...... 25
<gyppo> I can't telnet from outside the router
<gyppo> I'm pretty sure I'm port-forwarding 25
<compdoc> you isp could be blocking 25 - mine does
<jeremytoo> gyppo:  as does mine
<gyppo> ah. any way to check?
<compdoc> try forwarding port 2525 to 25 on the server, then see iff telnet 2525 works
<gyppo> of course, excellent idea :)
<gyppo> what if it is my isp?
<gyppo> I assume there's a common solution
<gyppo> ?
<gyppo> Will I still be able to smtp pop etc, or will it need tweaking?
<compdoc> you can buy a business plan, that allows all ports, or use a company like dyndns.org to send mail to your port 2525, or whatever port you like
<compdoc> well, not just any port, but they allow several to choose from
<jeremytoo> gyppo:  how many users do you intend to serve?  As lame an answer as it is, gmail w/ custom domain name is free, and easy to administer
<sjm> many also have started using a default port 587 rather than 25.
<compdoc> pop and the other ports usually work. just not 25
<gyppo> default port 587? Thanks, that's something. But won't that just move the problem
<compdoc> of course your mileage may vary
<gyppo> and thanks, jeremytoo, but I'm trying to get away from google :)
<jeremytoo> gyppo:  I'm on comcast -- I had to migrate my SMTP server off to geekindustries.com when comcast sealed down port 25.
<compdoc> yeah, comcast used to allow 25
<sjm> jeremytoo, try editing the timeouts your /etc/default/grub, run "sudo update-grub" and reboot.
<jeremytoo> sjm:  that's what I'm thinking.
<sjm> I just got a boot menu
<gyppo> yeah, I just tried 2525->25, works fine
<gyppo> pesky isp
<gyppo> thanks guys
<compdoc> btw, its dyndns.com, not .org
<jeremytoo> gyppo:  check your Terms of Service -- you may be violating the ToS by running an SMTP server, exposing yourself to the risk of immediate termination of service and financial penalties
<sjm> jeremytoo, I think I found what is happening...
<sjm> jeremytoo, check this page, section 4, bullet "hidden": http://ubuntuforums.org/showthread.php?t=1195275
<sjm> jeremytoo, I think you (and I) are really getting the menu, but it's hidden.  hold down SHIFT while booting to see the menu.
<jeremytoo> sjm:  I commented out two lines in the grub menu to slow boot slightly and display the menu:
<jeremytoo> #GRUB_HIDDEN_TIMEOUT=0
<jeremytoo> #GRUB_HIDDEN_TIMEOUT_QUIET=true
<jeremytoo> sjm:  actually, those changes went in /etc/default/grub
<jeremytoo> there, now the loggers and google can find that answer the next time I lose it.
<sjm> jeremytoo, I don't think it will slow the boot at all (that's probably GRUB_TIMEOUT), but it will show it.
<jeremytoo> I read through the grub config file -- it was actually bypassing that timeout entirely before -- setting GRUB_HIDDEN_TIMEOUT=0
<jeremytoo> so I'd have had to be REALLY fast on the shift key
<sjm> I'm being dragged into knowing grub2 rather than just grub
<jeremytoo> I still miss lilo.
<jeremytoo> as crappy as it was
 * geekbri hisses at jeremytoo
 * jeremytoo smirks and promises to watch his language.
<sjm> jeremytoo, I assumed that the hidden timeout was the time that it would stay hidden rather than showing and when set at zero was "infinity...and beyond" while the GRUB_TIMEOUT sets the actual wait.
<jeremytoo> could be.
<jeremytoo> I just built this core i7-2600k sandy bridge machine and it boots so dang fast you don't have ANY time to think
<geekbri> jeremytoo: the only language i was offended by was "lilo"
 * jeremytoo chuckles.
 * jeremytoo dusts off his turbolinux 3.01 CD
 * sjm wonders how jeremytoo is going to watch the sound waves of "language"
<jeremytoo> through an oscilloscope, how else?
<sjm> jeremytoo, the page says you can just hold down the shift key during the whole boot process.
 * sjm is getting jealous while booting his "fastest" Pentium D server.
<sjm> jeremytoo, initial testing says you might be right.  the GRUB_TIMEOUT might only take effect once the menu is shown.
<jeremytoo> this is my main KVM server, so now that it's working, I'm done testing ;)
<sjm> jeremytoo, mine is still in the development area, so I have been rebooting it after a few changes to see the effects.
<jeremytoo> sjm: nice.
<Naia> v10.04 server, 64bit. Failed on installation of kxsldbg-0.4. Was installing it as part of a web development application Quanta Plus. Error at: http://paste.ubuntu.com/556198/
<sjm> Naia, you might be missing a package or two.  check here: http://astbook.asteriskdocs.org/en/2nd_Edition/asterisk-book-html-chunk/asterisk-CHP-3-SECT-8.html
<Naia> Error: sudo yum install gcc-c++. Setting up Install Process. No package gcc-c++ available. Nothing to do.
<Naia> Same error with recommended libstdc++-devel install.
<sjm> naia, yum?  are you on ubuntu?
<Naia> Aye. But the page you recommended said to type yum. I'm only a week old on Ubuntu.
<takamarou> Hi all.. I'm trying to set up ubuntu 10.10 on a 3(ish) year old server I've got.  The server has two dual-core Xeon CPUs in it.  After a fresh install, I'm seeing that the server is only utilizing one of the two CPUs.  Could anyone walk me through enabling that second CPU?  Thanks!
<gobbe> did you install from server-media?
<takamarou> me?  I installed from a 10.10 disk
<gobbe> yep, but is it server-media?
<gobbe> or alternative or what?
<takamarou> Server, I believe.  I downloaded the ISO directly from the ubuntu site, server section
<gobbe> ok, and how do you believe that only one cpu is used?
<takamarou> I'm using that 30 day landscape trial, and only lists one of my Xeon Processors under hardware
<gobbe> hmmh
<sjm> Naia, try:  sudo aptitude install libstdc++6-4.4-dev
<gobbe> takamarou:  sudo lshw -c cpu
<takamarou> but, sudo lshw | grep Xeon shows up with 2 processors.. it appears so anyways..  Perhaps landscape is just wrong?
<Naia> May I paste 3 lines here?
<gobbe> takamarou: upload output to pastebin
<gobbe> it might be that landscape is wrong
<takamarou> yeah, that definitely outputs two cpus
<sjm> Naia, I saw your paste from the ubuntu list.  Is it something different?
<gobbe> landscape is still quite poor, far away from satellite/spacewalk
<Naia> Yes. New errors.
<sjm> s/list/channel/
<sjm> Naia, keep it in pastebin for now, i would say.
<takamarou> gobbe, are satellite/spacewalk good alternatives to landscape?  I'm actually a bit put off by the high cost on landscape
<gobbe> takamarou: they don't work with ubuntu :/
<takamarou> ouch.  Know any other good ones?
<Naia> sjm: new error pasted. http://paste.ubuntu.com/556212/
<gobbe> takamarou: sorry, no :-/ I remember that some guy was trying to make spacewalk-fork to work with ubuntu
<takamarou> cool.  I'll look into it.  Thanks for the help.  I suppose I'll trust my own servers output before I trust landscape from now on :)
<sjm> Naia, you didn't type it in correctly.  you typed: "libstdc__6-4.4-dev" and not "libstdc++6-4.4-dev"  (underscores rather than plus signs)
 * Naia blushes.
<gobbe> takamarou: http://administratosphere.wordpress.com/2010/01/28/system-management-software-spacewalk-and-landscape/
<Naia> sjm: done.
<sjm> Naia, now can you try the:  ./configure  and  see if it runs without errors?
<Naia> sjm: I should try reinstall of original software, now?
<Naia> sjm: checking for X... configure: error: Can't find X includes. Please check your installation and add the correct paths!
<sjm> Naia, sudo aptitude install xlibs-dev   ( You need to install the development packages to be able to compile)
<Naia> Not sure what those are. I'm sorry.
<sjm> Naia, install the xlibs-dev package and then try ./configure again.
<Naia> sjm: Package xlibs-dev is not available, but is referred to by another package.
<raubvogel> anyone using opendkim? If so, has anyone experienced the not being able to verify signatures using opendkim-testkey mentioned in http://stackoverflow.com/questions/4102383/debugging-opendkim-postfix-bad-signatures-and-verification-failures?
<sjm> Naia, what package are you trying to install?
<Naia> sjm: http://paste.ubuntu.com/556217/
<sjm> Naia, if it is kxsldbg, can you just install the one already packaged:  sudo aptitude install kxsldbg-kde3  ?
<Naia> sjm: Couldn't find any package whose name or description matched "kxsldbg-kd3"
<sjm> Naia, would installing the package  "kdewebdev"  meet your needs?
<Naia> Let me paste what started this fiasco.
<Naia> sjm: http://paste.ubuntu.com/556223/
<sjm> try this:  aptitude install kdewebdev cervisia
<sjm> Naia, ^^ that should get you those two packages without having to compile them.
<Naia> http://paste.ubuntu.com/556225/
<sjm> Naia, do you want it for kde3 or kde4?
<Naia> Unknown answer. I'm only a week old at this ... and all I wanted was to do web editing. ;)
<ideaman> Can anyone tell me why sudo might take 6 seconds to respond every time?
<sjm> try this instead:  sudo aptitude install cervisia kxsldbg-kde3
<RoyK> ideaman: strace it
<sjm> Naia, try this instead:  sudo aptitude install cervisia kxsldbg-kde3
<ideaman> RoyK: wow thanks, I'm still a noob, didnt even know about that. Give me about 10 minutes. thats about how long after a fresh reboot it takes to act up.
<RoyK> wtf?
<RoyK> 10 minutes to boot ubuntu server?
<Naia> sjm: Couldn't find any package whose name or description matched "kxsldbg-kd3"
<ideaman> no no
<ideaman> after it boots, i dont have this issue until it's been up for 10 minutes
<RoyK> ideaman: what are you running on this thing?
<RoyK> any heavy services?
<ideaman> nada in top
<RoyK> how much memory?
<ideaman> 2GB, 250HD
<ideaman> only it's just an asterisk box
<RoyK> asterisk .. ugh
<RoyK> just basic chan_sip etc?
<ideaman> yea very basic not even connected to the outside world yet though
<sjm> Naia, go into synaptic and add the universe repository.
<RoyK> ideaman: well, let's wait some more minutes to see if the error occurs again
<Naia> sjm: I type universe reposit and it comes up with Kubuntu-restricted-addons, Lubuntu-restricted-addons, xubuntu-restricted-addons and ubuntu-restricted-addons. Only one installed is ubuntu-restricted-addons.
<RoyK> ideaman: next time, don't just reboot to fix an unknown problem - better spend some time digging into it :)
<Naia> sjm: please don't shoot me.
<sjm> Naia, are you using synaptic or aptitude or apt-get?
<Naia> Synaptic Package Manager.
<m_tadeu> which monitoring tools do you recomend? I want to monitor cpu/mem/disk, http, voip, ssh, mysql
<sjm> Naia, in the menu, go to Settings ->  Repositories.  Under the Ubuntu Software tab, check the second line that has "universe" at the end of the line.
<sjm> m_tadeu, depends on what you want and your environment.  You *could* do it all with tcpdump.
<Naia> sjm: I'm sorry. I see no settings tab and I looked under System>Preferences and System>Administration.
<sjm> no, inside Synaptic.
<Naia> Duh
<Naia> Is already checkmarked ....
<m_tadeu> sjm: I'd like to have averages, peaks, notifications for critical status etc...a web client would be nice too :)
<sjm> Naia, then you need to "reload" and search for kxsldbg-kde3
<Naia> sjm: Please define reload.
<Naia> Duh
<sjm> m_tadeu, I think Nagios can get you most of that.
<sjm> m_tadeu, maybe cacti
<Naia> sjm: Found it. Installed. That error gone from Quanta. Only one left is the cervisia.
<Naia> sjm: Synaptic says cervisia (cvs client for KDE4) is already installed.
<sjm> Naia, you might be seeing conflicts between kde3 and kde4 stuff.  Unless you are going to use CVS with Quanta, I wouldn't worry about it.
<Naia> Is there a reason I should?
<m_tadeu> sjm: cool...thanx...gonna read docs about those
<sjm> Naia, if you don't know what CVS is, then you probably won't be using it.
<Naia> True enough. Thank you for all your help. :) I appreciate the patience.
<Naia> sjm: I looked it up. Nah. I don't worry about tracking changes with the little work that I do. Thank you again for all your help!
<sjm> Naia, you're welcome.  Have fun.
<ideaman> RoyK: still there?
<RoyK> ideaman: back
<fullstop> Hi all.  I'm running ubuntu-server 10.04 LTS, and I've run into this issue: https://bugzilla.redhat.com/show_bug.cgi?id=605757
<uvirtbot> bugzilla.redhat.com bug 605757 in qemu "2tb virtio disk gets massively corrupted filesystems" [Urgent,Closed: errata]
<fullstop> I'm getting "OOPS-" messages when searching ubuntu's bug database, so I don't know if a bug report exists already.
<ideaman> so the error is back
<fullstop> anyway, it is supposedly fixed in qemu 0.12.5... so I rebuilt the appropriate packages from 10.10 and put them on my KVM host.
<fullstop> I'll know by tomorrow if the problem is gone or not.
<RoyK> ideaman: ok
<RoyK> ideaman: check memory available for a start
<ideaman> RoyK: memfree in top?
<RoyK> or just 'free'
<RoyK> pastebin free
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<ideaman> RoyK http://pastebin.com/8XH2UsBu
<RoyK> ideaman: pastebin the command resulting in this error, please
<RoyK> it certainly isn't lack of memory
<shey> Can anyone supply help with LAMP? I cannot seem to get .php files to load, always asked to download. Yes, I have followed all instructions as per the How-To... added the modules, restarted, rebooted, kicked it a few times.... nothing...
<ideaman> done
<gobbe> shey: upload your configs to pastebin
<RoyK> shey: a2enmod php5?
<shey> RoyK: yeah.
<RoyK> ideaman: we need an url :P
<shey> gobbe: apache2.conf & httpd.conf?
<ideaman> sorry
<ideaman> http://pastebin.com/SrNzKEUW
<gobbe> shey: yea
<RoyK> ideaman: does `sudo true` do the same thing as in terms of the delay you're getting?
<shey> ok, brb, also.. I dont know if this means anything, but I enabled userdir.
<RoyK> shouldn't matter
<uvirtbot> New bug: #705552 in nut (main) "10.04 nut package is missing 52_nut-usbups.rules" [Undecided,New] https://launchpad.net/bugs/705552
<shey> ok, upping conf's now.
<RoyK> shey: but php is disabled by default for userdir
<RoyK> shey: check the userdir config file
<ideaman> yes
<RoyK> ideaman: can you pastebin `strace sudo true`, please?
<ideaman> RoyK, so sorry, I have to jump on a webinar with a customer. Will you still be around in 30?
<RoyK> probably
<ideaman> ok, I'll message here as soon as its over. thx
<takamarou> Hi all.  I've got a new ubuntu server 10.10 install going.  I'm adding users using 'groupadd -d <dir> -m <user>'.  For some reason, now when I log in as those users my bash .profile is not being loaded?  Anyone ever seen this before?
<Wolfsherz> shouldn't you use adduser before groupadd?
<qman__> adduser is the preferred method because it does all the little extra bits like that for you
<takamarou> uhh, thats what i meant
<takamarou> im using adduser
<Wolfsherz> try just using "adduser <username>"...
<qman__> adduser does not have those arguments
<qman__> see man adduser
<qman__> you're probably thinking of useradd
<shey> gobbe: http://pastebin.com/nwE98EAL
 * RoyK uses useradd :P
<fullstop> I wish there were only one...
<RoyK> shey: erm - did you check the userdir config?
<takamarou> that worked
<takamarou> thanks
<fullstop> I am always confused as to which one I should use.
<RoyK> fullstop: use the one you know
<RoyK> useradd -m someuser ; passwd someuser
<fullstop> coming from RHEL, it's not always easy.
<RoyK> or adduser someuser and go through the interactive Q/A
<RoyK> fullstop: well, welcome :)
<fullstop> One of them, by default, will create an account which can sudo.
<qman__> uh, no
<takamarou> really? I don't want that..
<takamarou> and it's not useradd
<qman__> only the first account created on the system, automatically, will be added to the admin group by default
<qman__> the admin group is given sudo privilege
<fullstop> qman__: the first user after an install or during the install?
<qman__> during
<takamarou> so, if it's better to use adduser instead of useradd for creating users... is there something better than usermod for adding users to groups?
<qman__> takamarou, adduser
<qman__> adduser <username> <groupname>
<takamarou> and deluser is good for deleting.. right?  What about adding groups?
<shey> RoyK: ammended. http://pastebin.com/3zNXcyTg
<qman__> addgroup
<qman__> this is all in the manual for adduser, btw
<takamarou> boy.. this book I bought sucks!
<fullstop> qman__: I just tried w/10.04, and neither creates with admin..
<fullstop> takamarou: you should have bought a vacuum cleaner.  Then you'd be happy.
<RoyK> shey: ops - check php5.conf
<RoyK> there's where it's disabled for userdir
<qman__> think of it like this
<RoyK> http://pastebin.com/HEdaFAWU
<qman__> adduser/addgroup is the automated, easy way
<qman__> useradd/groupadd/usermod/etc are the manual way
<qman__> both are correct but the latter requires you to make sure all your options are right
<takamarou> sounds like I will stick with the automated way :) thanks guys
<RoyK> qman__: useradd -m works well on servers - makes a homedir and copies the skeleton there, then it's up to you as the admin to add group membership and other stuff
<takamarou> RoyK, but, as I've just learned, that skeleton is buggy.  The bash profile doesn't load.. which pretty much sucks if you're on a server
<RoyK> takamarou: works for me (tm)
<takamarou> odd..  This is a completely fresh install, too.
<RoyK> takamarou: or did you run useradd without the -m flag?
<takamarou> no.  useradd with the -m flag
<shey> RoyK: I cannot seem to thank you enough!
<RoyK> :)
<shey> ffs, HOURS!!!!!!! I spent scratching my head.
<RoyK> shey: I had a little issue with that userdir+php myself the other day
<shey> that should really be in LAMP server how-to
<RoyK> imho it's a bit paranoid to disable php for userdir
<RoyK> but then, it's way more secure
<shey> well, not really if you look at the amateur shell user.
<shey> indeed.
<shey> again, thanks for your help man... =]
<RoyK> with php in userdir, a user can easily create a nasty php script allowing anyone to run anything, so if a local root exploit is found, no, not if, when, well, there goes your server
<shey> true
<RoyK> shey: np
<shey> But I am sole user of this server, so I have no need to disable it.
<shey> ok now to slim down Ubuntu Server a bit.. I'm sure I'll be back when it comes to ROR time.
 * RoyK wonders wtf some people tend to want to 'slim down' their installs
<m_tadeu> still no errors in memtest....most probaly the mem is just fine
<m_tadeu> what else can be stoping my server? any tips?
<RoyK> m_tadeu: what's happening?
<m_tadeu> after a day of not using it, I can't access to it at all...no ssh, no http, no ping :)...no keyboard, no screen, nothing...but the server is on
<RoyK> m_tadeu: after rebooting, do you find anything in the logs?
<RoyK> m_tadeu: also, if you have a syslog server somewhere, try to configure the box to log there
<m_tadeu> nothing relevant on logs...no errors no warning
<RoyK> and - if a panic or oops happen, the server won't restart automatically unless you tell it to
<RoyK> add vm.panic = 60 and vm.panic_on_oops = 1 to /etc/sysctl.conf
<m_tadeu> I never saw a panic yet...but I guess it would be logged, right?
<RoyK> run sysctl -p to activate that
<RoyK> a panic can't be logged if there is a problem with the disk
<RoyK> some panics are logged, but most won't
<m_tadeu> I see....that would be solved by remote logging
<RoyK> or a network console
<RoyK> or serial console
 * RoyK sticks to serial consoles for that
<RoyK> get a nullmodem cable, plug it into your server and some other box running some serial software, anything, minicom or even screen will do
<RoyK> configure linux to use that, and the chance of catching a panic output will be increased by a wee bit
<m_tadeu> hehe...a wee bit :)
<m_tadeu> I'm gonna let memtest run for a little while...guess 12 passes is quite enough...then I'll start on that
<RoyK> in the meantime, get a serial cable :P
<RoyK> if you haven't found any errors after 12 passes, I guess it might be something else
<m_tadeu> if it's a problem in the disk, I would get it if I stress it
<RoyK> btw, is autosleep or similar cpu powersaving stuff enabled in the bios?
<RoyK> that may lead to headaches
<m_tadeu> good question...let me check that
<fluvvell> anyone know how to assign a blkid to a partition that seems to not have one?
<m_tadeu> I tought every partition should have one
<m_tadeu> are you checking as sudo?
<RoAkSoAx> kirkland: were you able to test PowerNap?
<fluvvell> my raid1 array has dropped one of its members, and I build by blkid.  Yes I thought they all should have them too. Yes to sudo
<patdk-wk> only partitions that have crap have id's :)
<patdk-wk> a partition that isn't formatted with something (ext3/4, lvm, xfs, ...) won't have an id
<fluvvell> patdk-wk, its not formatted ist a linux_raid_member  - or should be
<fluvvell> *its
<patdk-wk> well, raid counts too
<RoyK> patdk-wk: man blkid
<fluvvell> Royk, blkid reads and displays the id, are you aware of anything that can set it ?
<patdk-wk> royk, I dunno why you said that to me
<patdk-wk> if blkid doesn't give into for it, it means blkid doesn't know what it is
<RoyK> patdk-wk: sorry - nick fsckup
<fluvvell> from the manual:  blkid  has two main forms of operation: either searching for a device with a specific NAME=value pair, or displaying NAME=value       pairs for one or more devices.
<patdk-wk> if blkid doesn't know what it is, it's probably corrupt
<patdk-wk> or not formatted :)
<RoyK> hm.. shouldn't fdisk create a blkid?
<patdk-wk> no
<RoyK> if it's just filesystems, using blkid for md replacements won't work
<patdk-wk> it's not just filesystems, basically it's any structure
<patdk-wk> filesystems, swap, lvm, raid, ...... all create a structure on the disk, therefor have blkid support
<patdk-wk> fdisk doesn't make structures (unless you count those 40 or so bytes in the first sectore)
<RoyK> sure, but if two drives are mirrored and one dies, how can one make a blkid on the new replacement drive?
<fluvvell> output of fdisk -lu   http://pastebin.com/ia9TB5XH
<patdk-wk> royk, each md partition would have an blkid
<fluvvell> RoyK, sort of my question really.
<patdk-wk> in my case:
<RoyK> fluvvell: can't you just replace the drive with the device name?
<patdk-wk> /dev/sda: TYPE="isw_raid_member"
<patdk-wk> /dev/sdb: TYPE="isw_raid_member"
<patdk-wk> /dev/mapper/isw_bgebcdgcaf_Volume01: UUID="2ef294e7-5015-4b60-86d4-683eb22ddc61" TYPE="ext4"
<patdk-wk> /dev/mapper/isw_bgebcdgcaf_Volume05: UUID="53681bc0-51fc-487d-b7cd-8639a9e6e5c3" TYPE="ext4"
<patdk-wk> but that isn't a md raid, it's a dm raid
<fluvvell> RoyK, I guess.  My /etc/mdadm/mdadm.conf  has  ARRAY /dev/md0 level=raid1 num-devices=2 UUID=6d4c2a80:85d76dbd:e368bf24:bd0fce41
<RoyK> fluvvell: md should be detected by the kernel
<kirkland> RoAkSoAx: on my todo list for today;  i'm going to test it with a few different machines
<RoyK> without need for a config file
<fluvvell> RoyK, Ive read that. Was just making sure I guess.
<RoyK> fluvvell: how does your /proc/mdstat look?
<fluvvell> http://pastebin.com/DRnhhLyr
<RoyK> fluvvell: doesn't look like you've replaced sdb - have you?
<fluvvell> No, its a brand new drive - brand new server I installed 10 December
<fluvvell> It just seemed to not start the array when I rebooted it last night
<fluvvell> sorry: started in degraded
<RoyK> fluvvell: well, seems sdb has issues anyway, since md has offlined it
<fluvvell> RoyK, Yeah. <sigh>
<RoyK> fluvvell: check the logs to see if there have been i/o errors on that drive
 * RoyK points fluvvell to http://www.howtoforge.com/replacing_hard_disks_in_a_raid1_array
<fluvvell> RoyK, I did, no I/o errors.  There is  "Jan 20 20:02:39 wilma kernel: [   14.173301] raid1: raid set md0 active with 1 out of 2 mirrors"
<fluvvell> when I rebooted
<RoyK> fluvvell: mdadm --manage /dev/md0 --add /dev/sdb1
<RoyK> if the partitions are setup like I would do it
<RoyK> that is
<fluvvell> RoyK, thanks,       [>....................]  recovery =  0.7% (762944/102398208) finish=15.5min speed=108992K/sec
<m_tadeu> RoyK: I have power management set as "active power management"(whatever this means I'm trying to check). should I allow the OS deal with it? or disable it at all?
<RoyK> m_tadeu: just disable it
<m_tadeu> crap...can't disable it
<m_tadeu> I it has a "max performance" option...guess this should be the closest to disabling
<RoyK> I've seen this happen with win2k8 boxes - they died while idle
<RoyK> haven't seen it on linux machines, though
<RoyK> but then, the similar 24-core machines we have on linux rarely sleep :P
<m_tadeu> damn thing is that I have to wait 2 days for testing
<RoyK> why?
<m_tadeu> because it takes more then a day idle to freeze
<m_tadeu> well I don't know exactly how much time it takes
<RoyK> well, just wait it out :)
<RoyK> debugging such errors is a PITA
<RoyK> beleive me, I know :)
<m_tadeu> :)
<m_tadeu> well...gonna try this out and hope for the best
<m_tadeu> thanx for the info
<elb0w> If I need to execute commands on startup should I make chkconfig startup script? or the remote?
<RoyK> an init script should do, or even rc.local
<lieuwe> i just pluged in an usb-stick that i want to automount on boot, how do i do this?
<lieuwe> halp?
<RoyK> lieuwe: http://tinyurl.com/4g9nkj5
<lieuwe> RoyK: i'm doing that, but i kinda need to hurry, so i'd like answers as quickly as possible ;P
<qman__> add it to fstab with 'auto' option
<mrothhh> hi I want to offer ubuntu desktop on  20 dumb terminals
<mrothhh> is their any thing I nee dto do or a product
<qman__> mrothhh, you want LTSP, it should be on the ubuntu alternate disc
<RoyK> lieuwe: a quick google is often faster than waiting for someone on irc.....
<lieuwe> RoyK: i'm googling too,
<mrothhh> I have 20 dumb termnals that have rdp client
<mrothhh> HP dumb terminals
<lieuwe> RoyK: parralel processing :P
<mrothhh> oh ltsp
<RoyK> mrothhh: install ltsp
<qman__> I only mentioned alternate disc because it has (had?) an easy one-step installer
<qman__> I haven't used it since 8.04 though
<lieuwe> is it possible to get cp to show a progress bar?
<RoyK> afaik the alternate disc exists on 10.04 as well
<pmatulis> lieuwe: yes, rsync
<RoyK> lieuwe: use rsync -P
<pmatulis> RoyK: slow on the draw there
<Tellmarch> rsync.... it shows a progress bar per file right? not a global one?
 * RoyK kicks pmatulis in the leg
<RoyK> Tellmarch: per file, yes, it's recursing, no chance to show a global one with that logic
<Tellmarch> well, windows does it (lol)
<RoyK> windows does it, but it uses a lot of time to count files before it starts
<RoyK> and windows can't continue from an interruption
<RoyK> whereas rsync -P can
<Tellmarch> i actually never thought about using rsync instead of cp...
<RoyK> even without --partial (part of -P), rsync will continue, but not for single files
<Tellmarch> i've been using it for years instead of scp, but for cp, too strange an idea
<Tellmarch> lol
<jcastro> zul: your link to your cobbler blog post is broken on planet ubuntu
<elb0w> What does ubuntu use instead of chkconfig
<elb0w> ?
<zul> jcastro: yes i know...me and wordpress dont get along
<RoyK> I and wordpress get along well :)
<RoyK> lenios: ipv6 didn't work?
<lenios> RoyK, it's my autoidentify that is taking too much time
<pmatulis> elb0w: chkconfig, update-rc.d, editing upstart job filenames
<pmatulis> elb0w: there is no central good-working tool right now (mostly due to upstart)
<RoyK> lenios: what is autoidentify?
<lenios> xchat has my identify password, and is taking care of identify for me on connect
<lenios> a little late, that is
<RoyK> lenios: didn't you say it was sudo that spent time?
<lenios> ?
<RoyK> lenios: sorry, I was thinking of something ideaman was saying
<RoyK> ideaman: ping
<cr3> hi folks, is there a recommended way to automatically provision a configuration for ec2 instances? for example, I'd like to have my own packages and some tweaks to the configuration in ec2 and enable other folks to reproduce the same environment easily
<cemc> I have a LTSP+dbus problem un 10.04. there's an update for dbus and dbus-x11 package. I'm running chroot /opt/ltsp/i386 apt-get upgrade, and it fails with: http://pastebin.ubuntu.com/556323/ . any ideas?
<uvirtbot> New bug: #653220 in cloud-init (main) "remove updates-check from cloud-init" [Low,Triaged] https://launchpad.net/bugs/653220
<mrothhh> I can't seem to build a 200 dollar 4 bay ubuntu nas
<mrothhh> from parts at newegg or microcenter
<uvirtbot> New bug: #322339 in bzr "Integrated permissions/ownership reset on file operations for etckeeper/bzr" [Wishlist,Confirmed] https://launchpad.net/bugs/322339
<gyppo> hello?
<gyppo> does anyone know of a way to send mail from a server, without using the isp's relay, when the isp blocks port 25~?
<estacion03> can anyone help me change the uri of my printer?
<gyppo> quiet in here...
<gyppo> I wouldn't know where to start, estaction03, sorry
<estacion03> can anyone help me change the uri of my printer?
<estacion03> I have one ubuntu comp hooked up to my pc with a printer and it works fine my other unbuntu (a carbon copy) will not print the uri are different any thoughts
<RoAkSoAx> kirk/win 9
<RoAkSoAx> klik
<RoAkSoAx> lol
<estacion03> I have one ubuntu comp hooked up to my pc with a printer and it works fine my other unbuntu (a carbon copy) will not print the uri are different any thoughts
<progre55> hi guys. I have some servers behind a corporate firewall in the office, but now it's 12am and I'm at home.. the servers are connected to another database server in the cloud, and I need to disconnect them from there, but dont have access to the office servers. how do I block those IPs? any suggestions, please?
<progre55> they are connected to port 2
<progre55> 22*
<thesheff17> progre55 are they just connected through ssh?
<estacion03> can anyone help with printing networking
<progre55> thesheff17: yep.. tunneled through ssh to port 3306
<thesheff17> progre55: if you ps aux | grep ssh you will see the process running the tunnel and you should just be able to do kill -9 pid.
<thesheff17> and it will disconnect them.
<progre55> thesheff17: but they are using "autossh" which would automatically reconnect..
<thesheff17> I would look into ufw which is a simple firewall program then and you can just deny the IP's
<progre55> I know the IP address.. could I just block the IP?
<thesheff17> http://ubuntuforums.org/showthread.php?t=823741
<progre55> oki, thanks a lot
<progre55> let me have a look
<thesheff17> sudo ufw deny from <ip address>
<thesheff17> estacion03: I don't know much about printing....you may want to check out the #ubuntu room.  That is where many of the desktop users hang out that may know more about printing.
<estacion03> thesheff17, so this wouldnt be a server issue since this problem is over a lan
<estacion03> ?
<thesheff17> estacion03: well I'm not sure about the printing aspect....I guess if you are using ubuntu-server to print you can ask here but I'm not sure how many people here print with ubuntu-server.  I would check /var/logs and the services used to print and start from there...Also search google.
<estacion03> thesheff17, thats why im here my searches have been unfruitful
<thesheff17> have you looked here: https://help.ubuntu.com/community/Printers
<thesheff17> there is a Sharing printers section.
#ubuntu-server 2011-01-21
<Fishscene> Greetings. I'm trying to set up a bittorrent tracker in Ubuntu Server 10.10. I ran "aptitude search bittorrent" and found a package called "bittorrent" that says it has a tracker. I installed it, but I have no clue how to set it up. I tried "man bittorrent" but there is no documentation and a google search yeilds everything under the sun related to bittorrent.
<Fishscene> Is there any documentation I could look at?
<uvirtbot> New bug: #705691 in cobbler (universe) "cobbler-web should include a working configuration and a README file detailing the steps necessary" [Wishlist,New] https://launchpad.net/bugs/705691
<Deezire> is there any special reason for why innodb-segment of my.cnf has been removed from mysql in 10.10?
<Deezire> They left the comments, but not the options.
<svdasein> I'm having some trouble seeing past the initrd load when installing via a serial console - does anyone here have experience w/ that or know a better forum to ask in?
<jMyles> So I'm having an odd issue.  My server is loosing time.  It is Lucid 64-bit.  It looses about 6 minutes a day.  I found a couple of threads that recommended syncing NTP.  Is there a way I can ensure that it will stay reasonable close to on-time even if it is offlien?
<pmatulis> jMyles: try changing your CMOS battery
<svdasein> these are the pxelinux appended options I'm using: append initrd=ubuntu-installer/i386/initrd.gz console=ttyS0,9600 --
<svdasein> I can see the kernel load, then I can see initrd load, but once the kernel starts (I presume) my terminal screen blanks and all activity stops
<svdasein> I've tried numerous permutations on the console= parameter, and I've tried several permutations with earlyprintk - all to no avail
<svdasein> I've tried ttyS0-3 - no joy
<svdasein> so - I'm puzzled
<jMyles> pmatulis: It's not my CMOS battery - the time is accurate in the BIOS, just not in ubuntu
<svdasein> you're not running in a vm right jMyles?
<jMyles> svdasein: right
<svdasein> jMyles: do you have any cpu throttling enabled?
<hroberts> can someone help me with an upgrade issue?  I just did an apt-get dist-upgrade, it installed the new kernel.  When I did a reboot, I get GRUBs menu, but no matter which option I choose the server will not boot
<hroberts> can someone help me with an upgrade issue?  I just did an apt-get dist-upgrade, it installed the new kernel.  When I did a reboot, I get GRUBs menu, but no matter which option I choose the server will not boot
<hroberts> I have reloaded this server 4 times now over the past 2 days and I would like to figure out how to resolve this
<hroberts> I am running 10.10 32 bit on an older compaq proliant 1600 series
<hroberts> Please can someone help  with this or point me to the group who could
<hroberts> no one can help me? is everyone asleep?  I need to get this server operational.
<pickett> reinstal from iso?
<hroberts> pickett:  from a CD downloaded last night
<hroberts> here is the complete issue:
<hroberts> I am loading a server that will be a print server, I loaded 10.10 32 bit (it is an older Compaq Proliant 1600 Series) I do an apt-get update and then an apt-get upgrade.  I then reboot the server and everything works fine.  I then do an apt-get dist-upgrade and my kernal goes from 2.6.35.22-generic-pae to 2.6.35.24-generic-pae, it re-writes grub and now no matter which selection I choose either 22 or 24, or either re
<hroberts> grub now says msdos instead of ext4 is that the issue?  If so how would I change that
<pickett> sounds like grub's the prob
<pickett> is it on an ext4 partition?
<hroberts> it said it was when I loaded it
<hroberts> when I edit the commands in grub for the failure this is what I see:
<pickett> next time you install try making a seperate 300mb ext3 partition for /boot
<hroberts> redordfail, insmod part_msdos, insmod ext2, set root = '(hd0,msdos1)', search --nofloppy --fs-uuid --set c(realy long #), linux /boot/vmlinuz-2.6.35-24-generic-pae...
<hroberts> can I change the grub somehow to allow it to boot?
<twb> signs point to yes
<twb> Well, it's possible.  Whether YOU can is another question.
<hroberts> twb: thanks
<twb> Personally I just set up a static extlinux bootloader and kick grub in the pants, but that's not the party line
<hroberts> well I guess it is reload # 5 and more then likely again no luck in getting it to work.
<thesheff17> hroberts: would make sure the entire disk you are using is wiped clean.  I usually do this gparted.  Also search google for wiping the MBR.  Then I would do what pickett said and create a /boot/ parition on the device so /dev/sda1
<thesheff17> hroberts: are you doing any raid stuff?
<thesheff17> do most people use apt-get dist-upgrade?  I usually just us apt-get update && apt-get upgrade
<thesheff17> *use
<donvito> how to get down sit0 ?
<hroberts> thesheff17: sorry on the server
<hroberts> I am doing a hardware raid 5 on this server, I do the dist-upgrade to upgrade the kernel, is there a better way to upgrade the kernel?
<hroberts> I wipe the server everytime, I have tried this with both LVM and without it
<thesheff17> hroberts: I'm pretty sure apt-get upgrade does the kernel as well...I could be wrong...
<thesheff17> hroberts: it says this: dist-upgrade will remove obsolete packages from your system, whereas upgrade will not. This function is out of necessity for upgrading from one distribution release to another.
<thesheff17> so apt-get upgrade should do the kernel.
<pickett> don't think it does
<pickett> aptitude upgrade does
<shauno> apt-get upgrade should only upgrade packages which are already installed.  so linux-image-virtual Depends: linux-image-2.6.32-21-virtual, which is a new package (not a new version of linux-image-virtual), so it won't be pulled in automatically
<shauno> I just use upgrade, and if there's a new kernel, it'll let me know by telling me linux-virtual & linux-image-virtual have been 'held back'
<thesheff17> shauno: yea I only use apt-get update && apt-get upgrade and then I guess I get the new kernel when the new version comes out of ubuntu and wipe the server with the distro cd.
<shauno> I tend to fetch them when I know I can schedule a reboot.  especially running LTS, having a 2-year-old kernel isn't always a good plan :)
<thesheff17> shauno: so what command do you run to get the new kernel?
<shauno> http://paste.ubuntu.com/556437/
<shauno> 5-6 tell me there's a new kernel package but it won't be installed by upgrade.
<shauno> (18-19 explain why.  linux-image-2.6.32-27-virtual is a 'new' package, not an upgrade to an existing package)
<shauno> if they made them new versions of existing packages, dpkg would overwrite / remove the existing package, so you wouldn't have a known-good kernel as a fallback
<shauno> which has the potential to really ruin your day
<thesheff17> thx for the info..yea I guess I never update the kernel then.
<twb> 16:18 !!! ":Gnea!~gnea@unaffiliated/gnea JOIN :#ubuntu-server" (error Invalid search bound (wrong side of point))
<twb> ...WTF was that?
<Gnea> Hey everyone, I've got a weird problem - I've put ubuntu server 10.04 amd64 onto a 4gb usb stick with unetbootin and booted it - when it boots, it goes through the normal stuff until it tries to mount the device as a cdrom, but it fails
<Gnea> twb: probably a problem with your irc client
<twb> Somehow the JOIN event borked my channel buffer
<twb> Yeah, I just don't see what
<twb> It's not like you have a unicode combining digraph in your nick
<Gnea> but anyway
<Gnea> it's failing to mount the device, how can I fix this?
<twb> I don't support unetbootin, but you might like http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/
<Gnea> network installation is not an option at this point
<twb> Then I dunno
<twb> Maybe you can build a working image with jigdo
<Gnea> well, I tried using usb-creator-gtk and it kept getting an i/o error
<twb> I don't approve of GUI-based ISO-to-USB converter things.
<thesheff17> I used usb-creator-gtk last night w/ 10.04 server and it worked fine
<twb> Gnea: ooh.. what version of Ubuntu is your install CD?
<twb> Gnea: the ISO you passed to unetbootin, I mean
<thesheff17> maybe 4GB is too big?
<Gnea> ...
<Gnea> 10.04
<twb> Darn, too old.
<thesheff17> I was using 10.04.1
<Gnea> why would 4gb be too big?
<Gnea> 10.04 is hardly too old
<twb> With maverick onwards, you can convert an ordinary .iso into an image that works DIRECTLY as both a CD and a USB key
<Gnea> I see it's trying to use /dev/sr0
<twb> Gnea: too old for syslinux 4
<Gnea> twb: aaah
<twb> I'm surprised Ubuntu doesn't do it officially
<Gnea> well this is geared toward a production server, so maverick is out of the question.
<twb> Yeah, no worries
<pickett> try putting the mini.iso on the usb stick
<pickett> then net install
<twb> pickett: apparently he has no network
<Gnea> I wonder if it's due to a udev rule...
<Gnea> yeah, it's off the grid for now
<Gnea> it has to be done without the network for now, no choice
<pickett> try using the maverick iso creator to create the usb
<Gnea> I don't run maverick on any system.
<Gnea> 10.04 only
<Gnea> is there a backport?
<pickett> can't use a live mav cd to do it?
<Gnea> don't have a cd.
<twb> Which, I suspect, is the crux of the problem
<Gnea> it's part of it.
<pickett> try it in vmware or vbox
<Gnea> it should *just work* with a usb stick
<Gnea> not an option.
<Gnea> I put backtrack on a 4gb usb stick and it works fine, no problems
<Gnea> same with elive
<Gnea> so why not ubuntu?
<Gnea> hrm, going to try something
<gobbe> eh?
 * Gnea uses vim
<gobbe> i have installed several servers from 4 gig stick
<Gnea> gobbe: the udev rules appear to be forcing the actual cdrom drive to be used in lieu of the usb stick
<Gnea> !usb
<ubottu> For information about installing Ubuntu from USB flash drives, see https://help.ubuntu.com/community/Installation/FromUSBStick - For a persistent live USB install, see: https://wiki.ubuntu.com/LiveUsbPendrivePersistent
<gobbe> hmmh?
<gobbe> so you cannot install it from stick?
<Gnea> have you not read a single thing I've typed since I entered the channel?
<gobbe> well i don't have so long backlog, i'm sorry
<Gnea> ah
<Gnea> np
<Gnea> here...
<Gnea> Hey everyone, I've got a weird problem - I've put ubuntu server 10.04 amd64 onto a 4gb usb stick with unetbootin and booted it - when it boots, it goes through the normal stuff until it tries to mount the device as a cdrom, but it fails
<Gnea> ^^ original question
<uvirtbot> Gnea: Error: "^" is not a valid command.
<Gnea> uvirtbot: shut up
<uvirtbot> Gnea: Error: "shut" is not a valid command.
<Gnea> I'm hoping that's an official bot
<Gnea> ^help
<uvirtbot> Gnea: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
<Gnea> ^owner
<uvirtbot> Gnea: Error: "owner" is not a valid command.
<Gnea> gobbe: make sense now?
<gobbe> Gnea: yes, so you cannot install it because it trys to mount your stick as cdrom
<gobbe> what kind of stick you are using?
<Gnea> gobbe: it tries to mount the cdrom as cdrom, not the stick as cdrom
<Gnea> sandisk cruzer blade
<Gnea> tough little thing - kick it, drop it, roll over it with a car, it won't die
<gobbe> yea
<Gnea> yet it can't install ubuntu
<Gnea> :)
<gobbe> but it's tough ;-(
<Gnea> lol
<gobbe> ;-) i mean
<gobbe> heh
<Gnea> yeah
<gobbe> hmmh, i sounds like somekind of udev-thing tho. I have used few kingston models without problem
<Gnea> hmm
<Gnea> I do have a 2g cruzer, that could work
<Gnea> it's sandisk, but different model where the connector slides in/out
<Gnea> and it lights up
<Thirtysixway> where does munin store its data?
<Gnea> okay, this is messed up
<Thirtysixway> i renamed a node and all its previous data went away :(
<Gnea> /dev/sdb1     vfat    1.9G -8.0K  1.9G   -  /media/D3A3-0FFC
<Gnea> -8.0k?!
<Gnea> well, almost made some progress, but that's only actually made my faith in the installation process become less than what it used to be
<Gnea> apparently, if I disconnect the cdrom from the system entirely, the installation will ask me if I want to do it manually - if I do that, it will scan everything on the system EXCEPT for the /dev/sdb1 itself.  It actually considers /dev/sdb, but not /dev/sdb1.
<Gnea> This is epic fail.
<Gnea> bad ubuntu, BAD!
 * Gnea considers kicking to the curb
<pickett> can you try getting grub to boot from the iso?
<Gnea> pickett: how would that help?
<pickett> wouldn't need the usb then
<psteyn> Hi.  I get "System information disabled due to load higher than 1" on some of my multi processor/core systems.
<psteyn> If anything, shouldn't that message be "System information disabled due to load higher than ${NUMCORES}"
<psteyn> As a load of 1 is nothing to my 8 core system.
<twb> psteyn: you get it... from what?
<psteyn> twb: as I log in, so probably from motd
<psteyn> log in via ssh
<twb> Ergh
<twb> Try grovelling through /etc/update-motd.d
<psteyn> found it: 50-landscape-sysinfo will submit a patch
<shauno> I've seen that mentioned a few times in here, but bug #675245 (the only one I can find relevant) is untouched
<uvirtbot> Launchpad bug 675245 in update-motd "evaluation from the systemload on multiprocessor machines in 50-landscape-sysinfo" [Undecided,New] https://launchpad.net/bugs/675245
<psteyn> shauno: ah ok, then im not going to bother :)
<shauno> not even sure if update-motd is the right package to be filed against, it's not on my system  (and that file doesn't appear to exist on packages.ubuntu.com)
<psteyn> does /etc/update-motd.d/50-landscape-sysinfo exist on your system?
<shauno> nope
<ChrisBuchholz> Ey guys. On my ubuntu 10.04.1 server, i have 5 users, 3 of which cannot ssh and 2 where it works (where root is one of em). I havent been able to figure out why, and ssh with the -vv argument doesnt give me anything that could indicate a problem. But i just noticed that in my /etc/passwd, all the users where ssh works have the same numbers in user and group id, whereas the users where it doesnt work have a different number in the user and gro
<greppy> ChrisBuchholz: do you have anything showing up in /var/log/auth.log or /var/log/daemon.log ?
<ChrisBuchholz> let me check
<ChrisBuchholz> greppy: nope, nothing that seems out of order
<ChrisBuchholz> greppy: have to go to the store, will be back
<dustin> hey
<dustin> can i get some help?
<psteyn> ask your question dont ask to ask
<dustin> just checkin see if someone was here
<dustin> i want to remote desktop connection using my htc evo 4g, specs :ubutu10.04 amd64, 2gb drr2 ram 2.1 amd anthon2x
<dustin> hello?
<uvirtbot> New bug: #658864 in samba (main) "rhythmbox crashes with Game/Audio CD in drive (dup-of: 529714)" [Medium,New] https://launchpad.net/bugs/658864
<uvirtbot> New bug: #659334 in samba (main) "rhythmbox crashed with SIGSEGV in _nss_wins_gethostbyname_r() (dup-of: 529714)" [Medium,New] https://launchpad.net/bugs/659334
<jmkgreen> so anyone else seeing "System information disabled due to load higher than 1" on login despite the load being nothing?
<IrishWristwatch> jmkgreen, I don't know why it does that either
<IrishWristwatch> perhaps the motd takes a while to refresh, and when it was reloaded last the cpu load was higher than one?
<jmkgreen> nah this has been ongoing for months on the same boxes
<jmkgreen> blooming annoying since it no longer shows any available security updates
<IrishWristwatch> blooming?
<jmkgreen> flipping
<IrishWristwatch> jmkgreen, I think I found it
<IrishWristwatch> /etc/update-motd.d/50-landscape-sysinfo
<IrishWristwatch> that's the script that updates the sysinfo
<IrishWristwatch> however, that doesn't explain why your system has a high load.
<jmkgreen> my system does not have a high load
<jmkgreen> hence the problem
<IrishWristwatch> since it's getting its info from the kernel and it says its greater than one.
<jmkgreen> 10:36:43 up 8 days, 23:27,  2 users,  load average: 0.05, 0.12, 0.16
<jmkgreen> not high :-)
<IrishWristwatch> yeah right now
<IrishWristwatch> does it happen every time you log in?
<jmkgreen> those scripts in update-motd.d are run by pam
<jmkgreen> yes, and after login 'w' still shows no more than 0.4 (as a result of the login)
<jmkgreen> it's as if there's a stale file not being overwritten
<jmkgreen> if I run ./50-landscape-sysinfo it displays things fine
<jmkgreen> I am now running watch on it and I'll login again in another terminal. right now it shows system load of 0.39
<jmkgreen> 0.48 it rose to and now it's coming back down
<soren> Daviey: Do you have any reservations <some sort of preposition, not sure which> my uploading a fresh Nova to Natty?
<jmkgreen> wtf
<jmkgreen> why is "Cornish (kw)" an english language choice in launchpad?
<jmkgreen> someone taking the piss?
<IrishWristwatch> lol
<jmkgreen> jgreenso6bkpdSB1Dcav5ztaRORa
<jmkgreen> oops ww
<IrishWristwatch> that your password?
<jmkgreen> that was my launchpad password (now reset)
<IrishWristwatch> :P
<jmkgreen> keypass auto-type. first time I'd used it
<jmkgreen> going to ask a question about this load display issue
<IrishWristwatch> you should use ssh keys for your box
<IrishWristwatch> well
<IrishWristwatch> do you want it to display or do you want to know why it's having this issue?
<IrishWristwatch> because you could probably change the value in that script to accept a higher system load
<jmkgreen> IrishWristwatch: I just adjusted it to read if [ $(echo "`cut -f1 -d ' ' /proc/loadavg` < 2.0" | bc) -eq 1 ]; then - but it still happens
<IrishWristwatch> check your /etc/motd
 * soren sighs at that check.
<IrishWristwatch> wait
<jmkgreen> soren: something I did?
<IrishWristwatch> nvm >_>
<IrishWristwatch> I forgot
<soren> jmkgreen: No, something whoever wrote that did.
<jmkgreen> soren: not brilliantly written then?
<jmkgreen> can't say I'm a shell scripting guy
 * soren isn't impressed, no
<jmkgreen> heh
<jmkgreen> fair enough
<soren> if grep -q ^0 /proc/loadavg; then foo; else bar; fi
<IrishWristwatch> yeah this whole motd thing seems very fickle
<soren> How hard is that?
<IrishWristwatch> and the ubuntu wiki isn't helping much at all
<jmkgreen> IrishWristwatch: indeed
<jmkgreen> soren: there was a bug somewhere to make it check if the load was less than the number of cpu cores found
<jmkgreen> someone pointing out that on an 8-core box a load of 2 wasn't necessarily a problem :-)
<IrishWristwatch> alright goodnight
<soren> jmkgreen: That's simple to adjust for. I'm still saving 4 clone(2) calls.
<soren> jmkgreen: maxload=1; currentload=$(cut -f1 -d. < /proc/loadavg); if [ $currentload -lt $maxload]; then win; else lose; fi
<jmkgreen> while that might be desirable, that doesn't help my issue
<jmkgreen> still says the load is higher than 1, which it isn't
<soren> Can you just make it output what's in /proc/loadavg?
<jmkgreen> I've modified the text that read 'System information disabled due toload higher than 1' to read 'System information disabled due toload higher than foo'
<jmkgreen> the original text was still sent to displat
<jmkgreen> so that script is just not being executed
<soren> Yeah, I forget when update-motd gets run.
<soren> Allegedly, "Executable  scripts  in /etc/update-motd.d/* are executed by pam_motd(8) as the root user at each login"
<jmkgreen> er
<jmkgreen> jamesg@blofeld:/etc/update-motd.d$ ./20-cpu-checker
<jmkgreen> exec: 3: /usr/lib/update-notifier/update-motd-cpu-checker: not found
<jmkgreen> that probably causes the rest to fail and for nothing to be written to the motd file
<soren> That's not unlikely.
<jmkgreen> ah ha!
<jmkgreen> sudo apt-get install update-notifier-common is the magic to fix all things
<soren> jmkgreen: Cool. Filed bug 705828.
<uvirtbot> Launchpad bug 705828 in update-notifier "update-motd hook should check whether update-motd-cpu-checker exists" [Undecided,New] https://launchpad.net/bugs/705828
<jmkgreen> soren: ta, I'll leave you lot alone now. Thanks for the help.
<Blinkiz> Hi there. Am working at a ISP that has IPv6 enabled everywhere. We use Router Advertisements to bring out information about two routers (gateways) to the client.
<Blinkiz> In linux world, RA makes the machine   (client) create it's own address based on the mac number. But what if I want to create something myself, but still listen auto set gateways?
<Blinkiz> Let's say I want 2a02:470:0:1::19 instead of 2a02:470:0:1:5652:ff:fe17:dc7b. How can I make this happen?
<Blinkiz> Announced net is 2a02:470:0:1::/64
<patdk-lap> heh
<Blinkiz> Anyone here using IPv6 to start with?
<patdk-lap> that would be the difference between ra and dhcp
<Blinkiz> patdk-lap, yeah, but RA makes the client choose it's own address. I guess I can control this some way=
<Blinkiz> Control this on the client of course. Which is a ubuntu system
<_ruben> there's probably some sysctl to disable slaac, or just don't advertize the prefix on your routers
<Blinkiz> _ruben, The advertisement contains important information about gateways in the network. So I still need to listen to RA. "slaac" you say. A keyword! Let's try that in google :)
<_ruben> Blinkiz: i didnt say "disable the advertisements", i said "disable the *prefix* advertisements", which would result in a default gateway being configured on the clients, but not a autoconfig (slaac) address
<Blinkiz> _ruben, Hmm. interesting
<Blinkiz> _ruben, anyway, I can not disable the prefix announcement. :)
<mianosm> Doing a minimal install of 11.04 still seems to yield a high amount of installed packages, is the initative to create a "true" minimal install still happening?
<Blinkiz> I will look more into how slaac behaves and how I can control it on the client. But I need to handle a support ticket at the moment. Need to get back to this in a couple of minutes or so
<_ruben> might wanna look into /proc/sys/net/ipv6/conf/all/accept_ra_defrtr and /proc/sys/net/ipv6/conf/all/accept_ra
<_ruben> not sure if enabling the first works when disabling the second
<shaggy2> anyone know what is needed to setup a DNS Server? like how I register it or what I need to do to enable people to acutaly find the DNS to resolve the Domain?
<mianosm> shaggy2: you want to setup bind9 and use the server as your own personal dns server?
<mianosm> https://help.ubuntu.com/10.04/serverguide/C/dns.html
<shaggy2> well sort of, I aint sure what u mean by personal dns server, basicly I am setting up a hosting company, and I want to be able to use the dns server installed with my hosting package (ispCP
<shaggy2> and I am using 10.10
<mianosm> https://help.ubuntu.com/10.10/serverguide/C/dns-installation.html
<_ruben> shaggy2: when you buy/register a domainname, you have to provided the registrar with a list of dns servers, those dns servers will be running bind/unbound/pdns/whatever, and ppl will be directed to them automagically through the glue records
<shaggy2> ahhh
<shaggy2> thank you, that is what I wasn't sure on
 * _ruben takes note not to buy hosting services from shaggy2 
<shaggy2> hey I am only setting up
<_ruben> "learn first, do later" tends to work best, tho it's not commonly acted out
<shaggy2> basicly before I SELL hosting I will have set this up about 20 times atleast and tested with mine and my mates
<shaggy2> I am learning
<shaggy2> the way I learn is by doing
<shaggy2> it's not actualy public yet
<_ruben> ok :)
<shaggy2> I have my Domain and my mates
<mianosm> best of luck to you shaggy2! _ruben, wouldn't setting up a primary and secondary master be enough for what he's looking to do?
<shaggy2> but no actual public connections coming in, I never even thought of using my own DNS but then I thought it would be easier if customers would be able to use the hosting panel to setup the dns records on there own domain
<shaggy2> brb
<_ruben> what's the domain?
<shaggy2> shaggyweb.net and cjg-designs.net shaggyweb aint working I was getting DOS attacks so my ISP decided to shove me back on a dynamic IP while they take my static and find the fella, got work back that he is located in NSW Australia
<shaggy2> he was routing it through about 5 sep proxies, and I don't know why he was trying to go at me, bloody little shit
<mianosm> he was able to use 5 proxies and DoS you from one source? IPTables couldn't kill it?
<shaggy2> ok back
<shaggy2> well that was silly
<shaggy2> lol
<_ruben> depending on the type of dos, iptables wont be of use
<shaggy2> but ok so my understanding is, I change the dns server to my own with the register, and then my DNS Server would work
<_ruben> if it's setup properly, yes
<shaggy2> ok thanks ruben
<shaggy2> will test it once I get my static back
<shaggy2> I know it's stupid to do it, but can the primary and secondary be hosted on the same server?
<shaggy2> atm I only have 1 server and 1 IP
<_ruben> then again, doing *any* "serious" hosting on a consumer internet connection is asking for trouble
<shaggy2> I will have fiber this time next year, and I am planning on using that for the REAL hosting, just wanted to get it setup and learn what I need to now
<_ruben> having only 1 dns server is far from being recommended either, then again, if the dns server is only used for domains that are hosted on the same server, then it doesnt matter (if dns is down, the site is as well, so dns doesnt matter anymore)
<_ruben> and there's several free dns services out there, including ones that allow you to run your own master and have them slave for you
<shaggy2> I currently have bind installed
<Blinkiz> Hi again. In my quest of knowledge about how to decided my IPv6 address, I have found a great topic to start my search from. All the people that do not like that the MAC address is the second part of a IPv6 address in linux. If I can find out how to control this, I will find my solution
<Blinkiz> So, the net is announced with RA messages and each client creates is own address based on the MAC number. How can I control this? For example, in the Windows world, they have some kind of generator to set a unique MAC number without using the MAC number.
<Blinkiz> A few keyword within the topic would be great.
<_ruben> Blinkiz: /proc/sys/net/ipv6/conf/all/use_tempaddr .. temporary addresses and privacy extensions are the keywords here
<Blinkiz> _ruben, nice :)
<_ruben> Blinkiz: another hint: there's also #ipv6 ;)
<Blinkiz> Ohh ;)
<Blinkiz> what can I say.. "ubuntu geek"
<Blinkiz> Need to include... eehh.. "linux" in my world.. hehe
<spajderix> hi
<patdk-wk> hello
<spajderix> how can i check what is blocking my os and making my proc stay in average 98% wait-io state?
<patdk-wk> a harddrive :)
<patdk-wk> iostat
<mianosm> top?
<binBASH> hi patdk-wk
<spajderix> mianosm: top along with htop show lot of process with state D, but these processes work most of the time normally, this wait-io spike happens once every few minutes and stays up to 2 minutes, so it's hard for me to find a cause
<spajderix> iotop show no more activity during wait-io spikes than in normal work state
<patdk-wk> most likely a drive had bad sectors
<patdk-wk> dmesg?
<patdk-wk> run smart selftests on your drives?
<spajderix> patdk-wk: dmesg shows something like this: http://pastebin.com/5NzmMw74
<RoAkSoAx> Morning all!!
<patdk-wk> nice, something is crashing :)
<spajderix> patdk-wk: is there a way to tell what exactly, or at least is it software or hardware?
<binBASH> pickup, you run postfix? ;)
<mianosm> Here might be some interesting info for you as well: http://nixcraft.com/linux-software/431-what-i-o-wait-under-ps-command.html
<spajderix> binBASH: yup
<binBASH> spajderix: so that one is crashing
<binBASH> spajderix: maybe some big mail in queue?
<mianosm> ps -wauxf
<spajderix> mianosm: thanks for link
<mianosm> Seemingly the databases usually cause the issue, if you're pulling addresses from a db to process through postfix maybe?
<mianosm> Those D statuses suck, but ps -wauxf should be a good visual for the issue possibly
<spajderix> let me describe the specs to give a better overview: it's 4x core processor (Intel or something), 4GB RAM running apache,postfix,courier,mysql and configured via ispconfig
<spajderix> mianosm: and yes, postfix is taking auth data from mysql
<mianosm> lshw -html > specs.html
<\sh> spajderix: dstat is also a good indicator of problems....most likely you have a disk problem or cpu 0/core 0 is under heavy load and let interrupts sequentially through or you have a real cpu problem or memory
<binBASH> moin \sh :)
<\sh> hey binBASH
<binBASH> \sh: I just received mail 5 of my system will be delivered today ;)
<\sh> binBASH: congrats :) send some pics when they arrive :)
<binBASH> in end of february ;)
<binBASH> The provider will setup all machines and place them in rack you know
<binBASH> I will go to datacenter in mid./end of February
<patdk-wk> and burn them down?
<binBASH> no
<binBASH> I will move some machines from old datacenter and place them in the rack as well
<spajderix> mianosm: lshw -html http://dl.dropbox.com/u/140067/specs.html
<binBASH> patdk-wk: http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how-to-build-cheap-cloud-storage/
<binBASH> In some months I will need some of those ;)
<patdk-wk> heh
<patdk-wk> binbash, don't want to just go with something more stable: http://www.nexsan.com/satabeast.php?
<hroberts> can someone who is good with grub help me with this wierd issue.  WHen booting my server ubuntu 10.10 with 2.6.35.24 kernel, the server will not boot.  If I rebbot and go to the grub menu, press c for the command and then manually linux the vmlinuz-2.6.35-24-generic-pae file, and then initrd the same file, I can press esc, and select the kernel and it boots every time.  Is there something I can add to grub to resolve
<binBASH> patdk-wk: And it costs 3 or 4 times more? ;)
<patdk-wk> probably, but is redundant, and has fc :)
<patdk-wk> so it's not limited to a single computer using it
<hroberts> can someone who is good with grub help me with this wierd issue.  WHen booting my server ubuntu 10.10 with 2.6.35.24 kernel, the server will not boot.  If I rebbot and go to the grub menu, press c for the command and then manually linux the vmlinuz-2.6.35-24-generic-pae file, and then initrd the same file, I can press esc, and select the kernel and it boots every time.  Is there something I can add to grub to resolve
<binBASH> patdk-wk: What you mean with being redundant, the power supply? ;)
<patdk-wk> no, psu, controllers, network, fc, drives, ...
<binBASH> ahh ;)
<binBASH> patdk-wk: well, here I will take 2 or 3 of the boxes for being redundant. Wanna use ceph as software with radosgw
<patdk-wk> the issue I have with backblaze units, you would have to have drbd between two of them, incase one died
<binBASH> patdk-wk: http://ceph.newdream.net/
<binBASH> no drbd needed
<hroberts> can someone who is good with grub help me with this wierd issue.  WHen booting my server ubuntu 10.10 with 2.6.35.24 kernel, the server will not boot.  If I rebbot and go to the grub menu, press c for the command and then manually linux the vmlinuz-2.6.35-24-generic-pae file, and then initrd the same file, I can press esc, and select the kernel and it boots every time.  Is there something I can add to grub to resolve
<binBASH> hroberts: provide grub.conf in a paste
<compdoc> so glad you keep pasting that question before the last paste scrolls off the window - otherwise Id never know you asked it
<binBASH> lol compdoc
<hroberts> binBASH: please remind me where grub.conf is located at
<Japje> locate grub.conf
<twb> hroberts: /boot/grub/menu.lst or grub.conf, depending on age.
<binBASH> what twb said
<Yale> what's the difference between the ubuntu enterprise cloud and server?
<twb> Yale: a few letters
<Yale> basically no difference?
<compdoc> the cloud is still evolving - seems to be many things
<binBASH> Yale: if you chose ubuntu server you can still build a uec with it ;)
<hroberts> #
<hroberts> # DO NOT EDIT THIS FILE
<hroberts> #
<hroberts> # It is automatically generated by grub-mkconfig using templates
<hroberts> # from /etc/grub.d and settings from /etc/default/grub
<compdoc> but it seems to me to be mainly user access to your server from anywhere
<patdk-wk> yay, people might learn to use pastebin
<twb> compdoc: you mean, like, ssh?
 * twb grumbles
<Yale> I'm currently installing it and wondering whether to choose UEC or default server
<Yale> but frankly, I don't know the difference between the two
<compdoc> it seems mainly gui thru a browser
<patdk-wk> in this context, cloud means to run and manage a cluster of virtual servers
<patdk-wk> where server means to install and run on bare metal
<binBASH> patdk-wk: you can still build a cloud with ubuntu server. I did this once.
<twb> compdoc: I mean that if the only reason you use the cloud is to "access your server from anywhere", you should blooy use sshd :-/
<patdk-wk> yes you can :)
<binBASH> hroberts: use a pastie
<binBASH> and send us the link
<hroberts> sorry that was the wrong paste, what is the best way to show it
<patdk-wk> !pastebinit
<ubottu> pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit -b http://paste.ubuntu.com
<hroberts> what is a pastie
<Yale> you could do that with the default one - using webmin, right? Anyway, it's easier to setup UEC it seems
<patdk-wk> cat /etc/grub/grub.conf | pastebinit
<patdk-wk> hmm, I don't think uec and webmin have anyhting in common
<binBASH> Yale: With UEC it's possible to build your own private cloud which is compatible to Amazon EC2
<patdk-wk> uec manages servers, webmin manages a server
<Yale> I don't want to use amazon's cloud. More or less my own private cloud
<patdk-wk> uec is a clone of amazon's cloud, on your own hardware
<hroberts> here is the link: http://pastebin.com/1fyh1eif
<Yale> mmk, thanks. Is the UEC more user friendly to setup or?
<patdk-wk> heh?
<patdk-wk> more user friendly? compared to what?
<Yale> to the barebones ubuntu server installation
<binBASH> Yale: it's more user friendly than installing ubuntu server and afterwards uec from packages I think
<JanC> there is nothing easier to set up than the "barebones" Ubuntu server  ;)
<Yale> not for a noob I'm afraid :p
<patdk-wk> if you mean is it more friendly to setup a website on uec or ubuntu server, they don't compare
<patdk-wk> you setup uec, then you have to setup ubuntu server inside it
<Yale> not a website. Personal server
 * patdk-wk wonders if yale knows what ec2 is
<hroberts> it is a grub.cfg file not conf, I believe it is grub2 maybe?
<binBASH> hroberts: we need your /boot/grub/menu.lst
<Yale> amazon cloud, if I understood it right...
<JanC> hroberts: yes, it's for grub2
<binBASH> Yale, do you know how to use Amazon EC2? :)
<zul> Daviey: bug #697753
<uvirtbot> Launchpad bug 697753 in eucalyptus "bittorrent recommendation prevents bittorrent demotion" [Medium,Confirmed] https://launchpad.net/bugs/697753
<Yale> nope
<JanC> binBASH: menu.lst is not used for GRUB2...
<patdk-wk> yale, how many servers do you have?
<hroberts> binBASH: file doesn't exist
<Yale> first time I'm trying more or less
<binBASH> JanC: Ok, maybe you can help him then, I don't use grub2
<binBASH> Yale: Maybe tell us first what you're trying to achieve ;)
<JanC> heh, now he's gone...
<binBASH> JanC: Maybe he doesn't know how to use irc probably
<Yale> hehe :) Basically my own home server to store stuff in - kind of like WHS
<zul> Daviey: do you want a bzr branch for that one so it can get off my release radar?
<JanC> Yale: sounds like you want de normal Ubuntu Server then
<Yale> I would also like to setup an ssh server on it
<JanC> maybe there are some Ubuntu Server remixes/derivatives that provide similar functionality to WHS
<binBASH> Yale: You know UEC, is something very different. It is for controlling a pool of servers, where people can request virtualized resources on demand. Also the Virtual Machines will get destroyed when they are shutdown or crash. I think you don't want that
<compdoc> he doesnt want to manage server farms, he wants cloud benefits
<compdoc> applications
<Yale> I thought of UEC more or less as the "controlling" server to manage the computers in its network
<binBASH> Yale: No it's not
<Yale> like citrix. Anyway, is it a bad idea to do a test install using virtualbox?
<JanC> depends what you mean by citrix  ;)
<Yale> citrix xenapp I think
<zul> smoser: around? whats the status on #684875 and #656646?
<smoser> bug 684875 is fix-released, i'm mostly certain. i have to test for sure when i386 images boot again for cloud -init
<uvirtbot> Launchpad bug 684875 in linux "Patch to Natty 2.6.37-virtual breaks non-EC2 users" [High,Fix released] https://launchpad.net/bugs/684875
<smoser> bug 656646 is  most likely just networking issues (on my link from here to amazon during testing)
<uvirtbot> Launchpad bug 656646 in cloud-init "transient network/keyscan issues" [Low,Confirmed] https://launchpad.net/bugs/656646
<Yale> and should I choose x86 or x64? Apparently ubuntu recommends x64, but I don't know why
<smoser> for server x86_64 is obvious choice (if your hardware supports it)
<Yale> it does, but why is it the obvious choice?
<smoser> the primary reason is that if you chose x86, you cannot run x86_64 software (including virtual machines)
<smoser> the only reason you would ever chose i386 is if a.) your hardware didn't support it b.) flash was the most important thing in your life.
<patdk-wk> strange, I run 64bit vm's on my 32bit host os, not that I would want to, and plan to *fix* it, as soon as I can
<smoser> and b really isn't true so much any  more (i run flash on amd64 and haven't noticed issues in a long time)
<smoser> at least under kvm and linux i think you will not get hardware virutalization help in the 64 bit guests
<smoser> i suppose i could be wrong though
<soren> patdk-wk: 32 bit host kernel?
<patdk-wk> yep
<patdk-wk> 2.6.32-27-generic-pae
<patdk-wk> on the host
<soren> I can't imagine you would get hardware acceleration, then.
<soren> I know you didn't used to, and I cannot fathom how that could be "fixed".
<patdk-wk> I dunno how it would work without hardware acceleration
<soren> The CPU isn't in long mode, so the VM's coulnd't be either.
<soren> patdk-wk: Very, very slowly.
<patdk-wk> pretty sure 64bit requires it, period
<soren> patdk-wk: Not at all.
<soren> QEmu can emulate amd64 just fine.
<patdk-wk> ya, I didn't think it would work at all, myself
<patdk-wk> using vmware workstation :)
<soren> Oh.
<patdk-wk> it doesn't emulate 64bit
<soren> Fascinating.
<soren> patdk-wk: On Linux, I presume?
<patdk-wk> ya
<patdk-wk> running win7 x64 inside lucid
<patdk-wk> for those times work requires me to test something, using office :(
<soren> I suppose they could switch to long mode, run the VM for a time slice, and switch back.
<soren> Sounds dreadful, though.
<soren> Turns out that's what they do.
<soren> Live and learn.
<soren> patdk-wk: You'll get better performance out of it by running a 64 bit host kernel, though.
<patdk-wk> ya, I know
<patdk-wk> I just think it will take me a day or two to switch
<patdk-wk> and haven't had time yet
<patdk-wk> that is the only 32bit host machine I have left
<kirkland> RoAkSoAx: ping
<RoAkSoAx> kirkland: pong
<kirkland> RoAkSoAx: hey man
<RoAkSoAx> kirkland: heya! what's up?
<kirkland> RoAkSoAx: did some powernap testing with my watt meter
<kirkland> RoAkSoAx: i'm testing version 1.12-0ubuntu1
<kirkland> RoAkSoAx: seems to be working well on my hardware
<RoAkSoAx> kirkland: cool :), does it really reduce power consumption when turning off corse?
<kirkland> RoAkSoAx: it's a little Asus PC installed with Ubuntu Natty Server
<RoAkSoAx> s/corse/cores
<kirkland> RoAkSoAx: at idle, with powernap disabled, consumes 53W of power
<kirkland> RoAkSoAx: 2 cpus, AMDs
<kirkland> RoAkSoAx: with powernap enabled, and running, idles at 46.5W of power
<kirkland> RoAkSoAx: in powersave mode
<kirkland> RoAkSoAx: that's 12%!
<RoAkSoAx> nice!!
<RoAkSoAx> that like 6.5W, which is good
<kirkland> RoAkSoAx: i'd like to test the other monitors
<kirkland> RoAkSoAx: can you push that newer package?
<RoAkSoAx> though I'm sure that there's other ways to reduce it even more (probably tunning the speed of fans and things like that)
<kirkland> RoAkSoAx: yeah, but that might damage a system if you do it wrong
<patdk-wk> yay, that would save almost 1usd per month
<kirkland> RoAkSoAx: i found a couple of minor issues (i don't think you necessarily introduced them though)
<kirkland> RoAkSoAx: the WoL thing ...
<kirkland> RoAkSoAx: so i tried using the wake on lan function from my router to bring the system out of powernap-powersave mode
<RoAkSoAx> kirkland: the latest is already in the trunk. (and I'm actually improving the WoL as we speak)
<kirkland> 2011-01-20_23:55:22 DEBUG    Starting WoL monitor
<kirkland> 2011-01-20_23:55:22 DEBUG        WoL monitor started at port [7]
<kirkland> 2011-01-20_23:57:59 DEBUG        WoL packet received from 10.1.1.1
<kirkland> RoAkSoAx: it detected the packet, which is good
<RoAkSoAx> kirkland: ok....
<kirkland> RoAkSoAx: and 10.1.1.1 is my router, which is where it came from
<kirkland> RoAkSoAx: but it did not raise it out of powernaping
<zul> Daviey: the snaphsot of openstack is getting quite stale so im planning of doing an update once launchpad is fixed
<RoAkSoAx> kirkland: so the logging didn't continue?
<kirkland> RoAkSoAx: here's the log:  http://paste.ubuntu.com/556543/
<kirkland> RoAkSoAx: look around those timestamps ^ 2011-01-20_23:57:59
<kirkland> RoAkSoAx: you'll see that it doesn't do anything with the WoL packet it gets from 10.1.1.1.... however, it *does* wake up from 10.1.1.11
<kirkland> RoAkSoAx: i'm going to file a couple of bugs to keep track of these
<RoAkSoAx> kirkland: 10.1.1.11 is powerwake
<kirkland> RoAkSoAx: yes
<RoAkSoAx> kirkland: yeah, so what I'm guessing here is that the router is using another technique to create the WoL Monitor, which is different WoL data than the one sent from powerwake
<RoAkSoAx> kirkland: so let's say the router sends a WoL packet such as: 1234 and powerwake sends a wol packet such as: 123456
<RoAkSoAx> kirkland: so powernap uses eth0 mac, to generate "Wol Data" and then compares with the received one. If it does match, then it takes recover action. Now, given that the function I use to generate that "WoL Data" is the same as the one powerwake uses to create the WoL packet, then that's why it wakes up with powerwake and not with the router
<kirkland> RoAkSoAx: okay, i'm testing a bunch of WoL utilities now
<kirkland> RoAkSoAx: i think we should try to make it work with most (all?) of them
<kirkland> RoAkSoAx: otherwise, it's not really "wake on lan" ... is something that specific to powernap/powerwake
<RoAkSoAx> kirkland: let's compare the wol data that other utilities generate against the one powerwake generates
<RoAkSoAx> kirkland: if powerwake generates the same data as the other utilities, then it will work
<RoAkSoAx> or at least it should
<patdk-wk> hmm, wol is pretty simple
<patdk-wk> it's just 6 FF's followed by the mac addres 16x times
<patdk-wk> nothing else, so you have to search the data of all packets and locate that
<patdk-wk> generating that should be a no-brainer
<RoAkSoAx> patdk-wk: yeah apparently there
<RoAkSoAx> there might be something wrong in the data generation aalgorithm, that's something that I'll figure out in a bit
<patdk-wk> the only issue I could think of, is if the other wol sender isnt using l4 packets
<RoAkSoAx> patdk-wk: what powerwake does it generates the wol data and sends a broadcast packet. Then in PowerNap "WolMonitor", it receives that broadcast, and takes the data out and compares, by generating wol data of the local interface against the received data
<kirkland> RoAkSoAx: https://bugs.launchpad.net/ubuntu/+source/powernap/+bug/705943
<uvirtbot> Launchpad bug 705943 in powernap "powerwake triggers wakeonlan monitor, but other wakeonlan implementation does not" [High,Confirmed]
<RoAkSoAx> kirkland: what I'm assuming right now is that powerwake's wol packet is different from all packets generated by the other tools
<RoAkSoAx> kirkland: I'll confirm that in a bit
<kirkland> RoAkSoAx: okay, question ...
<kirkland> RoAkSoAx: about the network monitor ...
<kirkland> RoAkSoAx: it just looks for any traffic on port 22 (or whatever you configure), right?
<RoAkSoAx> kirkland: yes, it binds the port you configure it (UDP though)
<patdk-wk> hmm, on the join, mac * 20, repeats the mac 20 times?
<patdk-wk> wol spec says 16 only is required
 * patdk-wk doesn't know python :)
<hggdh> JamesPage: good morning, I had to change run-test.py -- I was getting a TypeError when writing the attachments: http://pastebin.ubuntu.com/556558/
<hggdh> JamesPage: the change @617 is the one I am talking about
<patdk-wk> ya, that is exactly the issue
<patdk-wk> data = ''.join(['FFFFFFFFFFFF', mac * 16]) will fix it
<patdk-wk> after that, the next issue will be the recv_wol_msg == local_wol_data
<patdk-wk> you need to search recv_wol_msg for local_wol_data, if it exists, anywhere in recv_wol_msg, then it matchs
<patdk-wk> recv_wol_msg.find(local_wol_data), maybe?
<zul> Daviey: ok new nova snapshot in the archive
<claw> hello there i want to change to langue or better the whole location setting for my server
<claw> how to do this ?
<claw> forn en_EN to de_DE
<claw> i have just installed 'language-pack-de' but dont know how to set it as default
<uvirtbot> New bug: #705982 in cobbler (universe) "/etc/apache2/conf.d/cobbler.conf should be wrapped in IfModule proxy_http" [Undecided,New] https://launchpad.net/bugs/705982
<zul> SpamapS: patches accepted ;)
<SpamapS> zul: w00t w00t
<RoAkSoAx> congrats!!
<donvitoo> how to disable sit0 ipv6 down
<lephisto> greetings to everyone..
<lephisto> i have a problem with the libopenais-dev.. any1 up for this?
<lephisto> i have the feeling that in lucid /usr/lib/openais is missing
<lephisto> ah problem solved i think. unlike debian they're in /usr/lib not /usr/lib/openais.
<antii> hell-o
<Wolfsherz> hi, on each reboot the init-script of apache2 has zero bytes and a file apache2.1 is generated out of nowhere... needless to say that service apache2 start does not work, and i have to rename that apache2.1 after each restart to apache2... whats up with this?
<Wolfsherz> running ubuntu 10.04 server
<antii> looking for some help with hardware for a nas/shell, http server. atom/i3? ram etc.
<gamla_kossan> hey people
<gamla_kossan> got a really weird one today; did an apt-get update, got this:
<gamla_kossan> W: GPG error: http://se.archive.ubuntu.com lucid-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
<gamla_kossan> anyone able to help me fix this?
<lephisto> need help trying to compile clvm againt openais
<uvirtbot> New bug: #706038 in samba (main) "251397 is the bug number for last bug samba failed again after updates" [Undecided,New] https://launchpad.net/bugs/706038
<pmatulis> gamla_kossan: try again or use a different mirror
<gamla_kossan> pmatulis: I did, with a danish mirror, got the same error
<lephisto> root@xen1:/etc# /etc/init.d/clvm start
<lephisto>  * Starting Cluster LVM Daemon clvm
<lephisto>    ...done.
<lephisto>  * Activating VGs vgsas1 vgtest
<lephisto> ups ww
<RoAkSoAx> kirk/win 4
<RoAkSoAx> pffffff
<uvirtbot> New bug: #706054 in tomcat6 (main) "package tomcat6 6.0.24-2ubuntu1.5 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/706054
<Ademan> does anyone know about how much a default install of ubuntu-server (10.04) will take up? I'm pressed for disk space and I need to create a VM image large enough for ubuntu + some working room, but like I said, I don't have much disk space to sacrifice in the host
<qman__> Ademan, the base install consumes ~850MB
<qman__> you will want at least 1.5GB though if you plan on updating or installing any software
<Ademan> qman__: thanks
<Ademan> can I shrink qemu images after the fact? (safely?)
<qman__> I don't know, sorry
<Ademan> it's alright, it's a bit offtopic here anyways, thanks again :-)
<acicula> using 10.10, qemu,libvirt and sh. after creating a xml domain file i attempted to use attach-disk to register a cdrom device. virsh  fails with an unknown error, logs point to apparmor needing an addition to the profile for the vm. But the apparmor profile is tagged as being autogenerated by libvirt. How ddo i make libvirt push an update to apparmor?
<jdstrand> acicula: adjust either /etc/apparmor.d/abstractions/libvirt-qemu or /etc/apparmor.d/libvirt/libvirt-<uuid>
<jdstrand> acicula: the former will make the change to all guests, the latter just the guest with the uuid
<acicula> jdstrand: yeah that works.
<acicula> jdstrand: point is that the libvirt-uuid file is tagged to be updated by virsh
<jdstrand> libvirt-uuid.files is rewritten each time, libvirt-uuid is only on creation
<acicula> ah gotcha, thanx
<acicula> hmm .files is also listed  as managed by libvirt
<RoAkSoAx> SpamapS: ping?
<aljosa> ubuntu 11.04 will distribute postgres v9.0 or v9.1?
<acicula> aljosa: there isnt even a 9.1 version out yet
<acicula> aljosa: http://www.postgresql.org/developer/roadmap
<acicula> The next release of PostgreSQL is planned to be the 9.1 release. A tentative schedule for this version has a release in the third quarter of 2011.
<Pici> Third quarter is a bit late for an April release.
<acicula> i was just thinking that too
<aljosa> thanks for info
<ChrisBuchholz> Hey guys. I have a problem on my 10.04.1 server where some of the users cannot ssh in. If i use the -vv argument, i get no errors, outputs just stops right before it goes to "logged in"-output with the users that does work. I have tried setting the loglevel of sshd to debug3, but didnt tell me more. I have noticed that the users where it works's user id and group id (looking in /etc/passwd) is equal to each other, whereas the ones that doesnt
<RoyK> - bigjools [~quassel@canonical/launchpad/bigjools] has quit [Ping timeout: 240 seconds]
<RoyK> ops
<savid> Does mysql-client use editline now instead of readline?    I had Page Up mapped to "history-search-backward" in my .inputrc, and it's not working in mysql.  Is there a way to do that with .editrc?
<RoyK> try #mysql
<savid> RoyK:  well, this is more a question about how mysql is configured with ubuntu by default -- just trying to figure out which input lib it is configured to use on ubuntu server.
<RoyK> iirc from this test box on 10.10, mysql client uses readline
<RoyK> just ldd it
<SpamapS> RoAkSoAx: pong, sup?
<RoyK> s/iirc/afacs/ :P
<RoAkSoAx> SpamapS: trying to get cobbler running but I just completely broke my system... :)
<SpamapS> RoAkSoAx: oh?
<SpamapS> RoAkSoAx: I had no trouble on a natty vm
<RoAkSoAx> SpamapS: mine, 1st, wans't able to recognize httpd running after sudo cobbler check
<SpamapS> RoAkSoAx: are you trying to install it in a chroot? That failed for me.
<RoAkSoAx> SpamapS: nope, I didn't ... I think there's also a bug somewhere else that helped to screw things up
<RoAkSoAx> SpamapS: will reinstall this weekend and try again
<anternat> what version?
<RoAkSoAx> anternat: of what?
<anternat> yr server distro?
<RoAkSoAx> natty
<anternat> ok
 * RoAkSoAx gone for the day
<anternat> cyaz all bye
#ubuntu-server 2011-01-22
<Ademan> ugh, anyone who's set up ubuntu server using libvirt, I'm trying to use virt-install. My current command line looks like sudo virt-install --connect qemu:///system --name server --ram 256 --disk path=/var/lib/libvirt/images/ubuntu-server-10.04.qcow2 --nographics --os-type linux -c /home/dan/Downloads/ubuntu-10.04.1-server-i386.iso --extra-args="text console=ttyS0,9600n8" but no matter what I've done I can't get any output on th
<kirkland> RoAkSoAx: around?
<AMT-IT-Guy> any Samba experts around that can explain how I can reload smb.conf without restarting the services?
<SpamapS> kirkland: I think he's done for the day.. 30 minutes ago "* RoAkSoAx gone for the day"
<kirkland> SpamapS: heh, yeah, we banter back and forth long past work hours though :-P
<SpamapS> kirkland: true.. irc is funny that way
<AMT-IT-Guy> no one here uses Samba?
<SpamapS> AMT-IT-Guy: not if we can help it. ;)
<SpamapS> AMT-IT-Guy: service smbd reload should work though
<SpamapS> or it might be service smb .. or service samba.. not sure
<AMT-IT-Guy> that won't shut down the master services, so, if file transfers, etc are happening they won't be aborted?
<mtdemind> i believe it should just check for changes in config
<Ademan> :-/ no one has any idea regarding my virt-install issue?
<AMT-IT-Guy> i thought so too, but I've changed permissions on a directory, and it's not reloading
<mtdemind> HUP should work as well
<AMT-IT-Guy> i tried that as well
<AMT-IT-Guy> sudo kill -HUP PID and it's not working
<RoAkSoAx> kirkland: im here
<AMT-IT-Guy> see here's my problem.... I can replace upwards of 20 Windows servers at my office, BUT, i can't just reload samba in the middle of the day if a change needs to be made lol
<kirkland> RoAkSoAx: you should thumb your nose at SpamapS :-)
<RoAkSoAx> kirkland: discovered the issue, though there's other "issue"
<kirkland> RoAkSoAx: yeah?  i saw the bug report updated
<kirkland> RoAkSoAx: glad to see you got those fixed
<RoAkSoAx> SpamapS kirkland : yeah I was gone.. though.. can't stay much time away from computer lol
<SpamapS> RoAkSoAx: no kidding me too
<kirkland> RoAkSoAx: okay, i have though thoroughly about powernap
<RoAkSoAx> kirkland: it was indeed issue with powerwake, I just change one value and it is fixed, though I need to test it against hw
<kirkland> RoAkSoAx: cool
<RoAkSoAx> kirkland: wanna have a quick chat?
<RoAkSoAx> cause I'm going to the movies in like 20 mins or so
<kirkland> RoAkSoAx: sure
<kirkland> RoAkSoAx: let's do it quick
<kirkland> RoAkSoAx: http://paste.ubuntu.com/556709/
<kirkland> RoAkSoAx: skype me?
<RoAkSoAx> kirkland: http://pastebin.ubuntu.com/556710/
<RoAkSoAx> kirkland: +    data = ''.join(['FFFFFFFFFFFF', mac * 16])
<Thirtysixway> is there a mod auth shadow package available on lucid?
<Thirtysixway> there seems to only be one for hardy and daper
<axisys> i am failing to compile filebech.. missing libtecla.h  .. is there a pkg for available for that?
<hroberts> is there anyone here who is good with grub2 who can help me with an issue?
<momoz> hi all.  I have a problem with my apache or ubuntu server install.. I have installed in two servers.. one is working fine the other has problems with utf-8 encoding.  I have a web/xml/rss that says
<momoz> has errors and when I run a rss/xml validation it tells me ithe problem is:  Your feed appears to be encoded as "UTF-8", but your server is reporting "US-ASCII"
<momoz> any ideas?
<mtdemind> probably MIME related
<momoz> thought that too checked many areas.. any suggestions?  two servers one works one doesn't.. was thinking some global setting.. any areas to check?
<mtdemind> momoz: http://httpd.apache.org/docs/current/mod/mod_mime.html#addtype
<mtdemind> add rss, and maybe xml
<mtdemind> search around for examples
<anzenketh> I want to install ubuntu server but I want the home directory to be a seperate parition how would I got about doing this?
<pmatulis> anzenketh: create a separate partition and use /home as it's mountpoint
<anzenketh> Ya the ubuntu server partition creating tools are confusing.
<anzenketh> I can't figure out how to create a seperate parition.
<pmatulis> anzenketh: choose manual partitioning during install
<anzenketh> I have done that.
<anzenketh> It gives me a screen I can not edit
<pmatulis> anzenketh: select 'free space' and hit enter
<anzenketh> There is no free space
<pmatulis> anzenketh: remove existing partition then
<anzenketh> That is what I can't figure out how to do
<pmatulis> anzenketh: select it and choose delete
<pmatulis> anzenketh: select it, hit enter, and choose delete
<axisys> what pkgs do I need to compile a something in ubuntu .. I already have build-essential ... but still saying inet/ip.h not found
<pmatulis> axisys: build-deps command?
<axisys> pmatulis: multi_client_sync.h:31: fatal error: inet/ip.h: No such file or directory
<axisys> pmatulis: this is the error
<axisys> pmatulis: dont see build-deps.. i see build-rdeps tho
<pmatulis> axisys: are you trying to build a package?
<axisys> pmatulis: no just compile filebech
<axisys> filebench*
<pmatulis> axisys: the ubuntu way is to build a package
<anzenketh> Ok I have a LVM using 999.9GB Insite that LVM VG home I have two root ans swap
<anzenketh> I want to create another  how do I do that
<axisys> pmatulis: i am trying to compile this http://sourceforge.net/projects/filebench/
<axisys> pmatulis: never did build a pkg
<axisys> pmatulis: i also had to download and compile this
<axisys> pmatulis: http://www.astro.caltech.edu/~mcs/tecla/
<axisys> pmatulis: to get libtecla.h
<axisys> pmatulis: which is needed for filebench
<pmatulis> anzenketh: if i understand you well, you'll need to resize the root logical volume in order to accommodate a third (for /home)
<anzenketh> I think I figured it out
<anzenketh> Warning messages were scaring me from continueing to where I can edit
<axisys> pmatulis: i am compiling it like this http://pastebin.com/yJxfSJCD
<axisys> as suggested in INSTALL of filebench src
<pmatulis> axisys: dunno, sorry
<axisys> hmm.. wonder if there is a ubuntu pkg where inet/ip.h available
<dku> I have a dhcp3-server running, which has a number of clients. I'd like to be able to do 'ssh user@hostname' from my machine, given 'hostname' as the client's hostname. How can I make it resolve?
<mtdemind> dku: dhcp3-server should be able to use ddns to update bind
<dku> so i also have to run a dns server alongside the dhcp server?
<mtdemind> that's how i'd do it
<axisys> DEAD_BEEF: may be I should change this #include <inet/ip.h> for linux
<dku> okay, thanks mtdemind
<axisys> it is written by four sun guys.. may be opensolaris has the inet/ip.h that I can copy over here
<mtdemind> dku: you're welcome
<axisys> pmatulis: this one worked .. http://www.fsl.cs.sunysb.edu/~vass/filebench/
<axisys> pmatulis: thanks for your help
<RoAkSoAx> kirkland: ping
<meltingwax> does ubuntu server have any firewalls by default? I have all ports forwarded to it but i can't access my IRC server, even from a LAN address
<meltingwax> although i can access it locally on that machine
<thesheff17> meltingwax: yea I have seen iptables setting now on my default.
<thesheff17> try iptables -L
<thesheff17> meltingwax: here is my bash script that turns off all iptables http://paste.ubuntu.com/556739/
<ball> I find myself torn between Ubuntu Server and something like Solaris for a small virtual desktop rollout.  Linux has some advantages that I can think of, but... I dunno.
<thesheff17> ball: what do you mean about virtual desktop rollout?
<ball> thesheff17: A move from desktop PCs running MS Windows to thin client hardware (graphical terminals, we used to call them), with everything running on the server.
<thesheff17> ball: well I haven't used many thin client stuff.  So you want the client running basically a remote X server?
<ball> thesheff17: Depends which type I went with.  VNC and Sun Ray don't use X across the wire.  X terminals (e.g. ltsp) do.
<thesheff17> I would actually check out http://edubuntu.org/
<thesheff17> you can run a single instance as a server and everything is loaded on the clients automatically...booting and everything.
 * ball nods
<ball> Edubuntu uses ltsp afaik.
<thesheff17> ball: well you can always run vnc stuff
<ball> VNC lets people hot-desk and is cross-platform, but lacks the video accelleration of X window and Sun Ray.
<ball> ...come to think of it, X can do 3D over the wire too, though I'm not sure whether ltsp supports that.
<thesheff17> true. I have used forwarding X  which works really good.
<ball> (not that we do much 3D at the office)
<thesheff17> ball: I guess its more on what you want to accomplish and the advantages/disadvantages of each option.
<ball> I should sleep on it.  I can't see straight to write anyway.
<meltingwax> how can i determine which version of ubuntu server i am using?
<qman__> meltingwax, cat /etc/issue
<meltingwax> qman__: thanks
<arkonova> Installed gitosis via apt-get and was wondering why the post-install script creates the user "gitosis" instead of simply "git". Is there any reason i am missing? Should i avoid renaming that user to "git"?
<vrana-_> hi all
<vrana-_> is here somebody ?
<chovynz> I got my first ever server up and running the other day :) IT was a rush to see "It works! you have reached this page that is on the web server. There is, however, no content on it yet." I want to know how I can make a music streaming server.
<vrana-_> great mam
<vrana-_> man
<vrana-_> I really dont know how to set up music streaming server
<chovynz> what have you got setup on your server?
<vrana-_> recently nothing mush, just purchased virtual privite srever with ubuntu
<vrana-_> and tried to run java server for chat, but its not working very well
<vrana-_> its crashing all the time
<chovynz> Do you know why it's crashing?
<vrana-_> I want to replace java chat server for a IRC or jabber
<vrana-_> but I dont decide yet what is better for me
<chovynz> how far have you got?
<vrana-_> so Im just lurking around IRC, because I dont know IRC in fact. This is first time Im using it :)
<chovynz> welcome then :)
<vrana-_> Thanks. :)
<chovynz> so how far have you got on setting up a irc or jabber?
<vrana-_> im just deciding what is better for that
<vrana-_> what you think
<chovynz> No idea. What's your setup for security like?
<vrana-_> I dont care fo a security :)
<vrana-_> I want to tr to make a facebook game with chat
<chovynz> you will care once your server is hacked.
<vrana-_> you are right
<chovynz> so, what troubleshooting have you done to determine why the java chat wasn't working?
<chovynz> (I don't know anything, I'm just trying to ask questions that  might help you on your journey)
<kerozene> apticron.conf: if I don't explicitly set $SYSTEM, can I still use it in $CUSTOM_SUBJECT ?
<uvirtbot> New bug: #697601 in keepalived (main) "Keepalived version bump to 1.2.1" [Undecided,New] https://launchpad.net/bugs/697601
<uvirtbot> New bug: #700050 in net-snmp (main) "snmpd binds to 127.0.0.1 by default" [Undecided,New] https://launchpad.net/bugs/700050
<arief1> hi All
<njbair> For some reason I can't get dnsmasq to assign 192.168.1.2 to a dhcp-host. If I change the 2 to anything else in range, it works fine. Could this be a bug?
<RoyK> no idea
 * RoyK uses a dhcp server for serving dhcp
<ejat> anyone can help me with heartbeat + apache .. i manage to get it work .. but how do the 2nd node take over while apache service stop
<shaggy2> hey is there anyway I can make a complete image of my ubuntu server install with everything on it and working, so if I have a failure I can just reload the image?
<shaggy2> my server has a DVD burner in it
<gobbe> dd
<njbair> I've got an ubuntu server guest OS in virtualbox and I'm trying to remember what package I installed to be able to mount shared folders. Does anybody know?
<mfraz74> If I have ssh to only allow keyed entry, can someone hack into my server if they don't have a key?
<gobbe> njbair: mount shared folders from virtualbox-host?
<gobbe> mfraz74: of course it's possible, but not without somekind of bug or security hole
<njbair> gobbe: yes, I know I didn't install the full guest-additions package, but I have it working on one system
<gobbe> mfraz74: there is no 100% sure thing what it comes to computer connected to internet
<mfraz74> gobbe: i've seen a few login attempts in the auth log, but they don't get in
<ejat> anyone can help me with heartbeat + apache .. i manage to get it work .. but how do the 2nd node take over while apache service stop
<gobbe> mfraz74: yep, that's because they try with password
<RoAkSoAx> kirkland: ping
<kirkland> RoAkSoAx: working outside around the house today
<kirkland> RoAkSoAx: wassup?
<RoAkSoAx> kirkland: so I've been thinking, and you mentioned yesterday that each monitor (even process monitor) should track activity regardless of the INTERVAL SECONDs, this means, to continiously track activity not depending on when to check for it every INTERVAL SECONDS, right?
<RoAkSoAx> kirkland: so the idea is to run each monitor in a thread within its own class (specially for ProcessMonitor, IOMonitor - InputMonitor and RemoteMonitor already do - WOLMonitor, TCPMonitor will be threaded) to get "ACTIVITY" regardless of the interval seconds. Because right now, every INTERVAL_SECONDS (in ProcessMonitor, IOMonitor), powernapd checks for activity (they do the lookups in that moment). So, I believe that to get better results (Proce
<kirkland> RoAkSoAx: yeah, that sounds okay to me
<RoAkSoAx> kirkland: this, however, will be heavier because the check for "activity" will never stop, rather than just check every interval seconds
<kirkland> RoAkSoAx: right
<kirkland> RoAkSoAx: let's try it and see how bad it is?
<kirkland> RoAkSoAx: and let's try to move as many monitors as possible from polling -> event based, over time
<RoAkSoAx> kirkland: by event based, you mean when something happens, the monitor will signal powernapd daemon??
<kirkland> RoAkSoAx: yes
<RoAkSoAx> kirkland: wouldn't that be even more process intensive?
<kirkland> RoAkSoAx: rather than checking every X seconds, just sit there doing nothing, waiting, until an event happens
<kirkland> RoAkSoAx: it should be much cheaper
<RoAkSoAx> kirkland: not for the InputMonitor (USB) though
<kirkland> RoAkSoAx: i gotta run, for a bit
<kirkland> RoAkSoAx: i'll check back later ;-)
<RoAkSoAx> kirkland: alright, have a good one ;)
<StrangeCharm> what sort of file server should i use if i want data to be encrypted in transit, without being incredibly slow?
<thesheff17> StrangeCharm: scp is secure and I believe it works pretty well...you can also pass the type of encryption you want to use to scp
<thesheff17> I use scp -c arcfour which is weaker encryption but faster for transfer.
<StrangeCharm> thanks, thesheff17 i'll look into that
<thesheff17> StrangeCharm: also you can use rsync tunneled through ssh so you only have to transfer files that have changed.
<StrangeCharm> thesheff17, i like rsync over ssh, but here i'm looking for an on-demand fileserver, rather than keeping two copies of the same data
<thesheff17> StrangeCharm: well assuming the clients are windows you can use winscp as the client to connect to any ssh server.
<StrangeCharm> thesheff17, thankfully i have the joy that almost all clients are running ubuntu
<nhck> Hi, installed mpc & mpd via apt on an ubuntu server. Strange enough I get "error: directory or file not found" everytime I try to add a file - even when I am root. I can't find out whats happening, but I need mpd to work for an external package (mpd-upnp) I use in order to make it a media server. Any ideas?
<StrangeCharm> thesheff17, so, scp is faster than sftp for file transfers, but only does transfers, not any other file management? is there any way to easily use sftp for management, but switch to scp for bulk transfer?
<thesheff17> StrangeCharm: ah well that is nice...in ubuntu you can just do Place->connect to server->select SSH and use nautilus as client.
<thesheff17> sftp is just ftp tunneled through ssh
<StrangeCharm> thesheff17, wikipedia disagrees
<StrangeCharm> thesheff17, quote "SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group." from https://secure.wikimedia.org/wikipedia/en/wiki/SSH_file_transfer_protocol
<thesheff17> ah ok...well almost all SFTP clients just support SSH or scp basically.
<StrangeCharm> thesheff17, thus far, i've just been using nautilus but it's incredibly slow, i was hoping to find a better way
<thesheff17> StrangeCharm: I would do some command line testing with scp & scp -c arcfour
<StrangeCharm> thesheff17, is arcfour the name of an encryption protocol?
<thesheff17> chances are the bottleneck is the encryption part and not the actual transfer
<thesheff17> yea
<StrangeCharm> RC4
<thesheff17> StrangeCharm: samba is also very fast but I haven't tried to get encryption over the wire for that.
<StrangeCharm> thesheff17, do you have any info on the strength of arc4? i'm not sure that there are any standard samba implementations that do transport security
<StrangeCharm> thesheff17, samba is the standard for a network filesytem, right? it works pretty well xplatform?
<thesheff17> StrangeCharm: well I would say SMB is the standard protocol for windows based clients...samba implements SMB...usually unix/linux have traditionally used NFS mounts like windows shares.
<StrangeCharm> thefish, i'm not familiar with nfs. acronym for 'netowrk filesystem'? how does it stack up to smb for speed and security?
<thesheff17> StrangeCharm: samba is def been faster than nfs for me in the past.
<StrangeCharm> and neither have transport security?
<thesheff17> StrangeCharm: I don't believe so...I was actually looking for some security over samba...which would be nice
<thesheff17> StrangeCharm: though of course now I reading some stuff on nfs and people are saying it is faster than samba...so I could be wrong.
<StrangeCharm> nautilus does both nfs and smb shares nicely, right?
<thesheff17> StrangeCharm: yea
<thesheff17> StrangeCharm: well not nfs...nfs is usually mounted manually or through /etc/fstab on boot up.
<StrangeCharm> thesheff17, how does that work with devices that aren't always online?
<thesheff17> once mounted you can easily browse with nautilus.
<StrangeCharm> do things break when an nfs share is disconnected?
<uvirtbot> New bug: #706368 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/706368
<thesheff17> StrangeCharm: it is tricky when it isn't mounted because then that directory is essentially on the local file system....I can't tell you the number of times I forgot to mount a usb drive and trasnfer a bunch of stuff from local disk to local disk.
<thesheff17> if there are no files visible in the dir you mount to you know the nfs share isn't mounted correctly.
<StrangeCharm> thesheff17, right, but it doesn't fundamentally break (like unplugging a usb disk which is still mounted)? the data isn't accessible, sure, but if it's just data data, (as opposed to data applications or the OS need) then that shouldn't be a problem, right?
<thesheff17> yea there is no problem like that.
<thesheff17> nfs might also scale better with many users.
<StrangeCharm> thesheff17, sweet, though it still doesn't address the question of transport security
<StrangeCharm> i assume that nfs is secure 'at rest' (as in, when there are no users, an attacker can't list the filesystem or access files)
<thesheff17> StrangeCharm: username pass I believe is passed to nfs during the mount...unless that person has read/write then it will deny by default.
<thesheff17> it does look like samba supports some encryption now: http://news.samba.org/announcements/3.2_press_release/
<thesheff17> though I have never used it.
<StrangeCharm> thesheff17, is user authentication at least secure on nfs and smb?
<StrangeCharm> thesheff17, is that was released in 2008, then it's surely filtered down by now?
<thesheff17> StrangeCharm: yea I believe it would...the problem is finding how to do it...maybe the samba site would know more....everytime I search google for encryption and samba I just get encrypting the local disk which is not what we want.
<StrangeCharm> thesheff17, likewise
<thesheff17> http://www.oregontechsupport.com/samba/security.php lol tunneling samba through SSH :)
<StrangeCharm> thesheff17, hmn, according to http://blog.permabit.com/index.php/2009/08/deduplication-and-encryption/ nfs supports transport encryption 'First and foremost, transport encryption is used wherever possible. If the application protocol (i.e. NFS, CIFS) supports an encrypted connection, we will deliver that. '
<thesheff17> StrangeCharm: so yea it looks like NFS & samba rely on external tools to do encryption over the wire.  All username/pass though should be encrypted.
<StrangeCharm> thesheff17, right, that's food for thought. i particularly like nfs, and i'm looking at http://www.linuxsecurity.com/content/view/117705/49/
<Patrickdk> heh, just use ipsec, done :)
<Patrickdk> for me, samba just encrypts by default
<Patrickdk> and I know it works, cause my workstations are set to only talk to servers that support encryption
<Patrickdk> when I talk to old samba, v2.x, it won't connect, cause no encryption support
<StrangeCharm> Patrickdk, i had considered that, but i have no idea where to start
<dku> If nslookup hostname works (gives back an IP), but telnet hostname or ping hostname respond with 'unknown host hostname', what does that mean?
<N2Deep> you might look at your /etc/nsswitch.conf
<N2Deep> specifically the "host" line
<dku> "hosts: files dns"
<N2Deep> are you using FQDN for hostname?
<dku> nope, is that required?
<ded0> hi. is there any server gui for managing DNS and CIFS shares? i found gbindadmin and gsambad, but they might be pretty old, also seems not to be in the repo. any suggestions?
<N2Deep> dku: it really depends on how your DNS server is setup to respond to queries.
<N2Deep> dku: since I know nothing about your setup, it's hard to diganose.
<dku> N2Deep: i'm using dnsmasq, default setup. seems when I enable FQDN, it resolves fine
<chovynz> Newbie here : What type of applications should I be using to serve music to my network?
<chovynz> type of = deleted
<N2Deep> dku: cool. So you made a change to the dnsmasq config, or you did "ping hostname.fqdn" from the client?
<dku> N2Deep: i enabled fqdn in dnsmasq, and now ping/ssh/telnet hostname.fqdn works, but ping hostname still does not.
<N2Deep> dku: the machine running dnsmasq, do you have shortnames or the full hostname.fqdn in /etc/hosts?
<dku> N2Deep: i haven't touched /etc/hosts, should i have?
<N2Deep> dku: if you are setting static addresses in dnsmasq, then yes.
<dku> N2Deep, well, I'm having dnsmasq acting as a DHCP server as well, so the addresses aren't static
<N2Deep> you should also check the section for  expand-hosts   in /etc/dnsmasq.conf
<N2Deep> ...make sure it's not commented
<dku> it's not, i uncommented it so that FQDN would work
<N2Deep> dku: if you are wanting to use dhcp and get hostnames, you need to check /etc/dnsmasq/dhcp.conf
<N2Deep> that's where you assign a hostname to a MAC address, and a address from your dhcp range to a hostname.
<N2Deep> dku: have you done any reading??
<N2Deep> right in /etc/dnsmasq.conf there is a line.
<N2Deep> Always set the name of the host with hardware address 11:22:33:44:55:66 to be fred
<N2Deep> ...  dhcp-host=11:22:33:44:55:66,fred
<dku> that doesn't work for me, though
<dku> my hosts dynamically send their hostnames with the DHCP lease
<dku> the DNS server has them, and responds correctly
<N2Deep> well I'm using the /etc/dnsmasq-dhcp.conf file in my network, and it works fine.
<dku> i.e. nslookup hostname @localhost works fine
<chovynz> I have ubuntu-server, how do I rip my music onto it so that it can serve music to the network? I'm reading up on daap and things, but I don't really know my way around teh command line
<N2Deep> dku: you are aware that you have to restart dnsmasq any time you make a change to a conf file?
<dku> sure am, N2Deep
<N2Deep> ok cool, just making sure.
<dku> it's not that DNS doesn't know about it
<dku> DNS responds correctly
<dku> it's that ubuntu doesn't qualify hostname to hostname.fqdn
<dku> isn't that a /etc/resolv.conf thing?
<dku> ah yes
<N2Deep> it's a high possibility
<dku> adding 'search fqdn' to resolv.conf seems to fix it
<N2Deep> nice good work.
<monteith> can someone chat briefly with me about file permissions with an apache server?
<monteith> just need to clarify some confusions
<guntbert> monteith: ask away, there can always be somebody who knows
<monteith> anyways... i've used aptitude to install apache and a number of its components, and so it runs its processes on the www-data user and group
<monteith> in this case, should "others" be given permission for anything within the web server?  who would the "others" be?
<guntbert> monteith: I'd see no need - "others" might be shell users, ftp users, another server...
<monteith> ty
<guntbert> monteith: but I'm no expert server management
<guntbert> so see it as opinion only
<monteith> right
<mrmist> in that configuration I couldn't see any need for it either
<mrmist> it being "others" access
<monteith> i'm really just trying to understand permissions and ownership in the larger picture
<monteith> and if an apache process is being run by a www-data user, i was wondering how an "other" would access it
<guntbert> monteith: every file has two owning entities: a user and a group, every user who is neither the owner nor a member of the owning group counts as "other"
<monteith> guntbert:  i'm not being specific, sorry.  my train of thought was on users accessing my website.  it would be encapsulated to the www-data user/group
<mrmist> Yeah don't worry about users coming in over the web
<mrmist> the apache processes serve them and they run in the www-data context
<guntbert> monteith: yes, users from the web-site are covered by www-data, and the server checks what they may do
<monteith> on that thought though...  the two entities don't necessarily need to relate to eachother?  ie.  chown user1:group2 ... user1 doesn't need to be part of group2?
<dku> sshd on my server is starting before the NIC gets an address from DHCP, so sshd restarts around a minute after booting (isn't available right away, as it should be). How can I fix this?
<mrmist> monteith: the user and the group can be completely independant of each other
<monteith> ok
<StrangeCharm> if a file's group is somegroup, and someuser is a member of somegroup, can they access that file?
<monteith> ...yes?
<RoyK> StrangeCharm: chmod g+w
<mrmist> It depends on what the "group" perms are, but "yes", possibly
<RoyK> are  tee eff emm
<StrangeCharm> RoyK, that that allows anyone who's in the file's group to write to it?
<RoyK> yes
<talat> Can i use two host computer resource for one vm
<talat> is it possible ?
<StrangeCharm> RoyK, i'm having trouble then. i have a directory  which has "drwxrwx--- 1 user1 group1". i'm signed in as a user which is a member of group1, but i can't read that dir. what might i be doing wrong?
<guntbert> StrangeCharm: you need read permission for the complete path
<StrangeCharm> guntbert, the file is in the home directory of the user i'm signed in as, and that user owns their home directory
<w0rse> Hello! Are newbie questions acceptable here?
<guntbert> StrangeCharm: please look at or pastebin the output of stat <thatfile> and of id
<guntbert> w0rse: as long as they pertain to server specific problems - yes
<bereta> hello can anyone tell me how to change the port on apache2
<bereta> i have changes the "listen" directive in the port.conf file.... i also need to enter this somwhere else
<guntbert> bereta: did you restart apache?
<bereta> how do i cange the girtual host statement
<bereta> yes i did
<rychu_pl> Hmmm is this directive is also in apache2.conf ??
<rychu_pl> fix me if Im wrong ;)
<lenios> https://httpd.apache.org/docs/current/bind.html ?
<StrangeCharm> guntbert, id seems to shed some light on the problem. it shows a different list of groups from groups <user>. why might that be?
<w0rse> yes, I've got a server related problem. I have a vps hosting with 9.04 running in openvz. And there's a strange issue when I try to install any database engines that work via localhost connections. It looks like localhost isn't responding at all. All conections to it just hang. I checked the /etc/network/interfaces and the loopback interface is there.
<guntbert> StrangeCharm: my crystal ball won't tell me tonight :-)
<bereta> i have resterted the server, when i go to host:8080 it tels me not found
<saliak> Anyone had luck getting digest authentication to work with apache?  I have basic working, but for some reason digest doesn't.  nto sure how to figure out why it's failing (are failed login attemps logged somewhere?)
<lenios> config file is /etc/apache2/httpd.conf
<bereta> lenios: the httpd.conf file is blank in apache2
<lenios> w0rse, does it work with 127.0.0.1 ?
<guntbert> w0rse: does ping localhost work?
<lenios> bereta, add your config to it, and restart apache
<w0rse> guntbert: ping hangs too
<bereta> lenios: add my config to what?
<lenios> bereta, add the listen directive to this file
<bereta> lenios: isent that the same thing i did
<w0rse> lenios: ping 127.0.0.1 doesn't work too
<monteith> what files AREN'T included if you exclude -a from the ls command
<monteith> sorry, wrong chan
<lenios> w0rse, can you paste /etc/network/interfaces, and result of sudo ifconfig -a ?
<lenios> bereta, i don't know about your port.conf
<w0rse> lenios: one sec
<aaronb_houstx> monteith:  that would be 'dot' files, files beginning with a period
<guntbert> w0rse: o.o, please pastebin the output of ip ad    ,    of route         and of cat /etc/hosts
<lenios> bereta, /etc/apache2/ports.conf should be read and used to configure listen port though
<guntbert> lenios: I'll leave this to you :-), no need for double teaming
<bereta> lenios: from my understanding apache2 does only uses the httpd.conf file for some stuff.... apache2 now uses the apache2.conf file for all the configuration except the port, for the ports it uses the ports.conf
<lenios> maybe
<bereta> lenios: in the apache2.conf there is a Include ports.conf dirrective that makes ports.conf part of the main config file.... right?
<lenios> i would have to check it to be sure
<w0rse> lenios: /etc/network/interfaces : http://pastebin.com/vL0Eyr8K and ifconfig -a : http://pastebin.com/DrrDPUTv
<w0rse> guntbert: here's etc/hosts: http://pastebin.com/eS2zNbGY , not sure I got the first command you provided
<w0rse> guntbert: ip ad: http://pastebin.com/muMuSMsj, route: http://pastebin.com/SWSJ884J
<guntbert> w0rse: I see no error, if lenios doesn't find anything you might want to ask the admins/support of your hoster
<w0rse> guntbert: is it ok there's no localhost in 'route'?
<guntbert> w0rse: yes, I don't have it either - just checked
<mrmist> local interface needs to be up not down really, if you want to use it
<w0rse> mrmist: how can I start it?
<guntbert> mrmist: look at venet0 please, that is assigned 127.0.0.1
<guntbert> and is up
<mrmist> ahh right it's some virtual thingy is it
<aaronb_houstx> w0rse: have you checked listening ports with 'netstat -anp' to see if 8080 is active?
<guntbert> aaronb_houstx: he can't even  ping localhost
<w0rse> aaronb_houstx: no, there's nothing on 8080
<aaronb_houstx> w0rse, guntbert: aside from other networking issues, that means that it's not reading the port directive in apache config
<guntbert> aaronb_houstx: good catch
<w0rse> aaronb_houstx: I have no apache installed
<aaronb_houstx> sorry, reading wrong post above...
<guntbert> w0rse: who is your hoster?
<w0rse> guntbert: ideastack.com - I guess they're not leaders in business :)
<guntbert> w0rse: I don't see a forum, so just ask they support
<guntbert> *their
<w0rse> guntbert: will do. thanks for help, everybody!
<chovynz> ok, so I
<chovynz> I'm sucessfully running my web server. I have a few questions
<chovynz> as far as I know, 192.168.xxx.yyy is a private network correct?
<guntbert> chovynz: yes
<chovynz> So if I am using lets say this machine is 192.168.1.15, and I type in my web browser 192.168.1.30 (server) this is not using broadband correct?
<chovynz> it is only using the local network.
<guntbert> chovynz: normally, yes  - why do you ask?
<chovynz> I
<jongbergs> hi, what dns record in bind9 should for me to be able to resolve example.com instead of www.example.com?
<chovynz> I'm trying to set up a more functional network in my home, behind my router/firewall. I dont want outsiders to access what I'm putting up on my "web server" but I do want the people in my home to be able to access the server.
<chovynz> one of these functions of the server will be to log all internet and netwrok usage, serve music to various users, and have a general storage places so thaty you can access teh family data from anywhere in the house.
<chovynz> e.g. Net to the kitchen or the recipe database.
<chovynz> while playing music in teh lounge
<guntbert> chovynz: the logging will be tricky, but the access should work from the start
<chovynz> guntbert: access is working. I reinstalled it. However, now that I have teh "It works" message, where do I go from here? how can I make sure it's not accessible from outside?
<chovynz> access to teh server i mean, not microsfot access
<guntbert> chovynz: it cannot be accessible from outside, you are behind a router that hides what is behind from the outside
<chovynz> so unless i set up any portforwarding it should be "safe"?
<guntbert> chovynz: exactly
<chovynz> ok. well the next question i have for server is how do I get ...no, how should I set up my server / folders so that anyone in my home can access the music?
<chovynz> what would the first steps be, in making the server actually serve something?
<guntbert> chovynz: start here : https://help.ubuntu.com/community/Servers#UPNP%20Mediaserver
<chovynz> danke
<guntbert> gern geschehen :-)
<ToHellWithGA> is 47 days uptime too much?
<whoelse> ToHellWithGA: no, why?
<ToHellWithGA> when i ssh to my ubuntu box i'm told *** System restart required ***
<ToHellWithGA> perhaps a newer kernel was installed when i ran aptitude full-upgrade
<whoelse> ToHellWithGA: you probably installed a new kernel, then it neeed to reboot
<ToHellWithGA> so long as the existing kernel is running without errors, i can save that reboot for when i next change the hardware, right?
<whoelse> ToHellWithGA: but that only means that the newly download kernel won#t run until then
<ToHellWithGA> right on, i'm ok with that
<ToHellWithGA> thanks whoelse
<whoelse> ToHellWithGA: that seems a bot long - kernel updates usually are security related
<whoelse> *a bit
<Pici> Thats why I always install apt-listchanges, so I know what upgrades I'm getting when I do upgrade.
<ToHellWithGA> Pici: does that run within the aptitude interface?
<whoelse> Pici: apt-listchanges? I'm too lazy, does it notify you or do you ask it?
<Pici> ToHellWithGA: I'm not sure, I rarely bring up the full aptitude application.
<ToHellWithGA> i don't run aptitude as an application, just with its CLI arguments
<ToHellWithGA> i'm sure it's pretty enough in curses, but that seems kinda cumbersome
<Pici> whoelse: It sticks itself in right after you download packages but before you install them.  And you can configure how it notifies you, either by displaying then, or emailing you and which changelogs you get.
<slim_> hi, in case if installing a new server now , which version recommended  ubuntu-server LTS or the latest version ?
<Pici> slim_: For a personal server I'd go with latest, anything production I'd use LTS.
<whoelse> Pici: thx
<slim_> thanks Pici , it will be the company  server
<ToHellWithGA> if you don't stay fairly current with the non-LTS releases you can be left behind
<Pici> 18 months can be a short time if you need to schedule downtime/testing for new versions...
<RoyK> ToHellWithGA: using non-LTS releases for production isn't very wise
<RoyK> there are tons of fixes never applied to the non-LTS releases
<Pici> CVEs do though.
<RoyK> CVE?
<Pici> hmm.. no factoid.
<RoyK> well, LTS works well
<RoyK> even my owld 8.04 work
<RoyK> no fancy stuff, just fixes
<ToHellWithGA> RoyK: i try to plan sysadmin/nerd by running the server version and LTS on my home network file server
<ToHellWithGA> not too much risk there ;)
<RoyK> for a home server, you can use anything
<RoyK> even fedora :P
<ToHellWithGA> hey now
<ToHellWithGA> i could use open solaris if i wanted to beat my head against the keyboard
<ToHellWithGA> has oracle killed that yet?
<RoyK> openindiana is the new project
<RoyK> oracle killed opensolaris, yes
<RoyK> I have a couple of 100TB servers on openindiana
<RoyK> works well
<uvirtbot> New bug: #706442 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/706442
<ToHellWithGA> do you use it for the extra special filesystem?
<RoyK> ToHellWithGA: zfs for backup storage
<ToHellWithGA> it sounded pretty clever, something about keeping the original file and a series of timestamped changes, right?
<RoyK> ToHellWithGA: I've been working with zfs for a couple of years now, and it works well
<RoyK> ToHellWithGA: not really, but all data is checksummed at the block level, and you can make snapshots of filesystems whenever you like, filesystems, that is, a subset of the storage pool
<RoyK> ToHellWithGA: /j #openindiana :P
<boota2> Hello.
<boota2> Please point me (if any available) to a solution for accounting traffic and setting deaily traffic quota for users.
<boota2> I'm intersted only in ready soulutions, with web interface, no half-baked scripts.
#ubuntu-server 2011-01-23
<mrroth> what should I look for a  server maintenance checklist
<mrroth> of different clients
<mrroth> could I do a simple or thier some web app for Server maintenance checklist
<mrroth> is thier any free webbased project mangement app
<boota2> hello, anyone alive?
<Tm0> Hi. Can anyone help me set up Bind so i can use my VPS? :p
<Tm0> Can anyone help me setup Bind?
<RoyK> Tm0: google it
<Tm0> I did. Suprisingly none of them told me what to do if i had two IP addresses
<Tm0> Anyone?
<boota2> hello
<boota2> if you still need help i'm here and i've got nothing better to do with my time
<boota2> so
<Kaedenn> I'm trying to download Ubuntu 10.10 SE, but I'm getting a cap of 80MiB/sec
<Kaedenn> Is there a mirror closer to the USA I could use?
<Kaedenn> Rather than somewhere in the UK
<boota2> Is that even a problem?
<boota2> It's pretty good speed.
<Kaedenn> Normally I get 6 to 7 times that.
<boota2> Yo mean, like 8 megabytes per second isn't enough?
<boota2> Oh shi, what's this unit you used.
<boota2> mebibyte, lol
<Kaedenn> Oh sorry >_<
<Kaedenn> KiB.
<Kaedenn> 80KB/sec.
<boota2> There is option to choose a mirror by hand.
<Kaedenn> Gah it's been a long day. >_>. Brain is totally fried, like my server.
<boota2> It's ok.
<Kaedenn> Oh?
<boota2> Oh, no.
<boota2> There is't
<Kaedenn> Yeah, I didn't see one.
<Kaedenn> Well, I restarted the download and now I'm getting like 400KB/sec.
<boota2> https://launchpad.net/ubuntu/+cdmirrors
<boota2> There are ones.
<Kaedenn> Thanks. It's downloading quite a bit faster.
<saliak1> Anyone have experience getting digest authentication to work with apache2.2?  basic authentication works fine for me, but I can't figure out why digest isnt' working (the user/pass i put in the htdigest file doesn't work).  i'm not sure what could be going on.  i have a feeling it has to do with the "realm" and "domain" but finding inconsistent answers across the web
<UbuntuRules> can anyone give me an idea of where to look to figure out why SWAT doesn't start
<UbuntuRules> Ill take any advice at this time: this has been annoying me for a week now
<Kaedenn> So, for some reason my server doesn't want to boot from the Ubuntu Server Edition CD.
<Kaedenn> Yet it boots just fine from some Windows CD.
<Kaedenn> So, I'm confused. Is there a reason the CD wouldn't be bootable, or is there something I should be doing?
<jmarsden> UbuntuRules: Is inetd or xinetd running?
<jmarsden> Kaedenn: Have you verified the CD by checksumming it using md5sum?
<Kaedenn> I have not, but I installed the image from ubuntu.com. o_O
<jmarsden> Kaedenn: How does that provide any check against the burner creating a bad copy of the image??
<Kaedenn> True. I'm making a USB startup disk and seeing if that works, though.
<jmarsden> Kaedenn: You might want to check https://help.ubuntu.com/community/HowToMD5SUM and check the CD, too.
<Kaedenn> Erm, "Make Startup Disk" isn't listing my USB stick.
<Kaedenn> Okay, now for another advancement. When I try to boot from an Ubuntu USB drive, it just says "Boot error", and nothing else.
<Kaedenn> That's all that's displayed on the screen.
<jmarsden> Kaedenn: Does that same USB stick boot other machines OK?
<Kaedenn> Never tried to boot other machines.
<jmarsden> Might be worth checking.  It's a quickish way to see if the issue is with the USB stick, or with the one machine you are trying to boot.
<Kaedenn> For some reason, booting hangs when trying to boot a CD. I just get some Intel-specific error code "EB" and the CD drive just spins.
<jmarsden> Kaedenn: and the md5sum of the CD checked out fine, right?
<Kaedenn> Checking that now.
<Kaedenn> jmarsden: The checksum passed.
<jmarsden> OK.  Good.  Can you boot a different machine from CD or from the USB stick, as a test?
<Kaedenn> I don't have any other machine to test that on >_<
<jmarsden> What about the one you are using now, the one you are typing on?   Alternatively, you could download a different small Linux ISO and see if you can get the server to boot from *that*.
<Kaedenn> I'm downloading a fork of Tiny Core Linux.
<jmarsden> Maybe http://distro.ibiblio.org/tinycorelinux/3.x/release/tinycore_3.4.1.iso which is only around 10MB ... OK.
<Kaedenn> Actually that one is a quarter of the size.
<jmarsden> Unless you are on dialup to your ISP, a 2.5Mb or a 10Mb file will each download in seconds anyway :)
<Kaedenn> Doesn't want to boot from that either.
 * Kaedenn hits head against desk
<jmarsden> How are you creating the burned CDs?  WHat command are you using to burn them?
<Kaedenn> Brasero.
<Kaedenn> Basically, "Do you want to burn this ISO to a CD?"
<jmarsden> OK.  Can you mount the resulting CDs and see the usual set of files on them?
<Kaedenn> Yeap.
<Kaedenn> And the md5sum checked out OK from the MD5Sums on launchpad.
<Kaedenn> Or, help.ubuntu.com rather.
<jmarsden> Sounds like the issue is with the server.  Why not test by booting the machine you are currently typing from from one of the CDs?
<jmarsden> If it can boot them, you *know* the CDs are OK.
<Kaedenn> I'm almost certain it's the server, as I've tried four boot mediums thusfar and they all didn't work.
<Kaedenn> Wait, no, five.
<Kaedenn> Two separate Ubuntu 10.10 i386 CDs, one amd64 CD, a TCL CD, and Ubuntu 10.10 on a USB drive created from "Create Startup Disk".
<Kaedenn> And I tried the USB stick with both i386 and amd64.
<jmarsden> It's your choice.  At least theoretically, you created all of those, so you are a common factor, a common possible source of error... so until you boot successfully from one or more of those boot media, you do not *know* that the issue is with the server.  Seems to me you have spent a lot of time creating boot media rather than testing the first bootable medium is really truly bootable... :)
<Kaedenn> Looks like I'm going shopping tomorrow.
<Kaedenn> True.
<Kaedenn> Hey. PEBKAC. It's my motto. :)
<JanC> maybe the server doesn't like isolinux, or vice versa?
<Kaedenn> No idea!
<Kaedenn> It could boot just fine from some random Windows CD.
<JanC> Windows doesn't use isolinux  ;)
<JanC> it is possible that there is a bug in the BIOS in a function that the Windows bootloader doesn't use
<Kaedenn> Fantastic.
<Kaedenn> We'll go shopping tomorrow.
<Kaedenn> Maybe we can pick up an AMD64 motherboard and leave all this behind us.
<Kaedenn> It's late. I need sleep.
<JanC> well, you might want to check if there is no BIOS upgrade available
<Kaedenn> jmarsden, JanC, thank you for your help.
<jmarsden> You're welcome.  Goodnight.
<Kaedenn> I will do that tomorrow morning.
<Guest28392> Hi eveyone, Does anyone here know about virtualization?
<awanti> Hi. I am using Ubuntu server for practice. But in server arrow keys are not working!
<awanti> is any one can solve my problem. plz.
<CppIsWeird> i'd like to use aufs and im a little confused as to how to get it on my lucid system.
<CppIsWeird> i cant seem to find aufs-tools in the repository
<WinstonSmith> CppIsWeird, look at  http://admin.alfalinks.lv/en/content/how-install-fsprotect-ubuntu-1004-lucid
<CppIsWeird> if i installed the aufs-tools package, i havent installed aufs right?
<CppIsWeird> i installed this https://launchpad.net/ubuntu/lucid/+package/aufs-tools
<jmarsden> CppIsWeird: apt-cache search aufs   # returns fsprotect and live-initramfs   so looking closely at those packages seems appropriate
<CppIsWeird> is there any way to get a list of directories/devices involved in a unionfs/aufs?
<mrroth> what a simple wiki I can install in ubntu
<mrroth> server
<lenios> mrothhh, mediawiki?
<kerozene> dokuwiki <3
<mrroth> hi any one know of a easy to use wiki for ubuntu
<lenios> mrothhh, we already gave you 2 wikis
<mrroth> thank you
<mrroth> bye
<jolop> good evening to all. im hoping to get help here, im sure its simple for many of the users here its about ubuntu10.04 server and raid1. fresh install of ubuntu-10.04.1-server-amd64 and i followed the step by step in the https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html but on boot im at the busybox mounting errors
<ikonia> jolop: I'll pick it up with you in here as you're also asking in #ubuntu
<ikonia> jolop: where did you tell it to install the bootloader ?
<jolop> ok ikonia it alright here
<ikonia> jolop: did you use a seperate boot partition ?
<jolop> from the instructions i only did 2 partitions 1st is the swap file 10gb and 2nd for the / partition remaining of the 500gb also set it to bootable
<jolop> no i dont think i used a seperate boot partition
<ikonia> jolop: ok, personal experience, you'll find it easier to manage with a seperate boot partition, but that's just personal opinion. Where did you tell the installer to put grub ?
<jolop> when it asked, it just asked if i wanted to install the grub on the 1st drive i said yes
<ikonia> that should be fine.
<jolop> mount: mounting /dev/disk/by-uuid/24b8b.... on /root failed: invalid argumant
<jolop> thats the firs tline of error
<ikonia>  /root ??? that doesn't sound good
<ikonia> jolop: boot into the livecd, start the raid array and check the grub config
<awanti> arrow keys are not working on Ubuntu server???
<jolop> then the next 3 errors are also mount errors just like that but they are realated to the first one not being mounted "/root/dev /root/sys /root/proc
<jolop> rebooting to a ubuntu-10.04.1-desktop-amd64 is it ok?
<jolop> ikonia: thank yu for helping me, im now at the live cd
<ikonia> jolop: start the array
<jolop> im sorry but how do i do that?
<jolop> fdisk -l i see the two drives i dont see the md0 i created
<jolop> im installing mdadm first
<jolop> then i'll try to start the array
<ikonia> jolop: cool
<jolop> ikonia: i think a i have already started the array using "mdadm --assemble --scan" but when i "fdisk -l" there is a note there that "Disk /dev/md0 doesn't contain a valid partition table
<ikonia> apologies, I keep leaving my desk
<ikonia> jolop: ok, so that's the issue, the install didn't happen to md0
<jolop> and "Disk /dev/md1 doesn't contain a valid partition"
<ikonia> jolop: something has gone wrong with the install, re-install (you may want to follow my suggestion and use a seperate /boot)
<jolop> the reason i did only 2 partitions is because i dont have a guide on slicing the 500GB in preparation for RAID1
<ikonia> raid1 has nothing to do with your partition layout
<ikonia> slice it as you see fit
<jolop> while im onit and your here to help me any suggestion on slicing up a 500gb? im using it basically for webserver and redmine
<ikonia>  /boot / /var /home  seems sensible to me
<jolop> the guide im following only told of swap partition on the beginning of the disk and "/" partition that is bootable for the rest of the drive
<jolop> the guide: https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html
<ikonia> because it's personal preference how you slice it up
<ikonia> that option I've just given you is just my opinion based on experience
<jolop> does the postfix configuration is a requirement for the mdadm, i noticed im always selecting no configuration when its asked after installation of mdadm
<jolop> im thinking that the mdadm dis not start on installation when i did no configuration on the postfix that it wants to be installed
<ikonia> jolop: postfix is only used for sending alert emails of mdadm failure
<RoyK> you can probably use any mta, but postfix is the preferred one
<jolop> yes but maybe this time i'll try to configure the postfix install
<RoyK> jolop: btw, I'd recommend not slicing up too much - just a gig for the /boot, some swap and the rest for the root is good for most installs
<RoyK> just use something to monitor disk usage so it doesn't fill up
<jolop> another good soul helping me. thanks RoyK! and thank you Ikonia. im currently wiping the disks before fresh install again.
<uvirtbot> New bug: #706570 in tomcat6 (main) "JAVA_OPTS defined in /etc/init.d/tomcat6 do not propagate to startup" [Undecided,New] https://launchpad.net/bugs/706570
<ikonia> gig for /boot ?
<ikonia> 250mb is more than enough for /boot
<ikonia> RoyK: did you read what he said about running a web server
<ikonia> a seperate /var partition is important for logging
<RoyK> not really
<RoyK> so long as the drives don't fill up, it doesn't matter
<oCean> I agree with ikonia there.. I even separate /var/www on my webservers
<jolop> 1m done witht he 1st partition for swap, its 10gb at the beginning, just like th eguide said.
<RoyK> and the flexibility of having one large partition is way more important than isolating stuff
<RoyK> ikonia: 250MB can easily fill up - beleive me
<jolop> now i'll crete the /boot partition is this the one i need to mark as bootable?
<RoyK> ikonia: and if you have 500 gigs, 1 less won't matter much
<oCean> RoyK: do you collect obsolete kernel versions? :s
<RoyK> oCean: or do some testing or ...
<ikonia> jolop: the installer will mark what needs to be marked
<jolop> is the /boot partition needed to be marked as bootable?
<ikonia> jolop: trust the installer
<ikonia> jolop: don't worry about bootable flag
<RoyK> oCean: with automatic updates, /boot can easily fill up if you don't manually remove old kernels - that's why I want some space there - less hassle
<RoyK> and with current drive pricing, 1GB isn't really a lot
 * RoyK just checked and old box... $ dpkg -l | grep linux-image| wc 23     248    3176
<RoyK> 23 friggin' kernels :P
<jolop> finished slicing the 500gb, only 3 partitions, im still afraid on more complications swap, /boot and /
<jolop> then on the raid1 devices: 0: as swap, 1: as /boot ext4 and 2: / ext4
<RoyK> jolop: how much swap/boot?
<pmatulis> not much sense in journaling /boot but ok
<jolop> finished the install and its the same error
<pmatulis> jolop: using lvm?
<RoyK> jolop: what error?
<jolop> no lvm
<pmatulis> jolop: how many disks do you have?
<RoyK> iirc he said one 500GB drive
<pmatulis> raid1 with one disk?
<jolop> mount error somethign like cant mount /root to /dev/by-uuid-.....
<jolop> raid1 2 500gb
<RoyK> ok
<RoyK> linux software raid?
<jolop> ubuntu software raid. following the https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html
<jolop> im using ubuntu-10.04.1-server-amd64, hp proliant ml110, 2x500gb hdd, 4gm ram
<gobbe> what does your /boot/grub/grub.cfg say, and sudo fdisk -l, upload those to pastebin
<ikonia> jolop: do what you did before, boot from the livecd, start the array and see if you can mount it
<ikonia> jolop: it is pointless doing anything else until you know the array is valid and contains data
<audrey> hello?
<pmatulis> hello
<audrey> does anyone know of a way to send emails using postfix, when the ISP has blocked port 25?
<audrey> is the only way to use the isp's relay?
<pmatulis> audrey: you're just sending emails?
<audrey> well, it seems to receive emails just fine
<audrey> but I can't send any emails unless they're internal
<pmatulis> audrey: so, yes, use your isp's smtp server as a relay
<audrey> I'm pretty sure (from telnetting) that port 25 is blocked
<audrey> is that the only way?
<audrey> I'm trying to make it as autonomous as possible (I realise I'm at the isp's mercy anyway)
<compdoc> sending isnt usually the problem
<compdoc> they dont block 25 outgoing
<audrey> really? what could be the problem then?
<pmatulis> compdoc: many isp's do not allow outgoing port 25 unless it's to their server
<audrey> I assumed it was an anti-spam thing
<pmatulis> this is very common
<compdoc> well, not all do
<audrey> I'm with o2
<audrey> in the uk
<audrey> they *have* an smtp relay, I just don't want to use it if I don't have to
<pmatulis> compdoc: he said he can receive email but cannot send. the only way is to use the isp's smtp server
<compdoc> yes
<compdoc> Ive seen that too
<pmatulis> unless his configuration is screwed up.  but we can only go by what he's telling us
<compdoc> so use their outgoing - its not a big deal
<mattt> all your mail are belong to o2
<audrey> thanks mattt, that's actually quite helpful. I suspected as much. Hence encryption? But how do I make it more stable?
<compdoc> I use comcast's outgoing because their reverse dns works, and sites like yahoo, etc. wont block
<mattt> audrey: if you have another mail server outside of the o2 network, open up port 587 and use that?
<KurtKraut> audrey, in Brazil all ISPs blocked together port 25 due SPAM. There is probably an extensive documentation in how to deal with that.
<compdoc> there are mail hop outbound services
<compdoc> costs a little extra
<audrey> compdoc: is comcast your isp?
<compdoc> yes
<mattt> audrey: i use be in uk, they do same thing
<pmatulis> what would be gained by piping all mail to an isp's server or some other organization's server?
<compdoc> I can telnet mail servers on port 25 - but I cant receive on 25
<compdoc> pmatulis, theres a few benefits
<audrey> ok, so use o2 smtp relay, use encryption, and be ready to link to a second server outside o2.
<audrey> ?
<mattt> let'er rip
<compdoc> encription? youre afraid theyre reading your mail?
<audrey> well, They always do.  :)
<mattt> unlikely, but possible :D
<audrey> Could I not just send mail directly on port 587? What are the likely problems with doing that?
<audrey> and, indeed, how would you do that in postfix?
<compdoc> unless youre plotting to take over o2, I doubt they will care what you say
<compdoc> not all mail servers in the world will accept mail on 587, I dont think
<audrey> I suppose it would defeat the point of blocking 25
<pmatulis> audrey: you need to first figure out what you want to achieve.  from what i'm reading, you don't know
<mattt> audrey: if you have a relay server that accepts mail on port 587, that'd work
<mattt> you could relay through it
<audrey> ah, ok.
<RoyK> you need a relay if the ISP blocks port 25
 * RoyK has a private server for that sort of things :P
<pmatulis> audrey: you can make your server external to your isp listen on *any* port
<mattt> yeah, i use my vps for that sort of thing
<RoyK> how much do you pay for a small vps these days?
<pmatulis> audrey: and "encryption" only makes sense when authenticating to a mail server that you control
<audrey> is there a recommended way of switching relays, or queueing them, so that it uses the backup server if the o2 one stops relaying?
<pmatulis> and nothing else
<mattt> RoyK: w/ minimal b/w, 15 a month or so?
<mattt> RoyK: USD that is
<audrey> pmatulis: I meant PGP etc
<pmatulis> audrey: ok
<RoyK> mattt: wouldn't an EC2 VM from amazon be cheaper than that?
<RoyK> for just an MTA, I mean
<audrey> is there a recommended way of switching relays, or queueing them, so that it uses the backup server if the o2 one stops relaying? using postfix
<mattt> RoyK: ah, potentially ... don't use EC2 myself
<mattt> audrey: that question doesn't make much sense
<RoyK> audrey: normally you have two or more MX records for a domain, with different priority/cost, which makes the email sent to the primary server, but falling back to the secondary server/MX if the primary can't be contacted
<audrey> well, in my /var/log/mail I can see if a message didn't get sent (eg if o2 stops relaying), so is there a way of sending it via a secondary server if o2 fails?
<audrey> royk: isn't that for incoming mail?
<RoyK> er.. yes
<RoyK> why shouldn't outgoing mail work?
<mattt> audrey: what is sending it through o2?  a mail server or something else?
<RoyK> except if the ISP blocks port 25, that is
<audrey> royk: I'm recieving mail fine, I think o2 isp are blocking port 25 outgoing except to their server
<mattt> audrey: they are, most ISPs do that
<mattt> audrey: their mail server may start blocking connections from you if you're abusing their system btw
<audrey> mattt: I'm not sure yet. I was going to try this: http://www.zimbra.com/forums/installation/1538-sending-mail-using-your-isp-relay-host.html
<audrey> yeah. I don't think I'll be spamming anyone though...
<mattt> you sure?  :D
<mattt> audrey: postfix should retry if it can't relay the message through o2
<mattt> up to a certain # of days, then it'll drop the msg
<audrey> I wouldn't know where to start, except maybe lol-spam :D
<RoyK> mattt: dpkg-reconfigure postfix
<audrey> yeah, but the motivation is to be as autonomous as possible (which I realise in this case is a lost cause)
<mattt> audrey: may want to look at something like a vps then
<RoyK> http://aws.amazon.com/free/ <-- looks good :)
<audrey> lol, thanks. But how do you trust your vps host not to have a snoop-hypervisor?
<mattt> audrey: dude, you're right paranoid :D
<audrey> yeah, I know :D
<audrey> but if They can boot Wikileaks, They can boot me
<RoyK> audrey: it's a matter of trust, or money, if you're paranoid, get your own gear and a good internet connection
<audrey> royk: that's been my approach. What exactly makes a connection "good"?
<audrey> not port-blocking :)
<RoyK> well, a 100Mbps link is quite good
<audrey> I'm guessing that not having an isp (or being your own isp), even if it were possible, wouldn't be exactly easy
<RoyK> audrey: if you're located in the US or China or Iran or something, they have global sniffing in the backbone anyway
<audrey> Royk: ORLY? but surely that only picks up on unencrypted transmissions?
<RoyK> audrey: it's still pretty hard to break RSA, yes
<audrey> :) AFAWK
<audrey> it's a fairly endless spiral, this distrust
<RoyK> but I somewhat think China is trying to break that with that new supercomputer of GPus
<audrey> ok, thanks guys
<audrey> ttyl
<shauno> does ufw only store rules in /etc/ufw? I seem to be missing something
<thesheff17> shauno: ufw is actually built on top of iptables.
<compdoc> I think it creates iptables rules and stores them there
<compdoc> I like it
<compdoc> theres a gufw if you have a desktop. it works well
<compdoc> where does iptables store rules between boots?
<shauno> I think that's what I'm looking for .. they must persist on disk somewhere between boots
<thesheff17> shauno: just doing ufw enable will persist through reboots
<shauno> but I'm now discovering the host doesn't have ipt_MASQUERADE available, which is more likely to be why copying rulesets across didn't work
<pehden> can some one ping pehden.net
<pehden> then www.pehden.net
<pehden> tell me if both fail
<monteith> http://www.downforeveryoneorjustme.com/
<pehden> monteith: thanks that will do it
<pehden> monteith: well actually that doesnt work
<pehden> my browser redirects to www.pehden.net
<pehden> and then my other browser says not found
<pehden> host pehden.net
<pehden> pehden.net mail is handled by 1 pehden.net.
<pehden> but www.pehden.net resovles my ip
<EvilPhoenix> pehden:  then its DNS issues
<EvilPhoenix> oh
<EvilPhoenix> btw
<EvilPhoenix> pehden:   pehden.net. CNAME pehden.ath.cx.   ;  www.pehden.net. CNAME pehden.ath.cx.   ;  pehden.ath.cx. A 69.92.177.4
<EvilPhoenix> that's the DNS entries
<EvilPhoenix> i omitted a duplicate entry
<EvilPhoenix> pehden:  its likely not a dns issue then, rather an issue with your webserver
<EvilPhoenix> and its configuration
<EvilPhoenix> oh wait, you're having issues with multiple browsers?
<EvilPhoenix> what DNS servers are those systems using?
<EvilPhoenix> actually i should beasking what browsers
<EvilPhoenix> :p
<pehden> thats what i was thinking
<pehden> ff
<pehden> and arora
<pehden> with ff pehden.net redirects to the www.pehden    but in arora pehden.net fails
<pehden> due to time out
<uvirtbot> New bug: #706675 in clamav (main) "package clamav-milter 0.96.5 dfsg-1ubuntu1.10.04.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/706675
<latenite> Hi folks, I have a connection on my netstatlist that I would like to know more of. Its line 6 and 14. How do I find out what service is on that port? http://pastebin.com/Xcqm4JAB
<Pici> latenite: Run netstat with sudo and be sure to include the -p switch
<Pici> That should tell you the process
<latenite> Pici, nice flag thanks. Sadly the data I pasted is from yesterday. Is there still a way to find out? today it looks like that http://pastebin.com/RDBYErT0
<Pici> latenite: I'd be completely guessing, but it looks like it *might& be skype, the port numbers are in similar locations and a quick search reveals that skype doesn;t use any specific preset ports.
<latenite> yeah maybe :) hey thanks a lot :)
<Pici> np
#ubuntu-server 2012-01-16
<samba35> this is very stange problem i come across i have a utm /firewall as a gateway (another system ) ,i have configure web server ,ssh server and ftp server on that but i am only able to acess ftp server ,not ssh and web server but i change hardisk with oracle linux i am able to access all 3 thing (web ,ssh,ftp )
<thesheff17> running iptables or ufw
<thesheff17> use nmap to scan the machine
<samba35> check with that also
<samba35> ufw uninstalled
<samba35> this is very stange problem i come across i have a utm /firewall as a gateway (another system ) ,i have configure web server ,ssh server and ftp server on that but i am only able to acess ftp server ,not ssh and web server but i change hardisk with oracle linux i am able to access all 3 thing (web ,ssh,ftp )
<samba35> sorry
<thesheff17> check iptables: sudo iptables -L
<samba35> yes ,check that also
<samba35> disabled
<samba35> and i even change the ports also of web and ssh
<thesheff17> try to put ssh on the ftp port and see if it works
<samba35> ok
<thesheff17> it still sounds like some firewall rules between the box you are trying to connect to and the client box
<thesheff17> don't forget to shutdown ftp service before binding ssh to the ftp port
<samba35> yes
<thesheff17> also make sure the serivces are starting correctly and listening: sudo netstat --tcp --udp --listening --program --numeric-ports | grep sshd
<samba35> no its not working
<thesheff17> sounds like a service issue if ftp worked and ssh didn't on the same port
<samba35> never face this kind of problem
<samba35> and hight is if i change hardisk to oracle linux all things works fine
<thesheff17> I would put ssh back to port 22 and run sudo netstat --tcp --udp --listening --program --numeric-ports | grep sshd
<samba35> yes check
<samba35> i even chage ssh port 5123
<thesheff17> I would use nmap to see if it is listening....I bet from the remote machine it doesn't find ssh running
<thesheff17> and something is blocking it in between
<samba35> www.utmxtm.com
<samba35> can yo pls try
<samba35> any result
<thesheff17> its running now
<thesheff17> I wonder if your ISP just blocks certain things.
<samba35> rdp and vnc not configure
<samba35> tryed ?
<samba35> no i dont think
<samba35> just change hard disk
<samba35> it all work with oracle linux
<thesheff17> do you have the the default route ?
<thesheff17> correct
<samba35> yes i am hopeing that or metric is wrong but dont know how to check that
<thesheff17> sudo route
<thesheff17> the default value will point at your router usually like mine is 192.168.1.1
<samba35> default route is my utm box
<samba35> yes that is route
<thesheff17> nmap is slow...it will be done in a second
<twb> thesheff17: nmap -F
<thesheff17> thx
<samba35> thx ?
<twb> !thx
<ubottu> You're welcome! But keep in mind I'm just a bot ;-)
<thesheff17> lol
<thesheff17> says ftp and https is open nothing else
<twb> thesheff17: putting SSH on a nonstandard port will affect QoS attempts by your ISP et al.
<thesheff17> port 21 and 443
<twb> If you are concerned with brute-force attacks an IPS would IMO be better than relying on obscurity
<thesheff17> this works
<thesheff17> https://www.utmxtm.com
<twb> The page is empty though
<thesheff17> what is this user portal? is that what you are using?
<samba35> hmm that is my utm portal
<twb> http://cyber.com.au/~twb/doc/iptab.ips
<thesheff17> if https://www.utmxtm.com/ is not your linux box you have to do port forwarding.....
<samba35> can you try now https://www.utmxtm.com
<samba35> yes i did that
<samba35> utm box has DNAT rules for all servicess
<samba35> can you try now https://www.utmxtm.com
<twb> samba35: just get a second box and test it yourself
<thesheff17> yea you have bad port forwarding or firewalls rules.
<twb> Probably just triangle routing
<samba35> ok
<samba35> all things are same just change hard disk to oracle linux all works !
<thesheff17> linux on oracle and ubuntu are almost identical
<samba35> dhcp assing ip to linux
<thesheff17> dhcp should never be used for a server
<samba35> ic
<samba35> i dont know that
<twb> thesheff17: I disagree.
<samba35> thank i will try to put staic ip and chaeck yes we have that options open
<twb> Using fixed DHCP allocations to non-core servers allows them to be configured on one end, rather than both ends.
<twb> It *does* mean the LAN they're on must be ultimately trusted, of course.
<thesheff17> well it sounds like a firewall iptables port forwarding mess....when I hit his portal I knew that wasn't his ubuntu box....him setting up fixed DHCP sounds like another layer of complexity :)
<twb> Granted
<twb> It is certainly useful to switch to manual configuration during testing.
<pehden> does freenode allow dcc
<twb> Dunno, ask #freenode
<onre> irc network does not need to support it
<twb> onre: it's just CTCP
<twb> onre: right?
<onre> it works so that clients send CTCP-style messages to each other and initiate a tcp connection between each other
<onre> yes
<onre> via CTCP they communicate IP addresses and port numbers
<Vivek> Hi
<Vivek> I am using Ubuntu orchestra and I would like to get a pointer to configuring rsyslog.
<Vivek> I am referring this URL http://wiki.rsyslog.com/index.php/Very_simple_config_--_starting_point_for_modifications
<Vivek> Will this be ok ?
<Vivek> I am using  Ubuntu Oneiric and basically want to log remotely to the Ubuntu Orchestration server from a node or nodes.
<Vivek> Thanks in advance.
<Vivek> The rsyslog is not configured by default in orchestra.
<SpamapS> Vivek: did you install 'ubuntu-orchestra-logging-server' ?
<SpamapS> Vivek: orchestra doesn't do much of the configuration for you.. its mostly just a collection of packages... to configure the resulting servers you need something like juju or puppet.
<AlecTaylor> Open-source or closed-source for SaaS? - http://programmers.stackexchange.com/q/130341
<SpamapS> AlecTaylor: great question.. answered and +1'd
<eagles0513875_> hey guys anyone here workign with virt-manager im having some really annoying issues connecting to a remote machine with it
<eagles0513875_> btw morning AlecTaylor Vivek and SpamapS
<AlecTaylor> Thanks SpamapS
<SpamapS> if you can call 01:00 morning. :)
<AlecTaylor> If you call 7:51PM morning :P
<Vivek> SpamapS: yES
<Vivek> SpamapS: I am well aware of the fact that it is a collection of packages with not centralized configuration.
<Vivek> eagles0513875_: Hello.
<SpamapS> Vivek: in that case you really just need to point other machines' rsyslogd at the logging server, and make sure the logging server is configured to accept remote messages.
<Vivek> SpamapS: Do you have any documentation I can refer to ?
<yann__> hello... just had to reboot a server this morning (10.10) http://waste.mandragor.org/linux-memleak.png  if anyone got a clue for next time it'be much appreciated :(
<SpamapS> Vivek: just the rsyslogd man pages
<SpamapS> yann__: what makes you think there is a memory leak?
<yann__> SpamapS, I have no software running, killed all running software and restarted what I could
<yann__> and without any software running, using 5GB+ ram
<AlecTaylor> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<_godhelpme> hi
<Vivek> ok
<Vivek> SpamapS: Thanks
<eagles0513875_> SpamapS:  you ever worked with virt-manager before?
 * AlecTaylor opened up the discussion over whether I should open-source my SaaS: http://openclosedsource.wikia.com
<SpamapS> eagles0513875_: I use it quite often
<SpamapS> yann__: but what do you mean "using" ?
<SpamapS> yann__: htop is somewhat imprecise, try 'free -m'
<eagles0513875_> SpamapS: im having nothing but issues with it getting it to connect to remote server http://pastebin.com/BV50Gf7S
<SpamapS> yann__: memory used in buffers and cache is memory used to opportunistically speed up the system. There is no memory leak, its just in use for better purposes when your programs haven't explicitly requested it.
<SpamapS> eagles0513875_: I don't use it like that
<eagles0513875_> and my friend and i have tested on 10.04 10.10 11.04 and same issue
<eagles0513875_> how do you use it
<eagles0513875_> even connecting to my localhost to test i have saame issue
<eagles0513875_> SpamapS:  you using xen as the virt technology of choice?
<smb> eagles0513875_, If it is xen you want to connect, you need to enable the unix server in xend. Unfortunately there are other issues which I have not found solutions for
<eagles0513875_> that didnt do it
<eagles0513875_> any ideas as to these errors smb http://pastebin.com/BV50Gf7S
<smb> It looks like when I had tried to connect to xen without the change in xend (one has to restart too)... Need to start the machine to remember what exactly I changed.
<eagles0513875_> restart what the local hos t
<eagles0513875_> host
<eagles0513875_> or the remote server
<smb> remote server
<yann__> SpamapS, disk cache is yellow in htop :) and no, it's not "faster", i discovered that because I had 5GB swap
<yann__> so I killed everything I could to see what was using so much, and was left with that
<eagles0513875_> smb: giv eme a moment to reboot
<smb> eagles0513875_, no reboot of server needed
<smb> just restart of xend
<eagles0513875_> that is done
<eagles0513875_> smb: now what
<yann__> http://waste.mandragor.org/memory-day.png   mmmh.
 * smb needs a bit trying to type, search and talk at the same time does not work that well
<eagles0513875_> no worries smb im here for another 40 min
<smb> eagles0513875_, Ok. :) Well so I think you need to have libvirt-bin installed on the remote xen host, then have /etc/xen/xend-config.sxp have a line like "(xend-unix-server yes)", then sudo service xend restart
<eagles0513875_> libvirt-bin is started already
<eagles0513875_> let me check the xend-config
<eagles0513875_> that didnt work :(
<smb> Hm...
<eagles0513875_> smb: it seems like the remote server is trying to close the connection before i am successfully logged in is the impression im getting from the msg
<SpamapS> eagles0513875_: no I use kvm
<eagles0513875_> ok SpamapS
<SpamapS> yann__: what does free -m show?
<smb> It looks like that, but I had the exact same one because there was no service running...
<yann__> SpamapS, I ll give it a try next time, had to reboot it
<eagles0513875_> smb: let me try it on my local host first
<SpamapS> yann__: I also usually run 'ps auxw O r' which shows the biggest process last..
<SpamapS> clint     3859  4.6  5.9 970108 236588 ?       Sl   Jan15  13:38 /usr/lib/firefox-9.0.1/firefox
<SpamapS> anyway, time to try and sleep
<yann__> SpamapS, I usually use htop with sorting by memory :) have a good night, thanks for helping
<smb> eagles0513875_, I would assume if you can ssh ok, the virtmanager connect should work
<eagles0513875_> im on the localhost already doesnt work cant seem to establish a connection to the local host
<eagles0513875_> also its seems the remote host is terminating the connection after specifying my password
<eagles0513875_> smb: you using ssh keys or passwords only
<smb> eagles0513875_, ssh keys
<eagles0513875_> smb: is it possible to only use passwords or with virt-manager you must have ssh keys
<smb> eagles0513875_, Should be possible to use both. But let me make sure...
<eagles0513875_> smb: the virt-manager documentation shows remote connectiosn using ssh keys not passwords at least from what i understood
<SpamapS> yann__: also one thing that has gotten me before is if you are using something configured to use HugePages like mysql or postgres.. that memory will show up as "used" by the kernel as soon as you configure the huge pages region.
<smb> eagles0513875_, works both. just without ssh keys there is a local pw dialoque
<yann__> I ll have a look, but I don't think I'm using huge pages :)
<eagles0513875_> smb: im getting the dialogue
<Vivek> SpamapS: FYI rsyslog is automatically configured on Orchestra.
<eagles0513875_> but i cant fathom what is causing me to fail to connect
<smb> eagles0513875_, Just for completeness, you checked that on the remote host libvirtd is running?
<SpamapS> Vivek: oh, cool. :)
<smb> eagles0513875_, And one other thing to check is whether "netstat -a|grep unix|grep xend-sock" has some output
<eagles0513875> bk smb :)
<smb> eagles0513875, Mind that  I could then connect, but instance creation still fails because bug 914788 and bug 914792
<uvirtbot> Launchpad bug 914788 in libvirt "libvirt expexts qemu-dm in wrong path for xen" [Undecided,New] https://launchpad.net/bugs/914788
<uvirtbot> Launchpad bug 914792 in libvirt "libvirt: Unable to complete install: ''b454ca30-add4-8f72-8093-99c938e87b46''" [Undecided,New] https://launchpad.net/bugs/914792
<eagles0513875> smb: im guessing im experiencing the first bug
<eagles0513875> actually first one isnt
<smb> eagles0513875, No that only was _after_ being able to connect. :)
<eagles0513875> ahh ok
<eagles0513875> guess its time for a bug to be filed
<eagles0513875> 2 bugs
<eagles0513875> virt-manger should automatically pull ssh-askpass
<ikonia> no
<ikonia> I dont think it is a bug
<ikonia> I think it is your setup
<eagles0513875> ikonia: has to be a bug
<ikonia> why ?
<eagles0513875> tried it on a vm of 10.04 10.10 11.04
<eagles0513875> i have everything there libvirt is installed and running
<ikonia> but didn't smb say he was connecting fine ?
<eagles0513875> ikonia: hes using ssh keys not simple passwords
<ikonia> right - so why ssh-askpass then, as that's normally for keys
<ikonia> eagles0513875: how are you trying to open the virutal manager ?
<eagles0513875> from the kmenu
<eagles0513875> should it be run with sudo from the command line
<ikonia> eagles0513875: have you looked at what the kmenu launcher is doing ?
<eagles0513875> no i havent
<ikonia> eagles0513875: ok - so again, checking this stuff out before logging a bug
<ikonia> eagles0513875: have you tried launching it manually to get some more verbose output ?
<ikonia> check the basics, get info,
<smb> eagles0513875, I had changed away the authorized_keys to get a pw prompt and that worked, too
<eagles0513875> ahh
<ikonia> I didn't have a problem when I was using it on ubuntu (I'm not any more but it worked fine when I did)
<eagles0513875> ikonia: how can i get verbose output to commandline
<eagles0513875> ikonia: it worked fine when i tested it out with kvm
<smb> eagles0513875, I think I am a bit confused reading. Did you try the netstat line on the remote host?
<ikonia> eagles0513875: just launch it by the command line first, see what it does
<eagles0513875> ikonia: not doing anything
<eagles0513875> smb: no i havent
<ikonia> eagles0513875: what are you typing on the command line ?
<smb> eagles0513875, Ok, could you try? Then we would know whether the socket interface is up
<eagles0513875> smb: what socket interface should i be looking for
<eagles0513875> ikonia: virt-manager
<smb> netstat -a|grep unix|grep xend-sock
<smb> unix  2      [ ACC ]     STREAM     LISTENING     20492    /var/lib/xend/xend-socket
<koolhead11> hi all
<eagles0513875> its there and listening smb
<smb> eagles0513875, Ok, so at least can take that from the list...
<eagles0513875> ok
<smb> eagles0513875, So what is running locally and remotely? I only tested 11.10 and 12.04 combinations currently
<eagles0513875> 11.10 on both
<smb> ok
<eagles0513875> well ill be damned i installed kvm on localhost and that connected just fine
<smb> Well, that has always worked. Just that Xen host server came back only with 11.10 and I am not sure how many really tried out with libvirt and xen
<smb> It is quite manual at least
<eagles0513875> :-/
 * smb hopes to improve things until precise release...
<eagles0513875> smb: you work with the virtualization stuff?
<smb> yes
<AlecTaylor> Will open-sourcing my SaaS solution adversely affect my revenue? - Contribute to Discussion and Notes: http://openclosedsource.wikia.com / http://programmers.stackexchange.com/q/130341
<ikonia> eagles0513875: don't you have to make a change to tell it to connect to a xen hypervisor instead of kvm
<smb> ikonia, Yes, that is done when you create a new connection
<eagles0513875> i did i was just testing ikonia to see if i would have the same issues i am having with xen but with kvm
<lynxman> morning o/
<eagles0513875_> smb: hey I'm on from web chat at school lol
<koolhead11> ohai lynxman
<Psi-Jack> ikonia: Looks like you're around now eh?
<ikonia> I am around yes
<Psi-Jack> Remember that whole MySQL battle from before? ;)
<ikonia> hello
<ikonia> I certainly do
<eagles0513875_> hi ho :)
<Psi-Jack> heheh
<Psi-Jack> you'll laugh at the results. ;)
<ikonia> one of the more interesting ones
<ikonia> Psi-Jack: please share
<ikonia> very interested
<Psi-Jack> Hehe
<Psi-Jack> Well, the updated kernel and mysql solved the memory usage was mostly solved, but there was an underlying issue causing most of it to begin with. ;)
<ikonia> go on......
<Psi-Jack> We use VMWare vSphere 4.1u2 in our infrastructure for pretty much most every server in our DC, save for a few.
<Psi-Jack> This particular VMWare Guest was set to have initially 4GB, then 8GB, then finally 16GB, but no matter how much RAM we gave it at the hypervisor level, someone had set a Memory Limit on it to 2GB.
<ikonia> really,
<Psi-Jack> So, yeah, the guest was getting 8GB, but only 2GB of it was allowed to be used, and so it was actually swapping out on the HOST OS side to account for it.
<ikonia> that makes sense for what we saw that night
<ikonia> however was that hypervisor limit in place on any other machiens ?
<ikonia> eg: was it effecting any other guests ?
<Psi-Jack> No, it was set just for that one that we found.
<ikonia> I didn't know you could do that, limit it at the hypervisor for just one vm
<Psi-Jack> Yep.
<Psi-Jack> VMWare can do that. heh
<Psi-Jack> Our DBA of all people found it!
<ikonia> I thought the hypervisor settings where global and then everything bellow that was either group policy based, or guest based
<ikonia> impressive
<ikonia> and a nice little feature to be aware of for future use
<ikonia> thanks for sharing Psi-Jack
<Psi-Jack> I don't claim at all to be a VMWare expert, I know Xen and KVM much more, but VMWare still is bleh.
<ikonia> what an annoying issue that turned out to be
<Psi-Jack> Nooooo sh**!
<ikonia> Psi-Jack: vm-ware is what you have to use in business, so no point dodging it
<ikonia> apart from redhat pushing kvm as their cloud platform now
<Psi-Jack> After that, our CPU loads went back to normal, primary use of CPU load is MINIMAL now, and when it is, it's mostly user load, not system load.
<Psi-Jack> That's what got me is MOST of the load was system load, which means core processes.
<ikonia> at least you are sorted now
<Psi-Jack> Yep. :)
<ikonia> an interesting one,
<Psi-Jack> A lot more useful now, and it's funny to see the load levels during prime hours are practically nothing at all anymore.
<Psi-Jack> We have another DB running similarly in another DC, under Xen, and i see a lot of user load, but barely any system load.
<Psi-Jack> That database however, has a lot going on. Both our flagship SaaS product, and our CMS hostings. ;)
<patdk-lap> oh, did someone specify a resource limit for ram?
<Psi-Jack> patdk-lap: Yeah. LOL
<patdk-lap> ya, your miss that unless you use that a lot
<eagles0513875_> learned something new as well about vmware sphere :D
<Psi-Jack> hehe
<Psi-Jack> Yeah, me too!
<patdk-lap> setting resource limits is very nice though
<Psi-Jack> Don't trust VMWAre! hahaha
<patdk-lap> expectially for disk access
<eagles0513875_> Psi-Jack: how do you guys go about creating the xen guests
<Psi-Jack> Well, our disk access is tied to an FC SAN with FC Disks. ;)
<Psi-Jack> eagles0513875: We don't. Our Xen stuff is run in Rackspace, they run Xen. heh
<eagles0513875_> got it
<patdk-lap> I
<Psi-Jack> I don't do Xen anymore myself. Has too many annoying issues like easily corruptable vNIC's.
<patdk-lap> I'm thinking I should just run xen inside vmware
<patdk-lap> for the last legacy things
<Psi-Jack> Yikes!
<patdk-lap> why yikes?
<eagles0513875_> Psi-Jack: how are you creating the vNIC's
<patdk-lap> you need vsphere 5.0 though
<uvirtbot> New bug: #917134 in drbd8 (main) "dbrd8 kernel module and padlock-sha kernel module in deadlock" [Undecided,New] https://launchpad.net/bugs/917134
<eagles0513875_> I'm using a bridged networking setup which is very easy to specify and setup the bridge via the network interfaces file
<eagles0513875_> ikonia: i enabled debugging in libvirt smb is helping me go through that to find out the possible cause of my issue
<Psi-Jack> eagles0513875: They were fully paravirtualized guests, and just using LVS on them for network directing was causing failures that resulted in mysterious packet loss.
<patdk-lap> I'm using my own custom network xen config scripts
<Psi-Jack> Any kind of advanced routing or packet mangling caused these issues on Xen for me.
<eagles0513875_> ahh
<eagles0513875_> well atm libvirt is giving me hell
<patdk-lap> Psi-Jack, odd, I didn't have that issue
<Psi-Jack> And that was Citrix Xen, specifically.
<patdk-lap> I also rarely ran it at high load levels though
<Psi-Jack> The "Commercial Grade" stuff.
<ikonia> Psi-Jack: it was always one of the drawbacks with xen
<ikonia> and why cytrix wrote their own network patches for it
<RootChaos> can anyone suggest a good ubuntu load balance app through personal experience ?
<RootChaos> i need to load balance two smtp servers
<ikonia> lvs
<ikonia> ipvsadmin
<ikonia> adm sorry
<ikonia> simple and easy
<RootChaos> * looking
<RootChaos> thanks very much
<RootChaos> do i need a dedicated server for lvs, or can i run it with other services on a server ?
<Psi-Jack> You should do it dedicated.
<Psi-Jack> Or run it along side with the mailservers.
<ikonia> you can if you are strapped for hardware run the lvs process on the actual service giving servers
<ikonia> you need to be a little more tidy/thought out, but you could do it if you where strapped for hardware
<RootChaos> i have another server running mysql, doing nothing... i could setup lvs on that server which will balance to the 2 mail servers ?
<Psi-Jack> You shouldn't run LVS on a database.
<ikonia> yeah, mail = front end, database = backend, balancing a front end service would put the database at the front
<Psi-Jack> You would be better off running pacemaker+ldirectord on the two mail servers.
<ikonia> plus the performance risk
<Psi-Jack> Just do NOT run a firewall on the same host as LVS
<Jeeves_> Psi-Jack: Why not?
<Psi-Jack> It will eat data for lunch. ;)
<Psi-Jack> Heck, patdk-lap and Omache taught me that. ;)
<RootChaos> ok, but in essence, just to test, i can use an existing server, load lvs and see how it works - then move it to a dedicated box later
<Psi-Jack> RootChaos: You should run it on a front-end facing server. Not a database server.
<RootChaos> ok cool
<RootChaos> i can do that
<Psi-Jack> Often times, people run LVS servers on their webservers.
<Psi-Jack> I'm one that runs two dedicated VMs just to LVS and does nothing else, but nginx name-based and ip-based proxying. ;)
<Jeeves_> Psi-Jack: I really don't see the issue of combining those two functions
<koolhead11> Daviey: around?
<Daviey> koolhead11: briefly
<koolhead11> Daviey: was writing u a mail
<Daviey> koolhead11: probably better right now
<Daviey> kinda swapping tasks.
<htdutchy> What do I need to install to host a dhcp server?
<Psi-Jack> dhcpd
<htdutchy> E: no installation candidate
<htdutchy> Is there a packet that I can just install with apt-get install?
<Psi-Jack> Here's a tip.
<Psi-Jack> aptitude search dhcp
<htdutchy> I got it dhcp3-server
<htdutchy> thanks
<Psi-Jack> That's the older version.
<Psi-Jack> isc-dhcp-server is version 4
<htdutchy> ah
<htdutchy> isc-dhcp-server isn't available :(
<Psi-Jack> There's also a chance I could be wrong. I'm looking at a Debian server of mine. :p
<htdutchy> ah, well I'm on ubuntu
<htdutchy> webmin picked it up, it's working
<Psi-Jack> heh.
<Psi-Jack> Glad I'm not the only nut job that uses webmin. :)
<Psi-Jack> I do it, though, just to be lazy. I actually know how to go in and fix problems by hand, set them up by hand, etc, ;)
<htdutchy> Yeah, I like working in console, but for a quick configurations like setting up users it's just better
<htdutchy> Primarily I use it for user config, apache, dns and dhcp servers
<Psi-Jack> Oh heck, you don't even utilize it for much then.
<Psi-Jack> You're just plum lazy. :)
<Psi-Jack> I actually use it for the whole cluster effect, change one on one, it replicates that change to the others.
<htdutchy> Ah
<skorv> hey!
<skorv> simple dumb question from a noob.... can i use a ubuntu server as a front end to redirect urls to different web servers within my network?
<Psi-Jack> yes
<skorv> i know how to do it with apache and virtual hosts in a single machine...
<skorv> the question then is... how?
<patdk-wk> Jeeves_, the issue with combining what two functions?
<ikonia> skorv: look at squid and jesred, or apache
<Psi-Jack> skorv: I'd setup nginx with name-based forwards to different transport endpoints as needed for each hostname you need. But that's not the proper way to do what you're asking. The proper way is to have Split-DNS and have internal DNS point to internal server, external DNS point to external IP.
<Jeeves_> patdk-wk: Iptables and LVS
<skorv> Psi-Jack: the proper way sounds complecated
<patdk-wk> iptables and lvs don't mix
<Psi-Jack> skorv: It's not.
<Psi-Jack> It is more maintenance, but proper.
<patdk-wk> lvs injects packets back in, in the middle of netfilter
<Psi-Jack> And you don't have a SPF
<patdk-wk> lvs packets don't match conntrack ever
<Psi-Jack> Nope.
<Psi-Jack> LVS magically moves traffic around without ever telling conntrack about it. ;)
<skorv> i'm managing virtual servers as well as physical ones...
<patdk-wk> well, without telling netfilter about it, and therefor screwing conntrack and some other things
<Psi-Jack> skorv: Yeah, so do I.
<Psi-Jack> patdk-lap: Heh, yep.
<Psi-Jack> Which is partly why running a firewall on an LVS director causes issues.
<skorv> ok.... i'll pick you brain in a couple of minutes... gotto go have lunch
 * Psi-Jack gets a brain-picking needle ready, and cringes.
<patdk-wk> running the firewall in non-stateful mode works, if you don't also need any helper modules, like ftp, irc, sip, ....
<Psi-Jack> Heh.
<Psi-Jack> I hardly even know what a non-stateful firewall is anymore. :p
<Jeeves_> Ok, that kinda makes sense
<Jeeves_> But if the firewall is only firewalling the services that are loadbalanced, it shouldnt be a real issue.
<Psi-Jack> Wrong. :)
<Psi-Jack> That is stateful firewalling.
<Jeeves_> Ehm, that depends how you configure it :)
<patdk-wk> it can be a real issue
<zul> good morning
 * Psi-Jack nods.
<patdk-wk> the issue is, dealthing with non-stateful firewalls
<patdk-wk> in order for that to work, you have to open up much more than you would have to otherwise
<Psi-Jack> Exactly.
<Psi-Jack> Hence, why I run my LVS directors on dedicated VM's that get proxyarp'd to by the front-end firewall. Thanks to patdk-lap's gracious help here. ;)
<patdk-wk> I'm just running two firewalls and two directors, using pacemaker
<patdk-wk> I also have a crapload more ip space to work with than you :)
<skorv> ok... back
<Psi-Jack> patdk-lap: Hehe
<Psi-Jack> Yeah, I still use two firewalls, and 2 directors though. :)
<skorv> for now i'll setup my servers within proxmox(KVM mode) and attach the physical ones later
<Psi-Jack> My LVS directors are all run under KVM, personally.
<Psi-Jack> My firewalls too.
<Psi-Jack> And I too, now use Proxmox VE, but I use 2.0 beta2 with the HA stuff enabled and functioning. ;)
<skorv> i'm still on a old one
<skorv> 1.7 i think
<Psi-Jack> 1.9 is out, yanno.
<skorv> yea...
<Psi-Jack> Proxmox VE 2.0 is nice, though. It actually comes with kvm official 1.0.0
<skorv> will wait for 2.0 to fully upgrade my server farm
<Psi-Jack> hehe
<Psi-Jack> I upgraded from a series if pacemaker-run libvirt-managed hypervisor cluster to Proxmox VE 2.0 beta 2 which uses cman for it's cluster glue.
<Psi-Jack> I hate cman+rgmanager, but eh.. The system works so far, pretty well.
<skorv> you've set your firewalls in there as well?
<skorv> what did u use
<skorv> ?
<Psi-Jack> Yeah, my firewalls are run in kvm guests.
<Psi-Jack> And I use shorewall for my management system for it.
<skorv> i was planing on terting vyatta distro myself but not sure
<Psi-Jack> Don't.
<Psi-Jack> It's just not worth it.
<skorv> pfsense?
<Psi-Jack> Hell no. BSD-based crap.
<skorv> self built?
<Psi-Jack> Shorewall.
<skorv> didnt knew that one
<Psi-Jack> Shorewall is a perl script to manage iptables,works on any distro.
<skorv> ok... so a base install of ubuntu server and that on top of it :P
<Psi-Jack> You edit a few text files to setup the basic concept, it's stateful, and it builds ginormous rulesets that do exactly what you tell it to.
<Psi-Jack> Eh, sure. ;)
<Psi-Jack> I use openSUSE for my firewalls.
<skorv> i tried centos.... but cannot adapt to the dam yum :P
<Psi-Jack> Debian for my webservers and directors, though thinking about moving my directors to Ubuntu seeings that Debian's ldirectord is bugged.
<Psi-Jack> yum is awesome.
<Psi-Jack> Personally I hate the .deb package format. Worst design flaw ever, but it is what it is.
<skorv> maybe because i'm a ubuntu freak... the fist and only distro i ever used
<Psi-Jack> I started with SLS.
<skorv> i tryed debian... fedora... even archlinux....
<skorv> always find my way back to ubuntu
<Psi-Jack> In short, I started Linux before it was even 1.0.0. :p
<skorv> :P
<skorv> me it was in 2008
<Psi-Jack> Youngin. :p
<skorv> with 8.04
<skorv> actually i'm 33 but thats another story
<Psi-Jack> heh
<skorv> 2 weeks after installing into my laptop... made my 1st server
<Psi-Jack> Hmmm. Cool. My age.
<skorv> completely brind
<skorv> but did it anyway
<skorv> portugal is an all consuming windows market
<Psi-Jack> I just started young. First computer was a C64, moved up to a CISC, then got into UNIX almost immediately. I was a proud owner of a NeXT cube and Alpha server. ;)
<skorv> not many chances for linux in enterprise... only small companies like my own use it internally
<Psi-Jack> That's a cop-out, and an excuse. ;)
<skorv> for me.... 1985's Spectrum clone Timex 2048
<skorv> c64 was an amazing machine
<Psi-Jack> Did you know Commodore re-made it into a 64-bit CISC machine styled just like the original keyboard unit?
<skorv> nop... thatz amazing
<Psi-Jack> http://www.commodoreusa.net/CUSA_C64.aspx
<Psi-Jack> Legacy reborn! :D
<Psi-Jack> Funny thing is, it's specifically designed for Linux. :)
<skorv> :P
<skorv> amazing
<skorv> so.... how you've set up your network (i'm setting up firewall > server > (webserver 1) (webserver 2)
<Psi-Jack> I have 4 hypervisors, attaching disks via multi-pathed iSCSI to two NAS servers (also running Linux) to act as a storage SAN.
<Psi-Jack> I have two VM's running firewalls, they proxarp VIPs from the front to the LVS directors which I have 2 of, active and failover.
<skorv> 2 firewalls? isnt that too much?
<Psi-Jack> From the director, it forwards to the appropriate servers by IP address of two backend webservers. I also run an nginx proxy server for name-based forwarding so that internal servers I don't want normally exposed are masqueraded through the gateway IP.
<Psi-Jack> Nope.
<Psi-Jack> Active and Failover. My primary firewall can go down and the failover will takover without any traffic loss.
<Psi-Jack> I have only 1 SPOF in my network, and that's my cablemodem. ;)
<skorv> ok... me is just 2 physical servers in cluster mode (proxmox) its not an enterprise
<Psi-Jack> Neither is mine. :p
<Psi-Jack> This is just my home setup,.
<skorv> i have 8 machines total.... 2 of them are servers
<skorv> "and i thought i was nutz.... :P"
<skorv> 1 cablemodem... a linksys wrt160nl with ddwrt as router.... the rest is just too much computers
<Psi-Jack> 8 and only /2/ are servers?
<Psi-Jack> Bleh,. linkcrap.
<skorv> 1 is my personal (home) and a laptop
<Psi-Jack> I have 6 physical servers, 14 virtualized servers, 1 performance desktop, 1 personal laptop, 1 company laptop, 1 personal netbook, 1 android tablet, 1 smartphone, 1 smart tv
<_ruben> and you are your power company's favorite customer ;)
<Psi-Jack> Indeed. ;)
<skorv> then in my workshop... 2 servers, 1 workstation, 1 data recovery, 1 "experimental", and 1 acer laptop converted into a media station just for listening to music :P
<Psi-Jack> Bill's more than most people I know, even at work with expensive houses. LOL
<Psi-Jack> Oh, and 1 dedicated NAS storage box, a simple Netgear ReadyNAS Duo.
<Psi-Jack> That's my simple backup resource point. ;)
<skorv> we're crazy you and IO
<skorv> we're crazy you and I
<skorv> :P
<Psi-Jack> This is just my home setup so I can keep on top of everything in my field of interests. ;)
<skorv> ok
<Psi-Jack> It's why I'm one hell of a good systems engineer, and not just a simple system admin.
<Psi-Jack> Soon, I'm actually picking up server grade managed switches. ;)
<Psi-Jack> Because 3 8-port switches just isn't enough.
<skorv> i have a asus 24port 10/100 unmanaged
<skorv> weak i know
<Psi-Jack> Bleh.
<Psi-Jack> I'm 100% GbE
<skorv> :P
<skorv> for a self employed guy here where i live i have more than any other tech i know
<skorv> hardware setup for the servers (now you'll blow my mind)
<Psi-Jack> I'm getting a rack, hopefully today, to actually shelf all my computers onto and organize it better. ;)
<Psi-Jack> Two Dell PowerEdge 830's with dualcore Intel Xeon's and CERC RAID doing RAID-10 on 6-drives. That's my storage cluster.
<skorv> ok....
<Psi-Jack> 4 hypervisors running AMD Phenom II X4's with 8GB DDR2 RAM
<skorv> mine is just 2 home grown E8400 Core 2 Duo with asus p45 motherboards
<skorv> 1 has 6gb ram... the other 3
<Psi-Jack> Bleh. Intel junk.
<skorv> 8400 were good gaming machines
<skorv> my dream setup :P
<skorv> dell's 815 with 4 opterons
<Psi-Jack> At work, we have several Quad-CPU 12-core Opteron's with 256 GB RAM hooked up by FC to an EMC SAN.
<skorv> the new 16 core buldozer
<Psi-Jack> With FC-Disks. ;)
<Psi-Jack> Now, THAT, is a setup. ;)
<skorv> 6282SE i think :P
<skorv> oh yea
<skorv> cant afford it
<skorv> so i'll keep on dreaming
<Psi-Jack> Yeah, that's several hundred thousand dollars of equipment. ;)
<skorv> each of those cpus is 1000$
<Psi-Jack> but definitely, AMD is a much better way to go, especially for virtualization.
<skorv> true that
<Psi-Jack> skorv: Yeah, and we have at least 80 of those CPUs. ;)
<skorv> so... i'll probably upgrade my setup latter this year to amd 8150FX
<skorv> jeez
<Psi-Jack> hehe
<skorv> maybe i can pick up some "old" servers from upgrades. some companies sometimes just "give them away"
<Psi-Jack> The only part I hate about my home setup is, my fricken Dell 830's onboard NIC's don't do jumbo frames.
<skorv> can pick a couple of dual xeon
<Psi-Jack> Pisses me off to no end.
<skorv> when i set my servers up i tryed asus NICs... only to find out they only work on windows
<skorv> :(
<skorv> now i use tp-link's GbE NICs (pci ad pcie)
<skorv> on all my machines
<patdk-wk> hmm, all my home machines support jumboframes
<patdk-wk> running ib at home is really nice too :)
<patdk-wk> nothing better than 64k mtu
<Psi-Jack> patdk-lap: Yeah, all BUT my fricken server-grade computers, the PowerEdge 830's, have jumbo frames.
<patdk-wk> I don't even know what a pe830 is
<Psi-Jack> And for some reason, dropping PCI NIC's into it don't work.
<patdk-wk> the oldest I have around here is a pe r410
<Psi-Jack> Could do PCIe or PCI-X NIC's though.
<Psi-Jack> PCI-X ones are painfully expensive though.
<patdk-wk> heh?
<patdk-wk> you can get intel dual gigabit pcix for like $20
<Psi-Jack> Really? Where!
<patdk-wk> same thing for pcie is going be atleast 120
<patdk-wk> ebay :)
<Psi-Jack> Oh. Bleh.
<patdk-wk> why waste the money on brand new pcix stuff?
<patdk-wk> expecially with all the companies offloading pcix for pcie
<Psi-Jack> Eh, I suppose.
<Psi-Jack> I'll look into it, anyway. $20 is not bad at all.
<Psi-Jack> Heh, Intel Pro 1000 MT Dual Port NIC GbE PCI-X, $8.94
<Psi-Jack> (+$6.95 shipping)
<Psi-Jack> patdk-lap: ebay's usually the LAST place I look, but this looks promising.
<Psi-Jack> At least for the now solution. :)
<patdk-wk> well, pcix is what I call, expired
<patdk-wk> so ebay is my goto for that
<Psi-Jack> Jumbo frames would definitely improve my throughput to the disks for the SAN of mine, and 2-ports would allow me to keep the DRBD replication going on one isolated network, and expose the volumes via the other port.
<Psi-Jack> Double-Win there. :)
<patdk-wk> I'm using 4 gigabit nics for iscsi round robin
<patdk-wk> atleast till everything is upgraded for infiniband
 * Psi-Jack nods.
<Psi-Jack> Oh yeah.
<Psi-Jack> My ISP FINALLY is "working on" IPv6 support.
<Psi-Jack> Hmmm
<Psi-Jack> They even have PXI-X 2GB FC for like $9.95
<Psi-Jack> PCI-X
<Psi-Jack> I might go that route. Get two of those, and two PCI-X NIC 2-port GbE's.
<Psi-Jack> No need for an HBA-SW with direct connect.
<patdk-wk> I have some of those
<arrrghhh> hey guys.  is there any difference between "service <svc> start" and "/etc/init.d/<svc> start"?
<patdk-wk> and a 8 port fc switch
<patdk-wk> mainly got that 2gb fc stuff, cause I have a 24 lto3 tape system, that uses 2gb fc
<Psi-Jack> patdk-lap: Yeah, but direct HBA to HBA should work, too, no?
<patdk-wk> but now I'm getting two netapp shelfs that are 2gb fc also, would like to put them on a 4 port pcie card though
<patdk-wk> yes, direct works with fc
<patdk-wk> I have never run ip over fc though
<Psi-Jack> Thought so. I only have the 3.
<Psi-Jack> With DRBD, it can run over FC without an IP.
<patdk-wk> I think the pcix ib cards are like $40
<skorv> Psi-Jack: i have to admit... you are a better tech than i am
<skorv> Psi-Jack: so... challange accepted :P
<Psi-Jack> heh
<Psi-Jack> Don't worry, I get that a lot.
<Psi-Jack> I literally tested out of many certs without even studying. I even CORRECTED their errors on their own test and proved it.
<Psi-Jack> CompTIA was pretty bad about having little errors on their tests. ;)
<eagles0513875> ikonia: fixed the problem with virt-manager
<eagles0513875> ikonia: turned out virt-manager didnt like the way i had the networking setup in regards to the bridge
<ikonia> as I said, it would be your configuration not a bug
<Psi-Jack> heh
<eagles0513875> ikonia: turns out using the xend config scripts work better then setting up the bridge in the network interfaces file
<ikonia> shouldn't really matter
<Psi-Jack> Yeah, doesn't matter, actually.
<ikonia> I suspect you just set the bridge up wrong
<ikonia> but the scripts set it up correctly
<eagles0513875> ikonia: copied whats on the xen documentation
<ikonia> copying = not good, thought = good
<eagles0513875> http://wiki.xen.org/xenwiki/HostConfiguration/Networking.html
<eagles0513875> ikonia: ^ that is what i followed
<ikonia> showing me the link isn't going to help
<Psi-Jack> Hmmm
<Psi-Jack> I've been considering dropping iSCSI GFS2 in favor of NFSv3.
<soren> zul: Where does the packaging branch for horizon live?
<zul> on Ubuntu or trunk?
<zul> lp:~ubuntu-server-dev/horizon/essex
<soren> I see.
<soren> Thanks.
<zul> problems?
<soren> zul: Only that those packaging branches seem to move around a lot.
<zul> soren: yeah
<soren> Er....
<soren> do you not use bzr builddeb?
<zul> yeah we do
<soren> Uh.. how?
<zul> bzr bd -S
<soren> zul: Well, sure, but how do you actually work on the packages?
<zul> soren: what do you mean?
<soren> How do you make changes to the packaging?
<soren> How do you test them?
<soren> How..
<soren> There's no .bzr-builddeb?
<zul> soren: we use merge proposals etc and we use our openstack-ci to test the packages
<zul> eh?
<arrrghhh> hey guys.  is there any difference between "service <svc> start" and "/etc/init.d/<svc> start"?
<arrrghhh> because the latter just worked when the former did not.
<soren> zul: I just don't see what your are using bzr builddeb for?
<zul> soren: fuck i need to add it apparently sorry about that
<soren> zul: Other than a wrapper around dpkg-buildpackage
<soren> zul: Don't apologise. Explain :)
<soren> zul: How are you using this stuff without it?
<zul> soren: i didnt know about the .bzr-builddeb directory
<soren> but..
<soren> How..
<soren> Ok, say you find a bug.
<soren> You want to fix it.
<soren> What do you do?
<soren> Let's say nova/utils.py needs a patch applied.
<soren> Sorry, no, not nova, because I set Nova up to make this work properly.
<soren> Horizon.
<zul> open up a bug in launchpad, propose a branch to be merged send a merge request, i usually merge them
<soren> No no.
<soren> Between "open a bug" and "propose a branch" there's some actual work going on.
<soren> How do you accomplish that?
<zul> soren: right standard procedures apply
<soren> Clearly... They do not.
<soren> That's why I'm asking.
<zul> yes they do
<soren> ...
<soren> Well, the tools we've been using for years don't work on that branch.
<zul> yes they do, open a bug, propose a fix and then it usually gets merged whats not standard about that
<soren> Look.
<soren> That's not the part 'm asking about.
<zul> what part are you asking then?
<soren> I'm asking about the part between opeining a bug and propsing a fix.
<soren> The part where you actually fix. the. bug.
<soren> Write code. Apply changed. Edit files.
<soren> *changes
<zul> obviously im missing something
<Daviey> Does this not work, vim debian/control ; "edit something" ; dch -e/-i ; debcommit ; bzr bd -S
<zul> it does
<Daviey> soren: Can you outline issues with that workflow?
<Daviey> .. so packaging changes works?
<Daviey> (zul, we should probably have VCS fields in debian/control)
<zul> Daviey: we do
<Daviey> are you sure
<Daviey> ?
<zul> yeah
<zul> Vcs-Browser: http://bazaar.launchpad.net/~ubuntu-server-dev/nova/essex/debian/files
<zul> Vcs-Bzr: http://bazaar.launchpad.net/~ubuntu-server-dev/nova/essex
<Daviey> Hmm, i did just look - but did not see, /me re-checks
<zul> it might not be in the horizon package
<soren> Daviey: Yes, changing debian/control obviously works fine.
<soren> Daviey: bzr bd-do, doesn't work at all, for instance.
<Daviey> Ahh, i see soren's point..  it's an 'upstream only branch'... so you need to run "debian/rules get-orig-source" first, right
<Daviey> ?
<Daviey> i thought bzr bd -S, auto ran get-orig-source as pristine-tar's last option?
<soren> I mean, of course there's nothing magical about what bzr bd-do does, but having to do something like that manually?  Sheesh.
<soren> This isn't 2007 :)
<zul> oooooh...
<zul> DOH!
<soren> So:
<Daviey> soren: i thought pristine-tar did that automagically?
<soren> How do you make a change now?
<soren> Daviey: Did what?
<Daviey> debian/rules get-orig-source
<zul> soren: i bump the changelog and then do a bzr bd -S
<soren> zul: Ngh...
<soren> zul: I sure hope you actually make changes.
<soren> zul: ..and don't just lie about them in the changelog :)
<zul> soren: obviously thats not kosher
<zul> soren: oh i do
<Daviey> soren: we find it gets bugs closed faster.
<soren> Daviey: Cool :)
<Daviey> soren: so i just checked it out and pristine-tar grabbed the tarball from the archive
<Daviey> when i did bzr bd -S
<soren> bzr bd -S works fine.
<soren> That's not the issue.
<soren> That's boring.
<soren> I'm not asking how you manage to build the packages.
<Daviey> i find it exciting :/
<soren> I'm asking how you work on them? I'm genuinely curious what the workflow looks like when you're not using the likes of "bzr bd-do".
<soren> E.g.:
<soren> For evey other package in Openstack, I can:
<soren> bzr branch lp:~openstack-ubuntu-packagers/nova/ubuntu
<soren> cd ubuntu
<soren> bzr bd-do
<soren> and start hacking away.
<zul> so what we do is
<zul> bzr branch lp:~ubuntu-server-dev/nova/essex
<zul> cd ubuntu
<zul> start hacking way
<soren> No.
<soren> There's only packaing there.
<zul> er...cd essex
<zul> right
<zul> if i want to get a new tarball i bump the changelog and then bzr bd -S
<soren> I've lost faith in this conversation ever going anywhere.
 * soren goes to look at dinner stuff
<smb> zul, Ok, I subsribed you and smoser to the libvirt bugs I openen. Found a funny way to make it work somewhat by stopping and starting libvirt-bin after boot of the host is done...
<zul> smb: k
<arrrghhh> meep
<arrrghhh> anyone?  difference between service <svc> start and /etc/init.d/<svc> start?
<smb> arrrghhh, I'd suppose the former only works if there is a upstart job (something in /etc/init)
<arrrghhh> smb, interesting.  i didn't realize i had to create that in addition to the file in init.d...
<arrrghhh> i'll take a look
<arrrghhh> thx
<smb> Usually after conversion the thing in /etc/init.d whines about you should be using the other
<arrrghhh> well it's a homemade script
<arrrghhh> ;)
<smb> Oh well. So after having the upstart job apparently you make /etc/init.d/foo a link to /lib/init/upstart-job
<smb> arrrghhh, So no you do not need necessarily create an upstart job but in that case service x does not work
<smb> ;)
<arrrghhh> i just want it to run on boot
<eagles0513875> smb: ping
<smb> eagles0513875, hmm?
<Daviey> smb: the restarting of libvirt-bin after restart is a dnsmasq + libvirt fight.. jamespage encountered it aswell on the distributed automated testing
<smb> Daviey, Ah ok. It clearly was a race somewhere, just that I did not understand exactly where
<jamespage> smb: ah - thats a nice one that - worked around it by configuring options in the libvirt dnsmasq instances rather than using a system one
<jamespage> you can tell dnsmasq not to listen on certain interfaces which is manual but works
<Bogdaniel> can someone help with this error i'm getting from smartmontools ?
<Bogdaniel> Jan 16 18:49:30 Jupiter smartd[6208]: Device: /dev/sda5 [SAT], offline data coll                                                                             ection was suspended by an interrupting command from host (auto:on)
<smb> jamespage, Hm, do you have the runes lying magically around?
<jamespage> smb: lemme see
<jamespage> smb: either use except-interface=virbrXXX or only listen on listen-address=XXXX  - you can specify multiple times in /etc/dnsmasq.conf
<smb> jamespage, Hm, looking at ps ax, it seems using a mix of both. But thanks, at least then I know where look.
 * smb adds another knob to the table...
<Daviey> There are enough knobs at the table, i feel.
<smb> Yeah
<smb> Funny, don't seem to have /etc/dnsmasq.conf at all
<smb> jamespage, Could it be that in your case the machine also has a public dhcp service running?
<jamespage> smb: yes - we use dnsmasq standalone alongside the dnsmasq-common package used by libvirt
<smb> jamespage, Ah ok. So maybe my need of restart is slightly different that the already found one. bah!
<rbasak> jamespage: can I see your late_command for booting the panda please? I'm trying to ssh-import-id myself and base64-in the script to rewrite the sd card, but neither are working. Thought I'd save the hassle of debugging it if I could have yours :)
<jamespage> rbasak, hmm - looking at it it appears I don't actually do that
<rbasak> lol
<jamespage> I pull in the script to re-image for re-boot
<jamespage> but not my keys
 * jamespage sighs
<jamespage> rbasak, sorry - not much help there!
<rbasak> np, I'll figure it out
<princej88> hey guys, anyone here have experience installed forked-daapd on ubuntu server?
<Cybercoke> hi guys, i need some help on CACTI , just a few questions...
<princej88> I haven't been able to find a good tutorial..the new iTunes won't connect to firefly :(
<princej88> anyone?
<arrrghhh> princej88, i gave up on daapd, t'was too slow even on a LAN.... sorry.  i found mpd to be a much better experience.
<princej88> what is mod?
<princej88> mpd*
<arrrghhh> music player daemon
<roaksoax> kirkland: ping
<arrrghhh> plays music locally or streams it
<arrrghhh> many different interfaces to control it remotely
<arrrghhh> including webui's
<princej88> oh..i am currently using subsonic. will mpd come up in itunes?
<arrrghhh> subsonic is pretty sweet too.
<arrrghhh> mpd come up in itunes?  i don't use itunes dude.
<arrrghhh> if itunes can stream http streams, then it'll work.
<princej88> that is the only thing i don't like about subsonic..no native iTunes integration..or any player integration. YOu have to use subsonic player
<arrrghhh> i thought subsonic would stream
<princej88> Okay, ill take a look at mpd.
<princej88> it does..but you have to use a subsonic player
<arrrghhh> i never went all-in on subsonic since they wanted me to pay for the app
<arrrghhh> and i never could get it to work right on the trial, so why would i pay for it...
<princej88> http://www.subsonic.org/pages/apps.jsp
<princej88> you have to use one of those..I wish it would just play though iTunes like firefly used to.
<princej88> anyone tutorials u recommend for setting up mod?
<princej88> mpd*
<arrrghhh> their website is quite good
<arrrghhh> i also made one a long time ago
<princej88> ok cool. i'll check it out. thanks guys for the help
<arrrghhh> not sure if it's still relevant or not, i had issues with aac encoded files with the version of mpd in the repo's
<arrrghhh> np, good luck.
<akhil> hi
<akhil> i have a problem with dell
<akhil> i installed ubuntu 11.04 and ow i am not able to change my brightness.
<akhil> can anybody help?
<arrrghhh> akhil, brightness...?  this is a server installation?
<akhil> sorry
<akhil> where should i ask for help regarding this problem
<akhil> plz
<akhil> anr irc client
<akhil> *any
<arrrghhh> akhil, if you're running Ubuntu Desktop, there's simply #ubuntu
<arrrghhh> #ubuntu-server is geared towards the server edition - which comes gui-less.  no UI.
<j3d3> my ubuntu 10.10 server has clients logging in to use software. when they print off a report locally is only giving then 1 ot 5 of their pages. anyone have any idea why?
<kirkland> roaksoax: pong!
<uvirtbot> New bug: #917309 in openvswitch (universe) "brcompatd works with brctl delif but doesn't with addif" [Undecided,New] https://launchpad.net/bugs/917309
<cr3> hi folks, if I build an ubuntu image in a kvm automatically with a preseed, might there be a simple way to kickoff a command automatically once the system reboots into the installed image?
<zul> cr3: yeah there is the late_command
<cr3> zul: so I'd create an upstart or xdg/autostart script in the late_command which would get executed after the system reboots into the installed system?
<zul> cr3: it should
<cr3> zul: I was hoping for something "simple", but that's not out of my reach. will do, thanks!
<cr3> another question: might there be a convenient way for the kvm system to easily drop files onto the host system, ie the output of the command that'll get run. I guess I could mount a directory on the host filesystem in the libvirt.xml, right?
<zul> cr3: yep
<RootChaos> anyone have a good howto for ubuntu + lvs ?
<skorv> Psi-Jack: how do you setup the redundancy?
<cr3> I'm trying to mount a directory on a kvm host from a kvm guest, so I have this in my libvirt.xml: se noai
<cr3> a<filesystem type='mount' accessmode='squash'><source dir='/export'/><target dir='/export'/></filesystem>:se ai
<cr3> not quite, this is what I really have:
<cr3> <filesystem type='mount' accessmode='squash'><source dir='/export'/><target dir='/export'/></filesystem>
<cr3> however, I have no clue how to mount that from the guest or whether that even makes sense
<Bogdaniel> umm can someone help uninstall mysql-server ? i'm having a strange error even if i removed it using apt-get remove mysql-server..
<arrrghhh> did you try purge?
<Bogdaniel> yes
<Bogdaniel> i tried
<Bogdaniel> but umm when i do from terminal mysql i still get
<Bogdaniel> ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<Bogdaniel> and that was the error why i tried a reinstall ..
<arrrghhh> was mysqld running?
<Bogdaniel> umm no i don't think so .. i didn't checked .. a little tired here .. :(
<Bogdaniel> i think it was running ..
<JDeagle> Hey can someone help me out with a network issue
<guntbert> !ask | JDeagle
<ubottu> JDeagle: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<JDeagle> ok, so i have this server with a virtual network interface, but everyone outside of the domain cannot access the webserver or vpn. I am not sure I have set up the virtual interface right, and I need to do a little ip masquerading
<JDeagle> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<arrrghhh> lol
<guntbert> JDeagle: to be honest I cannot understand what you did/what you want
<JDeagle> lemme go into more detail
<JDeagle> I need to setup a virtual interface, i need to route certain packets to the virtual interface. And I also need people to connect to the website that is setup. right now now one can connect to the server and thats what I need help with currently.
<kerframil> JDeagle: that's a very long way from being detailed
<JDeagle> ok lets start with this, how do I allow incomming connections on a specific network interface?
<kerframil> JDeagle: you don't need to, unless you have gone out of you to filter traffic using netfilter/iptables
<kerframil> out of you way, I mean
<JDeagle> ok cause right now my server is not allowing incomming connections, what can i do to fix this
<kerframil> JDeagle: how are you expecting your server to be reached? from where are you connecting, and to what? some information about your network topology would be beneficial.
<kerframil> JDeagle: for example, you mentioned a 'virtual' inteface earlier but that could be taken to mean several things in practice. what's the device name and how was it brought up? what is its address and how does that fit in with your mode of connectivity and the manner in which you are currently trying to reach it?
<JDeagle> lemme look for some documentation, the guy before me did not leave me with a good idea of what is going on. I do know that I need people to hit the web sever from a browser on eth1, the virutal device is setup as eth1:1. I am not quite sure what you mean by how it is brought up.  I do know that eth1:1 is beneficial in someform but I am trying to find what it does exactly
<zul> ls
<kerframil> JDeagle: can you convey the address of eth1? (note: there's no security risk in wriing it here as long if it's a 'private' RFC 1918 mandated address as used in a LAN)
<kerframil> writing*
<kerframil> JDeagle: or, to put it another way, does it begin with "10." or "192."?
<JDeagle> its not a lan adderss. but it ends in .5, and teh virtual device is .11
<Rafael> can i place a picture of my screen on pastebin so i can show what my screen shows at boot?
<kerframil> JDeagle: can you just put the output of "ip addr show" in a pastebin? it woudl clarify a great deal.
<JDeagle> yeah gimmie a min
<guntbert> Rafael:  Upload an image to http://imagebin.org/?page=add and post a link to it.
<kerframil> JDeagle: also, you can check what netfilter is doing by running: iptables -S -t filter
<JDeagle> want me to put both of those on there?
<kerframil> JDeagle: sure
<JDeagle> http://pastebin.com/RHRpGP7Y
<Rafael> ok ..maybe somebody can help me..i have ubuntu 9.10 on sofware raid md0-boot (raid1) , md1-swap (raid1), md2-system (raid 5), md3-home (raid 5), i have a crash and even though system appears to be working well i get the following screen at boot: http://imageshack.us/photo/my-images/215/20120116104650458.jpg/
<kerframil> JDeagle: indeed, it doesn't appear to be reachable but there's no packet filtering occuring on this particular server. run this also: ss -ltn | grep :80
<JDeagle> 3 connections come up. on .11 .5 and .7
<kerframil> JDeagle: is the server behind a firewall? what happens beyond the ethernet port?
<Glitchd> is it cool to ask a question about filezilla in here?
<Glitchd> i mean is it ok..
<JDeagle> It goes to the universities firewall, and they are suppose to allow the connection out.
<Glitchd> anyone know if i need a seperate program for other to download from me if i use filezilla, or with filezilla take care of the downloading and uploading?
<Psi-Jack> Glitchd: FileZilla is just a client, not a server.
<Psi-Jack> And this is by far not related to server stuff.
<Glitchd> so i would need "filezilla server" to make it a complete server then..
<Glitchd> i know but i didnt know where else to ask
<kerframil> JDeagle: tcpdump -i eth0 dst port 80
<Pici> Glitchd: There is no filezilla server for Linux.
<Glitchd> Psi-Jack, ^
<Rafael> can somebody help me with my question
<Glitchd> whats your question?
<Pici> !ftpd | Glitchd
<ubottu> Glitchd: FTP servers: ftpd, proftpd, pure-ftpd, twoftpd, vsftpd, MuddleFTPd, wzdftpd - Graphical front-ends: PureAdmin, GProftpd (for GNOME), KcmPureftpd (for !KDE) - See also !FTP
<JDeagle> kerframil: its sitting here listening.
<kerframil> JDeagle: I'll attempt to make contact
<Glitchd> Pici, i know, but i couldnt find any other room that sounded like it would help me..
<JDeagle> kerframil: Stuff is coming up
<kerframil> JDeagle: ok
<Psi-Jack> Hmmm...
<kerframil> JDeagle: from virginmedia?
<JDeagle> yeah
<kerframil> JDeagle: well, that's a start
<Pici> Glitchd: like #filezilla?
<JDeagle> kerframil: is that a good thing?
<kerframil> JDeagle: yes. it proves that the firewall is not impeding inbound traffic
<Psi-Jack> GFS2 over iSCSI, with the headache of GFS2 and growing at the main server whenever the time is needed.... Or NFS to XFS and allow for real live upscaling? ;)
<kerframil> JDeagle: route -n
<kerframil> JDeagle: is a 0.0.0.0 destination shown?
<JDeagle> yeah twice
<kerframil> JDeagle: twice? paste?
<JDeagle> 0.0.0.0         128.196.147.1   0.0.0.0         UG    100    0        0 eth1
<JDeagle> 0.0.0.0         128.196.147.1   0.0.0.0         UG    100    0        0 eth0
<kerframil> JDeagle: check your outband path. can you ping something external?
<JDeagle> like googles dns?
<kerframil> JDeagle: yep
<JDeagle> yeah i can ping it
<kerframil> JDeagle: are you able to access the webserver from where you are?
<JDeagle> yeah everyone on the domain can get to it
<kerframil> JDeagle: it could be that the outbound traffic is thwarted by the university firewall
<JDeagle> what would i need to tell them to fix it?
#ubuntu-server 2012-01-17
<pipponji> hi
<pipponji> good evening
<pipponji> is there anyone? :)
<virusuy> pipponji: howdy
<Titomen> .i have ubuntu 9.10 on sofware raid md0-boot (raid1) , md1-swap (raid1), md2-system (raid 5), md3-home (raid 5), i have a crash and even though system appears to be working well i get the following screen at boot: http://imageshack.us/photo/my-images/215/20120116104650458.jpg/
<uvirtbot> New bug: #917435 in apache2 (main) "Apache mod_rewrite doesn't work after most recent oneric update" [Undecided,New] https://launchpad.net/bugs/917435
<Nede> hi
<Nede> hi patdk-lap
<Nede> you remember me?
<Nede> raid 10 mdadm.......
<lactose> so i am trying to set up rails with unicorn. i have my unicorn config.rb file set up, and if i run unicorn_rails -c /path/to/config.rb as my user everything starts up fine and i can view the website. however, if i run the Upstart script, (and it basically exec sudo -u myuser -i `unicorn_rails -c 'path/to/config'` i get no error msg, but i cant view the website -- it redirects to 500 error page. in nginx logs it just says connect
<lactose> what could Upstart be doing wrong that the unicorn fails to set up?
<Psi-Jack> Unicorn? Is that anything like Manicorn? ;)
<metasansana> hello
<metasansana> I have a 10.04 server with an additional pci nic
<metasansana> it shows in lsmod but I cant get it to work, no dhcp no network communications nothing
<metasansana> any advice? Its realtek r8169 something
<goddard> can some one help me debug some dns issue
<goddard> for some reason my sites where up yesterday but they are down all of a sudden
<Psi-Jack> You will never know, till you ask.
<metasansana> Any help on my nic issue?
<twb> metasansana: pastebin the output of lspci -nn and ip a
<twb> Also lsb_release -a and uname -a
<metasansana> ok
<metasansana> twb: http://pastebin.com/WGsf7349
<twb> metasansana: how many NICs do you think you have in there?  Two?
<metasansana> there are two at the moment
<twb> Well, they're both detected fine
<metasansana> twb: the machine is hung now
<twb> Just add the appropriate content to /etc/network/interfaces
<metasansana> i did, im starting to think this may be a hardware thing
<metasansana> i still have ssh access though
<metasansana> twb: ifup eth1 keeps saying the device is already configured even though ip a says its DOWN
<twb> pastebin your networks file
<twb> It should look something like this: http://paste.debian.net/152534/
<metasansana> twb: I dont know what the help happened but everything is configured and working now
<twb> Obviously if using stating instead of dhcp you change that.  Also, having two DHCP ifaces up at once will cause confusion.
<twb> s/stating/static/
<metasansana> I had one dhcp and one static
<jetole_> Hey guys. Does anyone know what the best bonding mode would be for a cross connect between two servers?
<metasansana> I got unable to enumerate usb device on port 1
<metasansana> and now it works
<metasansana> twb thanks
<patdk-lap> jetole, round-robin, if that is an option
<Longinus00> Okay quick weird problem
<Longinus00> Installed openjdk-6-jre-headless and was cool for awhile
<Longinus00> Uninstalled and and installed default-jre-headless
<Longinus00> Now /usr/bin/java and /etc/alternatives/java are gone
<Longinus00> Is some post install script not firing?
<julian_c> Likely not the problem...
<julian_c> IIRC, default-jre-headless goes with GCJ.
<Longinus00> It says it depends on openjdk-6-jre-headless in apt-cache
<Longinus00> I uninstalled it anyway and reinstalled openjdk-6-jre-headless manually
<Longinus00> Those symlinks are still gone
<julian_c> Ah. I forgot.
<Longinus00> update-alternatives also doesn't know about java
<Longinus00> I would just try purging and reinsatlling but I started a job directly via /usr/lib/jvm/java-6-openjdk/jre/bin/java so I need to wait for that to finish :p
<Longinus00> okay, purge and reinstall worked
<Longinus00> weird
<jetole> patdk-lap: well they are two nics bound together on two different servers that are just cross connected between the servers without a switch in the middle
<jetole> patdk-lap: this is a dedicated link for state exchange between to Linux HA iptables systems
<patdk-lap> jetole, like I said, round robin
<jetole> patdk-lap: so in that case, you think round robin?
<patdk-lap> bonding mode #0
<jetole> ok. thanks
<jetole> thanks
<patdk-lap> that is the ONLY CASE you should ever use mode 0
<patdk-lap> if there are any issues, you are going have to change it to something else
<patdk-lap> probably mode 3
<jetole> patdk-lap: why do I only want this mode? I was about to ask about say why not use 3/broadcast or was wondering if 4/802.3ad was an option
<jetole> if you don't mind me asking
<patdk-lap> oh, mode 4 I mean
<patdk-lap> 3 would be well, anoying
<patdk-lap> 4 is hardly useful in a single server usage, the more ip's the better, or more mac addresses the better normally
<patdk-lap> 3 is like raid1 harddrives
<jetole> ok but I'm just trying to understand why I would want these modes. and yeah I wasn't even sure if 802.3ad is an option without a switch and seems like more then I would need for just a cross connect but I just want to understand why I would prefer one to the other here
<patdk-lap> mode 0, roundrobin combines all the links into one large pipe
<patdk-lap> the issue with mode 0, and why you never use it (except in direct crossconnect links)
<patdk-lap> is cause of packet out of order issue
<jetole> ah yes
<patdk-lap> you shouldn't have that issue in direct links, unless the nic is buffering horribly
<jetole> actually I was just thinking if that would be an issue
<patdk-lap> mode 4 gets around out of order issue, by making each tcp session stick to a single nic
<patdk-lap> mode 5 is mostly useless in this case
<patdk-lap> same for mode 6
<patdk-lap> they give you noting that mode 4 doesn't give you
<patdk-lap> mode 5 and 6 where made when you don't have support for mode 4
<patdk-lap> and in direct connect, well, both sides can be made to support it :)
<jetole> I see. You're referring to 4 == 802.3ad ?
<patdk-lap> yep
<jetole> just want to make sure we're on the same page
<jetole> cool
<jetole> 3 / broadcast seems like it would be prone to causing problems
<patdk-lap> it can
<patdk-lap> but you can use it for other things too
<patdk-lap> like sending one of those connections to a IDS
<jetole> ah good point
<jetole> in my case the STP will be listening on switch monitor ports but I see what you mean and there are a lot of ways to do it @ IDS
<jetole> er, I meant the IDS
<jetole> not STP
<jetole> patdk-lap: Thanks for the help
<jetole> patdk-lap: so to confirm, I want to do round robin first choice and 802.3ad if RR fails?
<patdk-lap> yep
<patdk-lap> roundrobin will give you full speed
<patdk-lap> 802.3ad will only give you the speed of 1 cable, plus some
<patdk-lap> and plus some depends on how good it balances the tcp connections over your links
<jetole> oh!
<patdk-lap> on average I would say, links /2 , is expected from it
<jetole> these are two Gbps NICS on each machine, in fact identical machines with identical NICs installed. RR will give me 2Gbps?
<patdk-lap> yep
<jetole> :-D
<patdk-lap> and 802.3ad will give you 2gb, in only ideal conditions :)
<jetole> I honestly doubt I will ever need it but good to know
<patdk-lap> but will always give you atleast 1gb
<jetole> yeah actually I thought 802.3ad would give me sum link speed
<jetole> learn something new everyday
<jetole> ok, something else I want to run by you here if you don't mind regarding bonding
<jetole> I have two switches, only one supports 802.3ad so thats not an option. I am connecting about a dozen servers to each switch
<jetole> my thoughts were to cross connect the switches and then use 1 / active-backup for those
<jetole> what do you think?
<patdk-lap> depends on what all will be talking to your server
<patdk-lap> using mode 1, always works
<patdk-lap> but normally mode 5 works just as good, but only increases receive
<patdk-lap> mode 6 can work better, if your nics support it
<patdk-lap> my issue with mode 6 is normally, other things don't like it much
<patdk-lap> cause it's always changing the mac address
<patdk-lap> so if I attempt to manage my switch, or cable modem, from a machine using bonding mode 6, it won't happen
<jetole> i.e. server1 has one NIC on switch1 and one NIC on switch2. switch1 and switch2 are cross connected so a packet sent to one switch is seen on the other switch and NIC1 and NIC2 on server1 are bonded in active-backup
<patdk-lap> cause they don't like the ip keeps changing mac's
<patdk-lap> how is your traffic? in and out of the server?
<jetole> yeah I don't like that too
<patdk-lap> mosting outgoing?
<patdk-lap> in my case, I just deal with mode 6, cause I'm sending craploads of traffic
<jetole> I'm on a crap lousy connection at the moment. Luckily my IRC client is running on a server in the data center and I am ssh'ing to that server but about every 10 minutes my connection keeps dropping
<jetole> agh
<jetole> It's a web farm. Most the servers are hypervisor hosts and there is web servers, sql but they only talk to other web servers. same thing for file servers, etc
<patdk-lap> doesn't explain much
<jetole> so I'm thinking active-backup. I want to avoid the changing MAC's as much as possible
<jetole> yeah not sure what you need to know
<patdk-lap> ratio of data in vs out
<jetole> sorry. what is it you're wondering
<jetole> ah
<jetole> well, I'd say 5 to 1 on in vs. out but the firewalls (HA/redundant) are also using these same two switches, again with the bonding
<jetole> er, I meant to say 5 to 1 on out vs. in
<jetole> i.e. we transmit about 5 times what we receive
<patdk-lap> that is on your firewall?
<patdk-lap> what system are you asking about for bonding?
<jetole> well the firewall is transparent, bridged mode, it connects to each of the switches in bonding mode, basically I'm just double checking my proposed setup which is net to switches, the data center provides us two Ethernet cables and uses RSTP to decide which cable is active. The firewalls and the net are on their own private vlan and each firewall is on both switches, then two other vlans exist, one for the net for the public IP's and one for the ...
<jetole> ... private 10.x.x.x net. the firewall bridges to the public IP's vlan with filtering done in the FORWARD chain and provides NAT for the 10.x.x.x IP's. Each firewall and each server is connected to both of two different switches through seperate NIC's so I guess what I am asking is do you think active-backup is the best bond to use for this scenario?
<patdk-lap> for a firewall, ative-backup is fine
<jetole> also the point is to avoid a single point of failure. If the one of the inet links dies then the other one is used, if a single NIC dies on any server then it uses the other one and with the cross connect between the two switches so if a packet appears on switch then it's sent to the second one and if a switch dies then all traffic migrates to the next one
<jetole> and ideally I can take either firewall and throw it out the window and nothing is interupted
<jetole> so for all other servers, do you think active-backup sounds best?
<patdk-lap> hmm, I don't get the rstp active network cable thing
<patdk-lap> but then, I run bgp, so I just expect both cables to be fully active and usable all the time
<jetole> well that actually comes from the data center where they provide a primary gateway. I believe routing ourselves was/is an option but we're not going to implement that at this time
<jetole> rstp seems to be a great protocol IMHO and it's a shame that (at least afaik) that it can't be implemented in Linux
<trevorj> jetole: it can't? I remember setting up rtsp on linux years ago
<jetole> trevorj: can you tell me how? I've googled and googled. I know it supports STP and has forever but I can't find anything on RSTP
<trevorj> jetole: lol, I misread rstp for rtsp
<trevorj> jetole: sorry!
<trevorj> jetole: I assume rstp is something like stp
<jetole> oh, yeah, rapid spanning tree protocol. not real time streaming protocol
<jetole> I'm not positive it can't
<jetole> I just can't find out how it can
<trevorj> jetole: http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git;a=summary
<jetole> and coincidently I setup a RTSP server years ago too. Used to own a inet radio station company
<trevorj> jetole: nice, I just ran my own crappy radio
<jetole> I didn't say mine wasn't crappy
<trevorj> jetole: played a bunch of wallflowers and marcy playground on it (ugh)
<jetole> if it wasn't then I would still be running it ;)
<trevorj> jetole: hehe
 * jetole reads the git page. give me a minute 
<jetole> coincidently I was also reading a page earlier about github load balancing through ldirectord where the author of haproxy became the first person to comment
<jetole> http://www.anchor.com.au/blog/2009/10/load-balancing-at-github-why-ldirectord/
<patdk-lap> last I knew, ldiretord didn't balance anything
<patdk-lap> ipvs did
<jetole> it's mentioned on the page
<jetole> I think they mentioned that ipvs did the balancing and ldirectord is used for health management/monitoring, aids in failover, etc
<patdk-lap> all ldirectord does is select what backend servers are working
<patdk-lap> that is all, no balancing logic, nothing
<patdk-lap> ldirectord is hardly a loadblaancer
<jetole> that page is actually a good read but I'm not implementing it, we already use a proxy based load balancer but changing to another one but I can't implement a one leg'd balancer since most our servers are private IP only
<jetole> patdk-lap: I'll take your word for it. I know of it but I have never used it so I'm hardly the person to comment
<patdk-lap> I'm heavily using it
<jetole> cool
<patdk-lap> it's kind of like saying, cacti is a webserver
<jetole> man cacti is the best web server out there
<jetole> j/k
<jetole> patdk-lap: checkout the link though cause I am speaking out of context and that was a blog post from one of the architects at github
<patdk-lap> I'm reading it
<patdk-lap> but it's like he doesn't understand what he is doing
<patdk-lap> kind of like someone that uses webmin
<uvirtbot> New bug: #917471 in bacula (main) "Please upgrade to the latest upstream bug fix release for precise" [Undecided,New] https://launchpad.net/bugs/917471
<jetole> lol @ webmin
<jetole> I couldn't take this crappy dropping connection anymore so when I came back from my smoke break, I set my phone to act as a wifi hotspot
<jetole> patdk-lap: anyways, again, I will take your word for it cause I haven't used ldirectord or keepalived
<jetole> neither one really is an option for me cause our servers have private IP addresses so we can't just relay the original source packet to one of the hosts
<patdk-lap> sure you can
<patdk-lap> atleast the way I do it, I use private ip addresses on all the servers
<patdk-lap> then you piggyback the real ip's
<EvilResistance> broder:  choose a better irc provider
<EvilResistance> :/
<jetole> patdk-lap: what do you mean piggy back the real IP?
<osmosis> does using full disk LVM encryption have a performance impact?
<qman__> yes, full disk encryption uses notable CPU time and reduces data rates
<qman__> for most purposes it's not a big deal but if disk performance is key in your application it may be an issue
<osmosis> ok
<osmosis> thx qman__
<eagles0513875> hey soren i noticed your the virt-manager package maintainer I need some help as I am encountering some really annoying issues which im at a total loss on how to solve
 * SpamapS tests upgrading lucid -> precise in an EC2 instance...
<SpamapS> weird.. I wonder why I was prompted for the mysql root pw again..
<soren> eagles0513875: I've not actually been involved in maintaining it for a quite a while.
<soren> eagles0513875: Id' suggest just filing bugs.
<eagles0513875> soren: ok :( im just at my wits end with it at least for me alot of the virtualization stuff isnt working with xen :(
<eagles0513875> what doesnt make sense to me soren is that virt-manager in 11.10 connects to xen local host but not a remot host even using ssh keys
<soren> Why doesn't that make sense?
<soren> They're completely different operations.
<smb> morning
<smb> eagles0513875, soren And just adding that this is not always true. I can connect to a remote host. We just have not found out what I did different
<smb> SpamapS, I fail to remember but wasn't there someone at the ralley saying something about endlessly (or so it seemed) being asked for it. Heck if I could remember who and when... :/
<SpamapS> smb: might be some weird problem with the config script. I just hit it, so probably worth opening a bug.
<eagles0513875> SpamapS: smb you talking about the same issue I am having
<smb> eagles0513875, No, that about the mysql password re-entry SpamapS has
<eagles0513875> ahh ok
<eagles0513875> off to breakfast for now
<soren> smb: mdeslaur, perhaps?
<soren> smb: Oh, never mind. Thought you were talking about eagles0513875's virt-manager problem.
<smb> soren, In a sense we are, too
<smb> :)
<smb> And I got some issues as well, just different
<soren> eagles0513875: can you use virsh -c xen+ssh://whatever/ ?
<soren> eagles0513875: I.e. is it just virt-manageR?
<soren> Or all libvirt tools?
<eagles0513875> soren: its just virt-manager connecting to a remote host localhost works fine
<soren> eagles0513875: That's not what I'm asking.
<soren> eagles0513875: Read it again.
<ikonia> soren: we've done that test, it worked
<soren> And how are you attempting to do this with virt-manager?
<ikonia> no idea, he wasn't using virt-manager last time this problem occured for emir
<ikonia> eagles0513875 even
<emir> me?
<soren> ikonia: Now you're not making sense anymore.
<soren> ikonia: You said you've tested it with virsh, and it worked.
<soren> ikonia: Then you say that the problem last time wasn't with virt-manager.
<emir> ikonia, ah i am trying to install mac os on virtual box....
<soren> ikonia: Which is it?
<emir> ikonia, and without suceed
<eagles0513875> emir: i was told you can only do that on native mac hardware
<emir> eagles0513875, i want it on virtual device
<eagles0513875> you can only virtualize it if your running a mac device is what i mean
<emir> eagles0513875, ok than,
<_ruben> running (virtual or not) osx on non-apple hardware is illegal
<emir> _ruben, so what?
<ikonia> soren: was was just having a real world conversation
<eagles0513875> soren: quick question by default virt-manager will automatically look for the id_rsa key correct
<ikonia> soren: we connected to the remove virtd daemon with virsh over ssh
<eagles0513875> seems like the issue is with virt-manager and public keys now that im using keys
<eagles0513875> well ill be damned
<eagles0513875> ikonia:  its working
<smb> eagles0513875, It is not really virt-manager doing things. I assume you access via ssh and then its all ssh
<eagles0513875> for sure virt-manager wont work if u dont use an id_rsa key name
<smb> There should be no difference whether you can use virt-manager or ssh user@host
<eagles0513875> smb:  for my normal user i didnt name the key a standard name
<smb> Then you'd need to define it in .ssh/config
<eagles0513875> humm ok
<smb> like identity file for the host
<eagles0513875> i get ya
<ikonia> you've got to use the standard key names that are specificed in the ssh config file
<smb> Not necessarily, but one needs to tell ssh about it in the config
<ikonia> exactly, so you have to use the key names in the config, that can be the default ones, or your own as long as it's named in the config
<smb> right
<koolhead17> burp
<eagles0513875> ikonia: my next question i have a physical volume setup for use with lvm how do i get virtmanager when creating a guest use that volume group i have setup
<ikonia> you need to create a disk pool
<ikonia> then virt manager uses space on that disk pool
<ikonia> (that's the most clean/simple way)
<eagles0513875> ok even if its LVM
<ikonia> yes
<ikonia> lvm is just a "disk" to the OS
<RootChaos> is there a way to re-configure cpan settings, like the prompts you go through when installing ?
<eagles0513875> ok
<eagles0513875> well that just crashed virt-manager trying to set that up
<ikonia> eagles0513875: are you trying to do 1 logical volume per machine, or a large logical volume / file system as a pool and then let libvirt manage the images on that ?
<eagles0513875> one large logical partition
<ikonia> ok, that for me is the best approach for you
<eagles0513875> here is the partition setup i have
<ikonia> I don't need to see it
<eagles0513875> ok wasnt goign to show just explain
<ikonia> sure, go on
<eagles0513875> 40gb for host os then appropriate swap partition then rest as lvm
<ikonia> you're running an lvm partition on the same disk as your root disks
<ikonia> ?
<eagles0513875> correct
<eagles0513875> we only have a single disk on this server
<Deathvalley122> yup
<Deathvalley122> we only have 1 hard drive
<ikonia> that is a very VERY VERY bad ideda
<ikonia> idea
<eagles0513875> i know i would have liked a 2nd drive to setup raid 1 at least but Deathvalley122 cant afford it
<ikonia> you've got a massive risk putting paying customers on this
<eagles0513875> ikonia: tell this to Deathvalley122 i am well aware of the risks involved here
<ikonia> yes, but also the implications of running an lvm partition on the same disk as your OS too
<ikonia> that's up to you guys though
<Deathvalley122> we had the samething on the other server we had
<Deathvalley122> it was set up the same way
<eagles0513875> but we had raid 1 on it
<Deathvalley122> correct which was no being used
<ikonia> Deathvalley122: just because you've done it that way before does not mean it's a good idea
<ikonia> Deathvalley122: raid1 wasn't being used ???
<ikonia> if you have raid1, it's being used
<ikonia> every write to disk....it's being used
<Deathvalley122> nope
<ikonia> errr yes
<Deathvalley122> it wasn't being used
<ikonia> that's how disk mirroring works
<Deathvalley122> no data was stored on it
<ikonia> what do you mean it wasn't being used ???
<ikonia> did you have raid 1 enabled yes/no
<Deathvalley122> do not remember exactly
<ikonia> ....right
<Deathvalley122> that server is long gone now
<eagles0513875> we did on the previous server
<Deathvalley122> thats what I am saying eagles0513875
<ikonia> ok - if you had raid1 enabled, that disk was being used as a mirror, if you didn't have raid1 enabled, that disk was probably not used
<ikonia> if you are confident the disk had no data on it, then either raid1 was not enabled or it was not setup correctly
<Deathvalley122> for another HDD for this server would cost me 15 dollars a month extra
<Deathvalley122> and I am already paying 239 a month
<Deathvalley122> and 40 dollars a month to make them hot swappable
<eagles0513875> pat it will be worth it though
<eagles0513875> forget the hot swap at least with the 2nd drive we have some redundancy
<Deathvalley122> I have no money eagles0513875
<_ruben> how many vms you expect to run on a single spindle? :P
<Deathvalley122> I dunno
<_ruben> if it's more than "just a few", then i hope they won't expect decent disk performance
<Deathvalley122> we'll see what happens just found out I can afford another drive next month but this month I can't
<Deathvalley122> yeah they are 7200 RPM drives
<_ruben> ouch
<_ruben> and going from single disk to raid1 would only help a bit for read performance
<Deathvalley122> ya
<Deathvalley122> I can get another drive next month
<Deathvalley122> but this month I can't
<Deathvalley122> I am packed with ... bills ...
<Deathvalley122> if my contract would ever end with my cell phone
<Deathvalley122> I could be ...
<Deathvalley122> saving tons of money
<thinkclay> Anyone have experience with hardware raids and ubuntu server? Looks like support is shoddy, and kinda kills some of the perks of hot swapping and such even if I CAN get it working on a software level..
<thinkclay> And would a RAID error in ubuntu server installer cause black / blank screen?
<_ruben> thinkclay: never really had any issues with hardware raid and ubuntu .. used various dell (lsi based) raidcontrollers as well as a number of adaptec ones
<ikonia> thinkclay: I've used hardware raid many times with zero issue, there is excellent support
<ikonia> thinkclay: infact support isn't required for a lot of things as the raid is controlled on the card, not the OS, so the OS just see's a disk, support is only required if the vendor has things like raid tools to infom you of device failure
<ashd> if you are talking about the installer causing a black screen, make sure that you have all the deps covered
<jpds> hardware.raid++
<thinkclay> ya, Im thinking raid isnt the issue anymore
<ikonia> everyone's favourite
<thinkclay> ubuntu 10.04 is working.. seems its just isolated to 11.10 with support for my video or something
<thinkclay> So software raid works as well or better than fakeRaid and low end raid controllers?
<_ruben> usually, yes
<ikonia> fakeraid = poor
<ikonia> software raid = fine if you have an acceptable spec machine
<thinkclay> 12 core xeon 5500 with 192G of ram sufficient?
<ikonia> no
<ikonia> ......kidding
<thinkclay> haha, figured I'd be covered there
<ikonia> although that spec machine would normally come with a raid card
<thinkclay> it did
<thinkclay> Had issue after issue getting it to work with Ubuntu
<ikonia> HP/Dell/IBM all ship that sort of thing with a pretty solid raid card, with battery backup etc
<ikonia> what make is the server ?
<thinkclay> well this is a 1U so it's not as high end nor does it have much space with all the ram bays
<ikonia> that's fine, I've got DL120's that are 1U with quality raid cards and battery backup in
<thinkclay> I've got a decent raid in it from what I understand (though I havent dealt with raid controllers much) but dont think it has the battery backup
<ikonia> thinkclay: what make is the server ?
<thinkclay> http://www.newegg.com/Product/Product.aspx?Item=N82E16816101261
<ikonia> ahhh supermicro
<ikonia> no raid card in there
<ikonia> on board motherboard raid
<ikonia> fakeraid
<thinkclay> ya, just learned about that concept after wasting 4 hours :)
<thinkclay> why are these guys even bothering with fakeraid?
<ikonia> not sure how you think you've got 12 cores
<ikonia> the board only supports 2 cpu's with 4 cores each
<thinkclay> It's not that exact model
<ikonia> because on technologies that support it, such as windows, it's not so bad
<ikonia> I personally don't rate the supermicro stuff, lots of corner cutting
<ikonia> which is why they seem capable of doing reasonable prices
<thinkclay> ya, it's not bad for an entry level server
<onre> largest website of this country ran on a bunch of supermicro servers
<ikonia> onre: which one is that ?
<onre> ikonia, virtually unheard of outside .fi, but had ~2000-3000 page loads per second on rush hours. it was basically a sort of "social media" before social media, started in 1999.
<onre> oh, 2000, not '99
<ikonia> possibly where a multi node setup is required they may be a good choice, cheap and non-ressilient, so if one goes, pop another in
<onre> yes, that's exactly how it was run
<onre> and for price of one "real" name-brand server you could get four supermicros :p
<ikonia> which for a low spec farm makes possibly a better model
<onre> i've run databases on them, too. just pop in a 3rd-party raid controller (i used areca)
<jetole> Hey guys. I just created a ID10T error but I think I may need a hand in solving it. Thank god I disconnected these two from the main switch before I tested the hardware but this is basically what I have. Two servers with two nics where each nic is connected to a different switch. the switches are cross connected with a cross over cable (well technically it's not a cross over cable since the switch has MDI-X but you get the point). The NIC's on ...
<jetole> ... both servers are bonded in active-backup mode so ideally only one of the NIC's should be active at any time and it fails over to the other nic if the primary fails and as far as I can tell, this is working. Then on the bonding there are three vlans defined which are also configured on the switch. on these servers which will primarily be used as firewalls, vlan2 and vlan3 ( VID 2 and 3 ) are bridged in a STP enabled bridge. Somehow I have ...
<jetole> ... hit/created a broadcast storm by bridging these two VLANS however I don't understand how. If a packet leaves the server tagged as either VID 2, 3 or 4 then the switch should be isolating  this packet in the bridge... however because it's a bridge and both VLAN's have the same MAC address, perhaps that's why... I'm still not sure here and actually rather lost on this if anyone could provide some insight I would appreciate it
<jetole> just as a heads up, vlan4 (VID 4) isn't on the bridge because that will be NAT'd (however that's not setup yet but vlan4 does have a private IP. vlan2 is isolated between the data center and the two firewalls (these will be redundant firewalls using conntrackd for sharing state info about connections and this already setup but no iptables rules yet). vlan3 will be where any servers using publically assigned IP's are located. The bridge between ...
<jetole> ... vlan2 and vlan3 creates a transparent firewall (which I've actually done this part many times throughout my life and maintain 3 others of this now) where nothing on either end of the firewall should see that the traffic is going through the firewall (though the MAC address is still visible) but all traffic passing through the bridge is audited against the rules in the FORWARD chain (or perhaps rules in say PREROUTING chain in the raw table ...
<jetole> ... or other odd spots like that but those are the exceptions to the rule)
<jetole> Anyways, yeah. ...not sure how to handle this broadcast storm
<patdk-lap> maybe your switchs don't support vlans correctly?
<patdk-lap> I have seen switchs that dont isolate mac's per vlan correctly before
<jetole> I hope that's not the case. Though they are not Cisco they are still pretty decent Gbps rack mounted enterprise netgear switches
<jetole> I'll be pretty disappointed if that's the case since on of the other VLAN setup's I run elsewhere uses crap lousy shit linksys switches
<patdk-lap> netgear has that issue
<patdk-lap> make sure you update the firmware
<jetole> ...wait this isn't the case. I saw vlan working properly before the bridge
<jetole> I did
<jetole> I think this may have to do with the bridge
<patdk-lap> the bridge alone wouldn't do that
<patdk-lap> what could do that is if you setup a bridge on both your firewalls
<patdk-lap> and created a loop
<jetole> do you think it may if it's bridging two devices with the same MAC?
<jetole> patdk-lap: well I have but I also have STP enabled on both firewalls and switches with priority set for which switch/fw should be higher in the STP chain
<jetole> stp is designed to create a loop free topology, if I understand correctlu
<jetole> *correctly
<patdk-lap> stp only works if ALL switchs/bridges use the same stp version
<jetole> well wait, one switch is using RSTP which I was under the impression was backwards compatible with STP
<jetole> also, afaik, by STP version you mean STP, RSTP, MSTP, etc
<patdk-lap> you do know, when using vlans, stp is kind of useless
<patdk-lap> therefor you normally use mstp
<jetole> yeah only one switch uses MSTP
<jetole> that may be the problem
<patdk-lap> but those all don't talk correctly, if it's not setup correctly
<jetole> that's also the switch using RSTP at the moment
<jetole> well... I could, for now, eliminate one switch while we put in a order for a new one and continue on one
<patdk-lap> I just personally use mstp everywhere
<patdk-lap> or don't bother with stp at all
<jetole> well how would I have a loop free redundant net without STP?
<jetole> routing?
<jetole> brb. I want to test a couple things out but I felt it was best to disconnect these servers from the net before I started and glad I did
<jetole> brb
<Daviey> Anyone confirm mod_rewrite still works on oneiric? bug 917435  - thanks
<uvirtbot> Launchpad bug 917435 in apache2 "Apache mod_rewrite doesn't work after most recent oneric update" [Undecided,New] https://launchpad.net/bugs/917435
<Daviey> zul: can you handle, bug 915614 ?
<uvirtbot> Launchpad bug 915614 in nova "Add policy.json to packages" [High,In progress] https://launchpad.net/bugs/915614
<Daviey> (note the attached branch)
<zul> yeah
<uvirtbot> New bug: #915614 in nova (main) "Add policy.json to packages" [High,In progress] https://launchpad.net/bugs/915614
<zul> good morning btw :P
<Daviey> morning zul
<Daviey> TBH, i thought you'd still be Zzzz'ing :)
<zul> no its early enough to wake up
<RootChaos> argh
<RootChaos> i am trying to install cpan module Mail::ClamAV - comes up with this error : The clamav version you are using is too old. Please upgrade to at least 0.95.1
<RootChaos> clamd -V reports ClamAV 0.97.3/14316/Tue Jan 17 04:23:04 2012
<ikonia> RootChaos: you need to look at what the check is that the cpan module is doing
<RootChaos> â¢ikoniaâ¢ where can i see that ?
<ikonia> how are you trying to install the perl module ?
<RootChaos> #ubuntu-server perl -MCPAN -e shell
<RootChaos> tsk
<RootChaos> perl -MCPAN -e shell
<RootChaos> install Mail::ClamAV
<ikonia> then you need to look at what that process is doing
<RootChaos> the last i see before the error is
<RootChaos> CPAN.pm: Building C/CO/CONVERTER/Mail-ClamAV-0.29.tar.gz
<ikonia> ok, so I'm guessing that it's a scripted process that will either compile or put in place the files, within that process there will be a clam check, you need to find it and find out why it's failing
<jetole> patdk-lap: I'm closer to nowhere...
<jetole> patdk-lap:
<jetole> patdk-lap: I disconnected the cross connect on the switches then unplugged one of Ethernet from the bonded switches on both fw's
<jetole> patdk-lap: sorry. didn't mean to send a blank line
<jetole> anyways, I still have the same problem bridging two vlan on one switch with one cable from each fw
<jetole> as soon as I removed one of the vlan's from the bridge on either host, the broadcast storm / seen my own packet ended
<jetole> as soon as I added it back, it began again
<RootChaos> aah
<RootChaos> i download the package ClamAV-xxx
<RootChaos> and i needed to install libclamav-dev
<uvirtbot> New bug: #917629 in mysql-5.1 (universe) "MySQL Server 5.1 fails to start after install" [Undecided,New] https://launchpad.net/bugs/917629
<RootChaos> which uses clamav-config --version to check the installed version on the server
<RootChaos> :P
<RootChaos> that took me a while
<RootChaos> ;-)
<uvirtbot> New bug: #915490 in mysql-5.1 (universe) "mysql server cannot start with apparmor enabled" [Undecided,Invalid] https://launchpad.net/bugs/915490
<Daviey> zul: bug 915971
<uvirtbot> Launchpad bug 915971 in nova "New command "guestmount"" [High,New] https://launchpad.net/bugs/915971
<Daviey> rbasak: seen bug 879666 ? :)
<uvirtbot> Launchpad bug 879666 in nova "chown error for console.fifo when launching vm" [Medium,New] https://launchpad.net/bugs/879666
<zul> Daviey: grrr
<Daviey> zul: you might want to triage bug 915112? :)
<uvirtbot> Launchpad bug 915112 in nova "nova-compute-xen with broken dependency" [Medium,New] https://launchpad.net/bugs/915112
<zul> Daviey: the guestmount wasnt in diablo so he is probably running essex on oneiric
<Daviey> ok
<rbasak> Daviey, looking
<JoeyJoeJo> I've set my static IP info in /etc/network/interfaces, but every time I reboot I have to set my IP address using ifconfig. How can I make that automatic?
<rbasak> Daviey: I can see the problem in the source, but not sure what to do a diff against. precise? oneiric-proposed? oneiric-updates? they're all different!
<rbasak> Daviey: also, are we intending to carry forward the fifo patch indefinitely? Upstream discussion has died with no conclusion; I'm disinclined to try and drive it forward again if they're not interested.
<soren> rbasak: Vish made a suggestion on Nov 3. Did you see that comment?
<rbasak> soren: yes, I did. How do I know which comments are real blockers to getting a patch merged, and which comments sound like blockers but aren't actually going to affect getting a patch merged?
<rbasak> soren: tbh, I think that fundamental architectural decisions really need to be led by upstream
<koolhead17> zul: hello sir!! :)
<soren> rbasak: I'm not sure I follow?
<dax_roc> Afternoon all
<dax_roc> I'm trying to setup a pxe network install here, I've got everything configured for the most part. I'm trying to debug why no route gets set in the net install initrd it obtains an ip from dhcp and if I drop out to a shell and add the route manualy I have internet access ?
<dax_roc> *using 11.04
<koolhead17> dax_roc: what network interface you are using for this?
<dax_roc> initrd=.. ip=dhcp ksdevice=eth0 noipv6 ks=http://192.168.130.200/path/to/ks.cfg
<dax_roc> koolhead17: eth0 , I am testing from a virtual box
<_ruben> never bothered with the ks part myself, i just do the first few steps manually (no mass deployments here)
<_ruben> just preseeding, and no disk preseeding either at that
<dax_roc> don't see why the route doesn't get set
<_ruben> dhcp server misconfig?
<dax_roc> _ruben: double checking
<koolhead17> dax_roc: also check if you have selected correct network card in virtualbox
<dax_roc> koolhead17: it gets the ip, if I breakout to a shell and add the route manualy I can get to the address
<dax_roc> it's not getting nameservers or gateway from dhcp ?
<koolhead17> dax_roc: then define it in the dhcp file :)
<dax_roc> what ?
<koolhead17> dax_roc: your running a local DHCP server?
<koolhead17> for this purpose?
<dax_roc> koolhead17: yes, sorry looked like mis configured dhcp (windows) sigh
<koolhead17> dax_roc: there u go. it b fixed :P
<Titomen> is there a log or a way to check errors that i see during the boot process
<koolhead17> Titomen: there is a file afaik which holds this info
 * koolhead17 digs further
<koolhead17> Titomen: /var/log/installer/syslog
<koolhead17> :)
<Titomen> thanks..let me check
<Titomen> the date of them is may 26....will it show something that show up on my screen during boot?
<koolhead17> Titomen: lemme check again.
<koolhead17> i thought u looking 4 firstime install log
<dax_roc> wahey its working
<dax_roc> Appreciate the help
<roaksoax> rbasak: ping meeting
<Titomen> koolhead17: no..when i boot since last week i am getting some erro messages..but it goes so fast that is hard to see
<koolhead17> Titomen: tail -f /var/log/boot.log does it has some info?
<Titomen> koolhead17: empty..is there a way to stop or lock the screen during boot to take a picture of that window?
<koolhead17> Titomen: wait for sometime someone will reply
<Titomen> koolhead17: thanks
<dax_roc> Titomen: more /var/log/messages
<dax_roc> Titomen: dmesg | less
<uvirtbot> New bug: #906163 in glance "Glance-common installation failing in Ubuntu with the new release" [High,Fix released] https://launchpad.net/bugs/906163
<Titomen> dax_roc: Thanks i can see it on the log/messages...but has a lot of things from yesterday and today..if i woul like to get a fresh message and reboot..should i delete the file ?
<dax_roc> no, just use "dmesg > ~/Desktop/currentlog.txt"
<dax_roc> Titomen: no need to delete, iirc it will rotate next boot
<bieb> I am building a kiosk with 11.10.. I have it autologging in the kiosk user.. but I have to change a config file.. I can't get to a prompt from inside the kiosk, so I booted and selected to run Ubuntu in recovery mode, and dropped to a command prompt. I am the root user, when I try to save the config file it errors telling me it's a read only filesystem.. how can I mount in r+w mode?
<RoyK> mount -o remount,ro /
<RoyK> erm
<RoyK> mount -o remount,rw /
<bieb> RoyK: thanks
<smoser> zul, i dont think https://launchpad.net/bugs/907197 is a bug
<uvirtbot> Launchpad bug 907197 in nova "ip address can't be injected into the instance when using lxc " [Medium,New]
<smoser> its a feature
<smoser> :)
<zul> we need so stinking features
<Titomen> dax_roc: if i use dmesg..i use the command and then reboot?
<dax_roc> Titomen: it contains boot and current messages, if you want to monitor the logs in realtime try "tail -f /var/log/syslog"
<Titomen> dax_roc: what i want to do is be able to copy what appears on the boot proces of the erros and then do a pastebin to see if somebody can help me with
<dax_roc> Titomen: just pastebin the output of dmesg
<dax_roc> Titomen: after you boot, so if you want to create a file it would be "dmesg > ~/mylogfile.txt" this should be in you home folder
<thinkclay1> what is the best way to go about setting up an raid10 array in Ubunt 10LTS? I found this article (http://www.howtoforge.com/install-ubuntu-with-software-raid-10), but I also see the option to setup raid in the partition manager
<thinkclay1> i should specify, looking for software raid
<thinkclay1> LVM vs Configure Software Raid vs Article / Manual.. can someone help me decide?
<Caribou> Q: Is it possible to override the ubuntu-security.com archive on manual install and to provide a specific (as in Internal) archive instead ?
<dax_roc> Caribou: local mirror ?
<Caribou> yeah, sort of a "private" internal copy of ubuntu's archive
<dax_roc> Caribou: there are numerous guides for that, ubuntu apt mirror
<Caribou> dax_roc: sorry, I must afk for a min. biab
<thinkclay1> so no feedback on raids?
<Titomen> dax_roc: i tryed dmesg > ~/mylogfile.txt reboot and search for file but could not find it?\
<andygraybeal> stupid oracle
<andygraybeal> having to move from sun java to open java
<dax_roc> Titomen: it's in your home directory, "cd ~/; less mylogfile.txt" you want to run it after you've reboot
<hallyn> stgraber: zul: if you happen to upload a lxc update in next few days, pls also grab the unreleased changes that are in lp:ubuntu/lxc
<hallyn> then i will probably create a 'for-upstream' lxc git tree with changes i'm requesting upstream to take
<hallyn> anyway, i'm out - ttyl
<smb> Daviey, when had you thought of bringing up the nfs issue on #ubuntu-devel. Should we go for tomorrows morning somewhen?
<dax_roc> smb: nfs issue ?
<smb> dax_roc, Rather smallish. Fix for bug 607039
<uvirtbot> Launchpad bug 607039 in autofs5 "NFS4 automount using replicated servers doesn't work" [Medium,Fix released] https://launchpad.net/bugs/607039
<RoyK> Titomen: reboot as in controlled reboot, or reboot -f or similar gunshot?
<smb> Which just needs an kernel module alias from nfs4 to nfs. Just don't know how to best fumble it into which package
<Titomen> dax_roc: thanks i got it, know if anybody can help me with this...i am getting this error message on boot: http://imagebin.org/194124 and this is the script that dax roc help ne to get from the boot process...http://pastebin.com/SsgmJAmr  can anybody help me
<Daviey> smb: sure thang
<thinkclay1> If i have (4) 1TB HD's that I want to raid together and have bootable, will this config work: 128M on each drive as /boot RAID1, then remaining space as another / RAID10 .. and where should I put swap?
<kpettit> what's the best local file system search tool for hundred of thousands of files?  Mainly images, videos and music?
<jpds> locate?
<smoser> SpamapS, Daviey, m_3, anyone else. jstack so far is: http://paste.ubuntu.com/807681/
<m_3> smoser: cool thanks
<smoser> SpamapS, m_3 you can test that very easily on canonistack or ec2.
 * SpamapS tries it with /var/lib/lxc on a 12GB tmpfs...
<kpettit> jpds, I've tried that one.  It's doesn't get any file details, which I guess is OK but I'd prefer to get some basic EXIF data from images, MP3 info and the like
<jpds> kpettit: Locate the file, and then use another to grab the data?
<jpds> kpettit: mp3info for the .mp3s?
<kpettit> jpds, I could but that's not praticle when your dealing with the volumes and frequent searches I have to do.
 * pehden is away: I'm busy
<Titomen> Can anybody help me with this...i am getting this error message on boot: http://imagebin.org/194124 and this is the script that i get on the log after boot ...http://pastebin.com/SsgmJAmr  can anybody help me
<kerframil> Titomen: http://ubuntuforums.org/showthread.php?t=1434502
<kerframil> Titomen: short answer - and because you're in the -server channel - just get rid of it
<robo_> hello: is there a beta download of ubuntu 12 LTS? Mainly I just want to see what the default is for solr-common if it's Jetty or Tomcat. In 10LTS it's Jetty
<uvirtbot> New bug: #917832 in apache2 (main) "init script and upstart job named apache2.1 instead apache2" [Undecided,New] https://launchpad.net/bugs/917832
<bitmonk> robo_: i have a precise testing box, i can ask apt
<robo_> bitmonk, that would be awesome!
<bitmonk> looks like jetty, based on the deps
<robo_> thanks!
<bitmonk> libjetty-java (>= 6.1.21)
<bitmonk> np
<bitmonk> i have a bunch of lucid boxes which seem to have flubbed a logrotate around a week ago, they are still writing to log files with a ".1" in the name
<bitmonk> so there is like, auth.log.1 which is 36MB, and auth.log which is zero bytes
<bitmonk> a
<bitmonk> anyone ever seen this?
<RoyK> sw0rdfish: did you find a cheap VM?
<sw0rdfish> oh hey
<sw0rdfish> ummm no
<Titomen> kerframil: Thanks for your comment, but sorry ..do not understand..get rid of what??
<konradb> hi
<Titomen>  kerframil: if you refer to the version of my ubuntu server..this is my i am researching...since if i try to upgrade or update it wont let me do it...permission denied
<konradb> i have "getty[6840]: /dev/hvc0: No such file or directory" 10x hour every day in /var/log/auth.log
<konradb> how to fix it?
<Daviey> SpamapS: What is the juju precise archive and trunk PPA status?
<SpamapS> Daviey: hazmat is working out an incompatility with juju and the version of twisted in precise
<SpamapS> Daviey: the current precise juju probably FTBFS because of it..
<Daviey> SpamapS: do we have an eta?
<SpamapS> Daviey: not sure.. we onl identified the problem last Thu via shoulder surfing. ;) I don't think we remembered to file a bug
<Daviey> SpamapS: thanks.
<Daviey> adam_g: you are working around this issue with, just http://bazaar.launchpad.net/~openstack-ubuntu-testing/juju/precise-fixes/revision/8 ?
<adam_g> Daviey: that is one, rev 7 addresses a bug in the cobbler provider that has been fixed for a while now but not available in PPA
<Daviey> adam_g: is r8 all that is needed to use it against an ec2 provider?
<adam_g> Daviey: i believe so, yes
<adam_g> Daviey: tho you need the fix in both the local, client as well the provisioning agent on the bootstrap node. so it needs to be published somewhere, branch or PPA
<Daviey> SpamapS: if that is all that is required to get precise working again as a short term measure, why is it not in the archive?
<hggdh> roaksoax: hi, your fence_cdu is not available for Oneiric, is it?
<hggdh> Daviey: for the record -- the graceful-stop option seems to have been added during Maverick (sponsored by zul, IIRC). I set the bug incomplete waiting for feedback from the OP
<Daviey> hggdh: interesting!
<Daviey> easiest fix ever :)
<hggdh> so far, yes :-)
<jamespage> negronjl, nice lead time on PPA builds ATM :-)
<negronjl> jamespage: at this rate, we'll be done by the end of the year :)
<jamespage> negronjl, lol
<jamespage> the hadoop package is OK; works on armel as well as x86
<jamespage> negronjl, I've requested armel etc... for all three PPA's owned by the team
<negronjl> jamespage: saw that earlier ... ok
<jamespage> negronjl, I could only make it work on one of three Java options on armel
<jamespage> openjdk with zero JVM worked
<jamespage> java -zero
<negronjl> jamespage: do you have hardware anywhere to test ?
<jamespage> negronjl, I have a pandaboard
<negronjl> jamespage: ahh.  I guess you'll be testing the armel stuff then :)
<jamespage> negronjl: yes - with the help of rbasak who now has three!
<negronjl> jamespage: cool
<jamespage> negronjl, I've been pushing packaging only branches to lp:~hadoop-ubuntu/+junk/XXX as well
<negronjl> jamespage: I'll take a look at them and see if I can follow suit
<jamespage> well only hadoop so far
<jamespage> ...
<negronjl> jamespage: ahh I see.  I'll do the same
<negronjl> jamespage: lp:~hadoop-ubuntu/+junk/pig
<jamespage> negronjl, sweet
<jamespage> I'll look at hbase next
<negronjl> jamespage: In the meantime, I'll pick another package..
<negronjl> jamespage: I'll look at hive
<negronjl> jamespage: Do you know of a quick way to have the build system ignore build.xml ?
<negronjl> jamespage: If I leave the build.xml file there, the build system ( debuild ) tries to build using ant
<negronjl> jamespage: I have to remove the build.xml file ( or move it somewhere else ) to have it build my way
<jamespage> negronjl, use override_dh_auto_build: in debian/rules and tell it todo nothing
<negronjl> jamespage: perfect !! thx
<jamespage> np
<DREDNOFEAR> hi all. i am having issues with dns/bind on my ubuntu server. when i run dig command it returns SERVFAIL. named-checkzone is ok.  i am behind a comcast business line. i am wondering if i have to open some ports? or if there is some something i am missing in a configuration file? any help is greatly appreciated.
<DREDNOFEAR> j;
<kyentei> I love how of all the people here, no one really asks for help. Are we all just sitting there waiting till we can help someone? ^.^
<Myrtti> yup
<DREDNOFEAR> anyone good at trouble shooting bind/dns?
<l0n> DREDNOFEAR: I suck at DNS but I am a pretty good troubleshooter so who knows, can you telnet to the server on port 53?
<Titomen> I am trying to apply some update available and getting: http://pastebin.com/8b6snXuv  can not update anything..any help apprecioated
<SpamapS> Daviey: with the test suite failing (specifically around twisted issues) an upload to precise with just that fix would fail anyway.
<SpamapS> Daviey: the twisted issues are happening around the HTTP webdav tests that are part of orchestra
#ubuntu-server 2012-01-18
<qman__> Titomen, run sudo apt-get update
<qman__> that error is usually caused by an out of date package list or a failed download
<qman__> or a bad source
<Titomen> qman__: ok let me try
<Titomen> qman__: look what i am getting: http://pastebin.com/d3tWNT0W
<qman__> means either your internet's down (link or DNS) or you're being blocked from accessing the mirror
<Titomen> qman__: if i can putty into the server from home..i guess the porblem is not the internet?
<qman__> could still be DNS
<Titomen> qman__: whta options do i have?
<qman__> try to ping google.com
<qman__> then try to ping ubuntu.com
<qman__> if neither works, try to ping 8.8.8.8
<Titomen> from putty?
<qman__> from your server
<DREDNOFEAR> anyone have any ideas on how to trouble shoot a dig SERVFAIL?
<Titomen> qman__: 64 bytes from gx-in-f106.1e100.net (74.125.65.106): icmp_seq=88 ttl=47 time=25.7 ms
<Titomen> 64 bytes from gx-in-f106.1e100.net (74.125.65.106): icmp_seq=89 ttl=47 time=26.0 ms
<Titomen> 64 bytes from gx-in-f106.1e100.net (74.125.65.106): icmp_seq=90 ttl=47 time=25.3 ms
<Titomen> 64 bytes from gx-in-f106.1e100.net (74.125.65.106): icmp_seq=91 ttl=47 time=26.1 ms
<qman__> so you have internet and dns
<qman__> are you able to ping ubuntu.com?
<l0n> DREDNOFEAR: can you telnet to port 53 on the server running bind?
<qman__> or, to be more specific, archive.ubuntu.com
<Titomen> qman__: let me try
<qman__> if you can, and apt-get update still doesn't work, it means your web traffic is being filtered
<DREDNOFEAR> no can't telnet on port 53
<l0n> DREDNOFEAR: sounds like it could be a firewall issue or you aren't binding to the correct IP address on the server
<osmosis> whats the recommend protocol to use for file transfer between two servers on a local network?  SSH is gettting cpu bottlenecked.
<Titomen> qman__: 64 bytes from cursa.canonical.com (91.189.92.176): icmp_seq=1 ttl=42 time=147 ms
<Titomen> 64 bytes from cursa.canonical.com (91.189.92.176): icmp_seq=2 ttl=42 time=141 ms
<Titomen> 64 bytes from cursa.canonical.com (91.189.92.176): icmp_seq=3 ttl=42 time=138 ms
<Titomen> 64 bytes from cursa.canonical.com (91.189.92.176): icmp_seq=4 ttl=42 time=149 ms
<Titomen> qman__: so what are my options
<qman__> attempt to wget archive.ubuntu.com or telnet archive.ubuntu.com 80
<l0n> osmosis: off the top of my head, you could use: NFS, SMB or FTP
<qman__> if those do not work, that confirms that your web traffic is being blocked
<qman__> in which case, check your firewall
<Titomen> qman__: so that is the comand i have touse: wget archive.ubuntu.com
 * pehden is away: I'm busy
<qman__> yes
<Titomen> qman__: this is what i get: http://pastebin.com/GVKjW0AB
<qman__> that means it worked and you're online
<qman__> try to sudo apt-get update again
<SpamapS> Daviey: fyi, the bug in juju that causes the test suite to fail is bug 917954
<uvirtbot> Launchpad bug 917954 in juju "juju.providers.orchestra.tests.test_digestauth fails with twisted 11.1" [Critical,Triaged] https://launchpad.net/bugs/917954
<Titomen> qman__: i believe i am getting the same errors: http://pastebin.com/NvMCzyTu
<qman__> oh, I just noticed it
<qman__> you're running karmic
<qman__> karmic is old and unsupported
<qman__> so the mirrors aren't there
<l0n> qman__: they've been renamed haven't they?
<qman__> AFAIK they're just gone
<qman__> if they do still exist, that's news to me, and good news
<Titomen> qman__: how easy is to upgradfe...
<qman__> it's much easier if you do it before the release goes unsupported
<qman__> but you can upgrade from a 10.04 lucid disc
<qman__> http://mreschke.com/topic/254/Ubuntu+End+of+Life+and+Upgrades
<qman__> and the official doc, https://help.ubuntu.com/community/EOLUpgrades
<qman__> and yes, looks like they are up at old-releases.ubuntu.com
<qman__> which is good to know
<l0n> You may be able to fix it like this if you don't want to upgrade: Edit your /etc/apt/sources.list and replace all instances of archive.ubuntu.com and security.ubuntu.com with the very fitting old-releases.ubuntu.com. After that, run sudo apt-get update and watch the repository indexes roll in!
<l0n> yeah old-releases, that's what I was thinking of
<Daviey> SpamapS: thanks
<Titomen> l0n: well is not that i do not want to upgrade...i am a newbee..i have this server which is backing up  my computerws very nicely...if the upgrade process is easy...i have no problem....
<qman__> if your server is hosting anything to the internet, you should upgrade
<qman__> if it isn't, and is only used locally, you may not want to upgrade, because there's a possibility it can break things
<twb> If his machine is networked *AT ALL* he should upgrade to a supported release
<Titomen> qman__: for now it backups all the data of my 5 office windows computer with delta copy and rsync... even though i know that you guys do not like webmin...i use it to monitor the server..and if i need to do command i use putty...
<qman__> the upgrade process itself is easy
<qman__> but bugs and things happen
<qman__> webmin could make upgrading a total disaster
<Titomen> is there  away to do an image and if this does not work easily foo back untill i have much more time to dedicate for
<qman__> yes
<qman__> if you have a drive which has enough free space to back up the entirety of your server
<qman__> you can back it up with programs like partimage or dd
<twb> webmin makes everything a total disaster
<Titomen> webmin is only to monitor...like my softwere raids..i have 4 software raids...
<qman__> or even tar
<twb> It is turnkey disaster software
<qman__> webmin is webmin
<qman__> it doesn't matter what you use it for, its mere presence introduces lots of issues
<qman__> especially for this type of situation
<Titomen> so if i need to check the server in a easy was i understand that everybody does not like guis?
<qman__> it depends on what you're checking
<qman__> there are lots of full blown monitoring solutions which work much better than webmin and are nice to the system
<qman__> like nagios, icinga, mrtg, ...
<qman__> cacti
<qman__> if you only need simple things, you can write it yourself, like I did: https://qman.strangled.net:8443/stats.php
<Titomen> mayinly..with webmin i can chek the file manager so i can see the windows doc files and even open them directly if needed...also even though i know hte comand to repair a degrade raid..with webmin takes 2 sec..or if i need to edit any of the etc files...from there is like working on a word document and then safe?
<qman__> the problem is the way it works
<qman__> webmin is not cohesive with the way debian and ubuntu packages work
<qman__> it breaks configs
<twb> webmin takes over
<twb> Then it makes a mess and leaves everyone else to pick up the pieces
<twb> It's like having a toddler as senior engineer
<Titomen> so if i would like to make an image i have a 1 tb disk usb i can cnect to the server...how willi do the image...also my raids are as follow..md0 is boot for 100mb, md1 is 2 gig for swap, md2 is 10 gig for system and md3 is 1 tb for home....teh image should be of the system or of all the server?
<patdk-lap> depends on what you care about
<patdk-lap> personally, I normally do one backup per filesystem
<twb> I typically backup files, not filesystems
<patdk-lap> twb, depends on what kind of backup your doing :)
<patdk-lap> some I only backup files, other I backup filesystem images
<Titomen> is this case if i want to do an upgrade and be protected that if it fails can go back to the previous state
<twb> Then back up the entire disk
<Titomen> aany easy way
<twb> But since you have installed webmin, it would be safer to throw the system away and do a completely fresh install
<Titomen> that is fine but if i have trouble i can place back the image and trouble shoud so i do no thave downtime with te oiffice computers
<Titomen> any easy way to do a complete computer backup?
<Patrickdk> technically, you don't have to backup /home for that
<Patrickdk> unless you royally mess it up
<Titomen> qman__: which monitoring solutions you recomend
 * patdk-lap loves munin, easy, quick, simple
<twb> I (grudgingly) use nagios for availability monitoring, and collect for performance monitoring.
<twb> *collectd
<twb> I'm substantially more impressed with collectd than munin
<twb> Most of the others I shit-canned because they wanted PHP
<pmatulis> shit-canned?
<qman__> pigeon holed
<twb> blacklisted, boycotted, rejected
<Titomen> Thanks everybody foor the help...which will be the easiest wqay to do that image of the system, if i cinnect a usb external hard drive
<qman__> partimage works pretty well
<qman__> and is conveniently on systemrescuecd
<qman__> otherwise I'd pipe dd through gzip
<Titomen> as you can see i am very neewbe on this which can make my life easy
<Titomen> so is partoimage something i copy on a cd and boot the server from it and then do the copy?
<qman__> that's the best way to do it, to avoid accidental corruption
<qman__> the interface to partimage is a little bit clunky but it's not that hard
<qman__> it's in the repos and can be installed in an ubuntu live environment
<Titomen> do you mind to tell me in simple words what " installed in an ubuntu live environment"means
<qman__> it means, you can boot a desktop CD to the live environment, and install and use the partimage package within that environment, without modifying your filesystem
<Titomen> so i can not just download partimage burn it as an iso on a windows computer to a cd and boot the server on the pasrtimage cd...i shoudl do it from a ubuntu desktop cd and then run it?
<qman__> partimage itself is a program
<qman__> it's available on many different linux CDs
<qman__> systemrescuecd is one, and you can use it in ubuntu too
<qman__> the problem you're going to run into is your raid
<qman__> you have to reassemble it in the live environment, so use what's most familiar to you
<qman__> I guessed that would be ubuntu
<Titomen> And if i am able to do first a copy fit partimage..for security reasons, and then if a keep my raids..wound that isntal in the md0 which is the system...should the md3 which is the home stay the smae?
<Titomen> Thanks everybody for your help and also for your patient and understanding
<Titomen> i was reading and would liketo knowif anybody has any coments about EBOX
<FuZi0N> Anyone know how to modify the maximum number of connections per user for pptp vpn in ubuntu?
<twb> FuZi0N: it's probably configurable
<FuZi0N> any idea how?
<FuZi0N> ive been searching everywhere but dont had no luck finding it
<osmosis> curious...do power users usually use aptitude? or is apt-get or aptitude just a style preference?
<twb> I use aptitude for things apt-get/apt-cache can't do, like complex searches
<twb> aptitude starts substantially slower on my machine
<DREDNOFEAR> hey all
<johnthenewguy> hi is it possible to get macvtap working on ubuntu-server maverick?
<johnthenewguy> http://archipelproject.org/2011/09/28/kill-your-bridges/
<papertigers> anyone know how to build a ubuntu vm that can be used for virtual machine cloning
<papertigers> is there a better way then logging in and resetting ssh keys, hostname, etc
<henkjan> papertigers: http://libguestfs.org/virt-sysprep.1.html
<RoyK> henkjan: thanks - I didn't know that :)
<papertigers> RoyK: you are just everywhere :P
<RoyK> not really :P
<RoyK> :Ã¾
<papertigers> RoyK: atleast the same channels lol
<RoyK> #openindiana and #ubuntu-server, but that's about it (add #illumos in there, though)
<papertigers> im in illumos too
<papertigers> im playing with smartos
<RoyK> hm... smartos?
 * RoyK reads up
<papertigers> RoyK: figured youd already know hah
<RoyK> any amd support yet?
<papertigers> someone in the community is working on it
<RoyK> k
<papertigers> I think they are close
<koolhead11> hi all
<smb> jamespage, I wonder whether in order to pxe boot VMs I have to have either one VM or the hosting server setup as provider. Or whether there is a magic way to change the libvirt bridges into transparent...
<smb> jamespage, How do you do in the testlab?
<jamespage> smb: in the lab the libvirt managed dnsmasq provides the TFTP in addition to DHCP
<smb> jamespage, Like that <orchestra server> ---> <vm server> --> <vm pxeboot>?
<jamespage> smb: orchestra does not manage any VM's in the lab
<jamespage> (i think - well at least not any I know about)
<smb> Ah
<jamespage> jibel might be able to help - I know he's being looking at this
<smb> Thought it would be convenient to not only provision physical machines but also vms by the same server
<dax_roc> Should work no problem from pxe point of view, I'm doing it here with proxmox (vm host) and in virtual box guests ( testing )
<dax_roc> have to say the kickstart files run smooth too
<smb> The trick might be to tell the dnsmasq for the virtnet to have server-next and a filename
<dax_roc> option 066, 067 need to be set on the dhcp
<uvirtbot> New bug: #918170 in clamav (main) "Update error WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl" [Undecided,New] https://launchpad.net/bugs/918170
<EMKO> I bet if I spit it will freeze before it hits the ground here
<EMKO> I think it hit -50 windchill
<xranby> EMKO: running overclocking experiments in the server hall?
<xranby> what do you use for cooling?
<EMKO> Lol no its just out side weather
<xranby> hmm.. try file a bugreport, but i am not sure we can fix it
<EMKO> I was talking in a different channel and I typed here by accident sorry
<xranby> heh ok :)
<uvirtbot> New bug: #918179 in nova (main) "Can't run commands as root" [Medium,New] https://launchpad.net/bugs/918179
<eutheria> which package has the sambaSamAccount schema in it?
<cwillu_at_work> EMKO, you must live near me
<cwillu_at_work> -47.5Â°C w/ windchill at the moment
<EMKO> Lol its crazy
<cwillu_at_work> we had +5 just last week too, so this really caught me off guard
<EMKO> U in Calgary?
<cwillu_at_work> saskatoon
<EMKO> Oh
<cwillu_at_work> close enough :p
<EMKO> Yea it was weird hot winter then in a few days hell
<smb> jamespage, rsyslogd: Could not open dynamic file '/var/log/orchestra/rsyslog/2012/01/18//messages'... anything beyond ryslog  seems not to exist... (running on oneiric) Does not seem to be so sensible not to create the path. Or do I miss something?
<jamespage> smb: I think that is a know bug - you can fix the perms on that directory to sort that out
<smb> jamespage, sigh, known to be broken ... I need to remeber that for kernel bugs... :-P
<adam_g> jamespage: ive been looping jenkins jobs for the last 14 hours or so. openstack deploy -> test/setup -> teardown -> deploy again with pretty good results. seems we've isolated all deployment failures to errors that can happen during the installer
<cwillu_at_work> what do you suppose an rsync exit code of 255 means?
<cwillu_at_work> it's not in the man page
<zul> morning
<cwillu_at_work> oh, I bet it's from the command I'm providing to use as the tunnel, being passed through
<jamespage> adam_g, nice one
<DREDNOFEAR> hey all i am having trouble getting my dns server recognized, i have disabled the firewall, and comcast tech can't ping me on port 53, any ideas as too what is happening?
<cwillu_at_work> DREDNOFEAR, and you can access the port locally?
<DREDNOFEAR> yeah i can listen on 53
<cwillu_at_work> not what I asked
<DREDNOFEAR> what do you mean
<cwillu_at_work> with the dns server listening, can you access the dns server locally over port 53 from the machine?
<DREDNOFEAR> no
<cwillu_at_work> then it's probably a configuration error
<cwillu_at_work> i.e., for whatever reason, the dns daemon is not in fact running, or is not listening on the right network interfaces, or ports, or whatever
<DREDNOFEAR> any files i should look at, or is it the cable modem.
<DREDNOFEAR> comcast couldn't telnet in on 53 to the computer
<jasef> DREDNOFEAR: If you can't access it locally, then it's not the modem.
<DREDNOFEAR> what is a good command to check on wether the port is up locally?
<DREDNOFEAR> i may not be doing the diagnostic correctly
<jasef> DREDNOFEAR: Type 'nslookup www.google.com localhost'
<DREDNOFEAR> and tx for the help
<jasef> DREDNOFEAR: What was the ouptut of the command I gave you?
<DREDNOFEAR> hold on comcast tech on phone
<cwillu_at_work> poor tech
<DREDNOFEAR> ha
<jasef> Ugh, ISP techs never help
<cwillu_at_work> with the user's server's configuration errors?  of course not
<jasef> Not just that :P They never help with anything, tbh.
<cwillu_at_work> you don't have support-fu
<jasef> Support-fu? O-o
<cwillu_at_work> the trick is to understand the reasoning behind the scripts that the first two levels of support are for, so that you can help the operator through them as quickly as possible
<DREDNOFEAR> no help so far
<cwillu_at_work> this does not mean explaining to them why the answer to their question doesn't matter
<cwillu_at_work> (that would be "not having support-fu")
<DREDNOFEAR> he's trying to telnet on port 53
<jasef> Ah, I see.
<cwillu_at_work> DREDNOFEAR, do you understand the implications of the test we had you do?
<DREDNOFEAR> yes
<jasef> I just go on forums when I need any help with my ISP, their forum staff is great.
<cwillu_at_work> (there's no sense spending their time when we don't know that it's working even on the local machine)
<cwillu_at_work> DREDNOFEAR, have you done the nslookup test yet?
<cwillu_at_work> and what was the output?
<cwillu_at_work> also, I'm not sure telnet is actually relevant, as dns can operate entirely over udp
<jasef> That's why I suggested nslookup, actually.
<DREDNOFEAR> server locahost Address 127.0.0.1#53
<jasef> Uhh, is that the only output?
<DREDNOFEAR> the tech said that he got screen  but not a prompt on the login
<DREDNOFEAR> non autoritative answer:
<DREDNOFEAR> www.google.com canonical name = www.1.google.com.
<jasef> A prompt on the login... to a DNS server...?
<DREDNOFEAR> to the root server
<DREDNOFEAR> Name: www.1.google.com
<jasef> Sounds like the DNS is working to me then.
<DREDNOFEAR> Address:74.125.113.105
<jasef> Would you mind giving me the IP address so I can test how it works from outside your network? If you don't want to post it in the channel, you could also PM it to me.
<zul> lynxman: seen mdeslaur's comment about swift?
<lynxman> zul: hmm lemme check
<lynxman> zul: hah, changelog :)
<lynxman> zul: will fix asap
<zul> lynxman: i thought it was a new meme
<lynxman> zul: I couldn't attach your picture so... :D
<lynxman> zul: but that's what I normally do for Orchestra since Andres always packages it, just followed the same
<lynxman> zul: will do as mdeslaur suggests from now on
<zul> k
<Bogdaniel> i'm having a problem with iptables when i restart the computer the save is not restored ( added the command for restore in rc.local) can someone help me ?
<adam_g> roaksoax: will a preseed'd late/early command that just exits 1 halt an installation?
<uvirtbot> New bug: #917660 in linux (main) "Installing qemu-user-static in an i386 lxc container applies the binfmt changes to the host, breaking execution in that host" [Medium,Confirmed] https://launchpad.net/bugs/917660
<smb> jamespage, FWIW I think I found now a good way for me to have the VMs and physical machines be supplied by one orchestra server: don't use the virtual networks provided by libvirt. :)
<roaksoax> adam_g: it shouldn't
<roaksoax> adam_g: well, it will display a message that showed that something failed, but if you confirm reading the message
<roaksoax> it will resume
<smb> hallyn, Oh, you are around now. Wanted to bother you about the nfs4 thingy and now what bugbot said last
<roaksoax> adam_g: so yeah, I guess that if by "Showing an error message that requires user attention" means halting the installtion, then it would
<jamespage> smb: just bridge the VM's to the physical nice or something?
<jamespage> nice -> nic
<smb> jamespage, Right, define your own bridge outside as transparent one
<jamespage> adam_g, what was the solution for the archive consistency errors?
<apw> hallyn, i see a bug about /proc/binfmt causing issues to the LXC host from inside a container, bug #917660, is that something that you own ?
<uvirtbot> Launchpad bug 917660 in linux "Installing qemu-user-static in an i386 lxc container applies the binfmt changes to the host, breaking execution in that host" [Medium,Confirmed] https://launchpad.net/bugs/917660
<apw> hallyn, and there are test kernels out on that bug with LXC and /dev/ttyN
<smb> apw, Funnily bugbot just announced it here...
<smb> apw, Though hallyn seems to be in a hole ;-P
<smb> or needs more coffee first
<adam_g> jamespage: in the charms, something like: apt-get update || (rm -rf /var/lib/apt/lists/* && rm -rf /var/cache/apt/* && sleep 5 && apt-get update)
 * apw boggles at the sleep 5
<adam_g> jamespage: can't realy do that in the installer, im trying to hack a preseed that will use lvm snapshotting instead of doing a full install
<jamespage> adam_g, that would be really great to get working
<Bogdaniel> anyone here know's how to setup openvpn ?
<adam_g> jamespage: working on it now, hoping to have something that works.... and then figure out a good way to get it to break out of the snapshot/restore loop an do a full install when we need it.
<adam_g> apw: 5 secs seems to be long enough to let the archive servers settle down and sync back up
<DREDNOFEAR> thanks jasef
<mdeslaur> lynxman: one more small change, please remove the [Marc Cluet] line from the changelog
<bobweaver> hello there thanks for taking the time to read this. I am very new to the server world. I have a couple of questions 1) how do I make my server public  ?   2) what is the  virtualhost option  when installing server ? 3) how in the world do I use /etc/hosts and apache2 ? thanks again
<mdeslaur> lynxman: ping me once you've done it, and I'll upload it
<lynxman> mdeslaur: it's done :)
<lynxman> mdeslaur: eer okay last change
<lynxman> mdeslaur: 1 sec
<lynxman> mdeslaur: now it's done
<mdeslaur> lynxman: thanks
<lynxman> mdeslaur: thank you for your review
<mdeslaur> lynxman: np
<ikonia> bobweaver: didn't we just cover this in #ubuntu ?
<bobweaver> kinda ikonia I am just trying to learn
<ikonia> ok - so what part is not clear now ?
<bobweaver> well I do not understand how I get the server to the public
<bobweaver> ikonia:  thanks for the help
<ikonia> bobweaver: ok - you need your server to be visible on a public IP address
<ikonia> bobweaver: currently you are using a private IP range that is private to your network, so people on the internet can't see it
<ikonia> bobweaver: do you understand that at this point ?
<bobweaver> yes
<ikonia> great, so the question is how do you get it on the internet
<ikonia> either a.) get your ISP to assign you a public address for it
<ikonia> b.) use the technology within a lot of home routers do to "port forwarding"
<ikonia> that port forwards your ISP's public IP to the private IP on your machine for specific ports
<ikonia> that would be the most common method
<apw> bobweaver, and remember to firewall your machine as it will now be exposed
<apw> and keep it up to date regularly, and ... be scared
<bobweaver> thanks ikonia and apw  apw I have a ipcop box
<ikonia> well not with port forwarding if only certain ports are forwarded
<ikonia> be aware though a lot of ISP's will block certain ports, eg: 25 so you won't be able to run services such as mail
<ikonia> or port 80
<apw> ikonia, i always assume its going to do the wrong thing or i am going to open more than i intended
<ikonia> a lot of ISP's don't like non-comercial services being used for comercial services such as web / mail so block it at the network level
<bobweaver> ikonia: I see
<ikonia> bobweaver: either way, your ISP should be able to a.) tell you your limitations b.) help you configure the router to do this
<bobweaver> what about when installing what is the Virtualserver when it asks what I would like to install what is this?
<apw> cirtainly my home ADSL has no blocks, but my contract with the ISP says i won't run "services available to all of the internet"
<bobweaver> like where it asks if I want to install lamp open ssh mail server virtualserver ect ?
<bobweaver> what is virtual server ?
<SpamapS> apw: does advertising your availability for secret missions in your tiny car count as providing services to the internet, danger mouse?
<ikonia> bobweaver: you don't need virtual server
<bobweaver> lol
<ikonia> bobweaver: it's for virtualization
<bobweaver> like qermu  ?
<bobweaver> qemu *
<ikonia> that sort of thing yes
<bobweaver> cool
<bobweaver> this is what I am usiong the server for. I want to be able to gather infromation  about charitys like how many backlinks they have and seo stuff  I want to pass the values of X <-- backlinks    from sql table  to tell them what they could do to get more seo stuff ect
<bobweaver> only for charitys
<ikonia> ok
<apw> SpamapS, :)  maybe
<hallyn> Daviey: if anyone is looking for me, i'm trying to recover from a bad update.  boot from livecd takes about 15 mins so i should be able to check for msgs every 20 mins or so :)
<bobweaver> I deal with alot local charity stuff amvets homeless selters ect  alot of them are losing there funding so I thought that If they have no site then I could host for them  if they have site that is all messy thhen I fix and facelift  also would like to post how much the owner is making and what is the value
<ikonia> bobweaver: hosting a site on a home dsl line is not a good idea
<mdeslaur> zul: swift has Vcs-Bzr: http://bazaar.launchpad.net/~ubuntu-server-dev/essex/swift in the control file, but that repo doesn't seem to exist
<mdeslaur> zul: where does your team put that now?
<bobweaver> ikonia:  I work at a hosting place I could use there network  but.. I am not a networking guy more of a php asp sql web dev
<ikonia> bobweaver: off you go then, good luck
<zul> mdeslaur: ubuntu-server-dev is the right place i need to fix that
<bobweaver> ikonia:  so I have to configure server right 1st before I can use it
<mdeslaur> zul: where? /me can't find the exact repo
<zul> mdeslaur: ill fix that today ill take care of it today
<mdeslaur> zul: here? https://code.launchpad.net/~ubuntu-server-dev/swift/essex
<zul> yeah
<mdeslaur> zul: I'll change it now
<zul> mdeslaur: k
<bobweaver> ikonia:  looks Like I am off to a wonderfull world of  learning about server configuration  exsample how apach works is lttPd better ect
<ikonia> bobweaver: you're not using your server at home, you said you'd use the one in your hosting place, that should be configured already
<bobweaver> ikonia:  no I would bring the box in and use on my "own time "
<ikonia> bobweaver: ok, so the private networking issue goes away, as you'd be staight on the net in the hosting center
<bobweaver> yep it is about learning  how to configure it for a there network also how to add more then one site ect BUt before all that I have to test test test at home
<bobweaver> local then to public I thought was a good idea ? but I am new to this
<ikonia> there is no need to make it public
<ikonia> you are just testing it, so keep it private,
<ikonia> that way you can pick up the box, take it to the hosting place, change the IP and you are done/working
<bobweaver> sweet that is what  I wanted to hear
<bobweaver> is it hard to chang the ip ? I also have to option of staic
<ikonia> if you are going to host in the DC you'll get a static IP
<ikonia> it should be a 10 second job to change the IP
<bobweaver> at work we are are own isp/phone company. ikonia thanks bro. what about apache2 and having multi sites running on this thing ? is that possible ?
<ikonia> bobweaver: totally possible, just need valid DNS entries (your hosting guys can do that for you) and then use "name based hosts" in apachge,
<bobweaver> the book that I have is kinda old (red hat)  it says to change the /ect/hosts file and add the site and ip or the 127.0.0.1   and to add stuff to /etc/apache2/confg       but there is no such file
<bobweaver> add the sites name ..
<bobweaver> then after all of that I read that it is beeter to work out of ~ and not /var/www
<bobweaver> so I have to point apache config to documentroot = ~/somedir    ?
<bobweaver> instead of /var/www
<bobweaver> then I also read that it is "best" to have not only your ~ dir in a differnt partition but also apache should also be on a different partition I have no clue how to do this    I guess that I make room (gparted) then make new partition then then install or mv apach files to it then set up rc to mount that partition ?
<bobweaver> on boot
<Daviey> hallyn: happy days :)
<sconklin> I need some advice on rebuilding a RAID1 - the Intel BIOS (Intel matrix Storage Manager) shows it as "Repair" and needing to be fixed from the OS, and it all looks OK from dmraid, but I'm not sure I'm looking in the right places
<sconklin> running precise, fwiw
<ikonia> bobweaver: don't follow a redhat book for uubntu
<ikonia> bobweaver: maybe worth speaking to the guys at your hosting company, they may give you a bit of friendly help
<ikonia> bobweaver: also https://help.ubuntu.com - good basic introduction
<SpamapS> sconklin: so this is a fakeraid ?
 * SpamapS has never been able to work with those things. :-/
<sconklin> SpamapS: yes
<sconklin> it's apparently running fine in degraded mode, and I can't figure out how to resync it
<sconklin> I found the command to force repair of one of the volumes, but haven't found a way to tell which of the two is the 'good' one
<_ruben> fakeraid .. yuck
<sconklin> I ~think~ I may have also found something that causes a failure to boot if you're using fakeraid and upgrade from Lucid, but I want to get this problem solved before I look at the other more deeply
<jamespage> zul, Daviey: can we do nested KVM in precise?
<zul> jamespage: not sure...check with hallyn
<jamespage> hallyn: ^^
<Daviey> jamespage: yes.
<Daviey> jamespage: amd64 has been a yes for longer, but intel is new in precise aiui.
<sconklin> SpamapS: the right answer is to nuke the server and rebuild it with software raid. Not the answer I wanted, but fakeraid looks pretty screwed up
<RoyK> if it's fakeraid, then just don't use it
<RoyK> turn OFF that thing and use software raid instead
<RoyK> or get a hardware raid controller if you really need "hardware" raid
<SpamapS> sconklin: have only dealt with it once, and I took that exact path... dusted off.. nuked from orbit.. it was the only way to be sure.
<cwillu_at_work> SpamapS, run the drives through an industrial shredder?
<SpamapS> I think we'll just let Triumph the insult comic dog poop on them
<uvirtbot> New bug: #918301 in puppet (main) "package puppetmaster 2.6.4-2ubuntu2.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/918301
<sconklin> SpamapS: actually, it turned out to be pretty trivially easy to turn it into a non-raid system. I removed the volumes from the RAID in bios, (which said it would destroy the data but didn't), then pointed grub at /dev/sda1, and it's all good on a single drive. Running fsck now, but I think that's the easy way to get off of fakeraid
<sconklin> I did actually poke around from initramfs to make sure sda was the one I wanted
<SpamapS> sconklin: but to convert to md, you'd need md superblocks
<sconklin> SpamapS: I think I'm just going to leave it non-raid, and rsync the stuff I care about to the other drive.
<sconklin> Raid docs for Ubuntu are pretty bad and scare me
<SpamapS> that makes me sad
<sconklin> "Note: Be aware of the fragile state of RAID support in Ubuntu and what it takes to get a reliable raid setup"
<sconklin> really?
<sconklin> and in the same document:
<sconklin> "The RAID software included with current versions of Linux (and Ubuntu) is based on the 'mdadm' driver and works very well."
<sconklin> https://help.ubuntu.com/community/Installation/SoftwareRAID
<hallyn> jamespage: not that i know of, unless yo'ure on amd
<hallyn> i'd be delighted to be proven wrong
<hallyn> what the heck lemme try
<roaksoax> bjf: ping
<bjf> roaksoax: what can i do for you ?
<roaksoax> bjf: howdy. Just wondering whether you were using a mini ISO or an alternate, or server ISO when you saw the koan errors?
<bjf> roaksoax: you asking which one i installed and am running koan on ?
<smoser> hallyn, what is the escsape for lxc console again ?
<roaksoax> bjf: nope, sorry, the ISO imported into cobbler?
<roaksoax> bjf: nope, sorry, the ISO imported into cobbler, is it a mini, alternate, or a server ISO?
<hallyn> smoser: 'ctrl-a q'
<smoser> it doesn't seem to be working in one of my windows
<hallyn> smoser: i might have to give the 'no-clear-screen' option to getty so you can see that msg on login :)
<smoser> probably ran lxc-start without some flag
<hallyn> it doesn't work in the lxc-start one
<bjf> roaksoax: it's whatever cobbler imported as part of the install
<smoser> so what do i do on the lxc-start one?
<roaksoax> bjf: a mini then. Cool thanks!
<hallyn> smoser: nothing
<smoser> suck
<hallyn> give the -d flag when starting it, is all i think you can do
<hallyn> agreed
<hallyn> jamespage: i'm trying with 'kvm_intel' loaded with nested=1.  lessee how it goes
<smoser> hallyn, thats not the default?
<hallyn> smoser: seems no
<hallyn> going by linux-2.6/Documentation/virtual/kvm/nested-vmx
<hallyn> (obviously, if it works, i'll make the default in the shipped upstart job)
<hallyn> jamespage: they *claim* if you just do 'modprobe kvm_intel nested=1" and add '-cpu host' to the qemu args, it should work
<jamespage> hallyn,nice
<jamespage> thanks for taking a look BTW
<hallyn> np, i've been hoping for this for years
<smoser> hallyn, are you going to do performance metrics on nested versus non-nested?
<smoser> that'd be neat
<hallyn> suppose i'll have to
<hallyn> i assume you mean nesting enabled and not, but only the first layer?
<hallyn> i don't intend to do measurement of a nested one unless i suddenly have a glut of time...
<hallyn> anywya let's first see if this even works :)
<hallyn> i'm still limping on half a cylinder, x hates me
<uvirtbot> New bug: #918327 in lxc (main) "lxc-start exits success on failure when non-root" [Undecided,New] https://launchpad.net/bugs/918327
<smoser> hallyn, well... i guess you should check the cost of nested enabled on the first layer
<smoser> if you're going to enable it.
<hallyn> right
<smoser> but i was hoping that you'd be able to show the benefit of "nested" in the second layer
<smoser> i've just always been curious
<smoser> and i was curious in general as to the outcome of your testing
<smoser> so this would hvae been another interesting data point
<zul> smb: xen works with libvirt-bin with me so far (had to patch it)
<hallyn> smoser: i'll do a simple kernbench in there
<hallyn> and compare to first layer
<smoser> and also to non-nested support second layer.
<smoser> but yea
<smoser> anyway
<smoser> i look forward to reading
<patrickmw> jamespage, any objection to me changing the "problem checking" jobs to run hourly or daily, vs URL checker?
<sconklin> roaksoax: you here for a cobbler note/question?
<smoser> sconklin, if he's not around i might be able to help.
<sconklin> I'm curious - cobbler chec says this, which is fine:
<sconklin> some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot
<sconklin> but when you run cobbler get-loaders, they are fetched from here:
<sconklin>  http://dgoodwin.fedorapeople.org/loaders
<roaksoax> sconklin: here
<sconklin> which seems like we're making some ciritcal bit of infrastructure dependent on an outside entity
<roaksoax> sconklin: well that's really fedora specific, but given that we have syslinux we should not really need that
<sconklin> roaksoax: then would it be reasonable to change the cobbler check message to indicate that?
<roaksoax> sconklin: i guess it would. this cycle I'll be doing more cobbler cleanup. Coiuld you please file a bug and assign it to me?
<sconklin> ok
<roaksoax> sconklin: thank you!
 * roaksoax bbl, off to lunch
<jamespage> patrickmw, none at all
<patrickmw> jamespage, I set them to run once a day.  Feel free to update the cron args if needed
<adam_g> roaksoax: any debugging tips... ive got a cobbler preseed, and one of the $SNIPPET() sections isn't being rendered, its showing up in the processed kickstart while the others are being rendered correctly. cant find any errors anywhere.
<uvirtbot> New bug: #918348 in mcollective (universe) "mcollective upstart script starts too many processes" [Undecided,New] https://launchpad.net/bugs/918348
<smoser> adam_g, how are you doing this snapshot stuff ?
<smoser> early_command ?
<adam_g> smoser: a late_command to do the initial snapshot, and partman early command to look for the pristine snapshot+restore+reboot
<adam_g> smoser: trying to do it in snippets with some logic around whether or not to restore the snapshot or do a full install again, based on profile name
<smoser> based on profile name
<adam_g> smoser: yeah.. as in,  if  system1 is assigned to profile precise-lvm-install, it will do a full install and create snapshot. if its assigned to precise-lvm-restore, it will restore from snapshot+reboot
<smoser> ah. yeah, that makes sense.
<smoser> i was thinking you meant management class
<smoser> which i thought owuld interfeer with juju
<smoser> (just confused mysefl)
<eagles0513875> ikonia: isolated the virt-manager issue to a bug in virt-manager bug 551432
<uvirtbot> Launchpad bug 551432 in virt-manager "virt-manager create disk image with LVM hangs for ever" [Medium,Triaged] https://launchpad.net/bugs/551432
<zul> hallyn: ping can you have a look at http://paste.ubuntu.com/808934/
<adam_g> smoser: this is what ive got working for the restoration http://paste.ubuntu.com/808939/
<adam_g> smoser: need to figure out how to get properly get dm-snapshot.ko  via udeb or some such
<adam_g> uh. that is, how to get dm-snapshot.ko properly installed
<smoser> i'd recommend the late_commadn base64 garbage to avoid shell quoting
<smoser> but that doesn't seem so bad.
<adam_g> smoser: where does the shell that gets encoded come from, in that case?
<hallyn> zul: looking
<smoser> adam_g, looking for something i did iearlier
<hallyn> zul: in src/xen/xen_hypervisor.c,
<hallyn> don't you want /usr/lib64/xen-default for one of them
<hallyn> ?
<hallyn> if not, you can get rid of the whole ugly ' ? : ' bit
<Darkwing> SpamapS: You going to be at Ubucon on friday?
<smoser> adam_g, http://paste.ubuntu.com/808943/ (copied from http://pad.daviey.com/smoser-cobbler-late-command)
<SpamapS> Darkwing: yeah I'll be around. 1:30 - 4:30 we are holding a juju Charm School.. you should stop by and write a charm. :)
<smoser> adam_g, that doens't really solve any problems for you, but maybe makes things easier for writing.
<zul> hallyn: both x86_64 and i386 use both the same qemu-dm for xen
<smoser> in that you can have a snippit that just says "run the stuff in this file early"
<Darkwing> SpamapS: I'll stop by. I'm working SCALE staff so, I'll be all over the place.
<hallyn> zul: so you can get rid of the "STREQ(hostmachine, "x86_64") ?
<adam_g> smoser: it might end up being a better idea when i move on to reinjecting juju's metadata
<zul> hallyn: gah...i should but the patch works as well :)
<hallyn> all right, good enough :)
<smoser> hm.. yeah, th ere-injecting that is goin got be not so fun.
<zul> hallyn: thanks
<Darkwing> SpamapS: I might stand in as I need to learn more about juju
<Darkwing> speaking of...
<Darkwing> jcastro: ping
<adam_g> smoser: im thinking the commands that are run in late_command could be run in partman_early_command as well, since that ks_meta stuff will ideally be in cobbler at that point too
<smoser> adam_g, right.
<smoser> you'll just have to kind of cheat "in-target"
<smoser> as they use that (i think)
<smoser> you're going to have to set up the mount pristine mount point and then run hijack in-target i think.
<roaksoax> sconklin: ping
<sconklin> roaksoax: o/
<roaksoax> sconklin: where you trying to import an ISO when you found bug #918357 ? Cause I can't seem to reproduce it
<uvirtbot> Launchpad bug 918357 in cobbler "cobbler import fails" [Undecided,New] https://launchpad.net/bugs/918357
<roaksoax> sconklin: http://paste.ubuntu.com/808992/
<sconklin> roaksoax: I just entered the command as shown with no parameters
<roaksoax> sconklin: uhm can't reproduce it as it doesn't fail in my case
<roaksoax> as per the pastebin
<sconklin> trying again
<sconklin> still fails
<roaksoax> sconklin: ok, I'll further investage. Thanks!
<sconklin> I haven't rebooted or logged out since I installed cobbler, does cobbler require environment setup?
<roaksoax> sconklin: no it doesn't. But will try to reproduce on a fresh install without rebooting/restarting the service.
<sconklin> ok
<roaksoax> bjf: ping
<bjf> roaksoax: yo!
<roaksoax> bjf: cobbler/virtinst arefixed now! just uploaded virtinst so just wait for the update and should be working like a charm
<roaksoax> s/wait for the update/wait for the build
<bjf> roaksoax: very nice! thanks!
<roaksoax> :)
<roaksoax> bjf: welcome, if you find any other issue feel free to ping me
<bjf> roaksoax: will do
<Lcawte> lewiscawte@lcserv:~$ ssh lcawte@translatewiki.net
<Lcawte> Segmentation fault
<Lcawte>  
<Lcawte> Whats up with that?
 * roaksoax will be back later
<mgw> any ideas what's wrong with this installer late_command:
<mgw> d-i preseed/late_command string chage -d 0 ubuntu
<hallyn> jamespage: the double buffering of network is killing me on net instll, and I ran out of disk space the first time near the end :)  but so far no correctness issues on doing net install inside a nested kvm vm
<hallyn> (it's my own fault for doing -net user, fwiw)
<stgraber> hallyn: nested kvm?? does that stuff actually work now?
<hallyn> stgraber: seems to be!
<hallyn> I'm still testing.
<hallyn> smoser: fwiw i'm hoping to do lxc fixes tomorrow (and friday)
<undecim> I have 3x 1TB drives and < 1TB of data that I'd like to preserve (currently on a single drive).... Is there any way to setup a software raid in a RAID 5 configuration without erasing my data?
<patdk-wk> undecim, sure, but raid5 won't preserve your data, very well
<patdk-wk> you just setup raid5 with one dead drive
<patdk-wk> move your data onto it, then replace the dead/empty drive with your other one
<undecim> What do you mean raid5 won't preserve my data very well?
<undecim> I mean... If less than two of the drives go out, I still have all my data, right?
<undecim> Also, setting up the raid with a dead drive is painfully obvious now that you mention it, lol
<sconklin> roaksoax: does the DHCP server installed as part of Orchestra only serve to the configured MAC addresses, or will it serve to anyone?
#ubuntu-server 2012-01-19
<adam_g> smoser: ping
<adam_g> smoser: if you see this, do these traces look like anything obvious to you? http://paste.ubuntu.com/809214/
<adam_g> smoser: ah, nvm.
<bjf> roaksoax: koan is still busted for me  http://pastebin.ubuntu.com/809254/
<roaksoax> bjf[afk]: will have a look
<b930913> What's the best way to set up a email daemon on a server I have to receive emails sent to a domain pointing at it?
<Titomen> anybody can help me here: rgotten@myplasticare:~$ sudo apt-get -y --force-yes -f install libgd-perl
<Titomen> [sudo] password for rgotten:
<Titomen> Reading package lists... Done
<Titomen> Building dependency tree
<Titomen> Reading state information... Done
<Titomen> Package libgd-perl is not available, but is referred to by another package.
<Titomen> This may mean that the package is missing, has been obsoleted, or
<Titomen> is only available from another source
<Titomen> E: Package libgd-perl has no installation candidate
<twb> What a horrible hostname
<Titomen> can you help
<twb> Titomen: some people are beyond help
<Titomen> please elaborate
<roaksoax> bjf[afk]: found the issue! bug #918538 will fix tomorrow
<uvirtbot> Launchpad bug 918538 in virtinst "precise is not supported" [Medium,Confirmed] https://launchpad.net/bugs/918538
<uvirtbot> New bug: #918543 in vm-builder (universe) "vbox build fails with NameMapper.NotFound: cannot find 'mac' " [Undecided,New] https://launchpad.net/bugs/918543
<goddard> if i wanna use SSL do i need to buy a cert?
<greppy> goddard: depends on how "official" you want to be.
<eagles0513875> hey ikonia found the root cause of virt-manager now not being able to create a pool
<lynxman> morning o/
<Alan> when you regenerate ubuntu's snakeoil SSL certificate, where is the CA key it uses?
<Alan> I want to import that into my browser so i don't get "invalid SSL certificate" warnings
<_ruben> isn't it self-signed and thus no CA involved?
<Alan> _ruben: does that make it impossible to add as trusted?
<Alan> I'm not actually sure i entirely understand the SSL certificate signing... is it just signed with another SSL certificate?
<Alan> which might in turn be signed by another SSL certificate, which might be one that is trusted?
<Alan> and it just follows the chain to find out if the root is trusted?
<_ruben> roughly, yes
<_ruben> the types of those ssl certs differ tho
<Alan> ok
<Alan> so a self-signed cert is actually an unsigned cert?
<_ruben> it's signed by itself :)
<Alan> ok
<Alan> so that makes it its own CA?
<_ruben> sort of :)
<Alan> but does that mean there is a certificate somewhere in the process that i could use to say "trust this certificate" ?
<_ruben> you could create your own personal CA, and use that to sign certs for your ssl services. then you could add that ca to your trusted ca store
<Alan> but you can't add the cert itselfd to the trusted CA store
<Alan> because it's not a CA
<Alan> but it kinda is
<_ruben> that's why i said "create your own personal CA, ...." ;)
<_ruben> then you can
<_ruben> check some openssl howtos, there's plenty of those around
<_ruben> or use a tool like tinyca2
<Alan> i was hoping to trust ubuntu's snakeoil
<_ruben> there's really not much point in that
<Alan> jumping through a load of hoops kinda defeats the point of how "simple" the snakeoil cert setup is...
<_ruben> it being simple also makes it limited :)
<Alan> seems like it's possible to add it to the OS's certificate store though...
<Alan> hmmm
<allenap> rvba: Can you give me a +1 in https://code.launchpad.net/~allenap/maas/test-bling/+merge/89078?
<_ruben> Alan: i must admit that my experience with the client side (the trusting of certs/cas) on linux is rather limited, most my client experience is with windows, for the server side i have experience with both :)
<_ruben> so whether or not it's possible to trust a single cert (not a ca) on ubuntu, i don't dare to tell ;)
<jamespage> negronjl, I'm going to scrub the hive package from the PPA (we need to use 0.7.1)
<Alan> _ruben: it's actually pretty easy, it seems, to add a cert to NSS (which both firefox and chrome use)
<Alan> http://blog.avirtualhome.com/2010/02/02/adding-ssl-certificates-to-google-chrome-linux-ubuntu/
<jamespage> med, negronjl: please give me a ping when you are around
<jamespage> need to discuss standards for packages :-)
<_ruben> Alan: getting a browser to trust a single cert tends to be trivial indeed, i was thinking systemwide stuff
<Alan> _ruben: not sure about systemwide, but who cares about systemwide :P
<_ruben> Alan: those who don't want do it for each app/user individually ;)
<uvirtbot> New bug: #918623 in apache2 (main) "Apache SSL config startup errors are neither printed nor logged" [Undecided,New] https://launchpad.net/bugs/918623
<allenap> rvba, jtv: Fancy a review? https://code.launchpad.net/~allenap/maas/top-of-file-boilerplate/+merge/89224
<rvba> allenap: sure
<rvba> eurj
<rvba> eurk even
<allenap> rvba: eurk?
<rvba> fr for yuck ;)
<allenap> rvba: Oh :( That bad?
<rvba> just kidding ;)
<Daviey> lynxman: What is the status of https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-cfjuju ?
<lynxman> Daviey: in progress but I have lower priority for it coming from upstairs so... I reckon I'll try to hunt it in a couple weeks
<Daviey> lynxman: is it actually going to get done?
<Daviey> If not, it would be better to unassign or postpone.
<lynxman> Daviey: yes it'll get done :)
<Daviey> lynxman: rocking
<Daviey> rbasak: should i just sync openmpi, and then we solve the ftbfs?
<lynxman> Daviey: waiting on your merge review for ipxe btw
<rbasak> Daviey: can you sync off experimental? I don't mind how we do it. I haven't yet investigated the ftbfs apart from that it fails if I try a build on ubuntu
<Daviey> lynxman: ah, groovy.. Will do that myself, or find another budding reviewer today
 * rbasak is hoping to bring more pandas online today
<Daviey> rbasak: yeah, i'll sync that now
<lynxman> Daviey: excellent
<Daviey> rbasak: ah, i wonder if the ftbfs was https://bugs.launchpad.net/ubuntu/+source/openmpi/+bug/813767
<uvirtbot> Launchpad bug 813767 in openmpi "fix fbtfs in openmpi (1.4.3-2.1) " [Undecided,Fix released]
<Daviey> or, http://launchpadlibrarian.net/86689726/openmpi_1.4.3-2.1ubuntu1_1.4.3-2.1ubuntu2.diff.gz
<Daviey> if it is those issues, it'll want a sync :/
<Daviey> err, merge
<rbasak> Yeah I didn't get to a conclusion about that. I didn't understand how the porters worked before christmas when I looked. Now I do, I'll be using my own panda :)
<Daviey> rbasak: would you be able to give it some attention soonly.. seems like an easy win. :)
<rbasak> as soon as I can. I'm sorting out getting my pandas online first so I can task switch more easily
<Daviey> rbasak: how many do you have now?
<rbasak> three
<Daviey> rbasak: you know, you could buy more sdcards :)
<rbasak> I've been using hard drives for speed
<rbasak> but yeah I didn't think of sdcards :)
<Daviey> utlemming: Around?
<Daviey> jamespage & utlemming: Happen to know status of, [utlemming] update image promotion process to integrate with Jenkins automated testing: TODO ?
<Daviey> jamespage: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-cloud-image-testing ?
<Daviey> jamespage: is "Publish daily testing results to jenkins.qa.ubuntu.com: TODO" actually DONE, on https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-complex-deployment-testing
<Daviey> ?
<jamespage> Daviey: no - not yet
<Daviey> k
<allenap> rvba, jtv: What do you think of using from __future__ import unicode_literals everywhere? It means that all strings would be unicode, and you get a str() with b"..." syntax.
 * Daviey ^5's allenap 
 * allenap ^5's Daviey, but wonders what prompted it :)
<jtv> allenap: I'm all for it.  Maybe even absolute imports, and what the hey, I'd go for the print function as well.
 * jtv had been quietly wishing for this but dared not mention it
<allenap> jtv: In 2.7 we get absolute imports by default I think.
<allenap> I shall get on it.
<jtv> I did a bunch of cross-version development (2.6/2.7/3.2) over the holidays.  Barry's tips helped immensely.
<jtv> In fact I keep an email of his in my mailbox about stuff I ought to blog about.
<allenap> I too have become an avid Barry porting missive reader.
<jtv> In a nutshell: better give up on getting your newline conversions right before you start on python 3.  :)
<rvba> allenap: sounds good
<uvirtbot> New bug: #918646 in mysql-5.1 (universe) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/918646
<jtv> rvba: overriding the runserver command works a treat.  Thanks.
<soren> jtv: Newline conversions?
<jtv> soren: yesâ¦ my impression is that that particular problem wasn't sufficiently re-thought in the new I/O model.  And so you can ask for newline conversion when reading a compressed file, but you can't specify the encoding!
<jtv> And so if you get a UTF-16 character, say, where one of the bytes happens to be equal to 13...
<soren> jtv: Oh.
 * soren hasn't dived into Py3k yet
<jtv> I'd been writing a module for python 2.6/2.7/3.x that would be best described as lib_open_my_god_damn_file.py
<jtv> Transparent decompression is one of the things it did, if needed.
<jtv> So you get a conceptual layering of:
<jtv> unicode
<jtv> bytes
<jtv> compressed file
<jtv> blocks etc.
<jtv> Where does newline conversion happen?
<jtv> Currently, at the "compressed file" layer.
<jtv> Which isn't aware that there might be b'\n' bytes in the data stream that aren't u'\n' characters.
<jtv> A-hah!  I hear you cry: just use something or other in codecs that handles newlines.
<jtv> But no, in python 3, codecs must always convert between bytes and unicode.
<jtv> Which is cleaner, but less malleable when it comes to this kind of thing.
<jtv> Newline conversion has to happen at (or above) the unicode layer.
<jtv> So either it must be part of the codec, or it needs a separate layer that AFAICS does not exist yet.
<onre> this sounds rather painful
<onre> possibly even like a design mistake
<jtv> In the case of compression, it can be handled by giving the gzip and bzip2 libraries the same open() API as the built-in one.
<jtv> I like to think of it as design skew: the standard library isn't all on the same page yet
<jtv> âso yes, a possible design mistake but with a slightly more optimistic view.  :)
<RoyK> py3k - is that like http://tools.ietf.org/html/rfc2550 ?
<jtv> Don't depress me.  I've got test code in that module that will start failing in a few centuries.
<jtv> Luckily for me, my program doesn't actually mind if it gets a few too many newlines, loses carriage returns, or mistakes paragraph boundaries for line breaks.  As a friend pointed out, "about right" is the new black.
<jtv> (By the way, b'\r\n' is a valid unicode character... in big-endian utf-16)
<jtv> allenap: I'm new to this side of buildoutâ¦ any idea how I can pull in python-oops and python-oops-wsgi?
<jtv> Write a recipe?
<jtv> I think I'll go look for a better headset first.
<smoser> jamespage, Daviey . so, looking at https://jenkins.qa.ubuntu.com/view/Precise%20ISO%20Testing%20Dashboard/view/Daily/job/precise-server-ec2-daily/ARCH=i386,REGION=eu-west-1,STORAGE=instance-store,label=ubuntu-server-ec2-testing/45/artifact/None/i386/m1.small/instance-store/i-929cf6db/uec2-20120119-0340-74e55fac26b44d-terminated.console.txt
<smoser> the mount issue came after a reboot that was issued by jenkins.
<smoser> so it would seem to me that that reboot resulted in /mnt not being unmounted cleanly
<smoser> maybe we could force this error just by repeatedly issuing reboot-instances
<hallyn> kirkland: shift-f2 isn't working for me in bybou-tmux anymore
<hggdh> roaksoax: your fence_cdu script: should the names of the machines be case-sensitive (-s)?
<adam_g> smoser: snapshot/restore working pretty good. http://paste.ubuntu.com/809683/ reusing the same snippets earlier seems to work fine for bootstrapping juju agents
<adam_g> Daviey: ^
<Daviey> adam_g: \o/
<Daviey> adam_g / jamespage: what is blocking making the jenkins results public?
<Daviey> ie, what is left to do?
<adam_g> Daviey: a firewall?
<Daviey> adam_g: right, but what needs to be done before we can progress to make it public?
<jamespage> Daviey, adam_g: are we happy with the automated process in the lab?
<adam_g> Daviey: nothing i suppose, if theres nothing wrong with making a WIP public
<jamespage> if so then I am OK to setup the results publishing
<jamespage> ^^ WIP ^^
<adam_g> im working on this snapshot stuff to reduce the # of provisioning failures
<uvirtbot> jamespage: Error: "^" is not a valid command.
<jamespage> nice
<jamespage> sorry uvirtbot
<Daviey> jamespage: I think exposing WIP has little negative impact?
<jamespage> well maybe not
<jamespage> its up to you
<adam_g> ive still been focusing on getting the bootstrapping an deployment working as reliably as possible
<adam_g> its pretty reliable as-is, but we're still running into periodic archive errors during initial installation, which require a 45 min timeout to pop before the test is failed
<jtv> allenap, bigjools, rvba: do we have any opinions on where to put MaaS oopses?  I'm thinking maybe /var/log/maas in production, ./logs in development.
<Daviey> yeah, if it's constaly failing there is no beneift to allowing me to see it :)
<smoser> adam_g, great. and that is going into early_command ?
<rvba> jtv: sounds good.
<adam_g> Daviey: if you look at it now, the precise-openstack-essex-deploy. the minority are failures, but those are all archive errors during install. after install, those errors can be worked-around
<adam_g> smoser: the partman early_command, yeah.
<allenap> jtv, rvba: Up for a review? https://code.launchpad.net/~allenap/maas/coding-standards/+merge/89255.
<jtv> allenap: I can take it
<Daviey> adam_g: you know, that could be a udeb :)
<allenap> jtv: Thanks.
<adam_g> Daviey: the kernel module? yeah.. but what udeb provides it? or, how to build one myself for every new kernel thats released?
<jtv> allenap: I guess this means we get sensible fixed-width indenting, not the squeeze-in-arguments-all-the-way-on-the-right indenting.  Nice.
<Daviey> adam_g: sorry, this lvm work is in di or cloud-init?
<adam_g> Daviey: d-i
<jtv> allenap: you're lying about the database cluster though.  A plain "make" no longer sets up the database, as per your recommendation.  But "make syncdb," "make run," and "./bin/test" do.
<allenap> jtv: I hadn't thought about that, but \o/
<allenap> jtv: Ah, okay, that was a copy-n-paste. I'll update that.
<jtv> Also, we now have ./bin/django deletedb
<Daviey> adam_g: yeah, i was thinking - it could be wrapped into a udeb, passing preseed for the differing values.. rathe rthan hacking it into a late_command
<jtv> allenap: I think it was a copy-and-paste from an older version of the readme..?
<jtv> Ah no
<adam_g> Daviey: i need to get a udeb together for the kernel module for sure. as for the scripting, i quite like having it embedded in the snippet, because we can make use of logic around profile name, mgmt classes, etc in cobbler to determine whether or not to restore or install.
<rvba> allenap: oh, I've duplicated what you did with the README in my api doc, sphinx branch ;)
<jtv> allenap: mp done
<Daviey> adam_g: ok.. i just wondered if it made a nice thing that culd be reused in the archive..
<Daviey> but either way :)
<smoser> roaksoax, ping
<allenap> rvba: Cool :)
<allenap> rvba: Is that ready for review?
<allenap> jtv: Thanks.
<rvba> allenap: well, I've reverted it, I'll merge your branchâ¦
<rvba> allenap: almost
<allenap> rvba: I don't have Sphinx yet. I'll sort that out next I think.
<roaksoax> smoser pong
<rvba> allenap: I need to merge your branch but otherwise, it's up for review: https://code.launchpad.net/~rvb/maas/maas-api-doc/+merge/89263
<roaksoax> hggdh: uhmmm I thought it was case sensitive
 * allenap looks
<hggdh> roaksoax: it is, I just wanted to confirm it is as planned
<allenap> rvba: Conflicts!
 * rvba looks
<roaksoax> hggdh: yeah I'm not doing anything to not consider it as case sensitive :).
<hggdh> heh
<allenap> bigjools: How are investigations of cobbler going?
<hggdh> roaksoax: I guess my question was more "is it as designed, or just because" -- but you already answered it ;-)
<jtv> bigjools: review basic oops integration?  I'd like your feedback on how much more we want to add on top: https://code.launchpad.net/~jtv/maas/oops/+merge/89267
<xorred> has anyone had any experience with installing memcache on ubuntu server here?
<xorred> it seems it's installed correctly, it's running, but I can't seem to be able to see it enabled in php
<xorred> php -r 'phpinfo();' | grep 'memcache' returns nothing
<roaksoax> hggdh: ehehehe ;)
<patdk-wk> xorred, why would it?
<patdk-wk> you need to *access* it from php somehow
<patdk-wk> either by making your own socket calls, installing a php memcache lib, or whatever
<onre> xorred, you need to separately install either one of the memcache extensions for php.
<onre> xorred, php5-memcache and/or php5-memcached, latter is "better" from programmer point of view
<SpamapS> jamespage: re zookeeper+start-stop-daemon.. no, I never pushed it anywhere, but I think I can now..
<jamespage> SpamapS, sweet - thanks
<kirkland> hallyn: are any other keybindings broken?
<kirkland> hallyn: what version of byobu?
<SpamapS> jamespage: testing built debs now.. seems to work
<xorred> onre: I just ran apt-get install php5-memcached, and my site went DOWN
<xorred> holy ****
<xorred> please help, onre
<xorred> what happened?
<onre> xorred, well, look in apache error log to see what's failing.
<xorred> apache runs just fine, apache2ctl restart shows no error
<onre> xorred, /var/log/apache2/error.log
<onre> haven't had that happen to myself
<xorred> 13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
<xorred> 13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
<xorred> no listening sockets available, shutting down
<xorred> Unable to open logs
<xorred> ok
<xorred> onre: now I see A LOT of segmentation faults
<xorred> on the log
<xorred> ls
<jamespage> SpamapS, great
<onre> well, either remove the module or find the config file that loads it. can't remember where it is, somewhere under /etc/php5/ iirc
<rvba> allenap: conflicts fixed (diff updating).
<allenap> rvba: Cool.
<bigjools> allenap: coming along!
<bigjools> jtv: sure
<xorred> guys, my site is down
<xorred> onre: man, please help me out
<xorred> this happened after I followed your suggestion to install memcached
<xorred> now, I have ran the php5-memcached remove, but nothing happens
<allenap> rvba: Is there meant to be a prerequisite branch? There's a lot of code changing in there.
<xorred> the log shows segmentation faults all over
<rvba> allenap: no rereq, but most of it is boiler plate code added by the initialisation of sphinx.
<onre> xorred, do you have any non-standard stuff installed or configured in there, and what exactly is segfaulting?
<rvba> allenap: docs/Makefile and docs/
<rvba> â¦docs/conf.py
<bigjools> jtv: you want me to look at that MP as well as allenap's review?
<xorred> onre: I found the conflictiing module
<xorred> now... just if I were able to un-install xcache :D
<onre> xorred, alternatively you can just disable it from being loaded.
<onre> xorred, and be done with it.
<jtv> bigjools: I'd just like to know what else you want done on top of this.
<bigjools> jtv: ok, looking at it now
<jtv> thx
<roaksoax> bjf: howdy!! I just uploaded a patch for what seems to be your bug. So should be built soon let me know how it goes
<bjf> roaksoax: cool, look forward to giving it a spin
<kirkland> roaksoax: have you seen https://wiki.ubuntu.com/Kernel/Reference/Orchestra ?
<kirkland> Daviey: ^
<roaksoax> kirkland: cool
<Daviey> kirkland: yeah, they were digging it last week.
<kirkland> Daviey: good stuff, man
<allenap> rvba: There's quite a lot of new code, like the whole of NodesHandler.
<rvba> allenap: that's right :)
<allenap> rvba: Okay...
<rvba> allenap: but most of it is simply refactoring
<rvba> allenap: and documentation
<allenap> rvba: Okay, if you promise :) It looks like lots of new untested code, but then I can imagine that it's something to do with what Piston expects.
<hallyn> soren: i'm going to add kvm nesting as an option through /etc/default/kvm.  I'm leaning toward making it enabledy by default.  Test shows no impact on guest perf.  Do you object to enabling by default?
<hallyn> jamespage: smoser: zul: ^
<smoser> i do not object.
<rvba> allenap: really, no new code was added!  Only the create method was splitted into two.
<rvba> allenap: well, resource_uri is new, but that's it.
<smoser> smb, how did you do that ascii art ?
<allenap> rvba: 770 lines diff?
<smb> smoser, the keyboard? ;)
<smoser> once again, smb shows he's a better man than i.
<hallyn> smoser: as for your question about 2nd level nesting perf, it's about what you'd expect.  compiling a tiny program jumps from .8 seconds to 2.8 seconds without kvm in second level
<smb> smoser, MAybe just a bit more anal... :-P
<rvba> allenap: 769 yes, but again, most of it is docs/Makefile and docs/conf.py.
<smoser> hallyn, i dont follow.
<smb> smoser, I thought it takes me probably longer to find out how that nicer moin things work again
<smoser> smb, i figured you used some modeling tool that could output ascii art
<smb> smoser, Yeah, but no. Just alot of patience
<hallyn> smoser: run kvm on the host.  inside that kvm guest, run kvm, and compile a small program (suckless' ii).  If you run the kvm guest without '-cpu host' (to provide nested kvm), it takes 2.8 seconds.  With '-cpu host', it takes .8 seconds
<smoser> wow.
<smoser> thats not what i would have expected at all.
<smoser> much better improvement than i would have thought.
<SpamapS> jamespage: https://code.launchpad.net/~clint-fewbar/ubuntu/precise/zookeeper/drop-daemon-dep/+merge/89284
<hallyn> well, aiui, the cpu should be host speed, you just have (a) slower disk, and (b) issues with shadow paging in memory.
<hallyn> anyway, i'll go enable it.  thanks.
<SpamapS> hallyn: why doesn't kvm default to nesting if its available?
<hallyn> SpamapS: they don't say.  relevant docs are http://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf   and Documentation/virtual/kvm/nested-vmx.txt in the kernel source.
<hallyn> presumably bc i'ts new
<SpamapS> Yeah that would be nice if it just happened
<hallyn> of course otoh i don't want mysterious new failures due to a bug in the nesting support...
<hallyn> paper says 6-8% perf impact on second level guest vs. first level.  not bad.
<SpamapS> hallyn: in the past I'd have agreed, but IMO, proper test coverage (both across software and hardware types) should alleviate the need for such caution.
<SpamapS> But yeah, maybe a release or two with it not on by default is prudent. :-)
<hallyn> SpamapS: yes, i'm figuring if there are bugs, we have 2 months to run into them
<hallyn> so right now i'm going to enable it.  it worked great for me yesterday and today under pretty heavy use.
<bjf> roaksoax: looks like the same error - http://pastebin.ubuntu.com/809812/
<roaksoax> bjf: uhm ok... so http://192.168.1.6/cblr/ks_mirror/precise-x86_64/ is empty then?
<bjf> roaksoax: The requested URL /cblr/ks_mirror/precise-x86_64/ was not found on this server.
<roaksoax> bjf: can you pastebin /var/www/cobbler/ks_mirror and /var/www/cobbler/ks_mirror/precise-x86_64
<bjf> roaksoax: ok, the directory name is different as seen here: http://pastebin.ubuntu.com/809816/
<hallyn> SpamapS: hey upstart guru, do you have any objections to the way I'm doing this?  http://people.canonical.com/~serge/debdiff
<roaksoax> bjf: ah that's the error, did orchestra imported those ISO's directly?
<roaksoax> adam_g: are we updating the ISO's by a cronjob?
<bjf> roaksoax: yes, i've done nothing manually/myself other than install orchestra
<roaksoax> s/by a/with a/
<roaksoax> bjf: interesting issue, I'll look into that
<bjf> roaksoax: any way i can work around it (symlink i suppose)
<roaksoax> bjf: do this then: sudo cobbler profile edit --name precise-x86_64 --ks-meta tree=http://@@http_server@@/cblr/repo_mirror/precise-x86_64-x86_64
<bjf> roaksoax: note, a netboot of bare metal worked
<roaksoax> bjf: yeah, because koan uses the "tree" variable from ks_meta in order to determine whre the installation tree is located
<bjf> roaksoax: --ks-meta is a bad option
<adam_g> roaksoax: where?
<bjf> roaksoax: ah, --ksmeta (no hyphen)
<roaksoax> bjf: --ksmeta sorry
<roaksoax> yeah
<roaksoax> adam_g: in the import scripts we use for orchestra/cobbler? are they been run by a cronjob to update the ISO's?
<adam_g> roaksoax: ya. as of precise, if a distro exists, orchestra-import-isos calls: cobbler-ubuntu-import -c $r-$a && cobbler-ubuntu-import -u $r-$a to update it if necessary
<bjf> roaksoax: running koan after that produce: http://pastebin.ubuntu.com/809826/
<roaksoax> adam_g: ok I think there might be something wrong with that as it creates directories with distro-arch-arch
<roaksoax> bjf: libvir: error : Cannot get interface MTU on 'virbr0': No such device
<roaksoax> bjf: specify the virt interface you are using with virt-bridge i think
<bjf> roaksoax: so i need to define a bridge device ?
<roaksoax> bjf: it defaults to virbr0 but if you don't have it, then you would have to specify it. 'sudo koan --server localhost --virt --profile precise-x86_64 --virt-bridge=br0'
<roaksoax> for exmaple
<roaksoax> bjf: or you can define it in the cobbler profile
<bjf> roaksoax: so the error indicates that i don't have it, should it have been created during install?
<roaksoax> sudo cobbler profile edit --name precise-x86_64 --virt-bridge br0 --> If you do this, you don't need to specify it wen using koan
<roaksoax> bjf: I think kvm should have created it automatically on install
<roaksoax> hallyn: ^^
<roaksoax> should kvm create a virbr0 on install?
<hallyn> no
<hallyn> that's libvirt
<roaksoax> err yeah, should libvirt create it ayutomatically then after install?
<hallyn> yes
<hallyn> unless you have in the past removed it ( as some people have )
<hallyn> if it's not, pls do file a bug, as that's wrong
<bjf> hallyn, ack
<hallyn> thx
<roaksoax> hallyn: thanks ;)
<bjf> roaksoax: bug 918807
<uvirtbot> Launchpad bug 918807 in libvirt "[precise] virbr0 not created during fresh install" [Undecided,New] https://launchpad.net/bugs/918807
<mdeslaur> hallyn: whoa, nested kvm!
<hallyn> mdeslaur: yup, \o/
<bjf> roaksoax: i'm not convinced virbr0 wasn't created. i have this in my syslog: ADDRCONF(NETDEV_UP): virbr0: link is not ready
<SpamapS> zul: hey, can you delete this recipe? It has never built correctly https://code.launchpad.net/~zulcss/+recipe/memcached-daily-maverick and just emails me weekly with its FTBFS
<uvirtbot> New bug: #918826 in postfix (main) "package postfix 2.7.0-1ubuntu0.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/918826
<roaksoax> bjf: uhmmm I;ll do a fresh install and see what I find, and then will be able to confirm.
<pmatulis> mdeslaur: nested kvm?
<mdeslaur> pmatulis: kvm working inside a kvm guest
<pmatulis> mdeslaur: understand the concept.  so it's upcoming?  announcement?
<mdeslaur> pmatulis: hallyn uploaded a qemu-kvm package to precise that turned it on, that's how I noticed
<pmatulis> mdeslaur: i see.  nice
<hallyn> i recon i need to at least blog about how to use it, but yeah it needs to go into release notes at some point
<hallyn> to use it, you'll still need to add '-cpu host' or -cpu qemu64,+vmx in your qemu args
<pmatulis> hallyn: yeah, i'd like to see your blog when it's done
<hallyn> it'll be pretty short :)  it'll be on planet.u.c though, if you check that.  if not i'll let you know when it's up
<osaka> I'm planning to use KVM and OpenVZ, which kernel shall I install server or virtual?
<osaka> or is virtual used when its being a guest?
<osaka> https://help.ubuntu.com/community/ServerFaq#What_are_the_differences_between_the_server_and_virtual_kernels.3F
<cwillu_also_at_w> osaka, virtual is intended for guests, yes
<zul> hallyn: no objections for nested kvm
<uvirtbot> New bug: #918884 in mysql-5.1 (universe) "mysql server won't run so the logzilla application I am trying to test and evaluate is not running" [Undecided,New] https://launchpad.net/bugs/918884
<tdn> How do I play video without X? I thought I could to mplayer video.avi  -fb /dev/fb0, however /dev/fb0 does not exist on a deafult Ubuntu Server 11.10? What to do?
<niksoft> hello
<niksoft> hmmm, very quiet in here... Hey anyone want to talk about the broken LACP implementation in the Ubuntu server? At least as far as i can tell it is lightly broken
<tdn> How do I get sound working in Ubuntu Server? What packages do I install?
<SpamapS> tdn: what program do you want to play sounds with?
<SpamapS> tdn: I'd imagine you just need to install the program, and it will pull in the deps that enable it to play sound through any hardware you have
<uvirtbot> New bug: #918827 in vsftpd (main) "vsftpd running on non-standart port by inetd failing after inetd restart" [Undecided,New] https://launchpad.net/bugs/918827
<youlysses> 2 questions. 1. unlike ubuntu desktop is the server edition comprised of all FOSS? 2. Is anybody or can anybody reccomend it as a general file/print server? Seems good for the fit.
<dvance> 1. I am not sure 2. I would, yes
<youlysses> Ok cool, I'll guess i'll further look into it. But I just setup my "battlestattion" and it's quickly becoming a pain to try to keep these files synced... :P
<dvance> been there, is it nessesary that it's 100% FOSS ?
<youlysses> Morally yes, but I could manage ... i guess...
<kirkland> smoser: hey, are you around?
<smoser> here
<kirkland> smoser: can you help edygarcia with a problem with ubuntu-cloudimg-query?
<kirkland> smoser: it's working fine for me, but not at all for him
<kirkland> smoser: we're both on 11.10
<kirkland> smoser: i gotta run, but thanks in advance!
<edygarcia> smoser: hi, I am trying to configure my environment, the ec2-describe-images is working fine
<edygarcia> smoser: the error I get is faild to find ami, when I run ubuntu-cloudimg-query t1.micro oneiric
<edygarcia> smoser: or any description for that matter
<utlemming> edygarcia: try rm -rf ~/.cache/ubuntu-cloudimg-query
<utlemming> and then try again
<smoser> edygarcia, i suspect you have bad data in cache
<smoser> but
<smoser> wait
<smoser> before you do that
<smoser> please save that off
<smoser> in case it was it.
<Daviey> smoser / roaksoax: Fancy reviewing, and if suitable - uploading https://code.launchpad.net/~lynxman/ubuntu/precise/ipxe/newsnapshot/+merge/88329 ?
<edygarcia> smoser: same error after deleting the cache
<roaksoax> Daviey: sure
<Daviey> roaksoax: ta
<smoser> edygarcia, can you pastebin ~/.cache/ubuntu-cloudimg-query/oneiric.server.released.current.txt ?
<edygarcia> smoser: http://paste.ubuntu.com/810083/
<niksoft> Let me try again, hi, i'm trying to configure an ubuntu server to serve files on a 20Gbit link, or rather a 2 x 10 Gbit bonded link, from what i see the 802.ad (LACP) implementation fails to correctly balance the TX, favoring one of the nics and not sending any data on the other. Can anyone help me look into this?
<niksoft> 802.1ad*
<smoser> edygarcia, hm..
<elfurbe> So I've got two SSDs in a server I'm building. I'd like TRIM to work but I need them mirrored. I've tried creating a mirrored lv but had no luck either at install time (dm_mirror module doesn't exist) or after (can't add mirrors to an existing lv apparently)
<elfurbe> Anyone have any thoughts?
<elfurbe> My understanding is that md devices don't support trim which is why I'm trying it this way
<niksoft> elfurbe raid? software or hardware
<elfurbe> software, I can't make the pseudo-raid on this motherboard work for anything
<niksoft> oh no mobo implementations are very incomplete most of the time
<elfurbe> It's a Supermicro, has both Intel and Adaptec codebases, neither of them make volumes that are visible to the installer
<elfurbe> So whatevs, I put the ssds in AHCI mode and figured I'd work something out
<elfurbe> But so far I can't make it work
<niksoft> elfurbe what kernel are you on?
<elfurbe> This is during the installer for 11.10
<elfurbe> I need the rootfs to be on the mirror
<niksoft> can you drop into a shell and do uname -a ?
<elfurbe> Yeah, but I'll have to relay output the old fashioned way
<niksoft> morse code?
<elfurbe> Linux gluon 3.0.0-12-generic #20-Ubuntu SMP <date> x86_64 GNU/Linux
<elfurbe> No, by reading one screen and typing it out :D No copy and paste
<elfurbe> The installer's partitioner has no support for mirrored lvs so I'm trying to do it by hand from one of the other ttys
<niksoft> intel brought in the functionality in at 2.6.33
<elfurbe> The trim sauce you mean?
<elfurbe> Yeah, but it still doesn't work for mdraid devices, right?
<elfurbe> Only dm?
<niksoft> http://serverfault.com/questions/227918/possible-to-get-ssd-trim-discard-working-on-ext4-lvm-software-raid-in-linu
<niksoft> i believe you are correct
<niksoft> as of yet software raid may not support trim
<niksoft> Hmm perhaps worth asking around in ubuntu kernel channel...
<smoser> roaksoax, https://code.launchpad.net/~smoser/ubuntu/precise/cobbler/improvements.cui/+merge/89347
<smoser> edygarcia,
<edygarcia> smoser: yes
<roaksoax> smoser: looking
<smoser> can you pastebin: bash -x ubuntu-cloudimg-query t1.micro oneiric > out 2>&1
<roaksoax> smoser: looks good to me.
<roaksoax> smoser: you want me to upload those?
<smoser> roaksoax, sure.
<smoser> that makes updating as easy as : sudo cobbler-ubuntu-import --update-existing
<roaksoax> smoser: awesome!! I'll upload it tonight
<smoser> edygarcia, see pastebin request above
<edygarcia> smoser: http://paste.ubuntu.com/810113/
<smoser> edygarcia, remove psace between 2 and > anda 1
<smoser> something waswrong
<smoser> you want
<smoser> can you pastebin: bash -x ubuntu-cloudimg-query t1.micro oneiric 2>&1 | pastebinit
<smoser> ( if you dont have pastebinit: sudo apt-get install pastebinit )
<edygarcia> smoser: http://paste.ubuntu.com/810118/
<hallyn> ahs3: Can I sling you a debdiff to enable 'make check' for netcf on sid?
<ahs3> hallyn: go for it
<hallyn> thx - be a few mins
<ahs3> np
<hallyn> ahs3: http://people.canonical.com/~serge/netcf-enable-test.debdiff
<smoser> edygarcia, i'm not sure why, but try adding us-east-1
<smoser> (ie, specifying the region)
<ahs3> hallyn: kewl.  i'll see if i can get that in tonight or sometime tomorrow.
<hallyn> ahs2: thanks!
<smoser> hallyn, https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/918946
<uvirtbot> Launchpad bug 918946 in lxc "cannot run libvirt in an 'lxc create -t ubuntu' container" [Undecided,New]
<hallyn> smoser: yeah.  were there others you needed to run libvirt?
<hallyn> smoser: I'm just getting around to uploading fix for bug 918343 btw
<uvirtbot> Launchpad bug 918343 in libvirt "libvirt-bin missing dependency on dbus" [Medium,Confirmed] https://launchpad.net/bugs/918343
<hallyn> smoser: if no others, i'll goa head and post that fix right now
<hallyn> oh, i see
<smoser> hallyn, still not tested all the way.
<smoser> wait.
<hallyn> smoser: actually that bug you just opened, that is fixed in the version i pushed an hour or two ago
<smoser> oh?
<smoser> you can run libvirt in a container now?
<edygarcia> smoser: that did the trick, thank you, I have EC_REGION set to that but it is not using it :)
<hallyn> (thinking)  maybe not
<hallyn> no, unrelated, nm
<smoser> edygarcia, well, even this seems to work fine for me:
<smoser> EC2_REGION=us-east-1 ubuntu-cloudimg-query t1.micro oneiric
<smoser> but i'm using precise.. possible that i've fixed that.
<edygarcia> smoser: works for kirkland as well and he is on oneiric, I will look closer into it tomorrow, thanks again
<uvirtbot> New bug: #918946 in lxc (main) "cannot run libvirt in an 'lxc create -t ubuntu' container" [Undecided,New] https://launchpad.net/bugs/918946
<smoser> hallyn, am i doing something wrong
<smoser> $ sudo lxc create -t ubuntu -n lv1
<smoser> E: -t - no such container
<smoser> yes.
<smoser> yes i am
<hallyn> smoser: 'lxc-create', not 'lxc  create'
<smoser> lxc-create
<smoser> dagum feeble brain
<hallyn> pushing fix about now
<hallyn> doh!  branches diverged.  i hate that crap
<hallyn> you know, i *try* to make SpamapS happy, but he keeps disappointing
<smoser> hallyn, you broke lxc-list
<smoser> $ lxc-ls
<smoser> lv1
<smoser> lv1
<smoser> gr...
<smoser> maybre not
<smoser> you should just exit early on all those scripts if you think that they can't be run as non-root
<hallyn> smoser: i fixed lxc-ls just now...
<hallyn> it *can* be run as non-root, it just couldn't bc i was mistakenly mkdiring the cgroup dirs as 0700 not 0755
<smoser> well, lots of them can't be
<smoser> but just error randomly or not at all
<hallyn> like i say there are more little naggly cleanups queued up on my other laptop, hopefully i push tomorrow
<hallyn> yes, those should be fixed
<hallyn> smoser: which ones are you thinking of?
<ZiggyTheHamster> I've got a really stupid problem with sendmail that I am going insane trying to figure out. Anyone around that might have some suggestions? :)
<ZiggyTheHamster> (I'm using sendmail to send from the server only, not to receive mail)
<smoser> dont know really. one of them just got me a bit ago
<smoser> i'll let you know
<smoser> hallyn, annoying failure:
<smoser> http://paste.ubuntu.com/810148/
<hallyn> that was as unpriv user?  That's one you wanted to exit out when you're not root?
<smoser> well a simple "permission denied" is bette rthan that.
<smoser> or "you cant do that, jim"
<hallyn> right - cause 'not root' is not sufficient check (if you're using lxc-setcap).  But yes, it should be checking early.
<undriedsea> If I have two servers connected to the same chassis of SAS disks in a RAID10 (on the chassis), could I install IET (iSCSI target software) on both, export the disk array, setup iSCSI multi-pathing on my client and have an HA storage environment? I was thinking active/passive.
<cwillu_also_at_w> undriedsea, high availability is not the result of a combination of techniques
<cwillu_also_at_w> it's the result of the combination of understanding and process
<cwillu_also_at_w> taken at face value, what you describe provides about the same level of availability in principle as a raid1 , but with a much higher complexity
<cwillu_also_at_w> whether that added complexity actually results in improved service is a matter of how well you design the system, and how well the process you put in place works to prevent mistakes during both normal and degraded operation
<uvirtbot> New bug: #918956 in quagga (main) "package quagga 0.99.17-4ubuntu1.1 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/918956
<hallyn> roaksoax: any chance I could get you to upload http://people.canonical.com/~serge/netcf-precise-runtests.debdiff ?
<hallyn> i seem to lack privs
<cwillu_also_at_w> (consider that the rate of fatal crashes for small twin-engine aircraft is nearly identical to that for single-engine aircraft:  the extra complexities almost perfectly offsets the redundancy provided at that level of operation)
<roaksoax> hallyn will sure do
<Daviey> roaksoax: just uploaded.
<hallyn> roaksoax: thanks!
<roaksoax> Daviey lol k
<undriedsea> cwillu_also_at_w, the failure I am trying to guard against is the iSCSI target server. In real production the failure rate of everything else has been very low. I guess I am wondering if the setup described would work.
<adam_g> undriedsea: drbd+pacemaker+ietd active/passive is a pretty straightforward and common HA clustering setup.
<undriedsea> adam_g, I have been seeing that as well, in this case since the disks are connected to both iSCSI servers, I was hoping to avoid using DRBD.
<undriedsea> I don't want a SW-RAID1 when I already have a HW-RAID10
<adam_g> undriedsea: ah, misread originally
<undriedsea> Oh np, thanks for the suggestion
<edygarcia> smoser: I found the problem, I setup my EC2_URL per https://help.ubuntu.com/community/EC2StartersGuide in the format of ec2.<region>.amazonaws.com , but it is parsed as <region>.ec2.amazonaws.com
<edygarcia> smoser: commenting out my EC2_URL, and leaving the EC2_REGION fixed it
<adac> guys, is it possible to install virtualbox on ubuntu server? mean without grafical interface? does someone know a good tutorial to that?
<niksoft> Anyone have any good suggestions on building a high tps and high throughput web box? before you answe, i am talking over 10k tps and over 10gig throughput. Currently i have a bonded 20Gig, 96 gb of ram, 24 virtual cores, nginx compiled with threaded malloc from google performance, and tons of tweaks to the network defaults
<niksoft> serving out of a ramdisk
<niksoft> aanyone?
#ubuntu-server 2012-01-20
<adam_g> roaksoax: around?
<smoser> hallyn, around?
<roaksoax> adam_g: here
<twb> Anyone familiar with cupsd to cupsd interactions?  I want a second opinion re http://paste.debian.net/152910/, and ##cups is asleep
<cwillu_at_work> twb, stick a small box on the laptop segment to provide the discovery to its hardcoded connection to the actual server?
<twb> cwillu_at_work: the issue is how do I even tell the cupsd to talk to one another
<cwillu_at_work> hmm, actually, why can't you just add BrowserPoll server to the laptops local config?
<cwillu_at_work> that seems to be "a way to simply tell a laptop cupsd "there is a another cupsd at 1.2.3.4, go talk to it" ?"
 * cwillu_at_work highlights twb 
<twb> hmm?
<twb> because CUPS proto is push-based UDP broadcast
<twb> The other one is supports is DNS-SD but that's Hairy and I don't want to install avahi
<cwillu_at_work> And this is a third
<twb> Hmm, /me looks at docs again
<cwillu_at_work> man cups-polld and the referred cupsd.conf
<cwillu_at_work> ...entries
<twb> Thanks, man, I don't know how I missed that
<twb> Wow that seems to Just Work
<twb> Well, if I call it by hand... it isn't Just Working from cupsd.cnf
<cwillu_at_work> you cleared out the old settings?
<cwillu_at_work> BrowseInterval 0 for instance?
<twb> I hadn't even typed in any of that yet
<twb> Just a minute
<twb> OK this works: /usr/lib/cups/daemon/cups-polld printserver 631 60 123456
<cwillu_at_work> twb, fallout from https://bugzilla.redhat.com/show_bug.cgi?id=720921 maybe?
<uvirtbot> bugzilla.redhat.com bug 720921 in cups "cups-polld busy-loops in recvfrom() after suspend/resume" [Unspecified,Closed: errata]
<twb> OK, got it
<twb> You have to have "Browsing On" and not misspell "BrowsePoll", and use IP or enable hostname resolution
<cwillu_at_work> heh
<smoser> hallyn, merge proposal made for bug 918946, actually tested fix. well, not *pure* test, but pretty close
<uvirtbot> Launchpad bug 918946 in lxc "cannot run libvirt in an 'lxc create -t ubuntu' container" [Low,Fix released] https://launchpad.net/bugs/918946
<twb> http://paste.debian.net/152912/
<twb> cwillu_at_work: ^^ FYI
<cjs> When I run "sudo aptitude update" it seems to work ok, and I don't see any obvious error messages, but on one of my systems it always exits with an error code (255) rather than 0. What's causing this?
<cjs> (And how do I fix it?)
<cjs> Ah, the bugger just wasn't printing out error messages that apt-get does print.
<hallyn> smoser: i'll test it and upload tomorrow, thx
<niksoft> hello, any devs in here?
<tdn> SpamapS, mplayer. I have already installed it.
<tdn> SpamapS, but sound does not work.
<tdn> SpamapS, I can play video in the console though.
<twb> tdn: mplayer -vo fbdev
<dravekx> Hi
<dravekx> who feels like helping me out with a webserver setup? :D
<dravekx> *basic
<ChmEarl> tasksel
<ChmEarl> there you have been helped ;)
<dravekx> meh
<pehden> ...
<salientdigital> Pardon the intrusion from a relative noob, but I'm wondering if someone might help me troubleshoot postfix
<salientdigital> I can send out from command line but mail sent from other domains never seems to arrive. maybe it's a dns or firewall issue. I'm not too sure.
<dravekx> postfix :S
<salientdigital> i'm not opposed to switching to whatever
<salientdigital> ports 110 and 25 are listening
<salientdigital> I just followed the very basic steps at http://www.cyberciti.biz/faq/linux-unix-bsd-postfix-forward-email-to-another-account/
<salientdigital> I really just need a couple of forwarders quite honestly
<greppy> salientdigital: does anything show up in the logs?
<salientdigital> no
<salientdigital> tail -f /var/log/mail.err    <nothing>
<salientdigital> that right
<salientdigital> ?
<greppy> or /var/log/mail.log
<greppy> did you setup the MX record in DNS?
<salientdigital> ah there's some logging here yes
<salientdigital> from the test i sent out though it looks like
<greppy> so it works from the box, but mail sent to it never arrives?
<salientdigital> yes i can send out but not receive
<salientdigital> that's the symptom
<salientdigital> the problem may not be postfix but in between
<greppy> did you setup the mx record in DNS to point to your server?
<salientdigital> if it were working right, shouldn't I be able to tail -f /var/log/mail.log and see the incoming within a few seconds?
<greppy> seconds or minutes, depending, mail is not IM :)
<salientdigital> I believe the MX record is setup right
<greppy> what domain are you trying to send to?
<salientdigital> salientdigital.com
<salientdigital> i have a CNAME mail. pointing to @
<salientdigital> MX is mail.
<salientdigital> I had a CPanel server before, I just ported a couple of my sites to an Amazon EC2 instance
<greppy> two problems...
<salientdigital> okâ¦ educate me o smart ppl
<greppy> I *think* there are issues with running a mail server on EC2, I know that people have run into issues in the past, not sure if there was a work around or setting...
<salientdigital> hm, i wondered about that
<greppy> and: The host name must map directly to one or more address record (A, or AAAA) in the DNS, and must not point to any CNAME records
<salientdigital> I can change that
<greppy> so simply: make 107.20.6.89 an A record to mail.whatever
<salientdigital> understood
<greppy> then make your mx record point to mail.whatever.
<greppy> but trying to telnet to 107.20.6.89 on port 25 gets no response, so something is stopping you there.
<salientdigital> yeah i tried that too and thought it was cox (my isp)
<greppy> which it could be.
<greppy> :)
<greppy> as well that is.
<salientdigital> i know cox blocks port 25
<greppy> lots of ISPs do
<greppy> it's amazing how much SPAM is stopped by blocking access to port 25. sadly :(
<salientdigital> it would make more sense to me that amazon would block outbound mail than inbound though
<salientdigital> if it were that
<osmosis> any git experts around?i just did a   git add myfile;   git commit -m 'a msg';     and now myfile has disappeared. nowhere to be found
<osmosis> git filter-branch --tree-filter 'rm get_flo.py' HEAD; git add get_flo.py; git add get_flo_privateinfo.py; git commit -m 'adding files'
<salientdigital> I thought I read somewhere that firewall is not enabled by default, or configured with all ports open. Is that still true for 10.04LTS?
<salientdigital> I get the same default output as shown on https://help.ubuntu.com/community/IptablesHowTo
<Deathvalley122> lol greppy not my ISP they allow port 25 they allow a lot of things
<Tm_T> uh nice, inetd eating all cpu (:
<cwillu_at_work> it does that
<cwillu_at_work> what are you running through it?
<Tm_T> shouldn't be anything atm, which is why I'm amused
<cwillu_at_work> but you do actually have services running through it (just not at the moment)?
<greppy> Deathvalley122: I didn't say all of them did, but lots do, it comes down to man power dealing with all of the spam complaints from malware running on customers computers.
<cwillu_at_work> strace would probably give a good clue
<Tm_T> cwillu_at_work: shouldn't, and it got killed already
<Deathvalley122> well actually
<Deathvalley122> the only thing they block is port 22
<Tm_T> have to investigate it next time if I have time
<cwillu_at_work> even just grabbing a few seconds of the strace activity to a file before killing it would probably give enough info
<greppy> Deathvalley122: they block ssh? that's new to me.
<Deathvalley122> ya
<Deathvalley122> thats about it
<_ruben> blocking port 22 only .. i bet the one who put that block into place typo'ed 25 ;)
<Deathvalley122> nah they blocked cause it poses a security risk
<Deathvalley122> it**
<Deathvalley122> so they say
<Deathvalley122> I don't use the standard ssh port anyways though lol
<_ruben> so they block 22 but not 23 .. odd sense of security risks there...
<uvirtbot> New bug: #919105 in nova (main) "Incomplete packaging for nova-rootwrap" [Undecided,New] https://launchpad.net/bugs/919105
<gumbah> hi all! i'm having trouble installing iotop on Ubuntu 9.10 karmic :-(
<gumbah> running "sudo apt-get install iotop" gives an error "Failed to fetch .... 404 not found [IP: .....]"
<gumbah> anyone any ideas on how to fix this?
 * Deathvalley122 whys you are running such a old version of ubuntu
<koolhead17> gumbah: It was supported until April 2011
<gumbah> yeah it's pretty old, but is there anything i can do to make it work on this old version?
<_ruben> edit /etc/apt/sources.list and point to old-archive.ubuntu.com instead
<gumbah> _ruben: thanks, you mean all of the lines in there? or just specific ones?
<gumbah> _ruben: got it to work! (using old-releases.ubuntu.com/ubuntu btw not old-archive.ubuntu.com but thanks for pushing me in the right direction!)
<koolhead17> gumbah: if your using a production server it would be advisable to upgrade your release for security fix and updates
<jamespage> xranby, morning
<jamespage> any change you could help me out with bug 919137
<uvirtbot> Launchpad bug 919137 in openjdk-6 "hadoop teragen generates - fatal error: caught unhandled signal 11 with zero JVM" [Undecided,New] https://launchpad.net/bugs/919137
<jamespage> chance even :-)
<RoyK> gumbah: I'd upgrade to lucid 10.04 if I were you - that's supported until april 2015 - less hassle
<gumbah> koolhead17: is that easy to do? It's not really a production server, but it is "in the wild" so to speak. Can i assume all the software running on it to just work after upgrading? Kind of a noob with these things :-((
<xranby> jamespage: yes. the best fix are to update openjdk-6 to the latest icedtea6-hg we have fixed around 3-4 of similar bugs during the last week
<jamespage> xranby, sweet - I'll hassle doko instead!
<jamespage> I saw some stuff on the mailing list which looked similar...
<jamespage> but wanted to check
<xranby> your build are based on sourcecode from 03 Jan
<jamespage> rbasak, you prob need to be aware of the above as well
<xranby> jamespage: http://icedtea.classpath.org/hg/icedtea6/  most changesets by me and aph deal with the zero thumb2 jit
<koolhead17> gumbah: if you dont have a custom configuration then you can sandbox and try same before trying on live system
<jamespage> xranby, nice - good work getting the zero/thumb2 stuff up and running BTW
<jamespage> xranby, does that mean that you are not so foccused on JamVM now?
<xranby> jamespage: i have no active jamvm bugs to track :)
<gumbah> koolhead17: sounds great, but not sure how to do that... i'll try to search for it though, thanks!!
<jamespage> xranby, well I can raise a few from this testing; hadoop just breaks badly - all sorts of problems...
<xranby> jamespage: the only jamvm issues i have seen looks kernel related, how the kernel handle pagefaults
<xranby> oh interesting
<xranby> jamespage: apt-get install hadoop and then what?
<jamespage> xranby, still PPA ATM
<jamespage> won't make the main distro this release
<jamespage> but we do have it building for armel and armhf (the native integrations that is)
<jamespage> ppa:hadoop-ubuntu/dev
<jamespage> apt-get install hadoop-conf-pseudo should get you up and running
<xranby> jamespage: what do i need to trigger bugs?
<jamespage> for JamVM - just follow the steps in bug 919137; but don't switch the default JVM
<uvirtbot> Launchpad bug 919137 in openjdk-6 "hadoop teragen generates - fatal error: caught unhandled signal 11 with zero JVM" [Undecided,New] https://launchpad.net/bugs/919137
<jamespage> I've only had this working on arm inthe last couple of days!
<xranby> ok
<jamespage> xranby, note that it does break all of the data that hadoop stores in it filesystem
<xranby> ouch..
<xranby> sounds bad
<jamespage> so to clean out shutdown all of the daemons and the sudo rm -Rf /var/lib/hadoop/cache/*
<jamespage> then sudo dpkg-reconfigure hadoop-conf-pseudo
<xranby> jamespage: have you tested on armel as well?
<jamespage> xranby, I did but not the terasort - just a basic mapreduce test
<jamespage> I will try armel as well
<rbasak> thanks jamespage
<xranby> jamespage: how much disk space do the benchmark require?
<jamespage> xranby, let me look
<jamespage> around ~20GB I think - it uses compression
<xranby> OK, hmm if yahoo managed to sort 1 TB of data in 209 seconds.. i wonder how fast my panaboard sort :)
<xranby> hopefully i will be able to pass the benchmark before next uds
<xranby> i am not exactly running a 3800 node cluster here
<xranby> jamespage: thank you for this benchmark quest
<jamespage> xranby, well I'm still trying to generate a dataset to sort - about 1% = 1 min at the moment
<Daviey> rbasak: do you have bugs open, that block juju on arm?
<rbasak> Daviey: bug 914392
<uvirtbot> Launchpad bug 914392 in juju "LXC local provider does not respect 'series' (only installs oneiric)" [High,Confirmed] https://launchpad.net/bugs/914392
<rbasak> Daviey: the problem is that I find a blocker, fix it, then find another blocker. But I don't know about the subsequent blockers until the previous blockers are cleared
<rbasak> (I can fix this one myself to get around the issue for now)
<Daviey> rbasak: is that an arm blocker, or a general issue?
<rbasak> general issue, but more important for arm since the local environment breaks on armhf as oneiric has no armhf.
<Daviey> rbasak: can you raise bugs as you find them, even if it means s/oneiric/precise that hard coding?
<rbasak> I don't follow
<Daviey> if you link bugs you find to the blueprint, https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-arm-service-orchestration that would float my boat.
<rbasak> I have been raising bugs as I find them, but I don't understand the second half of your question
<rbasak> yeah the bug is already linked :)
<Daviey> rbasak: you are blocked because series is hard coded to oneiric still?
<Daviey> surely you can sed the hard coding to precise?
<rbasak> yes that's the plan
<Daviey> to progress?
<rbasak> I'm not personally blocked right now, I have loads to get on with. So when I hit this I worked on something else.
<Daviey> rbasak: what is the difference between "Test juju/java/zookeeper on ARM â â" and "Test juju/java/zookeeper on ARM â â" ?
<Daviey> err
<Daviey> "Investigate running an ARM-based juju environment â â"
<Daviey> is that using juju from an arm machine and using juju TO an arm machine?
<rbasak> Originally I thought I could break getting juju working on arm into pieces, since the zookeeper instance was potentially a blocker but it would be able to run on x86 without hurting the arm story too much
<rbasak> Now it seems that it is easier to work on this in a local environment working on the thing as a whole all at once
<rbasak> Yes - I was making the from/to distinction
<Daviey> ahh
<Daviey> ok
<rbasak> I didn't feel that I should just delete work items, so when I revised it I left them there, put them side by side and expect to mark them all done at once as soon as juju is working on arm
<Daviey> rbasak: can i mark them INPROGRESS?
<rbasak> Sure
<Daviey> ta
<Daviey> jamespage: sorry, can you comment on cloud-images, "update image promotion process to integrate with Jenkins automated testing"?  I think you did tell me the other day...
<Daviey> ( it's a utlemming_afk WI )
<jamespage> Daviey: I can't see that happening this release TBH so probably best to POSTPONED
<Daviey> jamespage: ok, thanks .. what about reporting the current testing back to the iso tracker?
<Daviey> ie, the testing status.
<Daviey> Now the tracker has an API?
<rbasak> Daviey: from yesterday: <janimo> rbasak, does openmpi 1.5 have features you want for server? The BP is not clear about whether you want to replace 1.4 or have both versions (1.5 is labeled beta by upstream)
<rbasak> <janimo> since if you want 1.5 arm FTBFS should not be a blocker and we should have it synced from experimental so it gets enough testing
<rbasak> Daviey: did you sync openmpi? Do we want to commit to 1.5 in the archive for all architectures?
<rbasak> Daviey: decide if we want to have 2 versions in universe, i.e. -stable and -feature: TODO
<Daviey> rbasak: i don't have knowledge of that package... but as 1.5 is a requirement, providing it doesn't have obv. regressions - we should simply replace IMO.
<rbasak> with a 1.5really1.4 if it turns out to be a bad idea? :)
<rbasak> there are 75 rdepends
<Daviey> frick
<Daviey> rbasak: poll janimo for direction, he has history
<Daviey> I've never used it :)
<Daviey> rbasak: i don't fancy changing the 75 rdepends to depend on "openmpi | openmp-beta" etc.
<rbasak> the rdepends look a bit more complex than that as well
<rbasak> Package: mpi-default-dev
<rbasak>  This package depends on the development files of the recommended MPI
<rbasak>  implementation for each platform, currently OpenMPI on all of the platforms
<rbasak>  where it exists, and LAM on the others.
<rbasak> Daviey: I think I'll just proceed in a PPA for now - maybe I can get stakeholders to test from there?
<jamespage> Daviey: lemme see about that last item
<jamespage> I think jibel was looking at it generally for ISO testing as well
<jamespage> Daviey: with regards to that open-vm-tools merge; its described as a merge (so has a 1ubuntu1 version number)
<jamespage> but the upstream versioning is diff between Debian/Ubuntu so I think its really a re-sync of the packaging?
<jamespage> so should have 0ubuntu1 versioning
<jamespage> well maybe - maybe I'm being picky :-)
<Daviey> "maybe" :)
<Daviey> jamespage: either way, it's not me putting my name to sponsoring it :P
<jamespage> yeah I know
<Daviey> smb: Hmm, how much xen work have you been doing this cycle?
<Daviey> smb: If you are doing it anyway.. would you mind doing the "Test" work items on, https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-xen ? :)
<koolhead17> lynxman: hellos!! :)
<lynxman> koolhead17: heya
<Italian_Plumber> A user,when first created, has no password, and therefore cannot login.  Is this correct?
<pmatulis> Italian_Plumber: some form of authentication is required by default
<Italian_Plumber> required to log in or required to create the users?
<pmatulis> Italian_Plumber: yes, and yes (if not using the root user to create)
<Italian_Plumber> so if I have a new user I don't yet want to be able to login, not setting a password is okay/
<pmatulis> Italian_Plumber: yes
<Italian_Plumber> okay coolies.  Thanks
<Italian_Plumber> !
<pmatulis> Italian_Plumber: how are you creating the user?
<Italian_Plumber> sudo useradd -m -g admin -s /bin/bash newusername
<pmatulis> k
<pmatulis> Italian_Plumber: you can also set a p/w and then lock the account (see 'man usermod' with -L and -U switches)
<Italian_Plumber> is there a way to require the user to change the password at the next login?
<lynxman> jamespage: ping
<cwillu_at_work> Italian_Plumber, man passwd, hit slash, type next<enter>, and hit n once or twice
<zul> morning
<Italian_Plumber> thanks cwillu_at_work
<cwillu_at_work> Italian_Plumber, and "apropos" is a handy search function to find man pages on a given topic
<cwillu_at_work> (a bit limited in that it only searches the titles and descriptions, but still)
<Italian_Plumber> great.  Thanks again for your help.
<uvirtbot> New bug: #919201 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.4 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/919201
<zul> ttx: ping
<lynxman> zul: morning :)
<zul> hey lynxman
<ttx> zul: piong
<zul> ttx: still the same thing happens on a single node system
<zul> ttx: no other command is failing
<jamespage> lynxman, pong
<ttx> zul: do you see other commands succeed ?
<zul> ttx: yeah iptables run fine
<lynxman> jamespage: shall we proceed to review? :)
<jamespage> lynxman, coolio
<jamespage> lemme just digout
<ttx> and you do have the DnsmasqFilter entry in nova/rootwrap/compute.py and nova/rootwrap/network.py
<zul> hold on
<lynxman> jamespage: let me know when you're ready :)
<zul> ttx: yep
<ttx> hmm
<ttx> zul: what happens if you run (as your user) the same command ? sudo nova-rootwrap X=Y Z=A dnsmasq bla bla
<ttx> on my setup it passes
<zul> http://paste.ubuntu.com/810723/
<b930913> What relay value do I put into my MTA so that I can send my mail through it, but it can't be hijacked?
<ttx> zul: just a sec
<zul> ttx: i think i might have figured it out
<zul> ttx: figured it out, thanks for pointing in the right direction
<ttx> the error is that it can't find dnsmasq...
<ttx> zul: what was it ?
<zul> right....my sudoers was messed up
<smoser> hallyn, fwiw, i found documentation on libvirt htat has a list of devices needed for guests
<smoser> http://libvirt.org/drvqemu.html
<smoser> look for 'hpet' there.
<ttx> zul: you sure ? because the error you get manually (can't find dnsmasq) looks different from the one you get from Nova (unauthorized command = no filter matched)
<ttx> zul: does it work for you now ?
<zul> ttx: yes
<ttx> ok then :)
<zul> ttx: i suck
<ttx> zul: i can't confirm that without knowing the cause of your issue :)
<zul> ttx: yeah the cause of my issue is me
<ttx> zul: filed a bug about using pyremove/pyinstall in packaging to install node-spcific filters
<zul> ttx: yeah i saw it and added it to the packaging already
<ttx> cool
 * ttx goes back to FOSDEM slideware design
<zul> ill push the fixes to the ubuntu branches today as well
<jamespage> lynxman, I have you MP infront of me now
<jamespage> lynxman, sorry but can be defer for 30 mins or so?
<hallyn> smoser: all right so we may as well also add 10:232 (/dev/kvm)
<lynxman> jamespage: sure! :)
<hallyn> smoser: want to update your tree?
<lynxman> jamespage: (replied in wrong channel)
<jamespage> lynxman, great - thankyou
<lynxman> ttx: make sure they're cool
<jamespage> lynxman, confused me for a bit then!
<ttx> lynxman: my slides are usually better than my speech.
<lynxman> ttx: so they'll be excellent ;)
<ttx> taht's one way to look at it
<Daviey> lynxman: wow, do you want a vacuum cleaner to make it easier to suck up to ttx? :)
<lynxman> Daviey: hey I like his slides
<lynxman> Daviey: where are your cool slides Daviey?
<MagicFab> zul, ping
<zul> MagicFab: pong
<ttx> lynxman: we'll soon see how cool his Orchestra slides are
<Daviey> lynxman: I have people to create them for me,
<lynxman> Daviey: so you're basically delegating the cool
<zul> Daviey: delegation?
<Daviey> yeah right
<smoser> Daviey, yesterday you said you used devstack
<smoser> how did you get around the mysql migrate db errors?
<Daviey> smoser: on oneiric or precise?
<smoser> precise
<smoser> of course
<adam_g> smoser: myisam
<adam_g> smoser: configure mysql to use myisam as the storage engine before you do any of the migrations
<Daviey> smoser: I had to use oneiric in the end.
<smoser> adam_g, i'm too stupid to know exactly how, and i suspect you do
<smoser> what should i do?
<adam_g> bug #907878
<uvirtbot> Launchpad bug 907878 in nova "migration 064 causes IndexError: list index out of range" [Critical,Fix committed] https://launchpad.net/bugs/907878
<adam_g> https://review.openstack.org/#change,3110
<adam_g> this is that regression i was telling you about last week
<adam_g> unfortunately the fix as been stewing on gerrit for the last week
<smoser> http://paste.ubuntu.com/810777/
<smoser> adam_g, so you're saying that branch should make this work for me ?
<adam_g> smoser: it should, yes
<adam_g> as a work around ive been deploying mysql configured for myisam
<adam_g> before running devstack, install mysql and set default_storage_engine = MyISAM
<adam_g> in my.cnf
<adam_g> if you find that branch fixes, feel free to +1 it
<lynxman> smoser: ping
<smoser> lynxman, here.
<lynxman> smoser: since you're my living walking shell script autocorrect :)
<lynxman> smoser: I was wondering before I get into a sed madman mission, how would you replace a tag inside a file with the content of another file, it'll just be piped to a third one
<smoser> lynxman, i think i'm not understanding
<smoser> sed -i s,SOMETHING,SOMETHINGELSE,
<smoser> sed -i s,SOMETHING,$(cat SOMEFILE),
<smoser> but that will have issues with ',' in SOMEFILE
<lynxman> smoser: yeah that didn't work
<lynxman> smoser: found a solution though, just right now
<lynxman> smoser: sed -e "/SOMETHING/r FileB" -e "/SOMETHING/d" FileA
<lynxman> smoser: that works beautiful
 * lynxman declares himself a sed madman
<smoser> well, assuming 'SOMETHING' doesnt occur in FileB
<smoser> i'd think
<smoser> but 'r' is something i didn't knwo of. thats helpful.
<lynxman> smoser: yeah, I'm writing this one to my list of tricks
<jamespage> lynxman, back now - sorry bit longer than expected
<lynxman> jamespage: no worries
<jamespage> lynxman, so did my comments make sense?
<lynxman> jamespage: yes, although they differ with what Daviey suggested
<lynxman> jamespage: so my question is... how would you do it? :)
<hallyn> smoser: I'm working on my own tree, no sense updating yours.  thx
<jamespage> lynxman: so how do you generate the upstream snapshot from github
<jamespage> ?
<jamespage> sorry git/
<lynxman> jamespage: ./debian/rules get-orig-source
<jamespage> lynxman: dh: Unknown sequence get-orig-source
<jamespage> that target does not exist
<lynxman> ffs... *grumbles*
<lynxman> jamespage: sorry, got bzr screwed :)
<jamespage> lol
<jamespage> so assuming that target exists :-)
 * lynxman switfly kicks bzr into the right direction
<jamespage> I would run that to grab the latest upstream snapshot
<lynxman> jamespage: it does in my machine
<lynxman> jamespage: exactly
<jamespage> and then run bzr merge-upstream --version XXX ../ipxe_XXX.orig.tar.gz
<jamespage> that way pristine-tar can checkout the tarball from the branch
<lynxman> jamespage: okay pull now (lp:~lynxman/ubuntu/precise/ipxe/newsnapshot)
<uvirtbot> New bug: #264200 in lm-sensors (main) "lm-sensors not recognized." [Medium,Invalid] https://launchpad.net/bugs/264200
<jamespage> lynxman, right - so pulled that in
<jamespage> good - I can now get an orig.tar.gz
<jamespage> How did you merge that into the bzr tree?
<lynxman> jamespage: hm?
<jamespage> lynxman: well I assume that the branch contains the code for the require upstream snapshot?
<lynxman> jamespage: correct
<jamespage> lynxman, so how did you get the contents of the orig.tar.gz into the branch?
<lynxman> jamespage: just regular bzr checkin
<jamespage> lynxman, right - so thats where bzr merge-upstream is your friend
<jamespage> it will merge the orig.tar.gz into the branch and tag it correctly so that pristine-tar can check it out later
<lynxman> jamespage: aha :)
<jamespage> that way when someone sponsors your work ALL they need is the branch
<jamespage> look at bzr tags
 * lynxman wonders why nobody told him this before
<jamespage> lynxman, the upstream-* ones are important here
<jamespage> you might want to redo your branch from lp:ubuntu/ipxe and follow that process instead.
<lynxman> jamespage: okay!
<jamespage> bzr push --overwrite lp:~lynxman/ubuntu/precise/ipxe/newsnapshot will drop whats already proposed...
<jamespage> so the last bit was about patches
<lynxman> jamespage: alright, will redo the branch and resubmit for review :)
<lynxman> jamespage: thanks!
<hallyn> smoser: starting qemu domains inside lxc is going to continue to not work, btw.  devpts again.
<Lcawte> Hi, I'm having problem with sshing out of my 11.10 server... I get the following...
<Lcawte> lewiscawte@lcserv:~$ ssh lcawte@translatewiki.net
<Lcawte> Segmentation fault
<zul> hallyn: devpts?
<hallyn> zul: devpts
<zul> hallyn: what about it?
<hallyn> zul: libvirt does 'mount -t devpts devpts $container_path/dev/pts'
<zul> hallyn: ahhh....that sounds like fun
<hallyn> if you do that inside a container, yo'ull end up with the host's devpts mounted at $contaienr_path/dev/pts, which is not what libvirt wanted
<hallyn> which again is exactly what my kernel patch is supposed to fix.  if i could just get it to not crash.
<smoser> hallyn, i did do it
<hallyn> start qemu/
<smoser> it worked. i saw it boot
<hallyn> in qemu?
<hallyn> or in libvirt-lxc?
<hallyn> oh wait, the devpts i was thinking of is in libvirt-lxc only, maybe.  oh whatever.
<smoser> canonistack instance -> lxc create -t ubuntu -n mycontainer -> mycontainer libvirt start
<smoser> unless you're differenciating between qemu and kvm
<smoser> i had issues with one or hte other.
<smoser> bbiab
<hallyn> ok, cool then.
<Lcawte> Anyone got any idea whats up with my ssh client then?
<smoser> utlemming_afk, join openstack-dev
<lynxman> smoser: ping
<utlemming> smoser: done
<lynxman> smoser: nevermind
<zul> lynxman: you going to be around later?
<smoser> utlemming, i dont see you there.
<lynxman> zul: quite possibly
<smoser> oh, lynxman, you don't need me now that you found the sed man page.
<smoser> i see how it is
<zul> lynxman:  you want to do some reviews?
<lynxman> smoser: lol it was a cloud-init related problem ;)
<lynxman> smoser: still is
<lynxman> zul: yes!
<lynxman> smoser: just trying to collect more info before wasting your time
<zul> lynxman: ok cool ill start lining them up for you
<lynxman> zul: yay \o/
<smoser> utlemming, ....
<utlemming> smoser: looking right now :)
<smoser> ok. both my irc client and '/whois utlemming' say you are not in #openstack-dev
<smoser> you're making me question myself
<utlemming> lol...I thought you meant mailing list not irc
<utlemming> now I'm there
<uvirtbot> New bug: #919312 in postfix (main) "SRU tracking bug for postfix 2.8.5 -> 2.8.7 for natty/oneiric" [Medium,In progress] https://launchpad.net/bugs/919312
<zul> adam_g: yo
<adam_g> zul: so glance has changed config layout again
<zul> adam_g: ok
<adam_g> zul: which we're picking up on in the QA lab
<adam_g> zul: i wanna fix packaging, wtf do i check upstream now? ~openstack-ppa has no branches
<zul> upstream packaging?
<zul> lp:~openstack-ubuntu-packagers/glance/ubuntu
<adam_g> zul: ok, so those branches is what the openstack-ppa packages use?
<zul> adam_g: afaik yes
<adam_g> ah, ok. thanks
<zul> adam_g: did the qa lab branches pick up the changes?
<adam_g> zul: what do you mean? the packaging hasn't been updated anywhere to account for the paste deploy config being now split between two config files, for api and registry
<zul> adam_g: ok
<adam_g> zul: packages install okay, charms deploy okay, but the services never start because config is missing.. which we pick up on in the post-deploy, 'prepare cloud' test (ie, publish an image into glance)
<adam_g> zul: with the pkging branches at ~openstack-ubuntu-testing, am i now able to just pull one and 'bzr bd -S' to grab upstream source automagickly?
<zul> adam_g: yeah you should be able to
<adam_g> neat thanks
<zul> lynxman: http://paste.ubuntu.com/810930/ (nova)
<zul> adam_g: at least nova is working properly now
<zul> adam_g: if you send me a patch then i can get it uploaded today
<adam_g> zul: is there a new snapshot going out today?
<zul> adam_g: its friday
<zul> :)
<adam_g> jeez it is
<zul> adam_g: oh are you trying the nova instal?
<parasiticpest> Hello. I have a really basic question, I'm kinda new to this. I bought a VPS recently, which only gave me access via root. Fine - I created a new user, added to admin group, set up a passwd, etc. Now I try ssh user@server.com, which asks for password. I enter the password, then it gives me a welcome message and immediately hangs up ("connection closed"). How would I troubleshoot this?
<lynxman> smoser: does EC2 has some kind of limitation in user-data size?
<smoser> 64k
<lynxman> smoser: hmm interesting
<smoser> arbitrary suck. which forces need for #include
<lynxman> smoser: got a user-data script that is not running in the instance, looks like the user-data is not being transferred
<lynxman> smoser: it's just 4k
<smoser> because you're using --user-data and not --user-data-file
<lynxman> smoser: because I suck... that might be it :)
<lynxman> smoser: let me try again...
<zul> adam_g: do you want me to upload the debs somewhere?
<zul> or we should just be able to push the testing to the qa lab
<smoser> if you were using precise, then you'd see something like this:
<smoser> $ euca-run-instances --user-data /etc/passwd  ami-abcdefg
<smoser> string provided as user-data [/etc/passwd] is a file.
<smoser> Try --user-data-file or --user-data-force
<lynxman> smoser: thanks :)
<smoser> that is present because i made that mistake many times
<smoser> lynxman, was that what it was?
<lynxman> smoser: testing right now
<lynxman> smoser: if this works I'm so drinking myself silly
<smoser> you can get an instance's user-data with one of the ec2-api commands
<smoser> ec2-describe-instance-attribute
<lynxman> smoser: yeah that worked :)
<smoser> moral of the story?
<smoser> upgrade to precise
<smoser> (from silly macos)
<lynxman> smoser: rofl
<lynxman> smoser: I've got that command as well :)
<smoser> but yours does not check --user-data for file existance i suspect
<adam_g> zul: im building packages will have a MP to ~ubuntu-server-dev soon
<adam_g> zul:  that glance branch needs updating and fixing
<zul> k
<zul> ill upload glance last
<adam_g> well actually hold on
<adam_g> before we upload anything, can we/i go through each and make sure our packaging isn't missing obvious stuff?
<zul> sure
<lynxman> smoser: could be...
<adam_g> nova is going to need a big update to packaging, i think
<zul> adam_g: nope i already tested it here and fixed *alot* of stuff compared to last week
<adam_g> zul: the packaging has been updated to include all of the new api changes?
<adam_g> zul: look in nova/bin of a recent git checkout
<zul> adam_g: yeah tested this morning and it worked fine for me
<adam_g> zul: from which packages?
<zul> the ones in the lp:~ubuntu-server-dev/nova/essex
<adam_g> zul: are those debs built somewhere?
<zul> adam_g: i just ran the jenkins jobs
<adam_g> zul: uh those dont mean anything ATM
<adam_g> zul: also, openstackx needs an update
<zul> adam_g: gah ok
<zul> gimme a sec
<adam_g> zul:  is this snapshot the milestone, or is that next?
<zul> adam_g: still a snapshot
<zul> https://launchpad.net/~zulcss/+archive/openstack-testing/+packages
<adam_g> zul: https://code.launchpad.net/~gandelman-a/ubuntu/precise/glance/pasteconfigs/+merge/89479
<adam_g> zul: after you merge that, if i kick off a new build in the QA lab, it will merge that in, correct?
<zul> adam_g: yeah
<adam_g> zul: , ah, let me know when its merged
<zul> adam_g: im just uploading a new openstackx now gimme a couple of minutes
<adam_g> zul: k
<zul> adam_g: glance has been mergedd
<zul> adam_g: openstackx has been uploaded to the archive
<adam_g> zul: thanks
<zul> so you should be ok for your tests now
<adam_g> zul: kicking offf a jenkins build will pull those changes in?
<zul> adam_g: it should
<zul> i would run the other tests first
<adam_g> what other tests?
<adam_g> zul: looks like changes got merged into the qa build, cool.
<zul> adam_g: good good :)
<zul> adam_g: lemme know once you are happy then i can upload (note: im off to my in-laws later tonight (whee))
 * zul goes to work on quantum and melange
<adam_g> zul: i wouldn't wait for me. theres no way for me todo a quick test like i was doing last time.
<zul> adam_g: ok ill upload after my lunch then
<zul> or move the packaging branches where adam_g can be a member
<zul> Daviey/smoser/adam_g: what do you think of moving of openstack ubuntu packaging branches to a less restrictive group?
<smoser> i'd generally be ok with that.
<smoser> but if its just to get adam_g in, then i think he is probably reaonsably qualified to be server-dev
<niksoft> Hi, is anyone actually here?
<_ruben> niksoft: such meta questions tend to be ignored by most ppl, asking an actual (on-topic and all) question tends to yield more responses
<niksoft> when i ask outright, people ignore me even more, because i only ask extreeme questions :)
<Daviey> zul: less restrictive?
<Daviey> how is it restricted?
<smoser> zul, do you think that libvirt can now more easily use images ?
<smoser> ie, could we make openstack use that?
<zul> Daviey: you have to be a member of ubuntu-server-dev
<smoser> hallyn, what lxc function did you thikn might give us disk-attach in libvirt?
<zul> smoser: for lxc?
<smoser> yes
<zul> smoser: in theory
<hallyn> smoser: 'virsh attach-disk'
<smoser> Daviey, zul thinks that its too restrictive.
<Daviey> zul: or core-dev
<zul> Daviey: so adam_g doesnt have to ask for things to get merged
<smoser> zul thinks the 'admin' group is also too restrictive, and installs all systems without root password
<smoser> :)
<Daviey> zul: he *should* ask, same as i and you should ask :)
<smoser> zul, to be fair, though, we were hoping that even if adam_g was core-dev he'd be asking for peer review
<Daviey> but anyway, the only reason adam_g isn't in server-dev yet is because he's been too lazyto apply
<Daviey> (IMO)
<zul> no h right? :)
<Daviey> right!
<niksoft> So i am working on an ubu server, i need it to be able to both serve at extreemely high throughput, and at extremely high tps, like higher than most people dream about in most datacenters. Does anyone have any experience with setting up the kernel stacks for 10+gbit/sec, more specifically 20Gbps, and does anyone have any ideas how to work on getting the tps sustained at closer or over 10k?
<uvirtbot> New bug: #838585 in rabbitmq-server (main) "In login window, list of users includes RabbitMQ user." [Undecided,New] https://launchpad.net/bugs/838585
<adam_g> Daviey: +1
<RoyK> [offtopic] vinyl or cd which sounds better??? http://www.youtube.com/watch?v=g5dCMz4gKLI
<adam_g> Daviey: chuck/my point is that there are lots of trivial fixes that often need to be fixed in packages and which are blocking tons of other things. and currently chuck is the only one updating these packages, so its a bottleneck / SPOF. but yeah, i just need to apply.
<smoser> adam_g, i can be more responsive/helpful on reviewing and sponsoring there.
<Daviey> adam_g: yes.. We all need to get better at reviewing merge proposals
<stgraber> hallyn: can we please keep our LXC packaging discussions in #ubuntu-server? :)
<hallyn> maybe we can ask him t redirect some energy to writing userspace patch to use reboot signal info patch
<stgraber> hehe :)
<hallyn> stgraber: so i'm thinking we need a release agent...  thinking of having lxc.init set it up (as per http://permalink.gmane.org/gmane.linux.kernel.containers/15926)
<hallyn> for instance, if i install libvirt inside a container and shut down the container, lxc will fail to remove the cgroup bc there will be nested cgroups
<hallyn> the release agent should automatically be called in the right order to dtrt
<hallyn> OTOH right now i don't want to mess with the cgroups any more than i have to
<sconklin> roaksoax: (or anyone who knows cobbler) My cobbler installation stopped letting me create systems from the web UI but command line still works, nothing in the logs - where should I look?
<stgraber> hallyn: hmm, gmane is a bit slow today... right, so the idea is that the agent gets called when the container dies, removes any nested cgroup and then the cgroup can be destroyed as usual?
<hallyn> the kernel calls the release agent when any cgroup becomes empty, so all nested cgroups will get cleared out
<hallyn> actually, i suppose that might mess with libvirt
<adam_g> zul: have you done keystone yet?
<hallyn> no, we might just have to do a simple path walk and rmdir from lxc itself, on shutdown
<zul> adam_g: yeah
<adam_g> zul: ah, okay. packaging needs to do a db sync on sqlite database on installation now.. we can fix later
<zul> adam_g: grrrrrrrrrr.....
<hallyn> stgraber: i guess it only requires patching src/lxc/cgroup.c:lxc_one_cgroup_destroy().
<hallyn> i so don't want to add that right now
<hallyn> yeah, too late on a friday anyway, can't work out well.
<hallyn> stgraber: fwiw, i've updated ~serge-hallyn/ubuntu/precise/lxc/lxc-create-lvm/.  what's there is what i'm testing right now (with the pathetic lp:~serge-hallyn/+junk/lxc-test), and intend to push when done
<ahs3> hallyn: got a question on netcf...doesn't seem to be building for me; test code doesn't seem to be finding libxml2 properly: http://pastebin.ubuntu.com/811169/
<ahs3> hallyn: and it can wait till later, too :)...
<hallyn> ahs3: drat.  having trouble on the ubuntu buildd's too (though it works there in sbuild)
<hallyn> ahs3: yeah, let's just hold off on enabling make check for now
<hallyn> i need time to dig into these testcases
<ahs3> hallyn: nod.  i'll see if i can figure it out if i get a chance later today
<hallyn> where were you building?
<ahs3> a home system running sid -- x86-64 chroot, basically
<hallyn> what kernel?
<ahs3> oh, and using git-buildpackage
<ahs3> 3.1.0-1-amd64
 * ahs3 prolly needs to update that...
<hallyn> stgraber: tests pass here, i'm pushing
<stgraber> cool
<hallyn> stgraber: so, fyi, my next intended steps are to (1) get devpts fix in the kernel (2) get userspace part of reboot and (3) push our patches through github over to daniel
<stgraber> hallyn: sounds good. Once 3) is done, I think it'll be time to nag Daniel to release a new LXC, we must be close to 6 months without a release now :)
<hallyn> eh, the list is longer than that, but...
<hallyn> agreed
<stgraber> would be nice to release 12.04 with just a couple of patches on top of LXC upstream instead of "cherry-picking" 6 months of upstream activity ;)
<hallyn> yeah
<hallyn> but meanwhile i'm more concerned about the kernel patch, which is not treating me right :(
<hallyn> back to it
<bobweaver> Hello there I am trying to change the name of my local server from 192.168.blah.blah    to "serv1"  is this possible ?
<Veovis_Muaddib> I've been asked to set this up on a local server that I use for SMB shares.  I have no idea where to start, could anyone point me in the right direction please?   http://code.google.com/p/joelisester-sandbox/downloads/detail?name=pwnazon.tar.gz&can=2&q=
<uvirtbot> New bug: #919429 in munin (main) "Munin "IO Service Time" graph gives completely implausible numbers" [Undecided,New] https://launchpad.net/bugs/919429
#ubuntu-server 2012-01-21
<trimeta> Is there a single command to remove a named PPA, as there is to add one?
<trimeta> (I'm on Lucid.)
<trimeta> Apparently add-apt-repository doesn't support the --remove option on this version...
<trimeta> And I don't know if I want to grab ppa-purge...do people here have experience with it?
<osmosis> i just did a sudo apt-get upgrade, and it wants to download a   python-lazr.restfulclient  . How can I figure out what depends on this, not sure why I have it.
<eagles0513875> !bugzilla
<pkug> Hi there! I'm experiencing problems with Slim (also XDM) and Consolekit, XSession seems to start consolekit session but it's inactive and non-local.. anybody else had this ? can it be a permission problem ?
<eagles0513875> hey guys has anyone in here installed bugzilla3 on ubuntu before know where the default bugzilla files are setup so i can create a vhost?
<jeeves_moss> how can I fix this error that keeps popping up on my Bind install?  "validating @0x21d4cc78: dlv.isc.org DNSKEY: must be secure failure,  . is under DLV (startfinddlvsep)"
<piercedwater> does anyone know how i can rsync by file modification date?
<b930913> Server is complaining of not having enough free space - it's using 100% of 10GB out of 750GB. Any idea what's wrong?
<undriedsea> When creating a SW RAID4 using mdadm, is it possible to specify which disk should be the parity disk?
<zastaph> how come virt-manager in apt-get for ubuntu server LTS is only 0.8.2 not the latest 0.9.0.. is there something I can do to make it the latest version without having to build it myself?
<qman__> undriedsea, raid 4 is obsolete and should not be used, use raid 5 instead
<undriedsea> qman_, I do not see that reflected in the man page. Have the maintainers indicated it is obsolete?
<qman__> undriedsea, not in terms of the software, just in general, raid 5 performs better and offers equal protection
<undriedsea> I want to use an SSD for my parity drive. I have heard this type of RAID4 blows RAID5 away as in has almost the same performance as RAID0
<qman__> the parity drive must be the same size as all the other drives
<undriedsea> After all a RAID 4 is a RAID0 array with a parity disk.
<undriedsea> I realize that, 600 GB SAS disks for data members and Enterprise SSD for parity disk
<undriedsea> I just can't seem to find in the docs how to specify the parity disk
<qman__> I guess that would work, but I haven't heard of it before
<undriedsea> I read a paper in ACM sigops where a researcher was doing it and got good results
<uvirtbot> New bug: #919730 in samba (main) "Access network with windows 7" [Undecided,New] https://launchpad.net/bugs/919730
<nancy---> how do i find a vps for  $10 /month        with root access. any ideas?
<jmarsden> nancy---: This is not a Ubuntu server question... anyway, I have no idea if they are any good, but Google finds me one at http://www.webkeepers.com/vps/vps_basic.html
<RoyK> nancy---: amazon?
<RoyK> nancy---: rackspace is rather cheap too
<nancy---> RoyK,  reliable too ?
<qman__> cost and reliablility, more or less, directly correlate
<nancy---> qman__,  some are well managed in that sense
<nancy---> RoyK,  rackspace is hosting not vps
<jmarsden> nancy---: http://www.rackspace.com/cloud/cloud_hosting_products/servers/pricing/ -- "cloud servers" are VPSes
<jmarsden> But it is $10.95/mo + bandwidth, not $10 total... so technically over budget for you.
<nancy---> jmarsden,  hm. fdcservers.net if reliable will do..
<Cromulent> nancy---: I'd raise your budget and go with Linode if I were you
<Cue> I seem to be having a rather problematic issue with, well, anything that isn't RSA based login or direct console login in Ubuntu 11.10 Server. Nothing will auth using passwords.
<nancy---> Cromulent,  really ? linode is so popular...
<Cue> Jan 21 21:38:30 luna sudo: pam_unix(sudo:auth): conversation failed <- this is filling my auth.log
<Cue> (yes, this is a fresh install, twice actually)
<nancy---> Cromulent,  why would you go with linode?
<Cromulent> nancy---: because I have been with them since october 2010 and have not had any problems with them at all - plus they also have a very good reputation
<nancy---> hm
<nancy---> Cromulent,  when you signup for a vps. and fil forms and card details. you get an email about the order and your id. how long you have to wait till you get the login id ?
<Cromulent> nancy---: for me it was instant but it depends on whether they need to check out your credit details
<Cromulent> nancy---: best to ask them that question if you send them an email
<nancy---> Cromulent,  it has been 12hrs since i send them email and they just replied " do you have a paypal account for further varification" ?
<nancy---> i said no
<nancy---> Cromulent,  the amount has been credited from my bank at the time i signed the form. by the way. so why so much delay. is it normal?
<Cromulent> nancy---: no idea - you'll have to speak to them about that - I can only say what my experience has been with them
<nancy---> i see
<nancy---> well . they dont have a live chat eaither.....
<nancy---> Cromulent,  i plan to resell hosting to teenagers. and make their pages for free (small ones)         good idea??
 * nancy--- ahem
<RoyK> erhmem
<nancy---> tell me a business that i can do with  my vps........... :(
<RoyK> kids should make their own pages (imho)
<Cue> ^ most do
<uvirtbot> Cue: Error: "most" is not a valid command.
<nancy---> ill host them.
<Cue> And most know someone who has web hosting too. :x
<nancy---> ill offer without making them ask :)
<Psi-Jack> Does anyone happen to know if there's a possability of running conntrackd along with an LVS director would provide any benefits? I'm not sure because of the funky magic ipvsadm does with directing traffic and all.
<nancy---> tell me a business that i can do with  my vps........... :(
<Psi-Jack> patdk-lap: You might know. ;)
<Patrickdk> psijack, you should know that answer
<Patrickdk> there is no need to run conntrackd on a lvs director
<Patrickdk> cause conntrack doesn't work with lvs
<Psi-Jack> OKay. I didn't /think/ so. :)
<Psi-Jack> But, I wanted to be sure.
<Patrickdk> now running it on your firewall, sure
<Psi-Jack> Oh yeah, already am. ;)
<Patrickdk> that way when your firewall failover, it's in sync
<Psi-Jack> I'm rebuilding all my LVS directors and Firewalls using Ubuntu 11.10 server, which will become 12.04 LTS when it's out.
<Patrickdk> I'm waiting till 12.04.2
<Psi-Jack> hehe
<Patrickdk> or atleast
<Psi-Jack> I'll go with 12.04.1 when it's ready, which means 2-3 months after release. ;)
<Patrickdk> by the time it comes out, and we figure out how to overcome any issues with it, and then have time to do the upgrades
<Patrickdk> 12.04.2 will be out :)
<Psi-Jack> heh
<Psi-Jack> That early, nahhh
<Patrickdk> worked for 10.04
<Psi-Jack> heh
<Psi-Jack> Well, still. I'm going from using openSUSE 11.4 firewalls, and Debian 6.0.3 directors.
<Psi-Jack> Getting away from Debian because pacemaker 1.0 STILL, and bugs in the ldirectord package that hasn't been fixed, still.
<Psi-Jack> That, and Ubuntu boots up like snappy fast.
<Psi-Jack> Great for my VM cluster. :)
<Patrickdk> I have several win7 iscsi boot installs now, those are nice
<Psi-Jack> heh.
 * Cue wonders if 12.10 will be out by the time he works out what's up with his server installs :S
<Psi-Jack> heh
<Psi-Jack> Should see my entire home-based server infrastructure. LOL
<Cue> Psi-Jack: At least your fresh installs aren't suffering from failed PAM auths :S
<Psi-Jack> Nope.
<Cue> Literally spawned 2 VMs from the server ISO, neither of them allow me to login via SSH unless I use pub/priv keys, and sudo doesn't work. Sudo only fails in SSHd though, if I VNC into the VM it's absolutely fine
<Cue> (Webmin login dies too ;_;)
<Psi-Jack> Interesting.
<Psi-Jack> I dunno. I logged in via VNC to the "console" directly, did aptitude upgrade, before even SSHing in.
<RoyK> Cue: what's wrong?
<Cue> http://pastebin.com/kfJBHv8E
<Cue> I can login if I use the local console, but not over SSH. Sudo fails if password required as well, as does Webmin
<RoyK> Cue: from what client_
<RoyK> ?
<guntbert> !webmin | Cue
<ubottu> Cue: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<RoyK> guntbert: I thought Cue, in this situation, was a nick...
<Cue> ubottu: This has never been an issue before, one VM doesn't have it installed and I have it on 2 other boxes without a single issue.
<ubottu> Cue: I am only a bot, please don't think I'm intelligent :)
<Cue> ... hm
<Cue> RoyK: PuTTY
<Cue> But I get the same problem using raw ssh -v ...
<Cue> I don't use Webmin for much really, mainly monitoring and Bind clustering
<RoyK> Cue: I've seen issues like that with putty
<RoyK> Cue: try from another *nix machine
<Cue> RoyK: I did
<macnix> anyone care to explain what privileges does a user need to have to access /proc/self/net ?
<macnix> root can read /proc/self/net/dev fine, but not the user under which the monitoring agent runs
#ubuntu-server 2012-01-22
<Cue> RoyK: Any thoughts?
<Cue> It's definitely server-side
<Tyler_> hi all, think anybody can help me with default umask on sftp connections on ubuntu server or is there a better channel for that?
<Tyler_> I have my /etc/ssh/sshd_config setup for chrooting users to their home and uses internal-sftp, but no matter WHAT I try I cannot get the default umask on file uploads to work
<Tyler> sorry I got disconnected, where were we?
<Mahn> Good evening.  I have a server running 11.10 (x64) that is still delivering the webserver but is locking ssh
<Mahn> I have a feeling it's in safe mode, but several hard reboots does not fix the problem
<Mahn> I can access the server if i launch it via an online rescue kernel, but cannot seem to figure out why it returns to safe or refuses ssh connections
<Mahn> Any tips would be appreciated.
<Mahn> sup Jack
<Mahn> any help in here?
<Mahn> any help in here?
<airtonix> i have zfs running native on my 10.04.3 Zentyal Server, i'm looking to get /home migrated onto one of the filesystems i created in the zfs pool. first order of business is to move the /home tree (permissions preseved) into the pool, any ideas?
<Patrickdk> rsync?
<airtonix> i tried rsync, with what i believed to be switches that would preserve permissions and two things happend: cpu went 100% and server froze. resulting permissions were translated to everything owned by root
<Patrickdk> the only option you need to give rsync is -a
<Patrickdk> or your using nfs4
<airtonix> so : sudo rsync -a /home /storage/Users/
<Patrickdk> normally using -v also is nice
<Patrickdk> so you can see what is going on
<airtonix> no nfs involved here, all on the same system
<Patrickdk> sounds like your hitting fun zfs bugs
<airtonix> https://github.com/zfsonlinux/zfs/issues/154
<Tyler> hey anybody around that might be able to help me with file permissions/umask?
<UnReason> Hola gente
<goddard> should my boot partition be 175MB?
<chelz> goddard: that's an okay size. 15MB per kernel, including updates
<chelz> goddard: that would give you space for 10 kernel updates plus the original
<rassrunk> I have a ubuntu server that runs samba on it, and i have recently put in a extra hard drive that i plan to use for samba. My question is how do i format the hard drive and how do i automatically mount it if i where do reboot my computer.
<pmatulis> rassrunk: ideally you would be using LVM.  if not, just use fdisk to format and then edit /etc/fstab to have it mounted
<pmatulis> upon boot
<uvirtbot> New bug: #920020 in asterisk (universe) "NOT FOUND answer on OPTIONS request" [Undecided,New] https://launchpad.net/bugs/920020
<uvirtbot> New bug: #920061 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu4.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/920061
<uvirtbot> New bug: #920092 in dbconfig-common (main) "package dbconfig-common 1.8.44ubuntu1 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/920092
<zastaph> how do I automount a HDD on boot? putting "sudo mount /dev/sdb1 /mnt/backup" in .bashrc probably wont work, since its a sudo command?
<Nafallo> zastaph: man fstab has good instructions.
<zastaph> can I just add /dev/sdb1 /mnt/backup to the end of it? without all those ext3 and other specs in the end
<Nafallo> no. you need some of them options, or it won't be valid.
<Nafallo> also, you might well want to find out the UUID of the filesystem.
<zastaph> ouch
<zastaph> considering making one big LVM of all my disks
<zastaph> of course i want to mount it with the filesystem I already given it.. it should be able to check that if I dont specify it :)
<Nafallo> zastaph: sudo blkid on a terminal should help you.
<zastaph> ok, then just gotta decide on what to put in Options :)
<zastaph> ok just wrote the same as the primary partition
<zastaph> that seemed to work
<Nafallo> defaults is a good default :-)
<zastaph> i omitted the explicit defaults, just wrote errors=remount-ro 0 1
<Nafallo> I would change that to defaults 0 2 if I were you :-)
<zastaph> why 2
<zastaph> got it
<zastaph> another thing.. if I ssh into my box, and run something with X11Forwarding on my x11 server, it opens a windows.. but what happens if I exit (thus logout) the console I started the X app from?
<zastaph> will it continue running
<Nafallo> I don't think it'll let you logout until you've closed that window. but that's just speculation from my side.
<zastaph> well thats the odd thing.. the window remains functional.. I see "logout" on the console window, but the connection is not closed.. it only comes up with a conneciton is closed message if the X window is closed first
<zastaph> but if I write exit I have no interaction with the console anymore
<Nafallo> that's kind of what I was trying to say, yes :-)
<zastaph> so maybe my connection is still lingering somewhere
<zastaph> even if I open an X window, and close that window, then exit, it does not close the connection
<zastaph> so something remains active
<Nafallo> it will remain active as long as you hae that x-window open, yes.
<Nafallo> when you close that, the logged out connection will finally disconnect.
<zastaph> i properly quit the X window, and then exit the console, and it still doesnt close the connection as it would had I not opened an X window
<zastaph> but perhaps because I'm on windows, using X-ming and putty
<Nafallo> hrm. and yeah, in that case I guess something is still active, or waiting for you something.
<Psi-Jack> Hmmm. I'm trying to find a PPA for ubuntu 11.10 that has newer packages for Zabbix, because 1.8.5 is like ancient old.
<Psi-Jack> Doesn't even support includes or unsafe external params.
<JanC> Psi-Jack: I wouldn't say something released in August 2011 is "ancient old"   :P
<Psi-Jack> It is in the Zabbix world. ;)
<JanC> i guess you could ask for a backport from the precise repositories
<JanC> or you could try to backport it yourself
<JanC> Psi-Jack: https://launchpad.net/ubuntu/+ppas?name_filter=zabbix --> seems like several people do build zabbix packages
<JanC> of course, you want to make sure those particular PPAs are safe
<SockPants> hi all
<SockPants> i've switched a server to a new vm host and the NICs changed. how can i redetect the network hardware?
<Patrickdk> edit /etc/udev/rules.d/70-persistent-net.rules
<goddard> i can figure out where my footer information is stored in the database
<nancy-->  i have one website but many types of projects. eg. blog , webhosting services, software selling and development     .          i was thinking ,instead of 3 different sites, to make just one website and at sub domains for each. like  soft.mysite.com , blog.mysite.com  etc . good idea for  SEO and users , marketing , etc  any comments ?
<Onepamopa> Need to report something: kernel 3.0.0-15-server has some issues, causing a lot of interruptions (even freezes @ bash when no major processes running)
<Onepamopa> just reverted to 3.0.0-14-server - everything is perfect.
<Onepamopa> freezes @ bash = Im executing a random command and the console lags for ~1-2 seconds, no idea how else to explain it.
<JanC> nancy--: as a user I tend to like subdomains, and it's also easier to configure in many cases
<nancy--> JanC,  i had that thought because any customer coming for one purpose. eg say hosting . will also see the other 2 things. software and blog. ill make the main page (mysite.com) as a choice to go to any of the three.
<nancy--> nice idea?
<JanC> it also depends on the size of your business, I guess, and how important name recognition for the distinct services is
<Onepamopa> seems like noone's interested in kernel problem ;)
<nancy--> JanC,   i have 3. blog , sof, hosting
<nancy--> i only got the name as my-site.com            not as   mysite.com           have to make a hyphen in it..        thats not a good idea i think ?
<JanC> Onepamopa: it's Sunday night over here, and Sunday evening in the US, so most people might not be around  ;)
<Onepamopa> JanC seems that way =)
<Onepamopa> anyway, I just thought I'd inform someone, save them the trouble of wondering "what the f?ck is going on"
<Onepamopa> ;)
<JanC> Onepamopa: you might want to file a bug
<Onepamopa> JanC no idea how to explain exactly what happens ....
<JanC> and/or try to find what is wrong with it  âº
<Onepamopa> fresh restart, stop all applications like apache, mysql etc, drop the primary net interface and just start to do something like executing ls 10 000 times
<Onepamopa> 50% of execution lags console for 1-2-3 seconds
<nancy--> JanC,   or my-site.com/soft        and my-site.com/bloging         is better.      whats your comments?
<nancy--> JanC,   or soft.my-site.com        and bloging.my-site.com        is better.      whats your comments?
<Onepamopa> nancy-- depend, I think / is better for googlebot indexing & etc
<nancy--> Onepamopa,  hmm. ok
<JanC> it's also easier to set up in many cases
<Onepamopa> that's what I heard from some blackseo gurus
<JanC> as many webapps assume / if not told otherwise ;)
<Onepamopa> true
<nancy--> hm..
<JanC> and it allows you to move one of them elsewhere easily later
<JanC> elsewhere = to another server
<nancy--> well finally guys.  . . give a name to the site.            it has       software dev , webhosting, and bloging.
<ikonia> nancy--: that is not for this channel as you've been told
<Psi-Jack> Heh
<ikonia> nancy--: #ubuntu = ubuntu support #ubuntu-server = Ubuntu server support, #ubuntu-offtopic (where you are already discussing this) is the only place
<Psi-Jack> ikonia: How's things, man?
<nancy--> oops. i forgot ikonia   . going back to ubuntu-offtopic . sory
<Onepamopa> nancy-- something else, as far as I know, you cannot assign different A record to /subdomain
<ikonia> nancy--: please don't lie, you didn't "forget" as you've been told this and you're still discussing it, stop trying to push this
<nancy--> ok ikonia
<Onepamopa> ikonia is a bad-ass =)
<nancy--> well not talking technicall stuff...            a /subdomain cant have A record. but  a   subdomain. domain .com  can have ?
<nancy--> now* talkin..
<Onepamopa> Yes, and stop asking such questions in server-related channel
<ikonia> nancy--: if you ask again, I will remove you from the channel
<ikonia> nancy--: clear ? yes/no
<nancy--> yyup
<nancy--> crystal
<nancy--> like someone just kicked you from #ubuntu ?
<Onepamopa> more like banned
<nancy--> onia has kicked sennin from #ubuntu (you lost)
<ikonia> no-one has kicked me from #ubuntu, stop disucssing it, if you need help with ubuntu server, this channel is perfect, anything else, stop
<nancy--> ... no coments
<ikonia> nancy--: correct,
<nancy--> oh. its was you who is in the kicking mood today
<ikonia> nancy--: please stop trying to push me, this is your final warning
<Onepamopa> ikonia ... just do it
<nancy--> ooh.. i step back from the great lord or irc ! ikonia
 * Psi-Jack shakes his head and gives the thumbs down.
<Psi-Jack> nancy--: Troll elsewhere.
<nancy--> he has sooo much power..   he can Kick !!             aaa...         what else can you do ?
<Onepamopa> nancy-- stop acting like stupid
 * nancy-- stops
<Onepamopa> its not funny
<Psi-Jack> Hehe, anyway. ;)
<uvirtbot> New bug: #920202 in bind9 (main) "bind9 fails to install on precise" [Undecided,Confirmed] https://launchpad.net/bugs/920202
<Psi-Jack> ikonia: So, I actually took the time this weekend to totally rebuild my entire home-based server infrastructure. ;)
<ikonia> Psi-Jack: bravo
<Psi-Jack> Switched out openSUSE 11.4 firewall (active/failover), to Ubuntu 11.10, which will be moved up to 12.04 about a month or two after it's release.
<JanC> hm, anybody know what the best fingerd for Ubuntu/Debian is?  (I'm mostly interested in security, but also configurability)
<Psi-Jack> Switched Debian 6.0.3 to Ubuntu 11.10 for my LVS directors.
<Psi-Jack> Replaced my Debian 5 Zimbra mail server to Ubuntu 10.04 LTS.
<JanC> (security with default packages)
<Psi-Jack> And my Debian 6 web cluster to Ubuntu 10.04 LTS as well. ;)
<ikonia> JanC: as in "the finger daemon"
<JanC> ikonia: yes
<ikonia> JanC: the default one (can't remember the package) is probably your best option,
<ikonia> I take it you're not putting finger on the web ?
<JanC> ikonia: there is no default one that I can see
<Psi-Jack> I'm curious about one thing though. Ubuntu 12.04 is just around the corner, in a couple months. Does anyone know yet if it will keep PHP 5.3 support, and does it plan to also keep PHP 5.2 support?
<JanC> and I don't wee what the web has to do with finger  ;)
<ikonia> JanC: hang on, let me see if I can find it, there isn't one installed by default (probably for security)
<JanC> don't see
<ikonia> JanC: sorry, I meant I assume you're not going to open up "finger" to the public internet
<JanC> I intended to put it on the public internet, yes
<ikonia> cfingered
<ikonia> oh wow, you actually want people to finger your machine on the web
<JanC> *if* it can be done securely
<ikonia> that's a tall order, finger attacks always used to be an easy target
<JanC> well, I don't see exactly why finger should be an easier target than SMTP or HTTP servers...
<Psi-Jack> Yeah. used to be..
<Psi-Jack> linux.org's been running a fingerd for eons/.
<Psi-Jack> Custom, of course.
<Psi-Jack> Err, kernel.org, sorry.
<Daviey> wow, people still use finger? :)
<Psi-Jack> Yeppers.
<ikonia> there is a daemon that can rate limit the fingerd daemon, but I don't see it in cfingered
<JanC> cfingerd was one of the implementations I looked at earlier, but they didn't publish new versions since 2003 or so?  ;)
<ikonia> no point putting out an update if thre is nothing to update
<JanC> OTOH, seems like that's true for most
<ikonia> fingers pretty dead in general
<ikonia> as Daviey not really a massivly in use tool any more
<ikonia> "as Daviey said"
<JanC> ikonia: duno, it seems like it can be very useful really  âº
<Psi-Jack> I use finger in like 600 servers I manage. ;)
<Psi-Jack> Cause I want to see if a user has access to a specific box, by not having to ssh into it and just finger for it, I can see right off the bat if they do or don't.
<ikonia> JanC: certainly has some uses
<Daviey> Psi-Jack: I hope you don't use it as part of an auth chain?
<Psi-Jack> Heck no. ;)
<Psi-Jack> It's internal use only.
<Psi-Jack> I use efingerd in most cases, so I can actually query what groups a user is in on a particular box.
<Psi-Jack> And thus, what they're capable of, on said server. :)
<Daviey> Wait, you manage user groups per box?
<Daviey> on *600* servers?
<Psi-Jack> Currently, yes.
<JanC> ikonia: part of why I want to use it is e.g. to provide some address info to people on IRC channels that are logged, hoping spambots don't have intelligent finger support  ;)
<ikonia> interesting idea
<Daviey> Psi-Jack: I'm really quite suprised that with 600 servers, it's not managed centrally.
<Psi-Jack> Daviey: My company got merged into another company which is a bunch of Windows ignorants, they want to tool it up to their LDAP server, but I'm hesitant until they can provide a full plan of action that will actually not suck.
<Daviey> Psi-Jack: ah
<Psi-Jack> Daviey: And that was the baseline infrastructure BEFORE I got there, so. I kinda came in to bad design, hence, why I was hired in the first place, to fix their bad practices.
<JanC> Psi-Jack: why do you use efingerd instead of e.g. cfingerd ?
<Psi-Jack> Now these guys are talking about making a linux server as a "jump host", before even being able to get into the actual servers within the DC, I'm like. Why? "PCI compliance." You don't need that for PCI compliance if your segmentation is properly done.
<Psi-Jack> JanC: efingerd can run stuff.
<Daviey> ah, right.  Incidently, my employer has home directories on servers for former employees.  That feels odd.. The accounts are gone, but thier traces remain.
<JanC> so can cfingerd, if I understood
<Psi-Jack> efingerd is a finger daemon, which executes programs and displays their output. This gives you complete control over what to display and to who, and an extreme configurability
<Daviey> Hah, actually, their account still exists.. just locked.
<ikonia> Daviey: a lot of places I work with do that
<ikonia> some places I can see value, others I can see risk/waste
<Daviey> Psi-Jack: How do you do config management.. i trust you don't use expect or something to remove users on each machibe?
<Psi-Jack> Daviey: Heh, I wrote a script that I maintain with every new installation that ssh's into each server through ssh-key to root, and locks a user.
<SpamapS> Been there.. done that. :)
<Psi-Jack> but, for the most part.
<Psi-Jack> All access is locked out as soon as they're taken out of the VPN access.
<Psi-Jack> because you can't get into any server without VPN from outside the internal network.
<JanC> Psi-Jack: you don't use a VPN on the internal network?  âº
<Psi-Jack> We do actually.
<Psi-Jack> Our delocated offices VPN to each other.
<Psi-Jack> But, again, that's still within the internal network infrastructure. :)
<Psi-Jack> Hmmm
<Psi-Jack> I really need to get into IPv6 sometime. :x
<Psi-Jack> Anyone here familiar with how I'd go about setting up 6to4?
<Psi-Jack> So that I could, if I understand this right, actually connect to IPv6 addresses, via IPv4?
<JanC> Psi-Jack: at home I use miredo (teredo) currently, which is mostly install & use right away
<Psi-Jack> Hmmm. Interesting.
<Psi-Jack> an IPv6 tunneling server, with NATs?
<JanC> you can use it behind a NAT, yes
<Psi-Jack> I currently have my own local reseveration for fs21:2cd0:6f99::/48, so I'm kinda hoping to make use of that with proper planning.
<Psi-Jack> I don't want completely random local IPv6 addresses. :)
<JanC> I guess that's not what teredo was designed for
<Psi-Jack> or even based on my MAC. :)
<JanC> but it's a great solution for "instant IPv6 access"
<Psi-Jack> Hence, why I was considering 6to4, because I could use my existing IPv4 gateway with it, to my understanding.
<Psi-Jack> Holy crap.
<Psi-Jack> My IPv6 /is/ working, at least from one of my firewall-routers. ;)
#ubuntu-server 2013-01-14
<elkingrey> sw: Well, I just want to know whether or not it was originally enabled before I started tinkering with it 20 minutes ago,
<sw> elkingrey: by default it'll be installed but won't have rules added
<elkingrey> sw: yeah, just curious if it was enabled or not.
<lvmer> I've got a crashed ubuntu server because of some file permissions. Is there a good way to boot to the live cd and get a $ dpkg -l    & somehow compile that list so I can install the same programs on the re-install?
<lvmer> pretend it is a healthy computer - how do I compile a dpkg -list   and install it on a fresh install?
<sw> lvmer: $ dpkg --get-selections > packages.txt and then $ dpkg --set-selections < packages.txt and $ apt-get dselect-upgrade
<sw> or something like that, I'm tired
<sw> $ man dpkg and look at --get-selections and --set-selections to be sure
<blair_> where do i report a bug in https://help.ubuntu.com/12.04/serverguide/ubuntucloud.html and https://help.ubuntu.com/12.10/serverguide/ubuntucloud.html?  these pages seem to document the Essex release and not the Folsom release, specially the format of /etc/nova/nova.conf has changed
<TradeFortress> I believe my server has being compromised. Apache access.log and error.log is missing Jan 12th
<TradeFortress> How do I see if someone actually logged onto my server? access.log has a lot of disconnects from an IP in china
<ikonia> TradeFortress: then they have not logged in
<TradeFortress> ok, thanks. is there any reason for missing Jan 12th in Apache logs? other than an attacker removed them?
<patdk-lap> isn't the default only weekly rotates?
<PryMar56> TradeFortress, see if they are parsing for php* (blogs,wordpress,sql) setup config files... they will try to get credentials
<TradeFortress> ahh, I'm not running a custom script, I'm running a self developed one (which was hacked)
<ikonia> TradeFortress: if you have any reason to suspect comrpomise, re-install your whole OS resetting all passwords
<TradeFortress> ikonia: I'll do that, but then I'll get attacked again.. can't see how they did it with the logs.
<ikonia> TradeFortress: no,
<patdk-lap> the longs won't show much
<ikonia> TradeFortress: you seem to know what it was already, your script
<patdk-lap> and it might show 1 issue, but not all issues you have
<patdk-lap> expecially if they used POST requests
<TradeFortress> okay, but the attacker somehow got root access..
<ikonia> TradeFortress: delete your OS - re-install
<ikonia> TradeFortress: that is the answer
<patdk-lap> if they got root access you have many levels of issues to correct
<patdk-lap> and the logs won't show that
<TradeFortress> thanks everyone, I'm going to reinstall & look for a pentester
<lvmer> I just had to reinstall ubuntu-server on the main OS disk. I had 8 other disks in software raid 10 before the re-install. Typing $ mdadm --detail /dev/md0   looks to be perfect.  How do I make sure I remount or re-declare this array the right way?
<patdk-lap> heh?
<lvmer> o?
<patdk-lap> if you didn't copy over mdadm.conf, then the best shot is mdadm --examine --scan
<ikonia> lvmer: if the array is started....it's there
<ikonia> lvmer: you can also put the sattings back in /etc/mdadm/mdadm.conf
<lvmer> idk if it is started or not
<ikonia> check
<lvmer> or /etc/fstab ?
<ikonia> err no
<ikonia> that's a list of mounts
<lvmer> I don't remember playing with mdadm.conf
<ikonia> mdadm to query it
<ikonia> or use /prod/mdstat
<ikonia> proc
<lvmer> you lost me
<lvmer> it's a fresh install, would it be there normally? ps shows mdadm --monitor
<ikonia> no
<ikonia> that's just mdadm monitoring the arrays status
<lvmer> yah
<lvmer> as I'd expect
<ikonia> so why are you referencing it ?
<lvmer> ?
<lvmer> I want to know if I have to rebuild something or just remount it
<ikonia> I've just told you to check the arrays status
<lvmer> proc says it's active
<ikonia> you said "mdadm --monitoring" is running,
<ikonia> I told you that's a monitor program
<lvmer> it is in ps
<ikonia> you said "I know"
<ikonia> so I'm waiting to understand why you've just told me that information as it has nothing to do with the conversation
<lvmer> I'm confused
<ikonia> what is confusing
<ikonia> if it's running - you can use it
<ikonia> check the array status
<ikonia> if it's not you need to start it
<lvmer> it is active
<ikonia> it's useful to create an /etc/mdadm/mdadm.conf file also
<lvmer> what is it used for?
<ikonia> a config file for mdadm's array info
<lvmer> never used it before
<lvmer> isn't that auto created?
<ikonia> not always, but it should be
<ikonia> hence why it's worth checking it / creating it
<lvmer> it is already created
<lvmer> I think the must be an auto install thing
<ikonia> ok....so checking it is worth while
<lvmer> all the volume groups and logical volumes and pv's look identical
<ikonia> why are you referencing LVM ?
<ikonia> you where talking about a raid array a moment ago
<lvmer> crazy how everythign is the same... I thought id have to redo stuff
<ikonia> did you format the raid array ?
<lvmer> no that could erase info
<lvmer> I'm recovering a raid10
<ikonia> then why are you shocked that the data is there ?
<lvmer> I'm shocked the vg's are still there
<lvmer> not the data
<lvmer> thought that was an OS config
<ikonia> ok the array data
<lvmer> have you ever recovered an array before?
 * patdk-lap would hardly call that recovering a raid10
<ikonia> yes
<lvmer> what do you usually do
<ikonia> "usually"
<ikonia> what are you talking about
<ikonia> what has happened to the array ?
<lvmer> recovering an undamaged array... but thanks for your criticism.
<ikonia> no-one it criticising you
<lvmer> I told you already
<ikonia> lvmer: what has happened to the array ?
<lvmer> reinstall
<ikonia> no, you've not
<ikonia> ok - so nothing has happened to the array
<patdk-lap> he reinstalls the os drive, and is remounting the raid
<ikonia> you are not recovering it
<lvmer> (1/13/2013 8:29:49 PM) lvmer: it's a fresh install,
<ikonia> yes, but you also said you are recovering a raid array - you are not
<ikonia> that is adding confusion
<lvmer> ok
<lvmer> what now
<patdk-lap> activate the lvm
<ikonia> I don't understand what you are asking
<patdk-lap> add your filesystems to fstab
<patdk-lap> done
<ikonia> there array has no problems
<lvmer> ah thank you pat
<ikonia> so what is the problem ?
<patdk-lap> sounds like, access to his data, but had no idea how mdadm/lvm/... works
<ikonia> if it's a clean install though, you do nothing
<ikonia> the installer will create fstab/start the volume groups etc
<ikonia> I don't see a problem
<patdk-lap> ikonia, existing install of the mdadm raid
<ikonia> patdk-lap: yeah, the installer will just see an array
<ikonia> he's done an install ontop of that array.....no problem
<lvmer> I'm still a noob here. I have 3.5.0-17 headers, is it ok to install 3.5.0-21 headers in addition? I had both before. It seems strange to me though. Idk what headers even are.
<lvmer> I was going to run a dpkg -l   selection file  to get all the old programs/libraries
<lvmer> is there any way to $ cp -r /etc/*  to a smb share folder that I can copy to another computer while keeping all the file permissions the same?   Like what if I send /etc/* to a .zip files & change the .zip file permissions, will the inside file permissions still be intact? like 0750 ? etc.
<zul> lifeless:  the testrepository package was missing python-tz so everything is kosher now
<lifeless> zul:  cool
<qman__> lvmer, a tar archive will store the unix permissions
<samba35> ubuntu server 12.04.2 will be based on which kernel version ?
<smb> samba35, If you install from the 12.04.2 media, you will get a 3.5 kernel. Installing with the release or 12.04.1 image and dist-upgrading keeps you on the 3.2 kernel.
<samba35> smb, thanks
<jamespage> zul, Daviey, adam_g_: I just reviewed all of the cloud-archive bugs FYI
<Daviey> jamespage: woot!
<Daviey> thanks
<jamespage> jodh, thanks for picking up on 'Framebuffers, plymouth, upstart and server installs.'
<jamespage> Daviey, are we confirmed on the 3.5 kernel for 12.04.2 yet?
<jamespage> Daviey, just spotted smb's comment above
<Daviey> jamespage: pretty much looks like it, against my hope.
<jamespage> Daviey, OK - I need to spend time with openvswitch then
<jamespage> it won't work with 3.5 kernel at-all with the version we have in 12.04 ATM
<jamespage> which will break quantum badly
<Daviey> jamespage: Apparently the kernel team are checking it..
<jamespage> Daviey, I would recommend they backport the version we have in quantal
<Daviey> jamespage: 12.04.2 has been delayed btw.
<jamespage> its only minor point release
<jamespage> Daviey, yeah - I saw
<Daviey> jamespage: does that work with 3.2 ok?
<jamespage> Daviey, probably
<jamespage> I've not tested it - but we can do
 * smb had a commend?
<jamespage> smb "<smb> samba35, If you install from the 12.04.2 media, you will get a 3.5 kernel. Installing with the release or 12.04.1 image and dist-upgrading keeps you on the 3.2 kernel."
<smb> Oh that one...
 * Daviey commends smb for resolving the openvswitch issue
<jamespage> smb, yeah - that one :-)
<smb> Daviey, Not my issue
<jamespage> smb, actually I could do with a bit of help with openvswitch in raring as well
<Daviey> smb: I thought Leanne said that your team was working through the dkms issues?
<jamespage> smb, dkms module is broken again - looks like headers in the linux kernel source have jigged around for 3.8?
<jamespage> smb, bug 1098650
<smb> jamespage, If it is not about the in-kernel stuff being not fully enabled functionwise, I have no clue about what problems you may have
<uvirtbot> Launchpad bug 1098650 in openvswitch "dkms module fails to build with 3.7/3.8 kernel" [High,Confirmed] https://launchpad.net/bugs/1098650
<smb> Daviey, Likely those they _know_ about.
<smb> There were some wl issues afaik
<Daviey> smb: Wait, QA or Kernel team hasn't tried installing all dkms modules in th archive and seeing if they go bang?
<smb> Daviey, Cannot speak for QA but, no
<jamespage> jibel, who's focussed on 12.04.2 from the QA team?
<smb> Daviey, We expect at least that people providing the dkms modules to test and come back to us as part of the process.
<Daviey> smb: OK, I think i need to send a mail.
<smb> Daviey, Yes, it would at least make things clear. (hoipfully) I mean there is probably a misunderstanding at least what *all* means.
<smb> And there are probably more dkms modules than we realize
<Daviey> Yeah, i am realy quite shocked that either kernel or QA team didn't test this.
<jibel> jamespage, plars is the QA contact for 12.04.2. For kernel specific issues it is hggdh
<smb> jamespage, I can have a look at the bug you mentioned in a bit
<jamespage> smb, yes please
<jamespage> smb, I think the configure check just needs updating but I've not had time to look in full yet
<smb> jamespage, Yeah, either things like that or adding further ifdefs for a more or less slightly changed api in the kernel...
<jamespage> smb, actually looks like this commit will do the trick: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commit;h=2520f4528742decf78a8b375f5389b50977f5e4b
<smb> jamespage, Looks like something I would expect in that kind of situation
<Diegosnat> hi guys
<Diegosnat>  I was wondering if you could tell me a solution to monitor the internet usage of my network?? I want to see what people surf
<f2> hey folks, new to ubuntu server, On a windows domain, got a dhcp address, but im not getting out on the internet. can anybody help me with that?
<f2> when running "sudo apt=get install mysql-server-core-5.5
<f2> i get unable to locate package
<f2> when running "sudo apt=get install mysql-server-core-5.5, i get unable to locate package
<Diegosnat> f2, ifconfig
<Diegosnat> authenticator ntlm_sasl_server: cannot find authenticator driver "cyrus_sasl"
<Diegosnat> how can i solve it??
<Diegthito> guys!! help me!! :'''(
<jamespage> smb, well that fixes the check; compatibility across the dkms module itself is problematic
<jamespage> smb, trunk works OK -  1.4.3 -> 1.9.0~gitXXX it might be
<Jeeves_> Is there some boot-switch to make sure a box boots, even if some mount cannot be mounted?
<Diegthito> authenticator ntlm_sasl_server: cannot find authenticator driver "cyrus_sasl"  <---------- how can i solve it??? It's when I restart exim4
<Jeeves_> I saw a 'Press S to skip this mount'-warning last week
<Jeeves_> I pressed S, but this time I was next to to box
<Zapp83> Diegthito: http://nixforums.org/viewtopic.php?p=440661 may help!
<Diegthito> Zapp83, already seen unfortunately
<Zapp83> Diegosnat: ok, Have you looked at  https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingSaslauthd  ?
<smb> jamespage, I can imagine that the network stack is less than ideal for having to cope with in an external module. Also it sounds like you are already on top of it. Not really anything I could or would do differently here than to sync with a recent version. And it pretty much sounds like you are done with it.
<jamespage> smb, it looks pretty horrid TBH
<jamespage> the 1.4.x branch we currently baseline on only supports to kernel 3.3 I think
<jamespage> so we already carry patches for 3.5;
<jamespage> I've emailed upstream to ask for some guidance - we might have to take a preview snapshot of 1.9.x
<smb> jamespage, Yeah I can imagine. Everytime I look into network it has again changed a lot. :/ So my feeling would be as well to see whether dropping 3.5 patches and just rebase against their tip for raring is way to go. And maybe hope there is a final 1.9.x before entering freeze on our side
<jamespage> smb, that will be the trick :-)
<smb> jamespage, At least we promise not to change our kernel version again before release... ;)
<jamespage> good
<dassouki> what are some of the application that can allow me to accessm my email account from terminal if let's say i'm emailing myself a fiel or something (gmail)
<Diegosnat> hi guys, quick question can I use samba, kerberos and cyrus all together??
<RoyK> Diegosnat: don't see why not
<Diegosnat> RoyK, cool
<_ruben> glueing 'em all together might be tricky, but might be doable .. if you want that is unclear tho
<andygraybeal> was the java vulnerability that is popular right now .. with the exploit for oracle's java, was that vulnerability fixed with openjdk?
<jamespage> andygraybeal, I believe its in the Oracle Java Web Plugin which is not opensource so is not distributed with openjdk.
<andygraybeal> jamespage, okay, i thought the vulnerability was in both, but only the exploit was for oracle's java.  and thanks for saying it was the 'web plugin' in particular.
<jamespage> andygraybeal, I'm not 100% sure - but it won't effect server side stuff anyway
<jamespage> as the exploit is through java in the browser...
<andygraybeal> okay thank you.
<jamespage> np
<andygraybeal> i use ltsp :)  so i have the client stuff installed on the server
<andygraybeal> but i understand :)
<Diegosnat> hi guys, I have got this problem... any idea?? do_auth         : auth failure: [user=] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
<zul> Daviey: can you do me a favor and promote testrepository (1096914), python-stevedore (1086958) and alembic (1097706), nova, cinder, and quntum is in dep-wait because they havent been promoted yet
<Diegosnat> hi guys, I have got this problem... any idea?? do_auth         : auth failure: [user=] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
<patdk-wk> Diegosnat, fix your sasl
<dnat__> hi guys, I have got this problem... any idea?? do_auth         : auth failure: [user=] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
<Daviey> zul: done, will be active on next publisher run
<zul> thanks
<frojnd> Hi there :)
<frojnd> I have following task to complete; I have to install web server (I'll do lightppd since it's light and easy) and I have 2 external IP adresses. Now my first external IP address is already assigned to eth0 network card. But I have another gigabit network card and unasigned second IP address. I'll use my first IP address for git commits and second IP address for web server. What would be the safest way
<frojnd> to achieve that?
<frojnd> Oh, I have ubuntu server 12.4
<toabctl> hi
<RoyK> ho
<toabctl> is dbconfig-common still the right way to support DB credentials in a package?
<toabctl> see http://people.debian.org/~seanius/policy/dbconfig-common.html/
<roaksoax> Daviey: ping
<roaksoax> Daviey: are you SRU member already?
<Daviey> roaksoax: no
<roaksoax> Daviey: ok :)
<frojnd> Help please? :)
<diego_> guys I really need help with Ubuntu, Samba and Kerberos
<diego_> somebody??
<frojnd> Is here any bot that helps find documentation? I really need some documentation on how to configure multiple public IP addresses
<kodapa> frojnd: google ;)
<frojnd> kodapa: hi :)
<frojnd> In my case what would be better? To configure separately public IP addresses for each NIC or both public IP addresses for one NIC?
<frojnd> and by better I mean more simple
<ckramer> anyone know why the Precise virtual kernel doesn't include 9p filesystem support?
<newlinux> Hi all
<newlinux> I need urgent help
<newlinux> can someone help me out
<NaGeL>  hello. I havea problem with my ubuntu. i installed it on an old computer. andi use ethernet to cnnect it to my router. now my router gives it az IP throught DHCP. a reserved one. this is fine, but wheni start up the PC ubuntu getsa total random IP that doesnt work at all. Butwhen i click on disconect wired network and reconnect it it magically works
<zul> Daviey: python-flask as well? (1086955)
<ckramer> newlinux: what is the nature of your issue?
<newlinux> I have installed ubuntu 12.10 server with the mail sever
<newlinux> can i know how to create new email accounts and use it as email server
<frojnd> I've set up another external IP addrses for second NIC. I wa s able to ssh from new IP address but ifconfig -a didn't show any TX or RX bytes for this NIC that has this new IP address. Odd isn't it?
<ckramer> newlinux: here a good link from Ubuntu answers which covers that topic. http://askubuntu.com/questions/54960/how-do-i-set-up-an-email-server
<jamespage> bug 1086955
<uvirtbot> Launchpad bug 1086955 in flask "[MIR] flask" [High,Fix released] https://launchpad.net/bugs/1086955
<Daviey> zul: done
<newlinux> thanks <ckramer>  I will check it out
<RoyK> hi all. any idea if hardware raid controllers out there support TRIM these days? I'm planning a Bacula install with PostgreSQL on SSDs, so TRIM would be nice
<frojnd> I need help with configuring multiple network card with multiple external IPs. I've set up second nic with second external IP address. I can ping second IP address but when I ping from second NIC destinations are unreachable (external)
<RoyK> pastebin /etc/network/interfaces, please
<newlinux> hi all\
<RoyK> hi/
<frojnd> RoyK: http://sprunge.us/daeL
<frojnd> RoyK: note I had to mask some ips...
<Diegosnat> HELP MEE!!! :'''((    Ubuntu + Samba + Kerberos + Cyrus!!
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<RoyK> frojnd: first of all, just add dns to one interface
<Diegosnat> guys I cannot use kerberos with cyrus
<RoyK> otherwise it looks ok
<frojnd> RoyK: ok will try that now
<Diegosnat> actually my kerberos
<Diegosnat> seems not to work
<newlinux> how can i create new mailbox's in ubuntu 12.10 server with pi
<ikonia> what a great description of the problem and troubleshooting process you have tried to now
<ikonia> "it won't work"
<ikonia> newlinux: with "pi" ?
<newlinux> sorry
<newlinux> i want to create five email accounts
<RoyK> what mailserver?
<newlinux> i have installed ubuntu 12.10 with email
<ikonia> what mail server are you running ?
<ikonia> "with email".......
<newlinux> postfix
<frojnd> Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces (this also happened the first time I added eth1)
<ikonia> ok, so each system user by default will also have a mail account associated with it
<ikonia> user@server.fqnd
<newlinux> yes
<newlinux> yes
<ikonia> so create a new user
<RoyK> newlinux: you probably want a good poa too, like cyrus or dovecot or something
<newlinux> im new to linux
<newlinux> shall i create a normal user accounts?
<RoyK> newlinux: postfix is an mtu, it talks smtp, not much else
<newlinux> how to give the email
<RoyK> !mailserver
<ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/12.04/serverguide/C/email-services.html
<ikonia> newlinux: each "normal" user account will also be associated with a mail account
<ikonia> newlinux: eg: user@hostname.fqdn
<RoyK> newlinux: read that
<frojnd> RoyK: I still get: From 95.x.y.46 icmp_seq=3 Destination Host Unreachable when trying to ping 8.8.8.8 like this: ping -I eth1 8.8.8.8 any other ideas?
<newlinux> ok, during the installation of ubuntu i selected to install mail server is that enough?
<ikonia> not really
<RoyK> frojnd: not really, but is the address available from the internet? if you post the address (or pm me) we/I can try
<ikonia> newlinux: have you any understanding of how to run a mail server ?
<frojnd> RoyK: yes incoming connections are allowed, I can ssh and ping from my home IP address to this newly created IP on eth1
<RoyK> frojnd: then what's the problem?
<newlinux> yes still im confused
<RoyK> newlinux: did you read that article from the guide?
<frojnd> when pinging from this newly created IP address (external ofcourse)on eth1 host is unreachable
<frojnd> RoyK: I must setup lighttpd for this newly created IP addrss :)
<RoyK> I guess just tell lighty to listen to that address
<newlinux> you mean this one https://help.ubuntu.com/12.04/serverguide/postfix.html?
<RoyK> !mailserver | newlinux
<ubottu> newlinux: Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/12.04/serverguide/C/email-services.html
<newlinux> i have done that
<newlinux> but how to create new accounts?
<frojnd> RoyK: when I do ifconfig under eth1 I see: RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
<frojnd> I'll first try to set up lighttpd
<RoyK> strict firewall somewhere?
<frojnd> no pysical firewall anywhere
<frojnd> only apparmomr
<RoyK> i'd recommend using ufw to limit access to those services you want to expose
<RoyK> but never mind that now
<RoyK> I guess these are two physical NICs?
<frojnd> yes
<frojnd> well at least lspci | grep ethrnet says :p
<frojnd> Ethernet*
<frojnd> let me setup lighttpd first
<newlinux> RoyK> can you advise how to create a new email user from web
<RoyK> newlinux: you need an email server that has a web ui. only thing I know that is very userfriendly in that, is zimbra, but it'll require a dedicated setup, usually a VM
<newlinux> I have ubuntu 12.10
<newlinux> I just want to create two users, user1@domain.com, user2@domain.com
<RoyK> well, either you read the ubuntu docs on setting up a mailserver, or you setup a dedicated VM on ubuntu 12.04 and download zimbra - it's easy to manage, good for newbies, but rather heavy cpu and memory wise
<ikonia> newlinux: this is a waste of time
<RoyK> newlinux: just read the docs on cyrus imap or dovecot - it's not hard, but you have to study a bit
<ikonia> newlinux: you appear to have no basic understanding of how a mail instance works and you don't seem to be reading any of the documentation provided
<ikonia> just repeating the same question over and over is not acceptable
<RoyK> ikonia++
<newlinux> ok I will try again, im new to linux thats why :)
<LuizAngioletti> Hello there! I want to adjust the terminal resolution... where should I poke?
<ikonia> newlinux: if you are new to linux, setting up a mail server is not a good introduction
<RoyK> newlinux: learning linux or other unices takes time - just sit back and read for a while...
<RoyK> ikonia: it can be a good start - don't scare people ;)
<ikonia> newlinux: plus being new to linux does not mean you should bypass having an understanding of how a mail serverup works
<RoyK> it just require patience
<RoyK> it's too cold in this country!
<ogra_> move then :)
<RoyK> nah
 * patdk-wk moves the sun, to make royk happy
 * RoyK sends patdk-wk some akvavit in return
<patdk-wk> that reminds me, but alittle depressing
<patdk-wk> http://www.nuts.com/chocolatessweets/licorice/finnish/red.html
<patdk-wk> damn, it's 1pm all ready, thought it might be 11am
<LuizAngioletti> Does anyone knows how to adjust the terminal resolution? I've tried a code in kernel boot-up: vga=xxxb, but it didn't work.
<patdk-wk> hmm, pure sugar, no wonder I love them
<patdk-wk> LuizAngioletti, what version?
<LuizAngioletti> I followed some instructions in a link I lost... so.. =) Came to you guys.
<LuizAngioletti> patdk-wk: Ubuntu 12.04
<patdk-wk> most likely you have to adjust it in grub
<RoyK> doesn't 12.04 use pretty high resolution already, if the GPU is supported?
<RoyK> it does for me
<LuizAngioletti> RoyK: It does for my netbook, but not for my desktop (with a GeForce GT440)
<Zapp> LuizAngioletti, Check out   http://www.linuxquestions.org/questions/linux-desktop-74/ubuntu-console-resolution-947005/
<LuizAngioletti> patdk-wk: I tried that.. do you know how to find the supported resolutions?
<LuizAngioletti> Zapp: cheking it.
<patdk-wk> that is very old intel specific zapp
<LuizAngioletti> not cheking it then. =P
<patdk-wk> it might be relevent, but no idea what video chipset you have
<Zapp> patdk-lap, i'm assuming you know better!  But i can not find anyware where it says that its only for intel.
<patdk-wk> well, the 915 is a older intel video chipset
<patdk-wk> the nomodeset is normally only required when grub has an issue iwth a video card, for me, older intel chipsets
<LuizAngioletti> I checked it and would really ask about what is between the quotes. But patdk-wk has already explained it.
<LuizAngioletti> I run a system with a GeForce video card, I don't think the intel thingy is suitable.
<patdk-wk> using the offical nvidia drivers?
<patdk-wk> using the opensource driver, it should just work
<patdk-wk> using nvidia, I have done it before, but can't remember how
<LuizAngioletti> Ok.
<LuizAngioletti> I'll look a bit harder.
<LuizAngioletti> =)
<LuizAngioletti> thx
<RoyK> I somewhat think that using non-gpl graphics drivers on a server is a bit dodgy
 * patdk-wk things having a graphics card at all, is kind of silly :)
<Zapp> LuizAngioletti, This might be relevant? http://wiki.debian.org/GrubTransition#Grub2andtheVGAparameter Or what do you think patdk-lap ? Am i way off again? :)
<LuizAngioletti> Zapp: Thank you. I'll try that and report back
<LuizAngioletti> =)
<patdk-wk> zapp, that is the normal way yes
<patdk-wk> but I don't believe it worked for the official nvidia drivers
<frojnd> Is this old? https://help.ubuntu.com/community/lighttpd
<patdk-wk> define, old
<frojnd> up to date for corresponding packages (up to date)
<patdk-wk> yes, it's current infomation
<frojnd> thank you
<RoyK> frojnd: why lighty?
<frojnd> RoyK: no need for apache2
<patdk-wk> why not?
<frojnd> it ueses much less resources than apache2
<frojnd> and above all php is fast on it
<RoyK> why not nginx?
<patdk-wk> all that could be done with apache too, just annoying to configure
 * patdk-wk supports lighttpd :)
<frojnd> RoyK: I recently installed lighttpd on raspberrypi and I liked it so far
<patdk-wk> why not thttp?
<frojnd> I'm more familiar with it then with nginx
<frojnd> RoyK: btw, now I can't even ssh or ping on that second address
 * RoyK sticks to apache on larger things like servers
<RoyK> frojnd: same switch?
<frojnd> yes
<LuizAngioletti> By the way... I'm not a native Engish speaker (in case you didn't notice =P) and I get confused with the names people give to the terminal console...
<frojnd> I have this server at leaseweb btw..
<RoyK> frojnd: does arp -an show any entries on eth1?
<LuizAngioletti> What is what? Console, terminal, Virtual Terminal (VT)...
<LuizAngioletti> =/
<frojnd> RoyK: no nothing
<frojnd> RoyK: only for eth0
<RoyK> wierd - this is hosted?
<frojnd> yes
<frojnd> dedicated server
<frojnd> RoyK: can I pm you with more details? :)
<patdk-wk> likely they disabled it all
<RoyK> frojnd: then ask the isp
<RoyK> frojnd: you may want to go through dmesg to check if eth1 shows any "up"
<RoyK> eth0 should
<RoyK> depending on hardware/driver
<frojnd> yeah it shows like this: link is not ready
<RoyK> frojnd: dmesg | grep eth[0-9]
<RoyK> heh
<RoyK> meaning it's probably unplugged
<frojnd> RoyK: can't be
<frojnd> I was able to ssh just a few minutes ago
<RoyK> or the switchport is disabled
<RoyK> or something fishy is going on
<frojnd> I'll restart networking and see what dmesg has to say
<RoyK> frojnd: was that 'link is not ready' message old?
<RoyK> ok
<frojnd> RoyK: [Fri Oct  5 19:01:25 2012] ADDRCONF(NETDEV_UP): eth1: link is not ready AND [Mon Jan 14 17:30:16 2013] ADDRCONF(NETDEV_UP): eth1: link is not ready (which is today) when I started to assign publi IP addresses
<frojnd>  * Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces
<frojnd>  * Reconfiguring network interfaces...
<frojnd> ANd dmesg says only about eth0 [Mon Jan 14 19:38:27 2013] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
<frojnd> just like eth1 would be ignored
<RoyK> it isn't ignored, dmesg only reports if interfaces change state to 'up'
<RoyK> pastebin interfaces again
<frojnd> # ifdown eth1 && ifup eth1
<frojnd> ifdown: interface eth1 not configured RTNETLINK answers: File exists Failed to bring up eth1.
<frojnd> http://sprunge.us/DChR
<RoyK> frojnd: ifconfig eth1 down # and then up
<RoyK> no 'auto' set for eth1
<frojnd> aha so I should set it to auto I guees?
<RoyK> and remove dns settings on one of them
<patdk-wk> no
<RoyK> yes
<patdk-wk> auto is only need to do an ifup on boot
<RoyK> that's what he's trying to do
<patdk-wk> thought he just typed ifup, and it failed
<RoyK> still
<patdk-wk> ya, dns/gateway should only be set on one
<frojnd> [Mon Jan 14 19:42:16 2013] ADDRCONF(NETDEV_UP): eth1: link is not ready after ifconfig eth1 down && ifconfig eth1 up
<patdk-wk> no idea what happens if it is on both
<patdk-wk> are you sure both of those are suppost to be on different nic's?
<RoyK> patdk-wk: usually you get an EEXISTS
<RoyK> for the gateway
<patdk-wk> normally linux really hates it, if multible nics are on the same subnet
<RoyK> not really
<sarnold> patdk-wk: it does?
<frojnd> eth0 was already configured... I just used that pattern to configure eth1
<patdk-wk> well, it will fill dmesg/logs, with, duplicate packet already received on x
<patdk-wk> frojnd, maybe you whree suppost to configure it as an alias?
<frojnd> alias?
<RoyK> frojnd: ip addr add x.y.z.123/24 dev eth0
<frojnd> I only know that I have to configure second public IP addresss for web server and First public addrss for git commits (and since I have two NICS) I tried to configure it with both nics
<RoyK> frojnd: but it seems eth1 isn't connected
<frojnd> RoyK: eth0 is fine, eth1 is not
<patdk-wk> unless they TOLD you to use the second nic, I would assume they set it up on nic1, and not nic2
<RoyK> frojnd: that's what I'm saying - you can add a secondary ip address to eth0
<frojnd> RoyK: after bringing it down and up I'm again able to ping second IP addrss
<RoyK> ok, add 'auto eth1' and try to reboot
<frojnd> ok..
<RoyK> and remove the dns/gateway things from eth1
<frojnd> done
<frojnd> rebooting
<frojnd> anyway is this practical?
<frojnd> To use second NIC just for one public IP address?
<RoyK> well, why wouldn't it be?
<RoyK> not reall
<RoyK> not really
<RoyK> that is, if you want multipath, it is
<RoyK> if you need the extra bandwidth, it is
<patdk-wk> if you can max out the nic with that one ip, sure
<RoyK> if you just want a secondary ip address, it's not
<frojnd> RoyK: I want secondary ip addrss to be for web server and primary only for git commits, for sshfs and stuff
<RoyK> frojnd: if it's not a bandwith or multipath issue, better stick to a single nic
<frojnd> RoyK: aha ok
<frojnd> :\ balls won't boot up
<RoyK> don't you have console access?
<frojnd> I have a rescue mode
<RoyK> you sure that's not a VM?
<frojnd> It says it's dedicated :D
<RoyK> well, if you get in contact with it, pastebin lshw
<adam_g_> zul: http://people.canonical.com/~agandelman/folsom/python-eventlet/ needed for UCA precise-folsom. ready to upload with a +1
<adam_g_> jamespage: ^
<zul> looks good to me
<jamespage> adam_g_, +!
<jamespage> +1 even
<frojnd> omg this rescue mode is so sloooooooooooooow
<frojnd> it needs like 10minutes to initialize
<adam_g_> jamespage: http://paste.ubuntu.com/1531781/ is this something you've seen before? from glance-api.log (raring/grizzly + RBD)
<nxvl> Daviey: ping
<Daviey> nxvl: yo'll
<nxvl> Daviey: i'm bored, where do you need some hands on the server land?
<nxvl> i feel cloudy today :D
<adam_g_> jamespage: actually i lied, precise/grizzly + RBD
<Daviey> nxvl: current vital things are: http://reqorts.qa.ubuntu.com/reports/rls-mgr/rls-r-tracking-bug-tasks.html
<Daviey> see the 'server' section
<frojnd> RoyK: still here?
<RoyK> mhm
<frojnd> should I entirely remove eth1 section from interfaces?
<frojnd> RoyK: I made a mistake somehwere because I wasn't able to boot again
<frojnd> maybe it's better I only configure one NIC with 2 public ip addresses
<RoyK> frojnd: well, if you add "up ip addr add x.x.x.x/x dev eth0" to the eth0 section, it'll probably work well
<frojnd> RoyK: that's the only thing?
<frojnd> beside auto eth1?
<RoyK> yes, it'll add a secondary ip address to eth0
<RoyK> just comment out eth1
<RoyK> all of it
<frojnd> ah nope
<RoyK> nope?
<frojnd> no, ignore :)
<frojnd> where do I put this?
<RoyK> just after the dns things
<RoyK> what was your netmask again? 255.255.255.192?
<frojnd> yes
<RoyK> if so, up ip addr add x.x.x.x/26 dev eth0
<RoyK> iirc
<frojnd> RoyK: I should put this in a line with auto eth0 or just after dns-search in the same tab?
<RoyK> after iface ...
<RoyK> after dns-search will do
<frojnd> I mean like this: http://sprunge.us/cUMC
<frojnd> or like this: http://sprunge.us/fVaA
<RoyK> I'd write it like http://paste.ubuntu.com/1531927/
<RoyK> since it belongs to eth0
<frojnd> thank you
<frojnd> Now I have to wait another 10minutes for server to boot up from rescue mode to normal mode
<frojnd> well at least I have a rescue mode :P
<Jaden_Korr> Good evening, i am trying to setup IPv6 connectivity on my server. Its all working except resolvconf does not seem to pickup the secondary DNS server from the dns-nameservers line
<frojnd> RoyK: ifconfig is strange now
<RoyK> frojnd: try ip addr list
<frojnd> second IP is at brd
<RoyK> pastebin?
<frojnd> RoyK: yes just a second I'll paste both ifconfig and ipa addr list
<RoyK> frojnd: btw, it's not very dangerous to post your official ip on irc - it'll be exposed once you setup a webserver :P
<RoyK> and unless you've done something sincerily stupid, your server should be safe anyway
<frojnd> no.. broadcast is ok
<frojnd> I just can't see second IP address
<frojnd> :o
<RoyK> frojnd: ifconfig won't show it
<frojnd> http://sprunge.us/BTdG
<RoyK> eh
<RoyK> can you pastebin the interfaces file?
<RoyK> btw, if on ipv6, like you look to be, better ask for a static ip
<frojnd> RoyK: it's a static ip
<LuizAngioletti> Have you played with tcpserver?
<frojnd> RoyK: http://sprunge.us/JOLC
<RoyK> no, two dynamic ipv6 ips
<RoyK> "dev eth0"
<RoyK> not just eth0
<frojnd> ah :)
<RoyK> and ask for a static ip
<RoyK> works better in the long term
<RoyK> ipv6
<frojnd> RoyK: but those two ips are always the same
<RoyK> just ask for a static
<LuizAngioletti> I have an Ubuntu 12.04 with Qmail as MTA, and I'm getting an error message that I can't figure out what it means.
<RoyK> LuizAngioletti: erm, why qmail?
<LuizAngioletti> RoyK: I really can't say... It isn't mine. =)
<RoyK> afaik qmail isn't very well supported
<sarnold> hehe
<RoyK> postfix being the preferred mta
<LuizAngioletti> I'm suppose to fix it, but I can't figure out what a specific error code from tcpserver means...
<sarnold> on the one hand, the author hasn't touched it in nearly a decade. on the other hand, I don't think it's gotten many bug reports in that time. :) hehe.
<frojnd> RoyK: RTNETLINK answers: File exists Failed to bring up eth0 ...done.
<frojnd> what is a proper way to restart networking on ubuntu 12.4 server anyway?
<frojnd> so I don't lock myself out
<RoyK> restart networking
<RoyK> or just reboot the box
<frojnd> I did: # /etc/init.d/networking restart
<frojnd> and that's what I got
<frojnd> * Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces
<frojnd> * Reconfiguring network interfaces...
<RoyK> # restart networking
<frojnd> and those lines above I already pasted
<frojnd> restart: Unknown instance:
<RoyK> hm...
<RoyK> sorry
<nxvl> Daviey: thanks
<RoyK> frojnd: try rebooting
<frojnd> ok
<frojnd> ok booted on
<frojnd> in*
<frojnd> I can ping it :)
<frojnd> from outside
<frojnd> second IP addr
<RoyK> :)
<frojnd> how do I test it from inside?
<RoyK> well, you can't
<frojnd> :>
<RoyK> or just ping that ip
<RoyK> best thing is to test from the outside
<RoyK> doesn't matter if it works from the inside, really
<frojnd> aha
<RoyK> why do you need a separate ip for the webserver, btw?
<frojnd> well.. because I don't want people who commit to a first IP know about what other stuff I have on the sever
<frojnd> in this case web server
<RoyK> frojnd: just secure your server, and you can use a single IP for all of ut
<RoyK> all of it
<RoyK> even
<frojnd> can you suggest me any newbie firewall? The thruth is I never usesd a fw on a computers, I allways had router but since now this is my first remote server I need to learn about firewalling in linux
<RoyK> !ufw
<ubottu> Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Gufw (GNOME) and Guarddog (KDE from Lucid onwards) also exist.
<RoyK> start out with "ufw allow ssh" and "ufw enable"
<RoyK> and take it from there
<frojnd> RoyK: I don't have standard port for ssh
<frojnd> can I still start witz ufw allow ssh?
<RoyK> then ufw allow 1234/tcp
<RoyK> replace 1234 with your ssh port
<frojnd> RoyK: when I instal ufw by default everything is blocked?
<RoyK> if you *enable* it, it blocks everything by default, yes
<RoyK> therefore, allow ssh first
<frojnd> yeah while I'm still logged in :)
<RoyK> so ufw allow yoursshport/tcp
<RoyK> then enable it
<frojnd> mmm *app armor* was installed by default on the sever I got hands on, so first I have to uninstall that
<RoyK> apparmor is ok
<escott> frojnd, apparmor shouldn't be preventing you from doing anything
<RoyK> not the nazi stuff like with selinux
<frojnd> apparmor in compare to ufw?
<RoyK> no, it's local
<RoyK> ufw/iptables is for remote access
<frojnd> so I don't need actually ro remove apparmor
<RoyK> so is selinux, btw, but a bit harder to learn
<RoyK> frojnd: just don't remove it
<frojnd> ok ufw then
<frojnd> ufw is installed I guess :D
<RoyK> frojnd: btw, can you pastebin lshw?
<frojnd> RoyK: yeah
<RoyK> lshw | pastebinit
<frojnd> http://paste.ubuntu.com/1532207/
<RoyK> not strange eth1 didn't work - it shows up as disabled
<frojnd> what does that mean?
<frojnd> that cable is unplugged?
<RoyK> no, seems disabled in bios
<RoyK> somehow
<frojnd> heh
<frojnd> a call to leaseweb then
<RoyK> but never mind that if eth0 works well with two ip addresses
<RoyK> less hassle
<RoyK> linux can be a bit tricky with two nics on the same subnet
<frojnd> better use different subnets and bridge them?
<RoyK> or just use two ips on the same nic
<RoyK> if bandwidth isn't a problem
<frojnd> it really isn't
<frojnd> for now I hope
<RoyK> then don't bother
<RoyK> seems eth0 is at 100Mbps
<frojnd> I've added 10010/tcp in ufw but what I miss is to add somekind of comment beside it
<RoyK> if that suffices for your work, well, ok
<RoyK> frojnd: dunno if ufw allows for comments - don't think so
<jdstrand> (it doesn't)
<frojnd> RoyK: it should be 1000Mbps
<RoyK>                 size: 100Mbit/s
<frojnd> Ethernet controller: Intel Corporation 82572EI Gigabit Ethernet Controller (Copper) (rev 06)
<RoyK>                 capacity: 1Gbit/s
<RoyK> meaning it's a gigabit adapter, but the switch it's connected to, only serves 100Mbps
<frojnd> aha that makes sense
<qhartman> You could also bond the interfaces together and use just the virtual interface that provides. That way if one gets unplugged you won't lose connectivity. But generally, having two NICs on the same network that aren't bonded somehow isn't worth the possible hassle.
<frojnd> RoyK: I've enabled that ssh port but where do I see the rules?
<frojnd> qhartman: thanx
<RoyK> ufw status - but that only works once it's enabled :P
<frojnd> yeah :)
<frojnd> that's the problem :D
<frojnd> well better I didn't make a typo then :P
<RoyK> hehe
<qhartman> If you define an application for the ports you want to use in UFW. Then you have comments and whatnot in that app definition
<frojnd> qhartman: that's handy
<RoyK> qhartman: where can you define that?
<qhartman> heh, Google came up with the Arch docs first, but they look right: https://wiki.archlinux.org/index.php/Uncomplicated_Firewall
<frojnd> haha
<RoyK> didn't know arch used ufw
<RoyK> :)
<qhartman> Me neither
<frojnd> it doesn't anything  by default :)
<frojnd> it's a matter of choice, I don't prefer arch for server
<RoyK> I've only tested it on ARM
<frojnd> I use it on main computer station, laptop, and arm - raspberrypi but for servers (I prefer anything debian/debian - based)
<frojnd> Ok neat, now only ssh non standard port is supported
<frojnd> what if I fuck it up, how do I disable ufw in rescue mode?
<RoyK> frojnd: try to ssh into that port
<IdleOne> No swearing in here please
<frojnd> Sorry, I'm used to swear  from other chans, won't happen again.
<escott> frojnd, iptables shouldn't be loaded in rescue mode
<frojnd> escott: no, but since I've enabled ufw
<escott> frojnd, again, i dont think iptables will be loaded in rescue, if they were you would have to login at the console and drop the rules
<RoyK> frojnd: ufw is an iptables wrapper
<jamespage> adam_g_, I think that happens when  glance is using python-ceph < 0.48
<frojnd> escott: yeah that's true, I mean when I'm not in rescue mode and I have to disable or modfy ufw rules for normal boot
<RoyK> frojnd: any luck?
<frojnd> RoyK: yes :)
<frojnd> RoyK: I was able to allow 80/tcp to test php
<frojnd> for web service
<frojnd> Ok, so I've configured lightppd and php, any tips how can I configure further server so user who is responsible for web development will without root password be able to write and update and maintain code for web server?
<RoyK> frojnd: it's all in the guide
<RoyK> !guide | frojnd
<ubottu> frojnd: The Ubuntu server guide may be found at http://help.ubuntu.com/12.04/serverguide/C/
<frojnd> RoyK: thank you
<Jaden_Korr> Does resolvconf not parse a secondary IPv6 DNS if you put two on the dns-nameservers line in /etc/network/interfaces?
<lvmer> Is anyone here a pro at bonding network interfaces? I'm having trouble getting all 3 to act as 1 connection, but they work fine separate with different ips. :/
<StevenR> lvmer: can you be more specific? Can you pastebin the configuration you're using?
<lvmer> stevenr: yes I can, I apologize for that.
<StevenR> lvmer: no need to apologise :)
<lvmer> http://paste.kde.org/647030/
<lvmer> that's actually interfaces.bak2   I'm using a different one atm.
<lvmer> that has all auto/dhcp settings
<StevenR> lvmer: I think you might be missing some steps. Have you looked at https://help.ubuntu.com/community/UbuntuBonding ?
<StevenR> lvmer: also, what, if any, bonding have you configured on the switch?
<lvmer> none on the switch
<lvmer> I didn't need it for windows
<lvmer> do I need to do switch side for ubuntu?
<lvmer> I have the same intel nic bonded in win7 with no switch problems
<StevenR> no, you don't need to
<StevenR> you just need to specify an appropriate bonding mode
<lvmer> yup I did ifenslave-2.6
<lvmer> did the modules
<lvmer> um 1 sec I'll get the errors and paste them
<lvmer> rr
<lvmer> balance-rr ?
<lvmer> in windows I use some weird dynamic mode
<lvmer> it's like link dynamic something
<StevenR> your switch might not like rr. Try balance-xor
<lvmer> ubuntu said I should try 802.3ad I think in an error msg
<StevenR> lvmer: Link Aggregation Control Protocol?
<StevenR> is that what windows is using?
<lvmer> no I don't think so I remember dynamic in the name I'll check
<frojnd> I have a general question about packages. My philosophy is that programs installed by official packages is safer. Now I have 12.4 LTS and I need lighttpd 1.4 the problem is that with 12.4 LTS only comes lighttpd 1.3 https://help.ubuntu.com/community/lighttpd says I can use ppa. Is this safe practice? Afaik ppa isn't checked by community?
<lvmer> Adaptive Load Balancing (ALB)
<StevenR> lvmer: that's what windows uses?
<sarnold> frojnd: a ppa is only as good as the person who owns it; that might be very good or very bad, or anywhere in between
<frojnd> sarnold: so It's not to be blindly trusted help.ubuntu?
<lvmer> yah
<frojnd> ok
<sarnold> frojnd: since lighttpd is in universe, updates would be handled by "the community" -- that might be the same person who runs the ppa, or might be someone else, or a bunch of people at random (or you..) -- in which case, either the ppa or the repository might be more appropriate. no easy way to tell.
<StevenR> lvmer: what sort of switch are you using?
<frojnd> Ok. sarnold since I have 12.4 LTS can I excpect for apps to be updated just like if I had 12.10?
<lvmer> some kind of dlink no way I know off the top of my head
<StevenR> lvmer: and is it configured as a trunk/bond/aggregated link?
<lvmer> teamed
<frojnd> StevenR: or this rule goes only for security updates?
<lvmer> yah I think that means the same thing
<StevenR> lvmer: the switch is teamed?
<lvmer> the nic is
<frojnd> sarnold: or this rule goes only for security updates?
<frojnd> StevenR: sorry..
<lvmer> I don't think the switch is managed at all
<StevenR> ok... then try the xor one then
<lvmer> I've never seen it's bios or anything, only the firewall
<sarnold> frojnd: security updates can happen in LTS or non-LTS releases, as the community works on them
<sarnold> frojnd: the PPA may or may not be updated in the same fashion -- it might be intended only for use on 12.10, it might be intended for 12.04 LTS. It's up to the PPA author to declare intentions..
<frojnd> sarnold: thanx for clearing this up for me
<sarnold> frojnd: general updates (not security) can also happen for both 12.10 and 12.04 LTS -- the package would have to go through the "SRU" process.. I don't yet know which is more common
<frojnd> sarnold: that's nice to hear
<StevenR> lvmer: make sure you go through the whole document I posted the link to :)
<lvmer> stevenr: $ ifup bond0      error: rtnetlink: file exists, failed to bring up bond0
<StevenR> lvmer: isthe bond already up?
<lvmer> nope
<lvmer> cat /proc/net/bonding/bond0  = down
<StevenR> lvmer: can you bring just the two intel interfaces into the bond?
<lvmer> I'll try it. in windows all 3 work :(
<lvmer> but I don't have windows on the motherboard anymore
<StevenR> lvmer: well, lets start with working out if it's just a problem with the "odd" card
<lvmer> stevenr: how can I comment out a ton of lines in /etc/network/interfaces   so I can get a connection to pastebinit
<StevenR> lvmer: um have you tried just not including the "odd" interface in the bond config, and configuring the bond as per the instructions... to get logs and configs off.. you could use a usb stick?
<lvmer> yah I could usb stick it
<lvmer> http://paste.kde.org/647066/
<lvmer> stevenr: yes I did get the odd interface out. I couldn't restart the networking service for some reason though. so I just rebooted. lol
<StevenR> lvmer: um....
<StevenR> lvmer: do you understand that the # at the start of a line means that the line will be ignored when the server reads the config file?
<StevenR> (it's just that you seem to have commented out most of the config file
<lvmer> stevenr: yah I said I had to comment it all out to get a link to pastebinit
<StevenR> lvmer: so where's the *actual* config file you're trying?
<StevenR> lvmer: I've no idea what you're working with, you're basically asking me to troubleshoot with false data
<lvmer> http://paste.kde.org/647078/
<StevenR> lvmer: coment out bond-lacp-rate 1
<lvmer> server seems to hang when restarting network $ sudo service networking restart
<StevenR> lvmer: how long for?
<lvmer> indefinitely? no idea, I canceled after 30 seconds and rebooted
<lvmer> cat /proc/net/bonding/bond0  reports up
<StevenR> lvmer: does ps paux | grep -i network    show NetworkManager?
<lvmer> but I can't ping anything
<lvmer> no
<lvmer> only 1  'network'
<lvmer> idk what the columns are
<StevenR> ok
<lvmer> but it says: john 2510 0.0 0.0 9388 904 tty1 R+ 18:57
<lvmer> for 'network'
<StevenR> ok
<lvmer> not networkmanager
<lvmer> no*
<StevenR> that's fine
<lvmer> k
<StevenR> NetworkManager must not be running
<StevenR> :)
<StevenR> and it isn't, which is good
<lvmer> I'll take your word for it
<StevenR> lvmer: does ifconfig -a show the correct IP addressing on the bond0 interface?
<lvmer> yes
<lvmer> 192.168.0.40
<NomadJim> anyone use debconf to silently install stuff? I'm trying to get it to work with mysql
<NomadJim> mysql-server
#ubuntu-server 2013-01-15
<NomadJim> But the password I supplied in the debconf isn't working when I try to login to the mysql server
<NomadJim> http://paste.ubuntu.com/1532899/ - debconf file
<lvmer> stevenr: ops forgot to disable firewall..... fml
<lvmer> stevenr: I can ping local address will test other asap
<lvmer> stevenr: I can ping local, but no net
<lvmer> no google.com :/
<StevenR> lvmer: can you ping your router?
<lvmer> yes
<lvmer> 0.3 ms
<StevenR> can you ping 8.8.8.8 ?
<lvmer> what is that?
<StevenR> one of google's DNS servers
<sarnold> that's nice of them :)
<lvmer> yes I can
<lvmer> 14 ms
<StevenR> ok, so you just need to configure some DNS servers
<lvmer> hum
<StevenR> lvmer: edit /etc/resolv.conf
<lvmer> idk what to do, domain name service servers? where is that
<lvmer> ok
<lvmer> says do not edit by hand
<lvmer> changes will be overwritten
<StevenR> nameserver 8.8.8.8   is an example to use one of google's
<StevenR> meh
<StevenR> don't worry about that
<lvmer> k
<lvmer> so what do I do? add a column that says:    google.com   8.8.8.8  ?
<StevenR> no
<StevenR> add a line that says:
<StevenR> nameserver 8.8.8.8
<StevenR> or use whatever you'd normally put (your router? your ISP's DNS server?)
<lvmer> not sure, the file was blank
<StevenR> ideally put two
<lvmer> but adding that line
<lvmer> helped
<StevenR> ok
<lvmer> I can ping google.com
<StevenR> also add:
<StevenR> nameserver 8.8.4.4 (google's other public DNS server)
<StevenR> (don't add the bit in brackets!)
<lvmer> ok
<lvmer> where should I put this? so it doesn't get over written?
<StevenR> lvmer: it probably won't. Reboot and see
<lvmer> stevenr: so what was the problem? why did I get errors with the bond, but not without?
<StevenR> lvmer: I don't understand?
<StevenR> lvmer: what do you mean?
<lvmer> I assume my router is the problem, it freaks out and stops doing dns when it gets 2 ports from the same ip?
<lvmer> like why could I always ping google.com
<lvmer> but now that I bond and restart
<lvmer> I can't until I add that file
<StevenR> lvmer: no, you had no DNS servers configured. When you used DHCP, the nameservers where put in your resolv.conf automatically.
<lvmer> oooooooooo
<StevenR> (that's one of the things that DHCP does)
<lvmer> stevenr: it got erased
<lvmer> resolv.conf
<lvmer> I make a .bak
<lvmer> but how do I stop this?
<StevenR> ok. you'll need to configure resolvconf
<lvmer> I assume I can add nameservers to the interfaces? or something
<lvmer> o
<StevenR> but I'm not sure how you do that
<StevenR> you might be able to do that
<StevenR> doesn't look like it
<StevenR> have a look at configuring resolvconf
<lvmer> dns-nameservers 12.34.56.78 12.34.56.79
<lvmer> you can add it in interfaces
<StevenR> cool
<StevenR> do that then :)
<lvmer> yup
<lvmer> thanks a lot for the help :)
<StevenR> no problem :)
<StevenR> now you can look at adding in the odd interface
<lvmer> yah
<lvmer> xD
<lvmer> the default nameserver file is:  nameserver 192.168.0.1    [new line]   search hsd1.pa.comcast.net
<StevenR> ?
<lvmer> how do I add the search one? lol
<lvmer> resolv.conf
<lvmer> that's the resolv.conf if I start up with dhcp
<StevenR> dns-search-domains ?
<StevenR> not sure (Guessing)
<StevenR> anyway, I need to sleep now :)
 * StevenR &
<lvmer> stevenr: bye :)
<sarnold> lvmer: in my experience, 'search' is often not helpful (why do you care if you don't have to type "hsd1.pa.comcast.net" on host names?)
<lvmer> curiocity
<lvmer> lol
<lvmer> that is it
<lvmer> I've moved on, I'm editing other stuff now xD
<lvmer> mii-tool reports no mii interfaces found
 * lvmer sighs in shame after realizing his strict firewall settings start automatically on reboot & were preventing him from properly troubleshooting the network adapters
<Brombomb> I'm running server at home as a media server (DLNA, UPnP).  Is there a way to play audio out to a connected speaker system?
<PryMar56> Brombomb, use a 1/8 to RCA conversion cable
<Brombomb> sorry not hardware wise but software wise... controlling the server remotely
<PryMar56> ssh in, and launch abrac (x-forward)
<PryMar56> abraca
<PryMar56> it needs xmms2 server
<PryMar56> apt-get install abraca xmms2
<Brombomb> cool I'll check it out
<Brombomb> thanks for the suggestion
<PryMar56> it works smooth here
<Fleck> hey, how can I keep current kernel?
<sarnold> Fleck: investigate 'pinning' in dpkg, apt, apt.conf manpages
<Fleck> ty
<Daviey> jamespage: bug 1087091 seems a bit certain 'it should be removed'.. can they not just be fixed? :)
<uvirtbot> Launchpad bug 1087091 in nova "get-orig-source-git should be removed" [High,Confirmed] https://launchpad.net/bugs/1087091
<Daviey> morning all, btw :)
<jamespage> Daviey, I'm leaving that up to zul; whatever we have should be consistent across all packages
<Daviey> yeah
<RoyK> morning
<maruq> hi guys
<maruq> having some fun trying to get raid 0 array to persist on a hi1.4xlarge (AWS)
<maruq> I boot the node (canonical's ubuntu 12.04) with ephemeral at /dev/sdf & /dev/sdg
<maruq> I then assemble a raid0 array using mdadm
<maruq> I format the device (/dev/md0) as xfs
<maruq> write things to /etc/fstab & /etc/mdadm/mdadm.conf
<maruq> check it's all good using df -h (I see a 2TB volume that I've mounted at /mnt/data)
<maruq> I then reboot, and check the df -h to see the volume is not there
<maruq> if I do an mdadm --detail --scan, it seems my device has moved from /dev/md0 to /dev/md/0_0
<jodh> anyone know why nova-network is using start-stop-daemon in its Upstart job? Is it purely to change the user?
<maruq> I seem to have missed somethingâ¦ any ideas?
<xnox> maruq: update-initramfs -u ?
<maruq> xnox: we tried that before & it still seemed to happen, will give it another try though
<AtuM> hello.. I'm trying to setup a two-node drbd/ocfs2 cluster using pacemaker,corosync and cman... I'm going through cluster-from-scratch manual, but that's ment for rhel based distros.. is there a known how-to to this setup
<AtuM> this wiki is no good: https://wiki.ubuntu.com/ClusterStack/Precise
<StevenR> lvmer1: most modern ethernet interfaces don't have a mii-tool compatible interface :)
<maruq> xnox: thanks, that seems to be working now ;)
<maruq> giving it another reboot to confirm, but it seems good
<maruq> xnox: do you know of a safe way to call the "update-initramfs -u" ? I'd like to call via chef when I mount the volumeâ¦ best to avoid calling it over & over
<xnox> maruq: it is safe enough. either it will regenerate the same initramfs, or fail to regenerate one (without overwriting the old one) that was my experience with it so far, but check the update-initramfs code to be sure.
<xnox> maruq: you need to regenerate initramfs after adding new raid volumes, not after each mount.
<maruq> xnox: yeah, that was my thought. it just seemed pointless to call every chef run
<ttx> jamespage: I see you're coming to FOSDEM, anyone else from server team ?
<jamespage> ttx, sure am - Daviey and rbasak are as well
<ttx> ok, cool
<jamespage> ttx, see you there!
<jamespage> ttx, when do you arrive in brussels? friday?
<ttx> jamespage: thursday evening.
<jamespage> ttx, right - I arrive friday afternoon
<maruq> xnox: just trying to get my positioning right in my chef recipe. should I be calling update-initramfs after creating the raid, or after formatting the device & writing the fstab?
<samba35> RoyK, ping
<RoyK> samba35: pang!
<samba35> i am trying to setup a lvm ,with existing harddisk can we build a lvm with lossing data (want to create partion )
<RoyK> -win 28
<samba35> ?
<RoyK> samba35: just ask on the channel, please don't pm me for support, please
<samba35> ok
<RoyK> but no, you can't convert an existing filesystem to lvm
<samba35> i have lvm formated disk (guess)
<samba35> how do i check ? if i hit enter i am getting lvm prompt is that mean i am already on lvm
<samba35> lvm> pvscan
<samba35>   PV /dev/sda5   VG ubserver   lvm2 [148.81 GiB / 0    free]
<samba35>   Total: 1 [148.81 GiB] / in use: 1 [148.81 GiB] / in no VG: 0 [0   ]
<samba35> so i am on lvm ?
<AtuM> samba35, you're in lvm prompt. what you see is that /dev/sda5 has been declared as a pv and its in use by volume group named ubserver
<samba35> so i am using lvm ,now if i want to create another small partion can i create it with esixting free space
<AtuM> samba35, you should check free lvm space with vgdisplay
<samba35> ok
<AtuM> then use lvcreate --help
<samba35> Free  PE / Size       0 / 0
<AtuM> well then no, you cannot create any extra partitions (lvm volumes in your case)
<samba35> ic
<samba35> df -h show 101 gb free
<AtuM> samba35, you should really read something like http://www.redhat.com/magazine/009jul05/features/lvm2/ to get familliar with lvm concept first
<samba35> ok
<AtuM> df always shows space on filesystems.. thats above the partition layer
<AtuM> if you have free space on your FS, you can just use it.. if it's not the propper "path", then just use symlinks ;-)
<samba35> ok
<AtuM> if you can't live with what you have set-up, then reinstall - downsizing partitions on lvm2 is no easy task. you must first understand lvm2
<samba35> ok
<samba35> can  i create lvm on pen drive and use it as a lvm volume ?
<zul> lifeless: ping
<ztane> why would upstart fail to reap its children?
<ztane> I have firefox zombies clinging to pid 1 but not reaped... also any ideas how to debug?
<xnox> ztane: so firefox was started by e.g. gnome-session. But it's lost it's track of firefox and hence it got reparented to upstart pid1. Upstart will not reap those. In raring we are working on adding support to run upstart on per-usersession basis (with subreaper call) such that firefox would have been reparented to user-upstart and correctly reaped when user logs out.
<xnox> ztane: also such questions are best suited for #upstart =)
<ztane> ok :P
 * ogra_ wonders what you do with an upstart started firefox on a server
<ztane> ogra_: it does nothing, however when I went to ask the same question on #ubuntu I got a lecture what zombie processes are and how I can ignore the problem altogether.
<ztane> and here I got an answer :D
<ogra_> well
<AtuM> what I'd like to know is why would anyone want upstart on server machines? what's the upside of starting processes in paralel on a server?
<ztane> AtuM: faster startup on for example elastic computing
<ztane> servers used to be "that big iron on racks", not that much anymore
<AtuM> ztane, and that's what... 2min max... if server is stabile i'd expect it would not need any reboots for years to come.. so what's the point
<ztane> AtuM: you do not get it obviously
<ogra_> you wouldnt do any security upgrades on your server ?
<ztane> cloud computing, if you need 5000 machine hours of computing
<ztane> you boot 50000 computers and do it in 6 minutes
<ztane> and then halt
<AtuM> ogra_, linux is not windows..
<ogra_> AtuM, ??
<ztane> also, computers *will* crash
<ztane> because of parity errors at least
<ztane> on cheaper hardware
<AtuM> ogra_, if I protect linux from the outside world and it works fine.. do I really "need" security updates?
<ogra_> yes
<ztane> your desktop computer *will* crash because of parity errors.
<AtuM> ztane, yes.. but not that often.. and if I use ECC memory it should't crash.. forget desktop... we're in "server" section
<ztane> maybe not so for expensive server hw
<ogra_> AtuM, as long as your server is in any way connected to the internet you should always make sure to have all security fixes
<ogra_> and that has nothing to do with linux or windows
<ztane> another case is
<ztane> that in a sequential sequence, there might be a case that something "not so necessary" would be blocking ssh in boot...
<ztane> how would you go fix that problem, ssh cannot start because it would launch at 50 instead of 30 :D
<AtuM> ogra_, let's say I have a database server that never connects to internet.. it's client is in dmz and the security is taken care of.. the likleyhood of breaching the server is low.. and the critical part is the db software, not linux kernel
<ogra_> you dont have any users in your network ?
<ogra_> usually a server serves something to more than one person
<ztane> anyway, there are bugs in kernel, patching a running kernel is a bit difficut
<ztane> *difficult
<ogra_> and indeed the DB software might be more important here but what tells you that there isnt a kernel vulnerabolity that can be used through sql commands ? :)
<AtuM> ogra_, security is a far fetched idea... it's an illusion.. there are always vulnerabilities we don't know of.
<ogra_> an admin who doesnt regulary security updates has to be fired imho
<ogra_> immediately without discussion ...
<AtuM> ogra_, you don't work with HA systems do you?
<ogra_> i did in my life
<ogra_> and also saw people being fired because of missing security updates
<AtuM> ogra_, so you're basically saying that upstart saves time with doing security updates
<ogra_> as long as there are users you can not trust you are vulnerable, very simple ...
<ogra_> no
<ogra_> i'm just reacting to "servers dont need to be rebooted for years"
<AtuM> ogra_, that's a fact that no patch can solve
<ogra_> no, patches cant, but being up to date minimizes the risk
<jdstrand> fyi, ksplice can patches many kernel vulns without a reboot. you are going to need to patch your servers. consider a flaw in the database being used with a kernel local priv escalation. sure you have to weigh the risks vs regressions vs downtime, but flat out saying security is an illusion is not correct
<AtuM> ogra_, that "no reboot for years" remark is just for discussion. I think it all depends on SLA and the risk management policy.. if there's no big risk to a periferal server I see no reason for regular updates.. but that's just me
<jdstrand> there is a big difference between a vuln waiting to be discovered and one that is known and can be actively exploited
<AtuM> jdstrand, ksplice is owned by Oracle now.. it's off topic for ubuntu-server
<jdstrand> and part of the beauty of HA is you can take down some servers for a reboot and leave others running
<ogra_> right
<jdstrand> AtuM: I don't think the mere mentioning of ksplice is off-topic
<ogra_> which makes security maintenance so much easier
<jdstrand> it is something that they offer for Ubuntu for people who don't want to reboot cause of kernel vulns. I am not advocating its use, I am saying it is possible
<jdstrand> but in the HA case, it isn't needed. you use phased updates
<jacobw> hi, what's the easiest way to install 12.04 on non pae?
<ztane> jacobw: hmm?
<newlinux> Hi all
<newlinux> can I have zimbra mail with apache web server in the same ubuntu server?
<ztane> jacobw: shouldnt that just work right out of the box
<roaksoax> zul: quick question... is there an effective way to determine whether package A is to be installed (or has been installed) in package B postinst ?
<jacobw> ztane: >12.04 kernel requires pae extension
<zul> roaksoax: not that i know of
<roaksoax> zul: k thanks
<ztane> jacobw: really? or that it has support enabled
<ztane> hmm
<ztane> seems that it is indeed dropping non-pae support
<ztane> ah i thought it was a runtime switch but ofc it is not as it changes page directory layout
<zul> jamespage: extras packaged and uploaded
<jacobw> ztane: using the mini iso is the answer
<diego_> where can i find the most updated repository for samba4 for 12.04 ?
<jamespage> zul, ta
<jamespage> yolanda, ^^ see zulls comment re extras
<yolanda> let me check
<yolanda> ok, i'll try to rebuild the package
<iclebyte_work> how can i downgrade one specific package to that of a previous release without having apt remove all the dependent applications. the package in question is libgnutls26 - i'm running 12.04lts and have added oneric's security repo and masked the libgnutls26 pkg in /etc/apt/preferences and 'apt-get install libgnutls26' wants to downgrade to 2.10.5-1ubuntu3.1 but it also wants to remove all the other apps which rely on it
<diego_> http://paste.org/60172 guys any help??? Samba4 + Kerberos
<newlinux> Hi All
<newlinux> I need small help
<newlinux> im new to linux
<newlinux> I have download xeams mail server
<newlinux> its .tar
<iclebyte_work> newlinux, yes? what is your question?
<newlinux> Ok
<newlinux> I have download a free linux mail server, its 50MB file .Tar
<newlinux> I have done the these steps
<newlinux> tar -xf XeamsLinux.tar
<newlinux> when i run Install.sh , I get that the file is not there
<newlinux> but when I ls I can see the file
<iclebyte_work> how are you running Install.sh?
<iclebyte_work> you should use a dot slash to signaify execute from the current directory. i.e. './Install.sh'
<iclebyte_work> remember also Linux is case sensitive so Install.sh and install.sh are not the same.
<newlinux> Yes I have done that
<iclebyte_work> did it work?
<newlinux> it shows command not found
<iclebyte_work> try this
<iclebyte_work> chmod +x Install.sh
<iclebyte_work> then ./Install.sh
<newlinux> Ok Thanks <iclebyte_work>
<newlinux> but it says I must login name root
<newlinux> I just installed ubuntu 12.4, didnt ask for the root password?
<newlinux> can you please advise?
<iclebyte_work> no it wont, it assumes you are root
<iclebyte_work> type this: sudo ./Install.sh
<iclebyte_work> then put in YOUR password when it asks for one
<iclebyte_work> the sudo command can be remembered as 'super user do'
<newlinux> it says you must login as root?
<iclebyte_work> just put in your password
<iclebyte_work> newlinux, if you are new, i would recommend you install software from the offical ubuntu packages rather than from a tar.gz or something
<iclebyte_work> postfix is a good email server
<iclebyte_work> apt-get install postfix
<newlinux> yes but its complex
<newlinux> xeams its easier it seems
<newlinux> whats the root defaulr password?
<iclebyte_work> there isnt a root account
<iclebyte_work> you have the ability to run commands as the root user
<iclebyte_work> using sudo
<iclebyte_work> there is no 'root password'
<newlinux> you mean sudo then inter
<newlinux> enter
<newlinux> I tried
<iclebyte_work> 'sudo ./Install.sh'
<iclebyte_work> Also, the default postfix should just work straight away
<iclebyte_work> just choose 'Internet Site' when you install it
<newlinux> but if does postfix has web based?
<iclebyte_work> no postfix is not web based. if you want web based administration of postfix try 'postfixadmin' available from http://postfixadmin.sourceforge.net
<iclebyte_work> but you will also need to configure a web server and mysql database
<freesbie_> maybe this should help you in the right direction with the mail server: https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto
<Daviey> m_3: Are you chairing this next meeting?
<newlinux> i have istalled it
<iclebyte_work> can anyone assist me with this downgrading issue?
<Daviey> jimbaker: If m_3 doesn't respond, you are next in the list?
<jimbaker> Daviey, i'm teaching a course in a few minutes
<newlinux> Thanks all
<Daviey> jimbaker: wow, you can multi-task?
<jimbaker> Daviey, not particularly well ;)
<Daviey> Ursinha: According to the rota, that puts you next in place.. Are you able to take it?
<Ursinha> Daviey, I think so
<Daviey> \o/
<newlinux> dear all
<newlinux> my ubuntu is 64 bits
<SuperMatt> well put it back together
<newlinux> and i want to install a 32 bits package, is that fine?
<SuperMatt> yup
<SuperMatt> might be a good idea to install ia32-libs
<newlinux> ?
<SuperMatt> they're 32bit libraries
<SuperMatt> so if the app doesn't work initially, it *should* do with ia32-libs
<newlinux> coz i got some file not found message
<newlinux> i think better to install ubunti 32 bits?
<SuperMatt> well try ia32-libs :)
<SuperMatt> no no
<SuperMatt> what is the application?
<SuperMatt> newlinux: ?
<m_3> Daviey: I did last week
<Daviey> m_3: not according to the schedule
<Daviey> m_3: did you do minutes?
<newlinux> sorry
<SuperMatt> np
<newlinux> iys xeams mail server
<newlinux> what do you think, shall i install ubuntu 12.4 32 bits
<SuperMatt> you shouldn't need to
<newlinux> im still at office its 7:10 pm :(
<SuperMatt> try installing ia32-libs from the package manager
<SuperMatt> so apt-get install ia32-libs
<newlinux> this is the site http://www.xeams.com/XeamsDownload.htm
<newlinux> the package is 32 bits
<newlinux> its mentioned it works with all lexus
<newlinux> Linux
<SuperMatt> yup
<SuperMatt> I've just checked their site, and it suggests ia32-libs
<SuperMatt> http://www.xeams.com/ubuntu.htm
<newlinux> so I will try the 32 bits?
<shauno> it also appears to be java, which is worth not overlooking
<newlinux> ?
<SuperMatt> well, it's not downgrading to ubuntu 32 bit, it just installs some stuff to make 32 bit stuff work
<newlinux> what do u mean?
<newlinux> what can i do
<SuperMatt> newlinux: at your command line, do this: sudo apt-get install ia32-libs
<newlinux> ok I did
<SuperMatt> what happened?
<newlinux> its installing
<SuperMatt> excellent
<SuperMatt> once that is done installing, try xeams again
<newlinux> do I need to restart?
<SuperMatt> shouldn't need to
<newlinux> ok, incase it didnt work, any other easy web based linux email package i can use?
<SuperMatt> roundcube
<SuperMatt> which you install with: sudo apt-get install roundcube
<newlinux> is it easy
<newlinux> ?
<SuperMatt> well that depends on your definition of easy
<SuperMatt> I could probably get a round cube server running in about 10 minutes
<SuperMatt> can I ask: how long have you been using Ubuntu/Linux?
<newlinux> ohh please
<newlinux> im stock since 3 days
<newlinux> i belive this is the best option
<newlinux> It can be configured in Iphone and other mobiles?
<SuperMatt> yup
<newlinux> I used backtrack in my security course last year
<SuperMatt> well roundcube is just a front end to other technologies, such as postfix and dovecot
<SuperMatt> did you read this at all? https://help.ubuntu.com/community/MailServer
<newlinux> I will go through it
<MACscr> Hmm, I am having issues with postfix after an apt-get upgrade. Postfix appears to be running, but i dont think its to functional right now. The upgrade did not complete as well. here is what it shows if i try to do apt-get upgrade again: http://pastie.org/pastes/5688996/text?key=rurb5ciidsbsulx6byneww
<newlinux> so in this case i still need postfix?
<MACscr> any suggestions based on my errors above?
<SuperMatt> newlinux: do you have postfix install already?
<newlinux> no
<newlinux> I can install it as you mentioned apt ??
<SuperMatt> yup
<SuperMatt> postfix is only for sending email
<SuperMatt> you will also need something like dovecot to store email
<SuperMatt> there's a lot of configuring you'll have to do
<newlinux> so I need to install both posfix and dovecot?\
<SuperMatt> yup
<SuperMatt> newlinux: I really recommend you don't do this on a live server. You should get your hands on a virtual machine with ubuntu on it and test everything in that
<SuperMatt> you're looking for a whole world of hurt if you don't do this in testing first
<newlinux> im doing in the new server, its a test
<SuperMatt> ok, good
<newlinux> Supermatt, can you be with me I will do it rights now
<SuperMatt> uhm, I can't guarantee anything
<SuperMatt> newlinux: I'm not trying to put you down or anything here, but it sounds to me like you have quite limited ubuntu experience. For what it's worth, I think it would be a good idea to leave the server alone for the evening, and just concentrate on ubuntu server basics
<SuperMatt> http://ubuntu-manual.org/
<newlinux> Yes, I respect you and your rights
<newlinux> actually im trying to install it for my manager house
 * ogra_ would also suggest a few weeks or months for learning linux basics first
<ogra_> at least if you really plan to use that server in production ...
<SuperMatt> agreed
<SuperMatt> otherwise the server might be insecure
<newlinux> ok i understand
<m_3> Daviey: nope (/me guilty look)... just kinda thought it was done at the end of the meeting... doh
<newlinux> Supermatt, any good article i can use to follow and install any basic mail server
<ikonia> newlinux: do you understand how a mail setup works yet ?
<SuperMatt> newlinux: https://help.ubuntu.com/community/MailServer I would start here and I would read it all. You need to work out what you need and why you need it. Reading these will help, though they won't tell you everything
<ikonia> newlinux: we went over this yesterday and you had no idea how any of it worked, so a guide at this time will be useless
<newlinux> <ikonia>, I understand how it works but not in linux
<SuperMatt> newlinux: I think you should start by readying through the ubuntu manual project and learn about how the ubuntu command line works, then work your way up
<newlinux> sure
<newlinux> thanks all
<SuperMatt> you have a long road ahead of you
<SuperMatt> installing a secure, stable mail server is something I haven't managed yet, and I've been in the linux game for 5 years now
<ogra_> definitely ...good luck though
<newlinux> thanks all
<shauno> particularly mailservers.  making them work is the easy bit.  not turning them into a spammer's best friend calls for a little less guesswork
<patdk-wk> making a mailserver spammerproof is easy
<patdk-wk> making it not receive spam, is hard
<patdk-wk> making your website cgi's protected against hacking to send spam, is normally not hard, but seems to fail in the real world
<frojnd> Is it neccessery for lighttpd properly run that apache2 is installed?
<frojnd> The files in the document root have to be
<frojnd> readable by the user starting the web server
<frojnd> In my case I started lighttpd as root so if root has access that's ok right?
<SuperMatt> uhm, just because you started as root, doesn't mean it's running as root
<frojnd> how can I check?
<SuperMatt> it's possible that lighttpd has an options to run as a different user
<SuperMatt> ps auxww | grep lighttpd
<SuperMatt> the first column should be the user it's running as
<frojnd> ok it's root
<SuperMatt> cool
<SuperMatt> so yeah, if it's running as root, it should be able to read anything
<sarnold> frojnd: you don't want your webserver to run as root. that's a quick way to sharing your machine with the albanian mob.
<SuperMatt> well yes, there is that
<frojnd> yeah, I'm gonna chage it to www-data ?
<Darkstar1__> anyway I can profile my system memory to see what's consuming what?
<SuperMatt> good idea
<frojnd> I belive that's the correct name for it?
<sarnold> frojnd: yes, though I have a personal grudge about that :) the on-disk data should be owned by a different user than the webserver runs as -- you wouldn't want a compromised webserver to have write access to more than the database sockets it needs and its logsfiles.
<Darkstar1__> I'm having segmentation fault issues in apache
<SuperMatt> sarnold: agreed, we only ever give www-data access to specific folders
<frojnd> sarnold: so if I have /var/www/htdocs my documentRoot for www data,.. how do I make I don't know one user safely write code?
<sarnold> frojnd: you could chown the directory to a new user, "web" or something, and have your user copy data into it (perhaps via sudo) when necessary
<sarnold> frojnd: you could also just chown it for that user account, but that really only makes sense on a server that the user doesn't do anything else, except publish web..
<RoyK> or even, just create a group for web and chgrp the dir and chmod g+w the dir and let the user copy entirely without sudo
<sarnold> better :)
<Guest63082> I'm having trouble using postfix with SSL enabled LDAP, can someone give me some pointers how to do it, or is it not possible?
<frojnd> sarnold: ok so here it is now: /var/www/ and all subdirs are owned by root:root
<frojnd> sarnold: and lighttpd is run as www-data:www-data
<RoyK> frojnd: really, you don't want www-data to be able to write to those files
<frojnd> RoyK: I just said that they are root:root
<RoyK> that's ok
<sarnold> frojnd: better :) owned by root is a bit overkill, but having the daemon have very little write access is the most important thing. woot.
<RoyK> frojnd: just do as I said above
<frojnd> drwxr-xr-x  2 root root 4096 Jan 15 18:15 htdocs drwxr-xr-x  3 root root 4096 Jan 15 17:42 servers
<frojnd> Now I have to create a chrooted user
<frojnd> meh, jailed user :)
<frojnd> This is /etc/init.d/lighttpd http://paste.ubuntu.com/1534874
<frojnd> The server has to be started as root to take control of port 80, but it's not necessary or a good idea to continue running as root after port acquisition.
<frojnd> can someone check that bash script?
<Darkstar1__> guys any gui tool I can use to get a profile of what's eating system memory?
<Darkstar1__> it's a desktop 12.04 that I'm using as a server right now
<sarnold> Darkstar1__: memory consumption is difficult to measure, since shared libraries are shared amongst all processes that have loaded them..
<sarnold> Darkstar1__: 'top', 'htop', or 'ps aux' are pretty good tools though; the VSZ is the virtual address space allocated, the RSS is the "resident set size", the actual physical memory the process is using, the SHR is the amount that _can be_ shared with other processes -- though it isn't necessarily shared
<Darkstar1__> sarnold: reason I ask is because I have a php issue that only turns up in apache error logs as just plain ol' segmentation fault. The system monitor reports 2/7.9Gb memory in use but the cli tool called free reports that I have 7 .something in use and only 528Mb free
<sarnold> Darkstar1__: now I know I've seen a tool that actually looks into /proc/*/maps and figures out which processes are using which libraries and accounts each process "their share" of that address space, but I've never been able to find it again. heh.
<Darkstar1__> sarnold: I hate when that happens :D
<Darkstar1__> ok running htop
<sarnold> Darkstar1__: well, segfaults are something else. php is a pretty shitty interpreter, and poorly written (or intentionally written) php code can segfault it all day long...
<sarnold> Darkstar1__: .. and if the code is poorly-written just right, it'll let external people play with its address space. :/
<sarnold> Darkstar1__: that really doesn't have much to do with actual memory _consumption_. Your linux system will generally have only a few hundred megabytes free -- free memory is wasted memory -- the value that makes more sense to look at is the +/- buffers line in the free output
<sarnold> Darkstar1__: check the kernel logs for more details on those segfaults; dmesg output may have it, or it may be in /var/log/kern* something -- maybe you'll be able to pinpoint whatever stupid program is crashing and either fix it or remove it.
<frojnd> Heh this is funny
<frojnd> When I start lighttpd like this: /etc/init.d/lighttpd start
<lifeless> zul: pong
<frojnd> and then stop it like this: /etc/init.d/lighttpd stop and after it I try to run it: I get: 2013-01-15 19:14:52: (network.c.358) can't bind to port:  80 Address already in use
<frojnd> And ps aux | grep lighttpd says: www-data 18251  0.0  0.0  36028   708 ?        S    19:13   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
<frojnd> and /etc/init.d/lighttpd status says:  * lighttpd is not running
<frojnd> Is there something wrong with lighttpd file? http://paste.ubuntu.com/1534874
<sarnold> frojnd: does lighttpd start child processes? you may need to remove the pidfile from start-stop-daemon if it has child processes that also listen on port 80
<frojnd> sarnold: fuser -v 80/tcp says: 80/tcp:              www-data  18251 F.... lighttpd
<frojnd> sarnold: how do I check if it starts a child processes? ps?
<sarnold> frojnd: yeah, or pstree
<sarnold> frojnd: did you write that init script yourself? or was it provided?
<sarnold> you may wish to just file bugs if 'stop' doesn't kill all the processes
<frojnd> sarnold: provided
<sarnold> it seemed a bit much to just write for yourself ;) hehe
<frojnd> my knowladge at bash is really limited haha :>
<frojnd> sarnold:      |-lighttpd <-pstree
<frojnd> Just that.
<sarnold> frojnd: well, killall lighttpd first, start it with the initscript, and see what's started..
<frojnd> sarnold: ps aux | grep lighttpd www-data 18706  0.0  0.0  36028   712 ?        S    19:24   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
<frojnd> sarnold: pstree:   |-lighttpd and that's it
<frojnd> oh and fuser -v 80/tcp 80/tcp:              www-data  18706 F.... lighttpd
<sarnold> frojnd: just the one process? okay. now kill it with its initscript again, and see what's left over
<frojnd>  * Stopping web server lighttpd    ...done.
<frojnd> ps aux | grep lighttpd www-data 18706  0.0  0.0  36028   712 ?        S    19:24   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf pstree:  |-lighttpd and fuser: 80/tcp:              www-data  18706 F.... lighttpd
<frojnd> it does not kill it :)
<sarnold> frojnd: is the pidfile still there?
<frojnd> yes
<sarnold> are there anything odd about its permissions or the permissions of its containing directory?
<frojnd> sarnold: -rwxr-xr-x 1 root root 2545 Aug 19  2010 /etc/init.d/lighttpd
<frojnd> sarnold: and /etc/init.d looks like this: drwxr-xr-x  2 root root  4096 Jan 15 18:44 .
<sarnold> frojnd: sorry, the pidfile will be in /var/run
<frojnd> sarnold: in /var/run drwxr-x---  2 www-data   www-data     40 Jan 15 17:08 lighttpd
<RoyK> the whole of var run owned by www-data?
<RoyK> oh, ic
<frojnd> sarnold: ls -la /var/run/ NO: drwxr-xr-x 16 root       root        520 Jan 15 18:15 .
<frojnd> RoyK: no..
<frojnd> ah, you typed i cee..
<sarnold> frojnd: how about /var/run/lighttpd.pid ?
<frojnd> sarnold: does not exist
<frojnd> sarnold: even though ps aux | grep lighttpd says otherwise: www-data 18706  0.0  0.0  36028   712 ?        S    19:24   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
<sarnold> frojnd: how odd. killall lighttpd again, restart it, and check the pidfile while it is running
<frojnd> sarnold: there is no /var/run/lighttpd.pid
<sarnold> frojnd: how odd. :)
<frojnd> indeed :)
<frojnd> let me try and start it with service lighttpd start
<frojnd> no, the same
<frojnd> should I reinstall lighttpd?
<sarnold> frojnd: might not hurt, though I hate that as an answer.
<frojnd> sarnold: what's the proper way for uninstalling? apt-get --purge remove?
<sarnold> frojnd: I think apt-get purge
<frojnd> yeah now it works ps aux | grep does not show anything
<frojnd> where in /var/run/ should that file be exactly?
<sarnold> frojnd: /var/run/lighttpd.pid
<frojnd> it's just not there
<frojnd> http://paste.ubuntu.com/1535068/
<frojnd> Only those 6 pids are there
<frojnd> what in the *blub* is goning on :D
<frojnd> goin'
<michele> hi there
<michele> i already have ubuntu-server installed. how do I launch the tasksel for "ubuntu software selection" (like http://askubuntu.com/questions/153265/what-does-the-basic-ubuntu-server-package-contain-in-software-selection-during ) ?
<RamosDevil> Quick question - I just set up Ubuntu 12.04 Server on my Mac Mini (late 2011).  Everything was running smoothly until I stopped getting a response from the box... I checked the computer and it was still on, but I couldn't get anything to happened, so I restarted.  I'm assuming the server itself crashed, and there's no sleep or standby mode since this is a server, correct?
<sarnold> RamosDevil: when I stopped getting responses from a machine, it had gotten a new dhcp but not entered into dns yet. (perhaps your setup is a little less clumsy than mine :)
<sarnold> RamosDevil: iirc, it's the same kernel all the way through, so suspend and hibernate are available, "pm-suspend" and "pm-hibernate" ought to do the job, iirc.
<sarnold> RamosDevil: in my case, I wrote a quick bit of bash scripting to scan ssh banners and look for the host that felt 'right'. for i in `seq 2 254` ; do echo "" | nc 192.168.1.${i} 22 ; done
<sarnold> RamosDevil: .. of course, if yours is _offline_, that's something else entirely
<Daviey> adam_g_: hey, https://review.openstack.org/#/c/19495/ .. has an update for lvm as SRU been considered, do you know?
<RamosDevil> Thanks, guys. Even though the kernels are merged now (server/desktop), I would assume that suspend and hibernate are disabled by default in server installations... How would I check to see if a timeout time has been set?
<sarnold> RamosDevil: if you're running unity, the system settings -> power will show it.. if you're not running a desktop environment, though, I'd expect it to work as any other server ought to.
<RamosDevil> Yeah, no GUI for me... Dang.  Looks like I've got a hardware issue.  Thanks for the assist.
<sarnold> RamosDevil: was there anything suspicious looking in the logs?
<RamosDevil> Nothing that points me in the direction of what may have happened... No KP or anything, just abruptly ends.
<sarnold> damn, I hate those :(
<RamosDevil> Not the way I wanted to end my work day, but it gives me something to focus on tomorrow.  Thanks again, have a good night!
<adam_g_> Daviey: re: LVM. seems like new features that wouldn't fit into an SRU, but a potential backport for future CA releases?
<Daviey> adam_g_: we should explore if it CAN be SRU'd first.  It does sound like it could be unsuitable, but we should check first.
<Daviey> -> afk
<m_tadeu> hi everyone...I just upgraded to 12.04 and I'm experiencing a problem in smtp...the client says "This server does not support authentication". And it was working before the upgrade
<patdk-lap> m_tadeu, likely you accidentally told it to overwrite your config when you upgraded it
<m_tadeu> patdk-lap: I'm quite sure I didn't...I was very careful with that. but where should I check?
<patdk-lap> what smtp server are you using?
<m_tadeu> postfix with dovecot
<patdk-lap> then you need to check in /etc/postfix/main.cf and /etc/postfix/master.cf
<m_tadeu> patdk-lap: can it be the milter?
<m_tadeu> my config is there
<patdk-lap> no
<xnox> Daviey: adam_g_: what in particular do you want in lvm? =)
<xnox> Ah... thin provisioning. I am working on landing it in Debian experimental and ubuntu.
<xnox> First I need to get it into raring, then we can think about SRU. It will need a new thin-provisioning package for related tools. Not sure how sru friendly new packages are.
<m_tadeu> I'm getting this message in the log
<m_tadeu> postfix/smtpd[10912]: warning: connect to Milter service inet:localhost:8891: Connection refused
<sarnold> hrm :)
<m_tadeu> googling is not helping much :(
<patdk-lap> google won't be ANY HELP
<sarnold> m_tadeu: what milter did you run there?
<patdk-lap> only you know what milter you had running on that port
<m_tadeu> patdk-lap: where can I check it? sorry to ask basic questions, but it was a while ago since I did this
<patdk-lap> no way to know
<patdk-lap> you have to find the program on your server configured to use port 8891
<patdk-lap> or disable the milter in postfix and figure it out later
<m_tadeu> probably it should be dkim...I restarted the service, but it wont show up in netstat
<orudie> Greetings. I just installed squid proxy server for the first time. Looking for some assistance on configuration. Thanks in advance
<m_tadeu> so, I'm using dkim in 8891 and domainkeys in 8892
<m_tadeu> netstat only shows dk-filter in 8892....so no dkim. the process is running...damn
#ubuntu-server 2013-01-16
 * patdk-lap gave up on dk and only use dkim
<m_tadeu> dkim is listening in some weird port
<sarnold> orudie: be confident in your ACLs, back them up with iptables rules. you don't want to run an open proxy for the world.
<orudie> sarnold, so in the ACL I can allow by ip or host ?
<sarnold> orudie: I would allow by IP, it feels less likely to break
<patdk-lap> for the client side
<patdk-lap> for the allowed websites to visit, host is fine
<orudie> well squid.conf looks huge and difficult to digest for someone who never used it before
<orudie> so I just need some guidance
<sarnold> orudie: indeed, I remember last time I set it up (10 years back?) spending two or three days reading the manual and configuration file comments...
<orudie> sarnold, okay, going to start looking at the conf file now ...
<orudie> I wonder what squid enables on default
<LeChacal> hello all, i am trying to use the output of "/usr/lib/update-notifier/apt-check" in  a bash script but its output doesn't seem to be going to stout, i can't store its out put to a veriable and even trying to do a redirect to /dev/null still outputs to the stout. Looking at it code it is a python script, i am not formiluar with python so maybe there is something i am missing. Wondering anyone could sheds some light on what is goin go.
<sarnold> LeChacal: at least some of the writes are going to standard error
<sarnold> LeChacal: programs start with three standard IO streams -- standard input, standard output, and standard error
<sarnold> LeChacal: programs can also do IO directly to the terminal, but that is less common
<sarnold> LeChacal: it's not so different to capture hte standard error: foo 2> /path/to/file
<LeChacal> sarnold: that is bizare all of its output is going to stderr i didn't even think to check that unitl you metioned it
<sarnold> LeChacal: so you could have your program capture it like: apt-check > /tmp/output 2> /tmp/error
<LeChacal> sarnold: thank you
<sarnold> LeChacal: to get both, you could use apt-check 2>&1 > /file/for/output
<t0th_-> ec2?
<t0th_-> here?
<luminous> hello, how do i move a block from <foo_ip> to the top of a ufw list?
<luminous> I want my explicit IP blocks to superceed all allows
<luminous> that is the default deny policy
<jdstrand> luminous: you can use 'ufw insert ...'. maybe I don't understand the question...
<luminous> jdstrand: can you insert 0 or -1?
<jdstrand> luminous: '1' is all you need to be first
<luminous> jdstrand: except that if you have existing rules there, ufw doesn't gracefully bump the rest down..
<jdstrand> sure it will
<luminous> it yelled at me about an existing rule.. so I am confused
<jdstrand> that is a different error
<luminous> oh, I see.. hah
<jdstrand> that is telling you that you already have that rule in your ruleset
<jdstrand> sudo ufw status numbered
<luminous> yea, I see what you mean
<jdstrand> sudo ufw delete <the old rule>
<jdstrand> sudo ufw insert 1 <the new rule>
<luminous> ty!
<jdstrand> np :)
<luminous> ah... and auth.log is once again silent :)
<lvmer1> what is a good pdf annotation program for ubuntu server?
<escott> i confused parted as to the filesystem on a device. It was ext4, then I made it into a raid, then i made it into lvm on top of raid, but parted is still reporting ext4
<escott> anything i can do to make it report correctly
<escott> partition table is gpt, i dont see anything in the table that indicates ext4
<sarnold> escott: isn't that changing the partition type? (82, 83, etc..)
<escott> sarnold, no the type is FD00
<escott> sarnold, i think parted is reading the contents to try and determine it
<sarnold> escott: ah, gpt changed things quite a bit then :)
<escott> sarnold, yes and no. "fd" was the old fdisk type, "fd00" is gdisks way of doing the crazy GUID that is the type for raid-autodetect in gpt
<escott> technically ext4 is in some sense correct for /dev/sdc1 because I have ext4 inside lvm inside mdadm on /dev/sdc1
<escott> but i would rather it say lvm, or none for the filesystem
<sarnold> but it'd nice if tools knew exactly what is going on, to save trouble in the hurried wee hours when things break :)
<escott> yeah its just confusing to look at that and know its wrong.
<Diegosnat> hi guys! What's openchange??
<Diegosnat> I do not understand what it does
<miguitas> Diegosnat: it seems a implementation of microsoft exchange protocols, its only a library
<Diegosnat> right
<Diegosnat> so I still need a mail system
<miguitas> you need make a mail system with this library, if you want a exchange server try openexchange
<Diegosnat> miguitas, is it free?
<miguitas> Diegosnat yes http://en.wikipedia.org/wiki/Open-Xchange check license limitations
<Kuschelwolle> Herzlich Willkommen in der Freiheit! Kein Kick Kein Ban nur Fun! lg Lukas #ubuntu-de-offtopiic
<jamespage> zul, adam_g_: Just uploaded a snapshot version of openvswitch to raring FYI
<jamespage> it tested OK locally; decided to upload as the dkms package is broken in raring anyway so it does move us forward.
<stanman246> hi in here, i'm collecting netflow data with nfsen. anyone using this?
<stanman246> have a couple of small q's ...
<jamespage> hallyn, is anything funky going on with lxc in raring ATM?  lxcbr0 appears but does not get assigned an IP address...
<andygraybeal> how do you guys safely shut down your virtual machines when there is a power outtage using a UPS?
<andygraybeal> if the UPS shutdowns the libvirt/kvm host, will the machines be shutdown gracefully as well?
<ikonia> shell script ?
<ikonia> when the host detects running on UPS and it power doesn't return within X seconds, do a shutdown
<andygraybeal> ikonia, okay sounds like a plan
<ikonia> andygraybeal: no, the hypervisor will be shutdown while the machines are running
<ikonia> thats why a script to shutdown the guests is better in my view
<ikonia> then let the host manage the rest
<andygraybeal> *nods
<hallyn> jamespage: see bug 1099155
<uvirtbot> Launchpad bug 1099155 in network-manager "[raring] No ip assigned to bridge and no routes added for routed network" [Critical,Confirmed] https://launchpad.net/bugs/1099155
<jamespage> hallyn, w00t!
<jamespage> thanks - guessed you would already know about it:-)
<hallyn> jamespage: not sure that's a "w00t" :)
<jamespage> hallyn, probably not
<jamespage> :-(
<isthakur> Hi everyone I want to setup a thinclient setup with linux server and windows OS for client over tftp. is that possible with ltsp?
<patdk-wk> it MUST use tftp?
<patdk-wk> strange restriction
<isthakur> is there any other option
<patdk-wk> there are tons of options
<isthakur> i know about tftp only
<isthakur> I dont want to use rdp
<Kentarou> hi guys, i have setup a samba shared printer but when i try to view printing preferences the windows explorer got crashed, i'm using x64 both the server and the client. Any Idea?
<Kentarou> its find on x86 though
<jamespage> zul, glance client is borked in raring - jsonschema got pushed up to 0.7
<patdk-wk> isthakur, maybe what you mean is, I want to setup an ltsp enviroment for windows os based clients?
<Kentarou> its fine on x86 though
<jamespage> (wants 0.2)
<jamespage> looking now
<isthakur> yea thats true
<zul> jamespage: gah
<patdk-wk> not sure windows will work like that at all
<patdk-wk> isthakur, I would recommend likely you look into using ipxe and iscsi boot for windows
<zul> jamespage: im just sending a fix upstream
<andygraybeal> there is no dana
<andygraybeal> err.. sorry
<Kentarou> any advice?
<isthakur_> is it possible to use wine with ltsp
<isthakur_> Wine on LTSP clients
<zul> jamespage: odd...jsonschema is not in the tools/pip-requires
<jamespage> zul, yeah - its really odd
<jamespage> I can find any reference to it in the install either
<isthakur_> I want to setup an ltsp enviroment for windows os based clients or client that can run some windoes bases softwares such as dreamweaver, photoshop etc
<isthakur_> I wouldn't mind to use wine or any other windows emulator
<jamespage> zul, did you see that the g2 upload of cinder FTBFS?  some tests failed...
<zul> jamespage: yeah someone else fixed it im going to take a closer look at it today
<jamespage> zul, 'fixed it' as is skipped failed tests i.e. disabled gating
 * jamespage sighs
<zul> jamespage: skipped failed
<jamespage> zul, "  * debian/patches/series: Enable skip_failed_tests to fix FTBFS."
<zul> jamespage: yeah...ill take a look
<jamespage> yolanda, taking a look at that cinder branch now (have ovs out of the way).
<zul> jamespage: lemme finish what im doing here
<jamespage> zul, dude - no rush
<jamespage> its 'fixed' after all
<jamespage> :-)
<zul> not fixed properly
<yolanda> ok
<Eagleman> Why keeps apache saying this in the logs? File does not exist: /var/www/website/HTTP/html  ?
<zul> because it doesnt?
<Eagleman> What is requesting the file then?
<Eagleman> when i visit my website the file is somehow requested, or there wont be an error
<yolanda> jamespage, did you already to the merge for my MP?
<jamespage> yolanda, I did - I needed to merge an out-of-band update from raring as well
<jamespage> so I tweaked the versioning to support that and merged it
<yolanda> ok, great
<zul> jamespage: https://code.launchpad.net/~zulcss/python-quantumclient/grizzly-ftbfs/+merge/143545
<zul> jamespage: https://code.launchpad.net/~zulcss/python-novaclient/grizzly-ftbfs/+merge/143546
<anti-neutrino> Hi guys
<anti-neutrino> need some help in disabling IPv6 *completely* from my ubuntu server
<anti-neutrino> surprisingly .. even after setting the right parameters in my sysctl.conf (and reboot) .. still my services are opening a IPv6 connection on this one host in my cluster
<RoyK> anti-neutrino: can't you just block ipv6 with iptables?
<RoyK> anti-neutrino: if you add "ipv6.disable=1" to the grub config, it shold do the trick
<RoyK> kernel boot param
<anti-neutrino> ohh ok .. havent tried that
<anti-neutrino> I was relying on sysctl.conf
<ckramer> I'm troubleshooting a strange one. Anyone ever seen a bind mount show different file contents?
<TheLordOfTime> will unattended-upgrades autoinstall security updates to everything but the kernel?
<ckramer> going to chalk that one up under kernel silliness. the 12.04 box was due a restart for kernel updates. My bind mount sanity returned after the system rebooted.
<stiv2k> hello
<stiv2k> anyone here
<stiv2k> that can help me with this http://i.imgur.com/SBICT.jpg
<sarnold> stiv2k: irc tends to work best if you ask detailed questions from the start :)
<stiv2k> sarnold: lol
<stiv2k> im asking in a roundabout way
<sarnold> oh jeeze, still fighting that? oooooof.
<stiv2k> i havent tried anything since last week
<stiv2k> i dont know what to do :S
<sarnold> heh, I can't blame you.. :)
<stiv2k> i need to speak with an expert
<stiv2k> on this
<stiv2k> im not familiar with what the error is trying to tell me
<TheLordOfTime> who here on the server team knows how we handle server-related bugs?
<TheLordOfTime> and specifically whether changing the init.d file counts as a valid solution for a bug.
<michele> after installing ubuntu, how do I recall this screen? http://i.stack.imgur.com/Nu44s.jpg
<hallyn> michele: tasksel I believe (though I haven't done it)
<jcastro> michele: I just answered your question on AU
<jcastro> `sudo tasksel` should do what you want
<michele> jcastro: right, thanks!
<michele> jcastro: can you also tell me how to bring up the other screen i mention in the comment?
<jcastro> here you go: http://askubuntu.com/a/26/235
 * sarnold looks for the +1 button on irc..
<michele> very good jcastro , thank you again
<diegosnat> has any of you tried to integrate samba4 with imap???
<frojnd> Hi there. Has anyone played and configure ligttpd? I'm having serious problem enabling php support even though by https://help.ubuntu.com/community/lighttpd#PHP I should only lighttpd-enable-mod fastcgi Yet I keep getting 403 - Forbidden
<frojnd> When I visit info.php
<TheLordOfTime> *cough* use nginx *cough*
 * TheLordOfTime is biased
<TheLordOfTime> frojnd, you should read the error logs
<TheLordOfTime> 403 forbidden suggests your file permissions are borked
<qhartman> I second the rec for nginx, if you have a good reason to not use Apache....
<frojnd> TheLordOfTime: what permissions should they be? error log gives me: Path         : /var/www/info.php -- file found
<TheLordOfTime> that suggests a 404 not a 403
<frojnd> I can pastebin the whole error log
<TheLordOfTime> IMO nginx is easier to configure php and proxying than lighty
<TheLordOfTime> if that's all you're doing at least
<frojnd> TheLordOfTime: I'll be using it for wordpress so php mysq
<frojnd> something light
<TheLordOfTime> frojnd, nginx-light can achieve it with some minor configuration
<frojnd> TheLordOfTime: if you have time I'd be much appriciated if you can bare with me
<TheLordOfTime> but i am biased against lighty and apache
 * TheLordOfTime works with nginx all the time, and has bug handling specializations in the nginx package
<frojnd> TheLordOfTime: ok let me try nginx
<TheLordOfTime> frojnd, if you go the nginx route, sudo apt-get install nginx-light php5-fpm
<TheLordOfTime> then lemme give you a basic config
<TheLordOfTime> also, sudo apt-get install php5-mysql
<sarnold> TheLordOfTime: why nginx-light?
<TheLordOfTime> sarnold, basic core modules
<TheLordOfTime> unless they need SSL support, nginx-light is a lighter version of nginx
<frojnd> TheLordOfTime: in future I'll probably need ssl
<frojnd> but in compare how faster is nginx to apache
<TheLordOfTime> frojnd, then nginx-full
<TheLordOfTime> i don't have benchmark stats on bookmark unfortunately
<TheLordOfTime> but nginx is a bit lighter on memory IMO
<sarnold> TheLordOfTime: ah, save a few kilobytes then :)
<TheLordOfTime> sarnold, mhm.
<TheLordOfTime> sarnold, unless they say they need SSL and a wider range of modules i suggest nginx-light
<TheLordOfTime> which is the barebones but still operational version of nginx
<TheLordOfTime> personally, i put nginx-full on all my systems
<TheLordOfTime> but all my systems and VMs have at least 512MB RAM so i can spare the few extra kilobytes of RAM
<TheLordOfTime> php5 and mysql are the memory whores though
<TheLordOfTime> frojnd, which ubuntu are you on?
<frojnd> 12.4
<TheLordOfTime> 12.04 or 12.10?
<frojnd> so nginx-full php5-fpm ?
<TheLordOfTime> i ask because php5-fpm's listening dynamics were changed for 12.10 and later
<TheLordOfTime> frojnd, php5-mysql as well
<RoyK> TheLordOfTime: heh - mysql only uses what you tell it to use, php can be a bit hungry, though, especially with apache
<TheLordOfTime> at the bare minimum
<TheLordOfTime> RoyK, apache in and of itself eats more memory than php+mysql combined
<TheLordOfTime> which is why i started using nginx :P
<RoyK> mod_php is linked into apache, so you'll have to dig deep to see if php or apache is using that memory
<TheLordOfTime> frojnd, the default configuration file should be sufficient if you uncomment the PHP section, i can go write up a basic config if you want
<TheLordOfTime> since i run a wordpress blog on nginx + php5-fpm + mysql
<RoyK> php won't use much memory unless it's used :P
<frojnd> TheLordOfTime: ok all installed nginx-full php5-fpm php5-mysql
<RoyK> php with nginx is rather slim, but rather slow as well, compared to apache
<RoyK> if you have half a gigabyte, it should suffice for most things
<RoyK> 1GB for all
<frojnd> TheLordOfTime: that would be awesome
<TheLordOfTime> RoyK, if you're not running anything intense nginx works fine
<TheLordOfTime> with php
<RoyK> sure, but something like wordpress is rather intense, so there apache would probably be better
<TheLordOfTime> RoyK, lets not argue webserver preference mmkay?
<TheLordOfTime> RoyK, they said lighty
<frojnd> TheLordOfTime: just please help me :)
<TheLordOfTime> lighty's evil
<RoyK> TheLordOfTime: heh - I just use apache with php
<hallyn> zul: have you been able to build libvirt lately?  I'm getting weird dep failures https://launchpadlibrarian.net/128637930/buildlog_ubuntu-raring-amd64.libvirt_1.0.0-0ubuntu5_FAILEDTOBUILD.txt.gz
<zul> hallyn: i havent tried whats going on?
<zul> hallyn: weird lemme check
<hallyn> zul: well the configure failure suggests kernel-ehaders is missing, but i don't think that's it
<daguz> So, I'm running ubuntu server under xen for some development peoples.  I've been able to install and follow recipes to make it work.  Are there some guidelines as far as replicating these hosts?  What about booting with UUID?  I'm a little confused how that should work for me.
<hallyn> fails to compile linux/if_bridge.h: present but cannot be compiled
<RoyK> hallyn: new kernel?
<hallyn> RoyK: i assume the ppa builders are on hardy like the rest of the farm, so hope that's not hte problem
<hallyn> zul: well ok, let me dig deeper, i jsut wanted to make sure you didn't know off the top of your head
<zul> hallyn: lemme try here
<TheLordOfTime> frojnd, absolute base config: http://paste.ubuntu.com/1538319/
<TheLordOfTime> i've commented out the SSL portion, because you don't have SSL yet (I assume)
<TheLordOfTime> frojnd, NOTE: the followoing must be confirmed:
<TheLordOfTime> www-data (user or group) must have read access to the entire directory structure up to the document root
<adam_g_> roaksoax: ping
<TheLordOfTime> so if you have /home/iamevil/html/blah as the docroot, www-data has to be able to see the directories and read anything in folder 'blah' at the end of that docroot
<frojnd> so I must chown -R www-data:www-data /var/www/myserver if /var/www/myserver is documentRoot?
<TheLordOfTime> frojnd, chown -R [user]:www-data at least
<frojnd> what do I put for user? you mean ssh user?
<TheLordOfTime> frojnd, typically, in my /var/www/*, [user] is root
<TheLordOfTime> or my ssh user
<TheLordOfTime> but typically i put my stuff in userspace
<TheLordOfTime> to avoid using /var/www/
<zul> hallyn: looks like this https://www.redhat.com/archives/libvir-list/2013-January/msg00930.html linux/if_bridge.h changed in 3.8 looks like it
<frojnd> I'll ask about this few minutes later let me use your config and configure it first TheLordOfTime
<TheLordOfTime> frojnd, :)
<TheLordOfTime> frojnd, also, proof of concept using userspace: https://lordoftime.info/
<TheLordOfTime> which is my wordpress blog
<TheLordOfTime> (usually used specifically for ubuntu stuff)
<frojnd> TheLordOfTime: and I already have questions, server_name and yoursite.tld
<TheLordOfTime> frojnd, server_name's a directive DO NOT CHANGE
<TheLordOfTime> yoursite.tld is where you want your site to listen on
<TheLordOfTime> i.e. ip address, yourdomain.com, etc.
<hallyn> zul: all right lemme try https://www.redhat.com/archives/libvir-list/2013-January/msg00936.html
<TheLordOfTime> space-delimited
<TheLordOfTime> frojnd, what domain/address is your blog going to be listening on?  privmsg it to me if you want security
<TheLordOfTime> s/security/privacy/
<zul> hallyn: my google foo is awesome today
<TheLordOfTime> oops resend
<TheLordOfTime> i had +g on xD
<hallyn> zul: it is - thanks :)
<TheLordOfTime> frojnd, resend the privmsg
<roaksoax> adam_g_: pong
 * TheLordOfTime had filtering on and did not receive the privmsg initially
<roaksoax> adam_g_: whats up? :)
<adam_g_> roaksoax: hey, was just looking at the hacluster charm for use with rabbitmq.
<roaksoax> adam_g_: ok...
<adam_g_> roaksoax: i had some questions but reading the code answered most of them. i might make a MP against ~openstack-charmers/charms/quantal/hacluster/trunk that will avoid installing openstack-resource-agents unless they're actually needed
<roaksoax> adam_g_: cool! :) just let me know if you have any left or want to merge something
<hallyn> zul: alas, those two patches don't fix it
<zul> hallyn: ergh
<zul> lemme finish what im doing here and ill have a look
<hallyn> aha /usr/include/linux/if_bridge.h:172:20: error: field 'ip6' has incomplete type
<hallyn> zul: no, wait, i think the second patch had a thinko
<hallyn> zul:  i think this is technically a bug in the kernel headers, so asking on #ubuntu-kernel
<diegosnat> is it true that zentyal sync active directory users with emails?
<adam_g_> roaksoax: have you ever seen this trace upon adding thre relation between subordinate and primary service? http://paste.ubuntu.com/1538474/
<roaksoax> adam_g_: nope never
<roaksoax> adam_g_: are you doing rabbitmq with drbd?
<adam_g_> roaksoax: not yet. gonna start with mirrored queues
<roaksoax> ack!
<iron_houzi> Do I have to reboot my computer if I make changes to /etc/default/locale?
<antix> no
<iron_houzi> If I want to permanently set locale to en_US.UTF-8, do I have to have this set in both /etc/default/locale AND /etc/environment ?
<TheLordOfTime> frojnd, :P
<Free99> hey everyone. I have a bunch of VMs running on what needs to be a publicly accessible bridge. Advice I keep getting is to disable iptables and arptables on the bridge using sysctl, but if I'd rather limit access by using specific iptables rules, is that possible?
<adam_g_> roaksoax: will is_clustered() // "clustered=`relation-get -r $r_id clustered $unit`" only return True if the cluster is configured/crm is up/the resources are active and not waiting on more peers?
<roaksoax> adam_g_: where is that?
<adam_g_> roaksoax: cinder/glance
 * roaksoax looks
<adam_g_> roaksoax: found what i was looking for, but yea. hacluster sets 'clustered' in its relation when its done with cluster bootstrap, so that clustered services know the cluster is actually up
<roaksoax> adam_g_: exactly
<roaksoax> adam_g_: keystone implements it differently
<roaksoax> ah no
<roaksoax> it is is just it is in shell
<roaksoax> :)
<adam_g_> roaksoax: which of the charms actually request a resource be created with an RA from the openstack-resource-agents package?
<roaksoax> adam_g_: quantum
<roaksoax> tha's the only one so far
<adam_g_> ah
<roaksoax> adam_g_: btw.. are you using canonistack?
<adam_g_> roaksoax: no
<adam_g_> roaksoax: is openstack-resouce-agents available for precise somewhere? i'd be great if this hacluster could be used on releases since 12.04
<roaksoax> adam_g_: nope it is not
<roaksoax> adam_g_: i was planning on getting it into the cloud-archive if possible
<adam_g_> smoser: ping
<smoser> adam_g_, hey
<adam_g_> smoser: noticed im failing to bootstrap nodes using juju+MAAS, cloud-init is failing: http://paste.ubuntu.com/1539094/ noticed a new precise SRU ~7 hours ago. any relation?
<smoser> adam_g_, $*@!
<smoser> adam_g_, please file a bug.
<Daviey> great news eh?
<adam_g_> smoser: ack
<roaksoax> Daviey: i do have great news, new upstream version of maas in raring
<roaksoax> Daviey: bad news is something is f'd with chain.c32 and fails to localboot
<smoser> adam_g_, please attach output ec2metadata --user-data
<smoser> and /var/log/cloud-init.log
<Daviey> roaksoax: woooot
<adam_g_> smoser: yup
<Daviey> roaksoax: and :(
<roaksoax> yeah :(
<adam_g_> smoser: is it possible to just run user-data thru cloud-init on-demand, without a reboot?
<smoser> mostly, yes.
<smoser> rm -Rf /var/lib/cloud
<smoser> precise ?
<adam_g_> smoser: yes, precise
<adam_g_> smoser: rm -rf /var/lib/cloud .. and then ?
<smoser> http://paste.ubuntu.com/1539204/
<smoser> try that
<adam_g_> smoser: thanks
<adam_g_> smoser: https://bugs.launchpad.net/bugs/1100491 if you haven't seen the spam yet.
<uvirtbot> Launchpad bug 1100491 in cloud-init "cloud-init 0.6.3-0ubuntu1.3  failing to process juju-generated userdata" [Undecided,New]
<smoser> adam_g_, are you able to just test fo rme ... (i have testd, but want you to verify at lesat that re-run script)
<smoser> http://bazaar.launchpad.net/~smoser/ubuntu/precise/cloud-init/lp-1100491/files
<adam_g_> smoser: with that diff, i reran everything as in that pastebin of yours, and ended up with packages and agents
<smoser> k.
<smoser> i'm gonna upload to -proposed then.
<smoser> adam_g_, could you please do the SRU info on that bug for me ?
<smoser> i have to run now.
<smoser> i've just uploaded to precise-proposed
<adam_g_> smoser: ok.
<lvmer1> My minidlna files.db  only shows approx. 9000 audio files, while the folder has 38,000. I've increased the watches & I've forced several reloads, but I still get the exact same number 9000 something audio files.  All the 25,000 picture files show up perfectly, so I'm curious what the problem is. All the audio files are mp3
#ubuntu-server 2013-01-17
<adam_g> smoser: fyi tested the same test case on a quantal image, didn't affect that c-i version
<smoser> right.
<smoser> maas is the worst case for us here.
<smoser> we can block just about everything else out by not releasing an updated image.
<smoser> utlemming, ^
<smoser> please do not release a cloud-image until bug 1100491 has worked its way through.
<uvirtbot> Launchpad bug 1100491 in cloud-init "[SRU] cloud-init 0.6.3-0ubuntu1.3  failing to process juju-generated userdata" [Critical,In progress] https://launchpad.net/bugs/1100491
<adam_g> roaksoax: comin atya https://code.launchpad.net/~gandelman-a/charms/precise/hacluster/avoid-osras/+merge/143626
<azbyin> hi all..
<azbyin> I'm trying to install nvidia cuda on an ubuntu server 12.10 installation
<azbyin> for some reason i am unable to blacklist the nouveau driver
<azbyin> it seems to always be loaded
<escott> azbyin, i think you have to update-initramfs for the blacklist to make it into the initrd
<AtuM> Hello... is there a known howto page available for drbd+ocfs2+pacemaker installation in 12.04 ?
<ketan985> hi everyone
<mocha> hi, i want to know is motherboard compatible with ubuntu server 12.04? 	Motherboard s1155 Intel H77 ATX DH77KC Intel BLKDH77KC
<mocha> cpu and ssd does not matter, correct?
<mocha> is Intel H77 ATX DH77KC Intel BLKDH77KC motherboard compatible with ubuntu server 12.04? any driver problems or other negative response about it?
<lifeless> mocha: check the hardware database
<lifeless> http://www.ubuntu.com/certification/catalog/
<lifeless> mocha: and https://friendly.ubuntu.com/
<mocha> lifeless: thank, and if i dont find anything... then what? is only way "plug and pray" or is something else i can do before buy hardware?
<lifeless> you could ask the vendor
<zul> jamespage: ping can you have a look at the nova ftbfs for me im totally stumped (the testsuite failures)
<jamespage> zul: in the lab?
<zul> jamespage: yeah if you back out the fix-ubuntu-tests.patch you can see what im talking about
<jamespage> zul, just disable that patch right?
<zul> jamespage: yeah i rather not have to skip tests i would like to see why they are failing (was thinking about this last night)
<jamespage> zul, +1
<jamespage> zul, on another matter who's uploading updated dependencies for the grizzly cloud archive?
<jamespage> http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/grizzly_versions.html
<jamespage> looks sparse to me
<jamespage> just been debugging the build failure for alembic in the grizzly-trunk-testing PPA - needs new sqlalchemy
<zul> lovely
<zul> jamespage: ill take a look at the cinder failure as well today
<jamespage> zul, actually leave that with me - I can fix the current build failure for precise easily
<jamespage> zul, are you referring to the skipped tests?
<zul> jamespage: ok yeah
<zul> also i have 2 mp for novaclient and quantumclient i think
<jamespage> zul, just review - both look OK but can you fixup the trailing , on the list of BD on one of them
<zul> jamespage: sure
<freeflyi1g> jamespage: does openvswitch (1.9.0~git20130115.ca71f5b-0ubuntu1) works for you? I mean the dkms kernel module, here the module can't be loaded with kernel 3.8.0-0-generic in raring
<jamespage> freeflyi1g, it was working for me yesterday
<jamespage> I can check again...
<jamespage> freeflyi1g, does it build OK?
<jamespage> i.e. the dkms modules
<freeflyi1g> jamespage: it was built successfully
<freeflyi1g> ERROR: could not insert 'brcompat': Unknown symbol in module, or unknown parameter (see dmesg)
<jamespage> freeflyi1g, ah! I know what that is
<jamespage> freeflyi1g, that probably means you have the stock openvswitch module which ships with the kernel loaded
<freeflyi1g> jamespage: lemme check
<jamespage> OR the bridge module is already loaded
<freeflyi1g> jamespage: yep, works by unloading stock openvswitch module
<freeflyi1g> jamespage: thanks
<jamespage> freeflyi1g, np - I had a head scratching moment about that yesterday
<jamespage> freeflyi1g, you know the brcompat module is deprecated now and will be removed from openvswitch (probably this year)
<zul> jamespage: ping https://code.launchpad.net/~zulcss/openstack-ubuntu-testing/glance-grr-mad/+merge/143702
<jamespage> zul, have you pinged upstream about the distruption that is going to cause
<zul> jamespage: sent the info ttx but he hasnt responded yet
<ttx> zul: hmm?
<ttx> oh. pastebin. looking
<zul> yeah
<ttx> zul: ok, continuing discussion in #openstack-infra. no idea where that comes from
<voxadam> I have a little box running LTS that sits and does its thing without my thinking about it. While this is great it does cause one problem for me, I forget to check for security updates. This is especially problematic because the box faces the internet. What automatic or semiautomatic solutions are there for such a situation?
<ogra_> voxadam, https://help.ubuntu.com/community/AutomaticSecurityUpdates
<zul> yolanda: can you retarget the branch for lp:~openstack-ubuntu-testing/ceilometer/grizzly please, otherwise looks good
<yolanda> zul, done it
<jamespage> smoser, getting this error from cloud-init on precise - http://paste.ubuntu.com/1541976/
<jamespage> any ideas?
<smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1100491
<uvirtbot> Launchpad bug 1100491 in cloud-init "[SRU] apt_sources broken in 0.6.3-0ubuntu1.3 [regression]" [Critical,Fix committed]
<jamespage> smoser, ta
<smoser> jamespage, just begging in -devel now to get that into -updates sooner.
<jamespage> smoser, yes please - its breaking all of the automated deployment testing on precise
<jamespage> juju never makes it onto the server....
<anuaimi> does anyone know if the debian experimental 2.4 packages are usable on Ubuntu (12.04)?
<anuaimi> does anyone know if the debian experimental Apache 2.4 packages are usable on Ubuntu (12.04)?
<ikla> how do I reinstall grub from a chroot?
<ikla> I booted my another linux up and mounted the drive, I just need to chroot and install grub again
<happyface> why is the default niceness for new processes 20 on my ubuntu server? isn't it usually 0?
<RoyK> hm.. nice is usualy 5
<RoyK> seems it's 10 on precise
<happyface> RoyK, yeah any ideas? limits.conf is empty too
<sarnold> happyface: that's odd; do you have any /etc/security/limits.conf settings that would fiddle with your nice values? Or somewhere else in login path?
<RoyK> happyface: which ubuntu version?
<RoyK> happyface: 0 is normal priority, btw
<sarnold> happyface: are you positive it's nice value and not priority that's 20? all my nice 0 tasks are running with priority 19 on my 12.04 LTS laptop...
<RoyK> nice 0 == ''
<happyface> sarnold, ah I think you're right
<RoyK> priority is defined by the kernel dynamically
<sarnold> happyface: ps -A -o pid,nice,pri
<RoyK> or just run top :P
<happyface> yup, silly mistake :p
<sarnold> ah, so they are both in top :) hehe
<happyface> I only got onto this because my other developer was freaking out
<happyface> thanks :P
<axisys> how can I tell if it is a LUN or physical disk?
<axisys> lspci shows
<axisys> 07:00.0 RAID bus controller: Adaptec AAC-RAID (rev 09)
<axisys> mdstat show
<axisys> md0 : active raid1 sdb1[1] sda1[0]
<axisys> how can I tell if sda is either JBOD disk or a LUN provisioned by the raid controller?
<RoyK> axisys: use a tool for the RAID controller - it's usually exposed as a SCSI device, and linux normally can't see what's underneath
<RoyK> most RAID controllers have tools for linux showing the underlying structure
<axisys> I wonder if this is a pass through one.. would be easier to replace with bigger size disk then
<RoyK> axisys: what controller?
<axisys> 12:47:39 < axisys> 07:00.0 RAID bus controller: Adaptec AAC-RAID (rev 09)
<RoyK> axisys: http://hwraid.le-vert.net/wiki/Adaptec
<axisys> RoyK: thanks
<RoyK> iirc that raid controller is a 'true' raid controller, so if configured with RAID, it should show up as a single device in linux
<RoyK> but then, you can always configure it in JBOD mode, dunno
<axisys> I usually only create single disk raid0 luns
<axisys> easier to manage at OS that way
<RoyK> yeah, I prefer software RAID over hw raid too
<RoyK> configuring each disk as raid0 is normally the same as JBOD
<axisys> RoyK: yep.. I would prefer rip the controller out and talk to the disk directly if I could.. lol
<RoyK> axisys: perhaps better if you have SSDs, since most (or all?) RAID controllers don't support TRIM/UNMAP
<koolhead17> hi all
<axisys> they have 300G SSDs relatively cheap?
<axisys> RoyK: ^
<axisys> I already have the drivers ofcourse.. cuz I am using the disks.. but trying to find out if that url has a link for the arcconf binary.. using ubuntu 10.04 64bit
<RoyK> axisys: what sort of machine is this?
<RoyK> aac-raid on motherboard?
<axisys> http://hwraid.le-vert.net/wiki/DebianPackages got it!
<axisys> [   19.006845] Adaptec aacraid driver 1.1-5[2461]-ms
<axisys> [   19.006891] aacraid 0000:07:00.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
<axisys> [   19.006897] aacraid 0000:07:00.0: setting latency timer to 64
<axisys> [   19.460000] IRQ 17/aacraid: IRQF_DISABLED is not guaranteed on shared IRQs
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<axisys> [   22.599531] scsi2 : aacraid
<axisys> RoyK: my bad
<axisys> http://pastebin.com/c0figCNK
<RoyK> looks like JBOD to me
<axisys> please explain (learning)
<RoyK> I guess you'll have to reconfigure new devices in the controller's BIOS if replacing drives, though, but that may be different with other BIOSes than the ones I've tried
<axisys> I am thrown off by logical device with raid level simple_volume
<RoyK> JBOD == just a bunch of disks
<RoyK> aka no RAID config on the RAID controller
<axisys> i thought each disk is configurd as raid0 lun
<axisys> no?
<RoyK> yes, which means no redunancy on the controller
<axisys> RoyK: correct..
<axisys> i do the raid1 using the software raid
<RoyK> yes, so did also mdstat show
<axisys> so if I want to replace with larger disk.. I will have to take it offline in md first and then offline in the raid controller while system is live..
<axisys> correct?
<RoyK> in your raid-1, yes
<RoyK> do you plan something raid-[56] for the other drives?
<axisys> no .. i only use raid1 and raid10 in OS
<axisys> disks are cheap
<RoyK> just thinking if you were using raid-5 or raid-6 (which may be slower, but in the case if raid-6, safer), it would be easier to use a disk as a spare, so you could replace that and mdadm --replace to that before removing a device
<axisys> gotcha..
<RoyK> raid-10 will allow for a single drive failure per mirror, raid-6 will allow for any two drives failing without data loss
<RoyK> so unless you're placing a high-traffic database or something like that needing high iops, better use raid-6 (IMO)
<axisys> so if I want to replace it bigger size disk I need to take the system down?
<RoyK> that depends on the controller firmware
<axisys> I was hoping arcconf can offline it and allow to put a new disks and online it back
<RoyK> last I worked with that controller, it needed the new device to be defined in its BIOS
<RoyK> iirc it's designed to handle hotplug, but only if it's controlling its own RAID
<axisys> http://pastebin.com/MgBGn2sF
<axisys> firmware version
<RoyK> no idea
<RoyK> better try it
<axisys> i am looking for how to offline a disk
<RoyK> axisys: if you have another drive that will fit in there, just try it
<RoyK> axisys: I guess this system isn't in production yet?
<axisys> RoyK: it is in production
<axisys>  DELETE                  | deletes one or more logical devices
<axisys> that might do it
<axisys> once i remove it from md raid1
<RoyK> just make sure to run a scrub before you remove a disk
<RoyK> something like echo check > /sys/block/md0/md/sync_action
<axisys> I thought this should be enough
<axisys> mdadm /dev/md0 --fail /dev/sdb1 --remove /dev/sdb1
<RoyK> that works well
<RoyK> but then, if there are errors on the other side of the mirror, you're in trouble
<RoyK> so better run a check first
<RoyK> what is the application for this server?
<adam_g> jamespage: zul http://people.canonical.com/~agandelman/g2_deps/ are these okay to upload to grizzly-staging CA pocket? they'll get rid of all/most the red in staging @ http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/grizzly_versions.html
<zul> damn it i havent looked at it
<zul> gimme a couple of minutes
<zul> shouldnt ceph be precise-grizzly?
<zul> adam_g: ^^^
<RoyK> axisys: ?
<zul> adam_g: alembic looks ok
<zul> adam_g: why is leveldb needed?
<adam_g> zul: actually, yeah, exclude the ceph stuff
<zul> adam_g: k
<zul> adam_g: they look good although you will need a newer testrepository (ubuntu6 runs the testsuite during the build)
<zul> and we already talked about ceph
<axisys> RoyK: oops.. sorry went to pick up something for lunch..
<zul> adam_g: i think we might need the openvswitch snapshot from raring in there as well
<axisys> RoyK: it is for splunk
<RoyK> so I guess no big needs for high iops :P
<axisys> RoyK: yep
<RoyK> then my suggestion is, get a couple of 1-2TB drives and create a raid-5 on those, copy the data over to them (or perhaps you have another server somewhere), and start from scratch with two drives in raid-5, add more drives as needed, extend to raid-6 if you're paranoid
<axisys> looks like only disks (raid0 luns) under raid10 will be replaced with bigger disk
<axisys> RoyK: ^
<RoyK> you can do all that dynamically
<RoyK> (mdadm raid, I mean)
<SpamapS> smoser: hey, are you aware of any bugs in cloud-init's handling of the legacy 'user:' cloud-config option?
<stemid> anyone had success with user --groups staff in kickstarting ubuntu Precise? whenever I add --groups staff to the user line in my kickstart file the install stops at the user creation bit, as if the whole line is made invalid by this.
<SpamapS> smoser: having some trouble with it in 12.10 images
<RoyK> axisys: I'm quite sure that's not right - I think replacing drives with bigger ones in a raid-[56] should work well
<smoser> SpamapS, it would not surprise me if there were a bug, but i thought we'd got it working right.
<smoser> SpamapS, example ?
<axisys> raid10 gives best performance
<RoyK> axisys: yes, it does, but do you need that performance?
<axisys> I guess I will trun off splunk and then run check and offline and fail on each disk.. at a time
<RoyK> axisys: if you don't, better spend time on safety
<RoyK> axisys: install sysstat and enable it and you'll see over time what the i/o load is
<RoyK> probably very low
<SpamapS> smoser: trying to use heat w/ stock 12.10 images
<SpamapS> smoser: http://paste.ubuntu.com/1542277/
<SpamapS> smoser: ec2-user is created, but never gets ssh keys
<axisys> we have all splunk servers on raid10.. wont have enough time to redo all
<SpamapS> smoser: root does actually end up getting the specific ssh key though
<jamespage> adam_g, yes - leveldb, ceph (in that order - otherwise it won't pickup the new version)
<jamespage> thats the bobtail release
<jamespage> and python-hp3parclient as well
<jamespage> for cinder
<adam_g> jamespage: okay, adding hp3parclient. what are we doing with ceph? 0.56.1 into precise-grizzly?
<SpamapS> smoser: also in root's authorized_keys file, the user is not 'ec2-user', it is 'NONE'
<RoyK> axisys: well, raid-10 should do as well, but I don't know it too well in terms of replacing drives
<SpamapS> smoser: hrm, you know what? This was with 0.7.0-ubuntu2 ... let me try again w/ the latest cloud image.
<adam_g> zul:
<adam_g> http://people.canonical.com/~agandelman/g2_deps/testrepository/
<zul> +1
<adam_g> zul: this guy, too http://people.canonical.com/~agandelman/g2_deps/python-hp3parclient/
<zul> +1
<RoyK> axisys: just make sure you scrub the pool before replacing anything
<smoser> SpamapS, it is a bug.
<RoyK> axisys: try at off hours first, after a scrub, to remove a drive and reinsert another, perhaps the raid tool can do a rescan and recreate a raid-0 on that drive, after that you should be able to mdadm --add that drive
<jamespage> adam_g, yes please re ceph
<jamespage> but please make sure the leveldb package is updated first; there are some improvements worth having :-)
<jamespage> 0.56.1 is the next lts release
<adam_g> jamespage: ok
<axisys> echo check > /sys/block/md10/md/sync_action should do for md10 or something else?
<axisys> RoyK: ^
<SpamapS> smoser: good to know. Is there a good workaround?
<smoser> you can just declare it in the new form
<SpamapS> smoser: heat wants to work with 10.04
<smoser> that would be ignored then.
<smoser> (the new form would be ignored on 10.04).
<smoser> so just declare both.
<smoser> i think
<RoyK> axisys: it works for all raid levels
<SpamapS> smoser: I'll try that
<smoser> but please opne a bug.
<SpamapS> smoser: http://paste.ubuntu.com/1542348/
<SpamapS> smoser: so, like that?
<smoser> no
<smoser> ditc line 6, SpamapS
<SpamapS> smoser: the example sucks then :)
<smoser> that refers to the OS's "default" user
<smoser> ie, you'd get 'ubuntu' created.
<SpamapS> ah
<smoser> the example is right, it just didnt' fit what you wanted
<SpamapS> smoser: perhaps.. comments? :)
 * SpamapS admits, he did not read the comments
<SpamapS> or the docs
<SpamapS> so.. yeah.. perhaps SpamapS sucks
<smoser> i think you might want to add 'default: true' to your user's definition
<smoser> SpamapS, please open a bug.
<SpamapS> smoser: \o/
<SpamapS> smoser: new style works
<SpamapS> actualy no
<SpamapS> I mis-read the ci-info
<SpamapS> still only the root user gets the key
<SpamapS> smoser: ah, default: true so that it gets the ssh key..
<smoser> well, adding 'default' turns it into the "default" user.
<smoser> which the ssh-import uses
<smoser> can you show me what you have now ?
<SpamapS> smoser: http://paste.ubuntu.com/1542389/
<SpamapS> smoser: trying with default: true
<smoser> SpamapS, just fyi, apparently (through documentation i just read) you can snpecify ssh authorized keys for each user.
<smoser> and even per-user ssh-import-ids
<smoser> but it still "should work" what you want
<SpamapS> smoser: in this case I just want the instance keypair for the user. :)
<smoser> anyone else having issues with ec2 today?
<smoser> euca-describe-instances is blocking
<SpamapS> smoser: still no ssh keys for ec2-user with 'default: true'
<SpamapS> smoser: I am thinking this might be something else in the stack causing issues
<SpamapS> smoser: booting a quantal instance with just that userdata produces a key just fine
<SpamapS> smoser: as in, just 'user: ec2-user'
 * SpamapS decides to consider it over lunch
<smoser> well, SpamapS please open abug if its not working right.
<smoser> but i thought i had reproduced
<jkyle> I have a file that's been modified after installation. when dpkg prompts for how you want to handle it
<jkyle> how can I force apt to accept the maintainer's version? I tried -y & --force-yes
<adam_g> jamespage: thoughts on retargetting the nova live migration charm work under review as merges into the respective branches of ~openstack-charmers, to condense the # of in-flight changesets?
<jamespage> adam_g, sounds like a good idea - I've been having trouble keeping track
<adam_g> jamespage: yah, same here. ill see about resolving conflicts and proposing some merges to the ~openstack-charmers branches for nova-compute, nova-c-c, keystone, glance. also gonna stick a rabbitmq-server charm with hacluster support and propose changes to the amqp hooks of the other charms
<jamespage> +!
<jamespage> +1even
<capauciell> ciao
<capauciell> !list
<ubottu> capauciell: No warez here! This is not a file sharing channel (or network); read the channel topic. If you're looking for information about me, type Â« /msg ubottu !bot Â». If you're looking for a channel, see Â« /msg ubottu !alis Â».
<hallyn> say (looking at an untriaged bug) is tomcat7 explicitly not meant to run with oracle java?
<TLoT> is it possible to restrict only certain SSH logins to have key-auth only?
<TLoT> thereby prevent password auth for a user?
<sarnold> most admins prefer disabling password auth for everyone
<TLoT> true, however i can't do that globally because of one user.
<TLoT> who is already on ther eceiving end of hell for using insecure passcodes
<adam_g> roaksoax: ping
<sarnold> TLoT: the only thing I can think of -- and it's a bit ugly, but I'm saying it in the hopes that someone else will have a good idea :) -- is to run a second sshd, with a different set of PAM modules (pam_succeed_if?), on a different port for your special user.
<TLoT> eww that does sound ugly :p
<TLoT> i'd rather just kick the one user who needs password-only auth to /dev/null :P
<Guest88403> anybody here?
<sarnold> TLoT: oh! pam_succeed_if could probably do it just for the one user
<sarnold> TLoT: .. without a second daemon.
<TLoT> sarnold, still ugly
<TLoT> Guest88403, sup
<sarnold> TLoT: sure, but much less ugly.
<Guest88403> can you show me how to put my ip on the map
<roaksoax> adam_g: pong
<irv> how do i make a directory writable by my user
<adam_g> roaksoax: are you doing work on DRBD /w the hacluster stuff?
<roaksoax>  adam_g yes
<adam_g> roaksoax: where at? and hows it going? thinking maybe need that for this rabbit stuff
<roaksoax> adam_g: most of the stuff is here: https://code.launchpad.net/~andreserl/charms/quantal/mysql/hacluster-support
<roaksoax> all of the stuff for now
<roaksoax> so it is up to mysql to set its own DRBD stuff and then passes resources,constraints, etc to hacluster to be configured
<adam_g> roaksoax: hmm. wondering if theres anyway to make the drbd stuff more consumable from other charms.
<roaksoax> adam_g: we can have some of it in an external lib or something. I wanted to make it in the hacluster charm at first but in reality it didn't fit there
#ubuntu-server 2013-01-18
<ak> Hello,as a gnu/linux newbie i m trying to setup an ubuntu 12.04 server.The server machine is connected to internet via a wifi card.What i am trying to do is to also make that card work as an AP @ the same time.Is that possible?Thanks in advance!
<TheLordOfTime> was going to say that you need two NICs to make a truly-usable AP
<ketan985> what's best monitering tool for ubuntu server ????
<lifeless> Mark 1 eyeball.
<sarnold> only good if hooked up to a mk ii brain :)
<Kredo> hi guys
<Kredo> need help: Device /dev/ttyUSB0 is locked
<Kredo> can I send/rcv sms while connected?
<megha> is ubuntu server stable compared to debian ? or both of them are equal
<koolhead17> megha: what are u trying to deploy install? Its all same. And Ubuntu has all new cloudy pkgs
<megha> cloudy pkgs ?
<megha> koolhead17: i am trying to setup a webserver.
<megha> for commercial purpose.
<koolhead17> megha: cloudy == cloud computing ones
<koolhead17> megha: go ahead with a LTS server and your good
<megha> ok :)
<megha> ubuntu server is debian testing repos right ?
<koolhead17> megha: who gave you that crap?
<koolhead17> i said go use 12.04 LTS it has 5 yr support
<megha> people in other channel
<koolhead17> megha: your smart enough i suppose 2 take decision :)
<megha> hmmm..
<eutheria> does the 12.04 still hit on a cd?
<jamespage> zul, bug 1101158 is the problem impacting the glance client
<uvirtbot> Launchpad bug 1101158 in python-warlock "depends on jsonschema==0.2, broken in raring" [Undecided,New] https://launchpad.net/bugs/1101158
<jamespage> zul, I had a quick pass at an upgrade but it needs a new dependency - jsonpatch
<jamespage> zul, indeed smoser already spotted this - bug 1098688
<uvirtbot> Launchpad bug 1098688 in python-glanceclient "python-warlock insists on jsonschema==0.2 breaks glance" [Medium,Confirmed] https://launchpad.net/bugs/1098688
<jamespage> duped
<vnc786> i have 10 machines with ubuntu 12.04 running through LTSP now i want to configure gnome settings of one user and apply that settings to others. how do i do that ?
<ogra_> vnc786, as i said before, try #ltsp
<vnc786> @ogra_: what if i would be running normal 2-3 ubuntu machines
<ogra_> then you would likely ask in a desktop related channel
<ogra_> ltsp has the (dis)advantage of touching both worlds like nothing else
<feisar> hi, I mounted a LV to use as /var but now I would like to remove the files that are 'under' that mount (the old /var mount point) what's the best way of going about that?
<feisar> (I did the same with /tmp and simply umounted the LV, removed the old /tmp files and remounted but I can't umount /var or course)
<feisar> ah, maybe --bind is what I need?
<zul> jamespage: grrrr
<zul> jamespage: there is an easy wasy to fix that
<jamespage> zul, oh yes
<jamespage> it appears to work as well
<jamespage> :-)
<zul> jamespage: patch the requirements.txt :)
<jamespage> zul, want me todo that? then you can worry about the upgrade path to the newer version :-)
<jamespage> zul, that was how I fixed it locally :-)
<zul> jamespage: ill do it and get the new version of warlock ready as well
<zul> good morning btw
<zul> jamespage: do we have a compeling reason to update to the new python-warlock?
<jamespage> zul, morning
<jamespage> zul, probably not
<zul> jamespage: ok lets put it off then
<zul> anyways warlock has been updated
<smoser> jamespage, it wasn't actually clear to me that it really *did* have htat dependecy on 0.2
<smoser> https://launchpad.net/bugs/1098688
<uvirtbot> Launchpad bug 1098688 in python-glanceclient "python-warlock insists on jsonschema==0.2 breaks glance" [Medium,Confirmed]
<smoser> ie, i just changed the name that jsonchema reported and it got past initial trap, and i was then failing to auth against HP cloud, but i didn't test against aa known working state.
<zul> jamespage: btw https://code.launchpad.net/~zulcss/python-keystoneclient/0.2.2/+merge/143880
<zul> yolanda: sorry can you look at this as well? https://code.launchpad.net/~zulcss/python-keystoneclient/0.2.2/+merge/143880
<yolanda> hi zul
<yolanda> ok
<yolanda> zul, is just the comments in changelog?
<zul> yolanda: yep
<yolanda> easy one then
<yolanda> done
<zul> thanks
<maxb> Does anyone know of any script/webapp/... that gathers information on upgradeable packages across a farm of servers and collates the information?
<zul> maxb:  yes....its called landscape http://www.canonical.com/enterprise-services/ubuntu-advantage/landscape
<frojnd> Hi there.
<RoyK> ho
<frojnd> Sup, sup :)
<TheBronx> hi!
<TheBronx> this is probably not the best place to ask this but... any libpcap expert?
<TheBronx> I have a simple c program using libpcap, it works but one of the CPU cores is always at 100%...
<tboat> hey all, I am trying to get my postfix mail to forward to gmail, ive tried setting up a forward service in postfix conf, but the mail doesn't forward
<qhartman> TheBronx, Almost certainly not the place to ask. I would guess though that you've got some expensive loop in there that you don't need.
<RoyK> TheBronx: what sort of program are you writing? parsing a big pcap file will usually take some cpu
<RoyK> TheBronx: perhaps ##c
<TheBronx> thank you qhartman and RoyK. It is just a callback from pcap_loop. I've tried an empty callback but the CPU is still at 100%... weird
<RoyK> TheBronx: try ##c
<RoyK> TheBronx: or perhaps #ubuntu-offtopic
<qhartman> I'd imagine there is a channel on here somewhere that would be more specific to network programming
<TheBronx> thank you guys, I love this channel :P
<SpamapS> smoser: so default: true doesn't seem to be a thing one can override
<SpamapS> smoser: http://paste.ubuntu.com/1546051/
<SpamapS> smoser: that pretty much determines if the user is "the system default user"
<smoser> SpamapS, well, in trunk the goal here would be that the 'distro' has a 'default_user' that is set via config.
<smoser> (config could also come from user-data)
<smoser> and then 'user:' would ideally change that also.
<smoser> maybe.
<smoser> i'm   not sure.
<smoser> sorry this sucks.
<SpamapS> smoser: right, in this case, I think the 'user: ...' should be assumed to override the distro default.
<SpamapS> smoser: or a user that sames default: true
<smoser> right. i think that generally makes sense.
<SpamapS> s/sames/says/
<smoser> tha tits presense baically patches the distro's 'default_user'
<SpamapS> smoser: so I may have a patch to do at least part 1, maybe part 2 of my thinking
<smoser> on trunk ?
<smoser> please do it on trunk.
<SpamapS> yeah it would be trunk
<smoser> even though thats different from quantal.
<SpamapS> there's also something weird about my environment because if I just boot an instance on ec2 or hpcloud, that is basically what happens
<SpamapS> thats sort of where I'm stuck and trying to figure out WTF
<eutheria> in /etc/network/interfaces i thought i could define the DNS servers
<SpamapS> eutheria: you can but on newer systems you have to do it a little differently
<eutheria> so i am using 12.04
<eutheria> what do you do now
<SpamapS> eutheria: man resolvconf
<eutheria> ty
<SpamapS> eutheria: you probably just want 'dns-nameservers x.x.x.x y.y.y.y'
<eutheria> think so
<SpamapS> smoser: is there a way to re-run cloud-init but only check local on-disk metadata? Its a pain for me to iterate by spinning new instances whenever I want to change userdata
<eutheria> i only had used resolveconf for openvpn before
<smoser> SpamapS, yes.
<smoser> SpamapS, see http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/files/head:/doc/examples/seed/ for example of how to populate directory that will be read rather than user-data/meta-ata in ec2
<SpamapS> oh duh
<SpamapS> just use the nocloud
<smoser> then, you're capable of reading the cloud-init upstart jobs
<smoser> just call them in order
<SpamapS> yeah
<smoser> oh
<smoser> rm -Rf /var/lib/cloud
<smoser> (that is a bit of a pain (patches welcome) since nocloud looks there)
<SpamapS> thats ok
<SpamapS> thats what I've been doing to re-run w/ the existing metadata pulled from metadata service
<SpamapS> but now i want to change said metadata
<smoser> one thing that'd be nice for me to cdocument is how you could use this with overlayroot
<smoser> eseentially, you can boot an instance with overlayroot, so that every reboot is "fresh"
 * SpamapS could just login to the mysql server hosting it.. but that just seems wrong ;)
<smoser> (still have to reboot, but no new instance)
<smoser> and you can intentionally make changes to the real root store to persist across reboot
<smoser> so many things i have failed to document
<SpamapS> smoser: so like schroot, but for instances :)
<smoser> right.
<smoser> SpamapS, there is #cloud-init fyi.
<smoser> and harlowja there is the brains behind the cloud-init operation :)
<stuffthatspins> i'm in desperate helpâ¦ upgraded my server from 10.04 to 12.0.4LTS yesterday. and lost all my additional IP addresses. only the main IP address works.
<stuffthatspins> would take advice here or happy to pay offline.
<RoyK> stuffthatspins: pastebin /etc/network/interfaces
<RoyK> or pm it if you're nervous
<zastern> Is there a way to list installed/available AppArmor profiles?
<zastern> I'd like to enable the Apache/HTTPD profile but I can't really figure out how
<frojnd> zastern | Is there a way to list installed/available AppArmor profiles? apparmor_status
<sarnold> frojnd: that'll only show what is currently loaded; there's no easy way to list what is easily available on the system
<frojnd> sarnold: gotcha
<frojnd> How do I check if mysqld and nginx are automatically enabled at boot?
<sarnold> zastern: the apparmor-profiles package will install a /usr/share/doc/apparmor-profiles/extras/usr.sbin.httpd2-prefork   file that you can copy into /etc/apparmor.d/ as a starting point
<zastern> sarnold: thanks sir/ma'am. I'll look into thatl.
<sarnold> frojnd: the upstart cookbook is where I turn for things like that.. http://upstart.ubuntu.com/cookbook/#cookbook-and-best-practises
<sarnold> frojnd: I think what you need is "initctl list", but it feels like there ought to be something a bit less verbose..
<jdstrand> zastern, sarnold: do not that libapache2-mod-apparmor also ships /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2. it has directions inside it on how to use it
<zastern> do not that?
<zastern> ill check that out, thank you!
<jdstrand> s/do not/do note/
<sarnold> jdstrand: aha, thanks :)
<zastern> that sounds more gooder than just a recipie
<zastern> an actual mod for apache
<jdstrand> sarnold: it is setup so that apache2 itself is unconfined but such that it will use change_hat
<stuffthatspins> jdstrand: :)
<jdstrand> but that can be changed by modifying the profile obviously
<sarnold> jdstrand: ooh, that's nice. :)
<jdstrand> mdeslaur: did a nice job with it I think
<jdstrand> err
<jdstrand> mdeslaur did a nice job with it I think
<jdstrand> mdeslaur: nm
<zastern> im also toying with SElinux
<sarnold> zastern: the mod is especially nice if you've got a few different applications hosted in your apache, it prevents e.g. a stupid phpbb exploit from getting to your other applications..
<zastern> yeah i have many
<zastern> we have a single apache cluster that hosts many apps
<Aison> when I try to start the isc-dhcpd server, I get this error
<Aison> Open a socket for LPF: Permission denied
<Aison> how and where do I have to set the rights that dhcpd can open this socket?!?
<sarnold> Aison: dmesg | grep DENIED    -- I'm curious if an AppArmor profile on dhcpd is preventing it from getting LPF..
<Aison> sarnold, this is the related line
<Aison> [ 2860.406625] type=1400 audit(1358532785.500:46): apparmor="DENIED" operation="create" parent=5921 profile="/usr/sbin/dhcpd" pid=6332 comm="dhcpd" family="packet" sock_type="raw" protocol=768
<sarnold> Aison: woo :)
<Aison> and what now? :P
<sarnold> Aison: add "network raw" and "network packet" to your /etc/apparmor.d/usr.sbin.dhcpd file, then run /etc/init.d/apparmor reload
<sarnold> "network raw," and "network packet," -- the commas are more important than they should be, hehe
<Aison> that's actually in now: network inet raw, network packet packet,
<Aison> so these lines are not missing....
<sarnold> Aison: remove the 'inet', and one of the 'packet'?
<Aison> yeaaah nice one, that's working :D
<Aison> I just wounder why these entries where wrong
<Aison> I never changed anything like that
<Aison> I guess there is a problem with the isc-dhcp-server-4.2.4-4ubuntu1 packet
<sarnold> Aison: would you please file a bug against isc-dhcp-server? it might help if you could explain what might be unique about your configuration
<Aison> I already reported a bug here, then they fixed it after months :P
<Aison> https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1071928
<uvirtbot> Launchpad bug 1071928 in isc-dhcp "isc-dhcp-server-ldap (4.2.4-1ubuntu10.1) is not capable of ldap" [High,Fix released]
<Aison> but the fix contains again a bug, funny ^^
<Spindrift> Hello?
<Spindrift> check 123
<Aison> works
<Spindrift> copy. Thx
<sarnold> Spindrift: irc tends to work best if you just start asking questions :) hehe
<Spindrift> heheâ¦copy that. thx
<RoyK> !ask | Spindrift
<ubottu> Spindrift: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<Spindrift> I am building a couple mobile incident command rigs with satellite internet/phone that get deployed world-wide. I need a small lightweight file/print server (miniPC, SSD, Linux distro) running Linux to integrate with the printer/scanner/copier so that emergency staff can scan PDFs to a shared network drive. I imagine that Ubuntu Server 12.04 would be a good distro to use for this?
<sarnold> Spindrift: yeah; 12.04 LTS has a longer support life than e.g. 12.10, so your deployed units won't need to be replaced with something newer quite as quickly
<Spindrift> thanks
<stuffthatspins> i have a 12.0.4 server that IPs are ping-able inside the network but not out. no firewall. any ideas where to look?
<[conrad]> stuffthatspins: Can you be more specific about the description of "IPs are ping-able inside the network but not out"?
<ikonia> window 10
<ikonia> oops, sorry
<ikonia> window 10
<ikonia> ughh, sorry
<pewter_tao> It seems ubuntu cloud has updated its packages. Is there a mirror that points to the old ones?
<Bilge> How do you enable ipv6 support in the kernel?
<sarnold> Bilge: there's a handful of configuration options; the most important is CONFIG_IPV6=y
#ubuntu-server 2013-01-19
<Bilge> Does `ping` not support ipv6?
<sarnold> Bilge: there's a ping6 ..
<sarnold> and ping ::1 fails where ping6 ::1 works..
<Bilge> Just found it as you said that ;)
<Bilge> As ipv6 becomes mainstream I hope the tools won't be so divided
<sarnold> this division feels mighty old, feels unlikely to be healed if it isn't done by now :(
<Bilge> ipv6 still isn't mainstream
<Bilge> My home router only just got the firmware upgrade this month
<Bilge> I didn't even realise it could be implemented purely with software
<PatrickDK> heh? comcast has supported ipv6 for a year now
<PatrickDK> all .mil and contractors are suppost to be fully ipv6 enabled
<sarnold> PatrickDK: eh...
<PatrickDK> I would call that pretty good support
<PatrickDK> besides the private sector, google and everyone else
<sarnold> PatrickDK: comcast offers tunnels to most of the customers that ask, iff the customer knows enough to ask for it :0
<PatrickDK> sarnold, that is really old
<PatrickDK> comcast has deployed native ipv6 to all customers for awhile now
<sarnold> PatrickDK: also, *cough* ubuntu repos don't do ipv6 :(
<PatrickDK> the only ones that can't yet, are those on business static ip modems
<sarnold> PatrickDK: no kidding, time for another phone call?
<sarnold> PatrickDK: do you have an url handy? :)
<PatrickDK> sarnold, you have a docsis3 modem?
<sarnold> PatrickDK: I don't recall if it is or not :(
<PatrickDK> if it is, you should see ra's
<PatrickDK> if not, you need to upgrade :)
<sarnold> PatrickDK: woo. motorola.com claims the sb6120 is docsis 3.0 anyway...
<PatrickDK> you should be seeing ra packets then
<PatrickDK> I forget how often they come out (I'm behind a business modem :(
<TSK> Greetings.  Does anyone here have experience with lxc (Linux Containers)?
<TSK> I am having an issue on Ubuntu 12.04LTS whereby lxcbr0 (and other bridge devices) which should(?) auto-create/start on startup of a given container are NOT in fact creating/starting as they should and therefore the startup of any networked container fails.
<TSK> My research on Google and on the various Ubuntu related sites turns up little information other than a couple of semi-related bugreports and passing mentions of lxcbr0 but not in any useful context.
<sarnold> PatrickDK: hrm, my wifi router's firmware changelogs don't mention ipv6, but it's probably time to try anyhow. woo. thanks again :D
<patdk-lap> heh, try directly connecting ubuntu into it, and tcpdump for ipv6 ra's :)
<patdk-lap> tcpdump -n ipv6
<sarnold> patdk-lap: good idea. :D
<patdk-lap> oh, ip6 no v :)
<patdk-lap> always mix that up
<sarnold> TSK: this bug report mentions raring by name, so it might be completely different.. but give it a skim? https://bugs.launchpad.net/bugs/1100877
<uvirtbot> Launchpad bug 1100877 in lxc "lxc-start fails after upgrade to raring (dup-of: 1099155)" [High,New]
<uvirtbot> Launchpad bug 1099155 in lxc "[raring] No ip assigned to bridge and no routes added for virtual networks" [Critical,Confirmed]
<TSK> sarnold: Yes, indeed.  That's one of the bugreports I found.
<sarnold> dang.
<TSK> It is sadly not of any real help.  :(
<TSK> I have confirmed that containers run fine if I do not ask them to network, but that kinda defeats the usefulness of a container for me.
<sarnold> TSK: are you using libvirt with your lxc containers? does /etc/init/libvirt-bin.conf have "lxc:///" in the "libvirt_urls"?
<TSK> sarnold: I am actually not using libvirt at all no.  I am using the ubuntu lxc userspace tools from the repositories.
<TSK> Is that then probably the missing bit of the equation then?  Should I be looking into libvirt-bin?
<sarnold> TSK: meh, if the more manual way worked except for this, it's probably worth fixing. I just kinda knew about the libvirt init setting up some networking for the way I've used them.
<sarnold> TSK: are there any log entries in /var/log/ that look remotely usfeul?
<vhadil>  for beginner c or python . plz comment
<sarnold> vhadil: I like C, because using it requires discipline and patience and teaches the truth about how the computer operates.
<sarnold> vhadil: though python will give you better, more useful results, significantly faster. :)
<sarnold> vhadil: C's security and safety problems are pretty horrible -- if you screw up, it _will_ hurt. Python will more likely drop a stack trace and no harm done...
<sarnold> (how's that for broad overgeneralizations? :)
<vhadil> sarnold, so what choice ?
<sarnold> vhadil: if you choose C, start with this book: http://en.wikipedia.org/wiki/The_C_Programming_Language
<sarnold> vhadil: if you choose python, this guide looks promising: http://learnpythonthehardway.org/book/intro.html
<vhadil> sarnold, thank you friend
<lvmer> How do you reference a file or directory ie: /share/share/test.txt   from an html page at /var/www/index.html   ?  none of my tries work: http://paste.kde.org/650768/
<sarnold> lvmer: is /share/share in the webroot of your web server? or do you want the clients to access the file via another mechanism, such as samba?
<vhadil> sarnold, but I am just learning myself, if I could?
<lvmer> I think samba would be easier. /share/share is not in the webroot folder. It is a directory.
<sarnold> lvmer: then try href="//superserver/share/share/test.txt", and be sure to use IE -- probably other browsers won't do it
<lvmer> $$$  default mount point /var/www/index.html    & again  default mount point.... then   /share/share/test.txt
<lvmer> o
<lvmer> I did that one
<sarnold> lvmer: try it with forward slashes..
<sarnold> vhadil: sorry, I don't understand your last question
<sarnold> lvmer: another thing to try, \\\\superserver\\share\\share\\test.txt
<sarnold> daniel_-_: shouldn't you be asleep? :)
<lvmer> it takes me to: http://www1.dlinksearch.com/main?url=superserver%2Fshare%2Fshare%2Ftest.txt&ref=http%3A%2F%2F192.168.0.40%2F&w=1672&h=915&ifc=0
<lvmer> lol
<sarnold> lvmer: hahahaha
<sarnold> lvmer: does your router do something horrible like replace NX domain answers with their own advertising?
<lvmer> hum
<lvmer> I'm guessing that is quit possible
<lvmer> where would I find that in the router settings?
<lvmer> I opened it up, but idk if I see it
<lvmer> sarnold, well we shall see what dlink support says. thanks for the headsup
<sarnold> lvmer: so, your /share/share/test.txt -- did you get that to work yet? did IE go?
<lvmer> no
<sarnold> oh man :/
<lvmer> it only works if the file is in /var/www
<lvmer> I just got it to work by pasting in the browser: \\SUPERSERVER\Share
<sarnold> I wonder if a security setting now prevents html from referencing unc paths
<lvmer> it's got to be a security setting
<lvmer> because it just times out
<lvmer> but I can copy the address
<lvmer> and paste it
<lvmer> even from the html doc
<sarnold> lvmer: hah, file://///   -- http://stackoverflow.com/a/1369164/377270
<lvmer> ?
<sarnold> lvmer: try file://///superserver/share/share/test.txt
<sarnold> though that answer says firefox won't do it for security reasons
<lvmer> it just doesn't work for security reasons
<lvmer> lame sauce
<lvmer> how do servers like cnet have a download button though? cause you can click that & download the file
<lvmer> that's what I'm aiming for
<lvmer> being able to do that with a few files that are not in the /var/www directory
<sarnold> lvmer: they download the file over http
<lvmer> yah
<lvmer> no idea how to do that
<sarnold> lvmer: you could do the same if you added another route in your server configuration to get to /share/share
<lvmer> o
<sarnold> in apache it'd be something vaguely like <directory /share> .. /share </directory> (can you tell it's been years since I've done apache?
<lvmer> hah
<sarnold> dinner now :)
<lvmer> <directory /var/www/test.txt>
<lvmer>                 Forcetype application/octet-stream
<lvmer>                 Header set Content-Disposition attachment
<lvmer>                 </directory>
<lvmer> like this right?
<sarnold> lvmer: oh. then try <location> ! :)
<lvmer> sarnold, well enjoy dinner. sorry to keep you too long
<sarnold> lvmer: not at all, not at all :) hope you get it sorted quickly :)
<sarnold> lvmer: (the force-download behavior is something else, of course.. a new HTTP header from the server, iirc.)
<samba35> is there any gui based syslog server there
<frojnd> hi hi
<bananapie> Hey, I want to recompile a ubuntu package, where can I find the parameters that were given when it was originally compiled by the ubuntu guys ?
<RoyK> in debian/rules
<RoyK> bananapie: that is - apt-get source 'package' and then look in the debian/rules file in the source tree
<RoyK> or perhaps copy the whole debian dir to the new source tree and run dpkg-buldpackage
<RoyK> dpkg-buildpackage even
<bananapie> ok
<bananapie> I'll try that
<bananapie> thanks
<RoyK> that'll build new packages
<RoyK> easier to manage than just your average "make install"
<bananapie> I am trying to compile asterisk from sources, but ubuntu changes the sounds directory and therefore breaks my server. So I'll try copying the debian folder
 * RoyK dislikes asterisk rather a lot
<bananapie> :P
<bananapie> So do I
<RoyK> http://karlsbakk.net/fun/asterisk-installation.wav
<bananapie> Executed :D
<bananapie> HAHAHA! That's a pretty awesome recording :D\
<bananapie> Nice :D
<bananapie> like RoyK's recording.
<bananapie> I actually maintain a few minor patches for Asterisk because a few options are horribly broken. DTMF is pretty bad.
<RoyK> most of asterisk is horribly broken
<bananapie> actually, anything dahdi related is horribly broken. SIP has problems, but it isn't too bad.
<RoyK> seems they've fixed up the rtp stack now so that it scales a bit better than back when I was working with it, though
<bananapie> What do you use instead ?
<RoyK> I don't work with voip anymore
<RoyK> :P
<bananapie> RoyK, I guess you don't want to be bald by 35 ?
<bananapie> ( stress is a contributing factor to baldness )
 * RoyK is > 35 and not bald ;)
<bananapie> Probably because you stopped using asterisk ;)
<RoyK> well, stress and baldness - I don't buy it
<bananapie> No ?
<RoyK> lots of other things to stress about
<bananapie> THere are many contributing factors to baldness. Genetics, baseball caps, stress, lifestyle, food habits, exercise.
<RoyK> anyway - some op will probably flag OFFTOPIC soon ;)
<bananapie> It's just fun to exagerate the link between baldness and stress when talking about asterisk ;D
<bananapie> Yes
<bananapie> anyway, I am trying copying debian directory
<RoyK> should work
<RoyK> unless they've changed the code too much since last build
<bananapie> It doesn't want to compile, I am modifying debian/rules now
<bananapie> "dpkg-source: error: unwanted binary file: debian/.asterisk.dirs.swp" lol
<RoyK> heh - .swp is usually vim temp files
<bananapie> Yea, I know. I feel like a total n00b today
<bananapie> I copied the debian from ast 1.6 to ast 1.8 source tree. I think that was a bad idea.
<bananapie> I think I got this thing working.
<bananapie> Ubuntu is awesome
<bananapie> too many differences, it keeps crashing. I'll have to call configure with the proper parameters :(
<bananapie> thanks anyway :D
<RoyK> why do you need 1.8?
<RoyK> I beleive uninett.no's service for universities and colleges in .no still uses 1.4 and won't change because of even more broken code in newer versions
<RoyK> also, if you really need 1.8, there should be a ppa for it
<RoyK> seems they've changed the versioning - latest now is 11.1.2
<bananapie> 1.8 has a few bug fixes I needed.
<bananapie> asterisk.conf has the directories in it, I didn't remove the ! in the line
<bananapie> It's fun when comments affect how a configuration file is parsed unless the line starts with # :@
<qman__> oh, asterisk
<RoyK> !language | qman__
<ubottu> qman__: Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<qman__> haha
<qman__> we use it at work, and I had zero experience with it until I was tasked with upgrading it
<qman__> I knew I was in for a trip but didn't know just how bad
<qman__> plus we've got a bunch of custom integration scripts to make it work with our ticket system
<RoyK> I used to work for an ITSP that used asterisk
<RoyK> that was before anyone had bothered to create a jitterbuffer
<RoyK> we ended up hireing someone to write it and posted it to asterisk, it came in in 1.4 IIRC
<qman__> all the dirty hacks I had to do to keep it running
<qman__> there's a cron job that runs every minute to see if asterisk is running, and if it isn't, it restarts it
<RoyK> digium posted that jitterbuffer wasn't a priority, since asterisk didn't need one
<qman__> because it just dies at random
<RoyK> hehe
<qman__> that worked ok, but then it would start using 100% CPU
<qman__> so now it also checks to see if it's going out of control over 30 seconds
<RoyK> and then, gdb asterisk core - bt full
<qman__> and if it is, it kills it and restarts it
<RoyK> post a bug report and wait for a nofix
<RoyK> or wontfix
<qman__> I've actually got it to a somewhat tolerable state now
<qman__> they had it running with dahdi on a P4 xeon server with hyperthreading
<qman__> which was causing tons of interrupts and breaking everything
<RoyK> I had to dig into the source to fix a few things
<RoyK> like taking a bath in a septic tank, somehow
<qman__> now we've got it all sip and in the datacenter
<qman__> remaining problems are bandwidth related, specifically because it's behind an ASUS router
<RoyK> hopefully not much nat?
<qman__> NAT, openVPN concatenator
<patdk-lap> yuk
<qman__> trying to convince the boss that these consumer grade routers with dd-wrt can't handle the load is not easy
<patdk-lap> just toss them out and use a normal server
<patdk-lap> I mean, even an old p3 with 1gigs ram would make a killing firewall
<qman__> they work fine for small shobs
<qman__> shops*
<qman__> but not for our datacenter, not for site to site VPNs
<patdk-lap> oh, heh
<patdk-lap> using dd-wrt at a datacenter?
<RoyK> sounds a bit "sub-optimal" ;)
<qman__> we need real hardware for that, whether it's a cisco, or even just a full on server configured to be a router
<patdk-lap> I kept maxing out the small consumer routers, not enough cpu for any real compression support for the vpn
<qman__> we're doing SIP with about 40 phones connecting to it through one dd-wrt router
<qman__> so every day when the call volume goes up, we get weird issues with calls dropping or sound not working
<qman__> because that router just can't handle that many packets per second
<RoyK> heh - we have a rather expensive ($100k?) cisco router at work, it maxed out recently on ipv6 traffic - didn't switch ipv6 in hardware, but pushed it all to the cpu
<qman__> but because it doesn't drive up the memory use or CPU load above 1.0, the boss can't see it
<RoyK> not very new, though
<qman__> it takes more than CPU to handle packets
<patdk-lap> it shouldn't take any cpu to handle packets, on real hardware
<RoyK> sure, but everything else works, just not loads of ipv6, since it tends to do all that in software
<qman__> we use ASUS RT16N routers
<qman__> which, for a consumer router, is very good
<patdk-lap> that isn't a real router :)
<qman__> but it's still a consumer router
<patdk-lap> in cisco, the only thing that hits cpu, is rare, like new featuresets in royk's case
<patdk-lap> I had the same issue, <2% cisco router cpu, enabled vlans, and it went to way >100%
<patdk-lap> found out the same deal, vlans where cpu processed on mine
<RoyK> any good router does the real things in ASICs (or FPGAs)
<qman__> yeah
<RoyK> seems FPGAs are getting more popular
<RoyK> which is good
<patdk-lap> hmm, fpga is just a case type
<RoyK> hm?
<patdk-lap> full pin grid array
<RoyK> an FPGA can be recoded
<RoyK> an ASIC cannot
<patdk-lap> oh, fieldprogrammable gate array :)
<patdk-lap> too many different names for that :)
<RoyK> yes :)
<RoyK> seems Juniper is moving to FPAGs for their high-end products
<patdk-lap> if tcam could come down in price
<patdk-lap> could make cheap consumer routers worth something
<RoyK> tcam?
<patdk-lap> it's what cisco uses
<patdk-lap> that is what is *offloaded from cpu* normaly means
<patdk-lap> there is enough tcam or cam ram to not bother the cpu about it
<patdk-lap> http://www.enterprisenetworkingplanet.com/netsysm/article.php/3527301/On-Your-Network-What-the-Heck-is-a-TCAM.htm
<patdk-lap> kind of like a hash lookup
<patdk-lap> like store all mac addresses in it, so a switch knows instantly what port it need to go out on
<patdk-lap> or store the routing table in the case of a router
<RoyK> I just started working with juniper systems
<RoyK> it's joy!
<RoyK> no longer a dumb OS requiring all sorts of tweaks, but a full BSD OS for management
<frojnd> I have 2 ips. And I've configured dnss for only one IP. Yet nginx when I go to second IP (I dont write IP address) it writes default nginx page. Any ideas how can I disable nginx to show content for that second IP addrss?
 * RoyK guesses that question is better answered in #nginx
<qman__> frojnd, your site is listening on * or 0.0.0.0; I don't know where or how to change that in nginx, but that's what's happening
<qman__> in apache you change the virtualhost statement
<RoyK> patdk-lap: any idea what there is to choose from on high-end routers/switches these days? cisco/juniper? perhaps HP?
<patdk-lap> hp doesn't make any  Iknow of, just switchs
<RoyK> any others?
<patdk-lap> but I'm heavy into cisco world
<patdk-lap> hmm, there is
<patdk-lap> hmm, can't think of it
<patdk-lap> someone keeps harping about it to me though
<patdk-lap> I mainly ignore cause not looking to change anything currently
<patdk-lap> foundry?
<RoyK> seems they were bought by Brocade in 2008
<patdk-lap> ya
<RoyK> and Nortel bankrupted just after that
<patdk-lap> probably why I kept thinking brocade :)
<patdk-lap> I've never liked brocade, just their sales seems shady to me
<patdk-lap> no real issue with their products
<RoyK> I've only worked slightly with their FC switches, some 10 years back
<patdk-lap> I guess a new aplha or beta is coming out
<patdk-lap> build servers been backed up like hell the last few days
<frojnd> qman__: thanx I'll ask in nginx
<RoyK> hrmf
<RoyK> any idea what this means?
<RoyK> [1720778.526707] Buffer I/O error on device dm-8, logical block 26214384
<escott> RoyK, what is backing dm-8?
<RoyK> a raid-6 which is whelthy
<escott> RoyK, mdadm raid or hardware raid
<RoyK> seems some lvm snapshotting caused the error
<RoyK> mdadm
<RoyK> just testing lvm snapshotting for performance, and created the snapshots a wee bit too small
<RoyK> lvm snapshotting is, well, "sub-optimal" in its design :Ã¾
<RoyK> I've used snapshotting on zfs earlier, and going back to trying to use snapshotting on lvm is like going back to the eightees or something
<PatrickDK> well, lvm isn't cow
<PatrickDK> and I think it still uses like a4mb window
<RoyK> I know
<RoyK> some patches have come lately to make it cow, but I don't know when they'll be accepted
<escott> RoyK, cow at the block level seems weird to me
<RoyK> escott: it works with zfs
<RoyK> zvols are cow
<RoyK> works with other storage systems as well
<escott> RoyK, but ZFS knows what blocks are structure blocks and what are data. i guess i shouldnt say block when i mean below the filesystem level
<RoyK> a zvol isn't a filesystem
<RoyK> it's just something onto which you place a filesystem, or export over iscsi or fc
<gmachine_24> Hi. This might be a rookie question - but for an NAS, what are the advantages of running ubuntu server instead of just the standard version? Thanks.
<floryn90> hi evryone
<floryn90> first scuse se for my bad english :)
<floryn90> i have a problem on my web server on ubuntu server
<floryn90> i use a vhosts to host multiple sites
<floryn90> and i use mod_rewrite module to rewrite the urls
<floryn90> on one site when i request a page
<floryn90> where are some images in /icons
<floryn90> the server reply me a 404 error
<floryn90> in server error log i found
<floryn90> that it go to /usr/share/apache2/icons when i request the /icons images
<floryn90> how con i risolve this ?
#ubuntu-server 2013-01-20
<sooraj> hi i'm trying to build a local repository with multiple version support for a package. I'm building it using apt-utils. the directory structure looks like "dists/stable/main/binary" and "dists/old_stable/main/binary". When i do "apt-get install package" on the client machine it is fetching the package properly. But when i do "apt-get install pkg_name=version" it is trying to fetch the package from the "web root" directory of my reposit
<Bilge> `apt-cache show` doesn't actually show which version of a package will be installed if a PPA overrides it
<Bilge> How do I see what package will REALLY be installed?
<shauno> Bilge: try apt-cache policy packagename; I believe the asterixes indicate the default candidate
<Bilge> shauno: indeed, but if apt-cache is actually aware of the correct package isn't it a bug that `show` displays the information for a different one?
<note_> Hello, I have set up Postfix and Cyrus on my Ubuntu 12.10 server, I can send email's within the terminal window, however they appear as root@domain.tld
<note_> Is it possible to be able to have it so for example, my email would be note@domain.tld and I can send and receive emails within an email client?
<m_tadeu> hi...does anyone know how to work with dell open manage, using the packages?
<m_tadeu> how to use it, since I already installed it
<Teduardo> Hey all, I have an Ubuntu 12.10 x86_64 box with two nics in it, if I do dmesg | grep eth it shows both eth0 and eth1 but the actual device names are like p4p1 p6p1, etc but no matter what I do i can't get it to let me bring up the 2nd nic
<SpamapS> note_: I'd recommend dovecot over cyrus. But anyway, you need to send as not root to have it not be 'root@domain.tld'
<note_> SpamapS, I see, well anyways, do you know anything about Cyrus?
<SpamapS> Teduardo: "can't get it to let me bring up" ?? can you be more clear?
<SpamapS> note_: I know that dovecot is better. ;)
<SpamapS> note_: for sending mail tho, neither dovecot or cyrus are involved
<note_> i see, so if i did use dovecot, how am i able to add my email to a client
<note_> so i can send/receive
<RoyK> Teduardo: pastebin ifconfig -a, please
<note_> within going into ssh etc
<Teduardo> nevermind it's p6p1; sorry
<Teduardo> It's sunday and you know =)
<note_> SpamapS, ^
<note_> SpamapS, Is it possible to completely remove everything mail related on my server and start again?
<scalability-junk> hey I want to setup server with 2 disks, encryption and at least to data partitions one encrypted with raid1 and one encrypted without raid. is there a good way to achieve this?
<scalability-junk> I tried kickstart files and preseed, but that seems to be a dead end.
<SpamapS> note_: yes, just apt-get purge postfix and cyrus
<scalability-junk> Would it be possible to setup ubuntu with a kickstart file with minimal stuff say MBR on one disk + /boot + /temporary with /var /etc...
<SpamapS> scalability-junk: pre-seed should be able to do anything the installer can do
<scalability-junk> SpamapS, should be is, but I haven't found anything working.
<scalability-junk> SpamapS, and setting it up manually and then use the made preseed file is not working either.
<scalability-junk> it's not a real config file it is a mix from enter, tabs enter, which breaks with any menu point or disk added to the system *shrug*
<SpamapS> scalability-junk: it can be confusing to figure out the partition stuff
<scalability-junk> SpamapS, Perhaps I really was wrong, so let me write what I wanna do actually
<scalability-junk> 2 disks
<scalability-junk> MBR on both
<scalability-junk>  /boot on both (raid1)
<scalability-junk>  /data on both (raid1, encryption, /var /etc ...)
<scalability-junk>  /data2 on both (no raid just 1 partition usable on each, encrypted)
<scalability-junk> I only got so far as having boot and data1 as raid and encrypt data
<scalability-junk> but setting up lvm inside data1 or figuring out data2 not raiding with encryption wasn't really any docs on the internez ;)
<scalability-junk> any idea SpamapS ?
<note_> SpamapS, Are you able to recommend a good guide i could follow in order to install Postfix and Dovecot and anything else I might need for email on my server?
<SpamapS> scalability-junk: yeah its beyond my ability to focus.. :-/
<SpamapS> scalability-junk: perhaps send the question to ubuntu-server@lists.ubuntu.com (subscribe first)
<SpamapS> scalability-junk: askubuntu.com might also work
<scalability-junk> SpamapS, ^^ it would be enough if there was a solution on how to get a manual installation into a preseed file
<SpamapS> note_: there's a meta package, 'mail-stack-delivery'
<SpamapS> note_: and the Ubuntu server guide has stuff about it
<SpamapS> note_: also you might check out Zentyal ... gives you a nice frontend to Ubuntu Server.
<SpamapS> ^serverguide
<uvirtbot> SpamapS: Error: "serverguide" is not a valid command.
<SpamapS> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/12.04/serverguide/C/
<SpamapS> note_: ^^
<note_> And they would allow me to add my email to a mail app such as Mail on my mac or Mail on my iPhone to send and receive ?
<SpamapS> note_: yes, 
<note_> thank you
<note_> i found this
<note_> http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid
<note_> will that work for 12.10?
<note_> its for 10.04
<SpamapS> a lot has changed since 10.04
<note_> hm
<SpamapS> but it might work
<note_> ill try mail-stack-delievery
<note_> thank you
<note_> WARNING: the "mail-stack-delivery" package was deleted from this repository
<note_> ugh
<note_> SpamapS, ok, I installed mail-stack-delivery
<note_> now what o_o
<note_> SpamapS, are you there?
<streulma> hello, I want to setup a great server network, does someone have the time to help me?
<qman__> you'll have to get a lot more specific than that
<patdk-wk> qman, maybe he is just asking for 300 hours of your time
<streulma> I have 2 servers for private, 2 webservers, want to network them with openvpn, and then log in to openvpn from my computer
<streulma> but I want more servers
<streulma> maybe https://www.vpshosting.nl or https://www.cloudvps.com is a good hosting?
<lunaphyte> hi.  i'm upgrading from 12.04 [12.04.1?] to 12.10, and am seeing "Updating repository information - WARNING: Failed to read mirror file" in the midst of all of the output when running do-release-upgrade.  what can i do to figure out specifically which file it is talking about?
<lunaphyte> the rest of the output seems to otherwise be as expected, and the command doesn't fail, but i'd like to understand what it thinks the problem is rather than just continuing blindly.
<patdk-wk> sounds like your hitting a bad pkg server
<lunaphyte> oh hey patdk-wk  :)
<patdk-wk> I get that from time to time
<lunaphyte> hmm, i wonder - i have a proxy configured.  let me remove that.
<lunaphyte> do-release-upgrade seems to run in a screen now.  that's mildly annoying
<lunaphyte> well, not going through the proxy doesn't seem to matter.
<patdk-wk> I was thinking the mirror server didn't rsync correctly, and it failed over to another one
<lunaphyte> the mirror server failed over to another mirror server?
<lunaphyte> source.list was using us.archive.ubuntu.com - i just switched to mirrors.us.kernel.org and am trying again
<lunaphyte> *sources.list
<RoyK> if it's a server, why upgrade to something non-lts?
<lunaphyte> hmm?
<lunaphyte> what would that have to do with anything?
<lunaphyte> bummer.  same problem when using kernel.org
<RoyK> only reason I see for upgrading to non-lts is if you need this or that package or want to live on the bleeding edge
<lunaphyte> non-lts is hardly "the bleeding edge".  but anyway, i'm not here to debate personal opinion.  i'm just trying to resolve a specific behavior.
<patdk-wk> royk, lunaphyte knows what he is doing, it isn't a newbee
<RoyK> k
<lunaphyte> oh, is that the requisite disclaimer here?  :)  sorry if i offended, i didn't know.
<patdk-wk> na, royk is strict in his beliefs :)
<lunaphyte> heh, i can appreciate that. :)
<RoyK> well, just a bit conservative on servers
<RoyK> I use btrfs on 12.10 on my desktop, but not on servers ;)
<patdk-wk> fsck yet for it?
<RoyK> yes, some months back
<patdk-wk> used btrfs on a system for almost a year, till a sudden power outage caused the whole thing to selfdestruct
<RoyK> heh
<mattt> hi all, having issues blocking emails w/ postfix using reject_client_rbl in smtpd_recipient_restrictions, any suggestions ?
<RoyK> mattt: #postfix may be a better arena...
 * patdk-wk wonder if this channel and postfix channel got swapped today
<lunaphyte> heh
<lunaphyte> sign must've been spun around in the windstorm last night
<mattt> :P
<mattt> this was working fine before i migrated my server, probably ought to find out what i was running before :P
<mattt> was on 8.04 before, on 12.04 now
<mattt> pretty much copied my main.cf as is, everything works but no emails are getting rejected
<mattt> which exist in RBL list
<lunaphyte> how can i prevent do-release-upgrade from running within screen?
<scalability-junk> can I setup two encrypted partitions one raid1 one without raid and let ubuntu ask for decryption passphrase on boot for both?
<scalability-junk> or would this be the default behaviour in alternate install?
<qman__> what?
<qman__> what you're asking for doesn't make sense, what is your goal?
<scalability-junk> 2 disks, encryption, one raid1 partition for os data, 2 partitions non raid one on each disk qman__ that's the goal
<scalability-junk> the goal is to have encryption and keep os data redudandant and have non important data encrypted but not redudant
<scalability-junk> *redundant
<qman__> ok, well you can set up three encrypted partitions
<qman__> but that still isn't a very sensible setup
<qman__> OS data is generally replaceable/reconstructable, it's the user data that you'd want safe
<scalability-junk> with os data I meant /etc /var etc. not /boot
<scalability-junk>  /boot is meant to be outside of encryption
<qman__> I'm referring to the raid
<qman__> as for the passphrase, it asks at mount time
<qman__> whether or not mount time is at boot depends on how you configure fstab
<scalability-junk> qman__, but you would probably suggest to use raid1 + encryption for all data and not put it on 3 partitions ?
<qman__> yes
<scalability-junk> ok so I loose a bit of storagespace for less complexity mhh
<qman__> yes, for less complexity and more reliability
<qman__> when you get greedy, that's when you lose data
<scalability-junk> qman__, probably yeah
<mattt> well bugger, changed my dns resolvers from google's to level 3's and now my RBL filtering is working
<lunaphyte> oh, haha
<scalability-junk> qman__, yeah I will go for raid1 + encryption then thanks
<lunaphyte> mattt: thing is, level3 does not offer "public nameservers"
<lunaphyte> and you will eventually have that same problem anyway
<lunaphyte> why are you using other people's nameservers anyway?  that's foolish
<eedfwchris> hey allâ¦ how can i view a change log for a specific php package?
<eedfwchris> or package
<eedfwchris> http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.3.10-1ubuntu3.4/changelog
<eedfwchris> ah!
<eedfwchris> :)
<patdk-wk> lunaphyte, I actually had someone the other day tell me it's not legal to query the root servers yourself, your required to use your isp nameservers
<lunaphyte> :O  ?!
<lunaphyte> legal as in *literally* legal?
<patdk-wk> ya, suprised my servers wheren't blacklisted yet
<lunaphyte> that's hilarious.  where do people come up with this stuff?
<lifeless> hallyn: so what I wanted to ask, is how to get virt-manager to run a windows VM with spice rather than VNC for display
<lifeless> hallyn: I found some generic stuff that talks about the feature, but nothing clear for doing it on Ubuntu
<lifeless> hallyn: I'm sure I can sit down and fiddle, but if there is some docs or even a quick brain-dump, that would be cool.
<lifeless> hallyn: (I need Windows for some occasional things in my new job :()
<ikonia> there is a drop down in the virt-manager gui for selecting your display service, assuming your kvm/qemu build is compiled with that option enabled
<hallyn> lifeless: i've actually never done it - last i knew you had to get a cd with the windows qxl drivers and run that from in windows.  ahs3 and mahmoh1 have done it boefe i think
<ikonia> I use spice as my display server, but not on ubuntu,
<quietone> hi. I've got a new 12.04 server install. I've got an existing iptable rule set to use. how do I run iptables on boot?
<lifeless> hallyn: ikonia: is the ubuntu kvm/qemu built with spice ?
<lifeless> quietone: you can add an upstart job, or something to /etc/network/if-up.d/ or /etc/network/interfaces
<ikonia> lifeless: no idea if ubuntu builds with spice by default
<quietone> lifeless, thanks we'll look into /etc/network ...
<Bilge> ntpd always segfaults moments after I start it on 12.04 LTS
<ikonia> Bilge: start it afterwards, does it segfault
<Bilge> ikonia: start it after what?
<Bilge> I start it, it dies
<Bilge> Would there be any problems with repurposing the default "backup" user for my own purposes including changing its home dir to /home/backup?
<patdk-wk> default backup user?
<Bilge> Yes
<patdk-wk> oh, since 12.04 it looks like
<Bilge> It's new?
<patdk-wk> well, it wasn't in 10.04, but is in 12.04
<Bilge> I figured it must be an ancestor of Unix history
<pmp6nl> Hello, does anyone see any problems with using nautilus to connect to my server via SSH to grab some files for backups?
<patdk-wk> bilge, probably part of the new backup, duplicity
<Bilge> I have not heard of it
<Bilge> Are you able to comment on whether it would be wise to manipulate the account?
<Bilge> It does not seem that the user actually owns any files
<Bilge> Including anything in /var/backup where it points to
<Bilge> /var/backups*
<lunaphyte> well, i remembered that i filed a bug a while back for what i imagine is this same problem.  https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1003411
<uvirtbot> Launchpad bug 1003411 in update-manager "do-release-upgrade complains "WARNING: Failed to read mirror file"" [Undecided,New]
<lunaphyte> it's a total pita to troubleshoot not what the process uses screen, so i don't know for certain it's looking for the same file, but maybe a poke will draw attention to it.  too bad it seems to have ben largely ignored so far.
<lunaphyte> *troubleshoot now
<patdk-wk> lunaphyte, odd, I haven't had any issue
<lunaphyte> yeah, it is odd.  i've done scores of upgrades prior to and since then, and it happens frequently enough that it's a legitimate issue, but i can't correlate anything with it so far.
 * patdk-wk just upgraded to win2008r2 sucessfully
<patdk-wk> first time it worked, out of 80 attempts
<lunaphyte> the disconcerting part is that it *appears* to be fine if you proceed with the process, and i've not yet had some latent issue come up that i could trace back to that error, but that's not a rational argument.
<patdk-wk> dunno why the others won't upgrade, but manually replaced those
<lunaphyte> blech
<lunaphyte> the first question that comes to mind wrt that bug is does that file exist for other people?
<patdk-wk> I can't say
<patdk-wk> scrolls off the screen for me atleast
<lunaphyte> yeah, me neither.
<lunaphyte> well, when the process is sitting at the "do you wish to continue" prompt, you can look int /tmp/... and see if the file i mention in the bug is there or not.
<patdk-wk> I'll look next time
<patdk-wk> all my machines are upgraded, except for the batch that normally don't get upgrades
<TheLordOfTime> have any of you ever had apt-mirror fail to mirror from a regional mirror, whereas the system its on is able to apt-get update/apt-get upgrade from the same server that apt-mirror's trying to mirror?
<patdk-wk> I had nothing but issues with apt-mirror, and droped it years ago
#ubuntu-server 2014-01-13
<Overand> Not sure if I want to ask in here or in some ubuntu-related channel, but I figured it was worth a shot.  VM host - Arch Linux, pretty up to date.  Running GNU Screen.  SSHed into several machines - one of which is running Ubuntu-Server 12.04.  And inside that, i've got a non-fully-functional terminal!  Like, I can't use less, I get "WARNING: terminal is not fully functional".  For what it's worth,
<Overand> er, cut off. For what it's worth, $TERM is "screen.linux" on the ubuntu system
<Overand> Well, to resolev that issue, I just needed to install "ncurses-term" on the ubuntu system.
<Spanky> Trying to update my Ubuntu 10.04 Base (Zentyal).  Get the following:  http://paste.ubuntu.com/6742414/
<Spanky> Any good ideas to force the update?
<jkitchen> Spanky: there's more than just that
<holstein> Spanky: yeah, they'll have to support it http://www.zentyal.org/ ..otherwise, 10.04 ubuntu is still supported on the server
<Spanky> I tried most of this already and no dice: http://goo.gl/XcsLLd
<holstein> i know, i would just want to get "sudo apt-get update" to complete without error
<holstein> could be any custom package or source ppa that they add though
<Spanky> I guess it may be time for updating to Zentyal 3.X Server (which is built on top of Ubuntu Server)...
<Spanky> Doesn't 10.04 support / updates run out pretty soon?
<Spanky> https://wiki.ubuntu.com/Releases - Guess it's April 2015...
<holstein> Spanky: i dont konw what zentyal does, or what the support length is.. they could be based on 10.04, and support it for a shorter period than stock ubuntu,a nd that could break things.. or they could support it as long as they please
<Spanky> Yeah.  It's pretty much in-line with Ubuntu and is official Canonical supported branch product.
<holstein> Spanky: its actually not
<holstein> Spanky: its a different product.. it will be supported by them
<holstein> http://forum.zentyal.org/ is where i would start
<Spanky> holstein:  I guess they lie on their web site then.
<Spanky> http://www.zentyal.com/
<MavKen> do any of you use digitalocean?
<jkitchen> I had a box there for a short while
<jkitchen> they don't have ipv6 (still) so I am not moving services yet
<MavKen> I can get all of my static sites working but have many permission issues trying to get drupal or wordpress working
<MavKen> ipv6 probably wont be available with them until mid to late next year, they are in a feature freeze right now
<MarGul> Hi! When I put a test index.php (<html><body><?php echo "This works!"; ?></body></html>) in my webroot(runnig ubuntu server 12.04 and nginx) the text gets shown properly and all looks good. But when I then upload (through fileZilla) my own index.php nothing gets shown. Its just a blank page. Anyone have any suggestions were to start troubleshooting?
<MavKen> you have php installed?
<Spanky> MarGul:  http://serverfault.com/questions/110699/ascii-vs-binary-vs-auto - FileZilla defaults to ASCII on install and that may not be what you want.
<MarGul> MavKen: Yes I have php installed. When I run that test file (with php in it) everything works fine
<MarGul> Spanky: Okey, I will take a look at it :)
<Spanky> MarGul:  For all the dirty details and the "WebMaster" pissing match that ensued see:  http://trac.filezilla-project.org/ticket/4235
<MarGul> Spanky: I had FileZilla set on Auto transfer before and changed it to binary. Still doesn't work. The thing is when Im in my webroot I can see the files and it all looks good. But I just get a blank page
<MarGul> I also tried to upload to my server, with same settings just a different webroot, and that worked just fine
<MarGul> I did that old upload like 10 days ago. Now I just changed my webroot on my virtual host file. Added that folder, and now I just get a blank page. What bothers me is that my test.php works just fine. But my own site do not work
<codex> on 13.10, is qemu-kvm (as a service) replaced by something else?
<codex> I noticed it's not longer available for restart - if you use tasksel to install the Virtual Machine group
<sheptard> codex: lib-virtd
<codex> Interesting. So libvirt is no longer separated from qemu/kvm, or is it just a hook of some sort?
<codex> I noticed qemu-system-x86 also replaced kvm
<codex> which I had read about already
<BadBoY__> i installed ubuntu-serever 13.10 on my system having amdA10 64bit arc. Then while starting it always gets stuck on bluetooth: failed applying patch. what should i do?
<yolanda> morning jamespage: https://code.launchpad.net/~yolanda.robla/charm-helpers/get_hostname/+merge/201347
<cvtsx> Hello, has anyone hosted a minecraft server? I need help with something
<melmoth> cvtsx, my nephew is hosting one
<cvtsx> melmoth can you tell me how to get plugins working? i got my bukkit server up and running
<cvtsx> and the plugin in my plugin folder
<melmoth> if i remember correctly, you "just" need to unzip the archive un the plugin folder and restart the server
<melmoth> it will create template config file for the plugin, set whatever you want in them, restart the server
<melmoth> here you are
<cvtsx> how do i restart the server?
<melmoth> cvtsx, when i start the server, i end up with a "shell" on the server. I think stopping it can be done with "quit" or "exit"
<melmoth> not sure, i m not using that stuff regulalry, havent touch it for a year or so
<cvtsx> yeah, i am using putty also
<Daviey> jamespage / rbasak: Planning to go to FOSDEM this time?
<jamespage> Daviey, not this year - I think rbasak is going tho
<Daviey> jamespage: :(
<zul> rbasak:  hey are you going to merge the new puppet?
<rbasak> zul: oooh. Yes, I can take that. Our delta is small - it might just be a sync.
<zul> rbasak:  ack
<jamespage> zul, if you fancy trying it - https://launchpad.net/~mysql-ubuntu/+archive/percona/+packages
<jamespage> percona-xtradb-cluster for trusty
<jamespage> can't upload it yet as block on a licensing issue with OpenSSL
 * jamespage sighs
<zul> hehhe
<rbasak> Daviey: I'll be there. Are you going?
<zul> jamespage:  ill try to find some time to try it out
<zul> f u beanstalkd
<jamespage> zul, any ideas on ryengs's query re library versioning for 5.6?
<zul> jamespage:  lemme go check
<zul> jamespage:  nope :(
<TJ-> apache2 with userdir.conf ... despite "Options ...+ FollowSymLinks +SymLinksIfOwnerMatch" and checking the owners do match, the symlinked file isn't shown and there are no log-file clues as to why... what might I be missing?
<TJ-> my bad: symlink was faulty!
<zul> smoser: this is what i was seeing with euca2ools http://pastebin.ubuntu.com/6745283/
<smoser> you probably need to give it a arch then. its a change in behavior, but generally a sane one.
<qhartman> I'm working on getting some Xen VM's running on my remote server, running 12.04. I have DOM0 running happily, and when I attempt to install 12.04 via a netboot image, it seems to get stuck right after getting network info
<qhartman> I see ocassional error messages that say something about a framebuffer, so I added fb=false to the boot options, but that hasn't changed the behavior
<qhartman> Any suggestions? My googling hasn't turned up anything that seems immediately useful.
<qhartman> For reference, I'm (roughtly) following the guide found here: http://www.bentasker.co.uk/documentation/linux/188-setting-up-xen-on-ubuntu-12-04
<smb> qhartman, Could it be a problem with the virt bridge?  For netboot to work you have to configure a transparent bridge manually (see https://wiki.ubuntu.com/Kernel/Reference/Xen)
<qhartman> smb, The DOM0 is using the bridge interface to talk to the world, so I _think_ the bridge is configured right, and the vm seems to get it's dhcp config. I'll poke around for methods to test that, if you don't have any immediate suggestions.
<smb> qhartman, One issue can me the MAC address of the bridge. If not specified manually I found some references that it could change to the lowest connected to the bridge and that may change just when the virtual NIC comes up
<qhartman> smb, Interesting. I've not run into that using more usual bridge configs. I'll check that out. Thanks for the suggestion.
<tomixxx> hi
<tomixxx> i have a problem with maas: problem is, that nodes added to maas-server stay in state "commissioning"
<tomixxx> they never change to state "ready"
<tomixxx> and i dont know why...
<tomixxx> is anyone able to help? ;)
<pmatulis_> tomixxx: try #maas
<jamespage> adam_g, if you have 10 - https://code.launchpad.net/~james-page/charms/precise/nova-compute/resize-fixes/+merge/199266
<jamespage> I'd forgotten about it
<tomixxx> @pmatulis: ty for link :-)
<adam_g> jamespage, lgtm.  is there a corresponding  nova-c-c change?
<semiosis> jamespage: ping, re https://code.launchpad.net/~semiosis/ubuntu/trusty/glusterfs/fix-for-1268064
<MavKen> If I have /etc/skel/public_html/ and wordpress in the public_html directory then set all permissions, will those carry over for each new user?
<sarnold> MavKen: the files themselves will be copied into new home directories; probably the permissions bits will stay the same, but the owner ought to be set to the owner of the new home directory
<Delemas> After a 13.04 to 13.10 upgrade my server logs are getting spammed every 6 seconds by systemd-logind as per: http://pastebin.ca/2535595  Anyone know why?
<sarnold> Delemas: you may wish to try asking in #ubuntu-desktop, I believe more the folks who would know about that are in there
<Delemas> Ok will do thanks.
<TheLordOfTime> is there any way to rsync or tarball up data and retain file permission settings?
<hitsujiTMO> tar -p should retain permissions
<hitsujiTMO> TheLordOfTime: tar --help | grep permissions
<TheLordOfTime> hitsujiTMO: thanks
<Delemas> After a 13.04 to 13.10 upgrade my server logs are getting spammed every 6 seconds by systemd-logind as per: http://pastebin.ca/2535595  Username is not logged in. Anyone know why?
<sarnold> Delemas: wrong chan :) hehe
<Delemas> doh
<zul> sarnold: any hope of beanstalkd getting done soon?
<sarnold> zul: depends if it builds for me..
<zul> sarnold: should build now..fixed it this morning
<sarnold> zul: yay! <3
<TheLordOfTime> hmmm..
<TheLordOfTime> any one know why I wouldn't be permitted to rename these files?  http://paste.ubuntu.com/6746435/
<TheLordOfTime> the user teward is my user so i'm kinda at a loss o.O
<sarnold> TheLordOfTime: filenames are part of the containing directory; what are permissions / owner of the . directory?
<sarnold> (ls -ld .)
<ikonia> TheLordOfTime: what's the error you get when you try to rename them ?
<TheLordOfTime> sarnold: ikonia: probably better if i give you the full ls -alshF that I use, and the line before it on the command line showing the path I'm in...
<TheLordOfTime> http://paste.ubuntu.com/6746438/
<TheLordOfTime> ikonia: mv: cannot move `nginx-settings.tar' to `etc_nginx-settings.tar': Permission denied
 * TheLordOfTime was trying to rename it so he would remember where everything goes when he extracts the tarballs
<ikonia> TheLordOfTime: root:root no permissions for nonroot to move
<sarnold> TheLordOfTime: yeah, user 'root' can rename those files because root has rwx in that directory; you can either change the directory's group owner to teward, change the directory owner to teward, or bust out sudo
 * TheLordOfTime facepalms
<TheLordOfTime> of course >.>
<ikonia> TheLordOfTime: remember, move is not rename
<TheLordOfTime> ikonia: yeah, i know... *facepalm*
<ikonia> oops ;)
<TheLordOfTime> i feel like a noob >.>
<TheLordOfTime> but, I guess even the best sysadmins sometimes screw up like this and forget things
<ikonia> don't be silly
<ikonia> easy to make silly slip ups
<TheLordOfTime> indeed
<TheLordOfTime> it happens to the best of us
<eto> hey does anybody here run ubuntu server with systemd?
<Delemas> eto: Seems to be the default with 13.10...
<sarnold> it isn't full systemd, upstart is still the init daemot; but some of the systemd-provided services are being used to replace the old consolekit and provide other gnome-required services
<eto> Delemas: i hear the desision was not yet made
<eto> sarnold: i mainly interested into server thing
<Delemas> ah k my mistake...
<eto> sarnold: i run arch on all my boxes but would be bit scared to run it on server
<eto> sarnold: but i already have some crap i made which already uses some systemd features
<eto> do you think server edition will move to systemd in the future?
<sarnold> 14.04 LTS will use upstart; it is unlikely future version will move to systemd, but I won't promise that..
<eto> hmm
<eto> sarnold: given i have no clue about apt, and other ubuntu specific things, i guess i would need to learn all that anyway if i wanted to run ubuntu for server
<eto> this would be experimental machine for now to test things out, do you think it would be worth the time?
<sarnold> eto: I think it's always worth investing time to learn new things; a few quick hints about apt that made it more fun for me: apt-get update  will update the indexes; apt-get -u dist-upgrade will upgrade the packages to newest in the indexes; apt-cache search <foo> will search package names and descriptions for <foo>
<eto> sarnold: let's say i want to compile some application extensions and such, this is dead easy on arch, as any given (library)package contains everything necessary (headers etc). I heard once, that there is split in ubuntu universe, between normal (for use)packages and "development" parts, correct?
<eto> sarnold: also ubuntu has some managemnt glue stuffed in, which regenrate actual control/config files, correct?
<eto> *regenrates
<sarnold> eto: correct, the headers are in -dev packages; "apt-get build-dep <foo>" will install all the packages needed to recompile the <foo> package
<sarnold> eto: the configuration mechanism is 'debconf'; support for it varies from package to package
<eto> sarnold: is it safe to have those *-dev packages on production server?
<sarnold> eto: yes
<eto> sarnold: for example on bsd they doesn't seem to have similar split either
<eto> sarnold: any reason this split was made or this was adopted from debian?
<sarnold> eto: adopted from debian; they figured that most users don't compile most of the time, so the bandwidth and storage could be saved by not including the headers in every package
<eto> sarnold: understood - that is good for desktop boxes  and laptops, but not so useful on server correct?
<sarnold> eto: the server admins I know aim for fully-reproducable server systems; they'd prefer to compile the few packages they need to compile themselves in a reproducable format such as .deb packages using sbuild
<sarnold> then those packages can be distributed to their servres as needed
<eto> sarnold: i see that is similar to freebsd, where you build packages one box and then deploy them to rest
<patdk-wk> yep, no need for headers on deployed boxes, only build ones
<eto> sarnold: what if one server is powerful enough - virtualisation? eg have builder and rest of the boxes in vms?
<eto> patdk-wk: ^ sorry sarnold
<patdk-wk> I have a build box, I do my work on
<patdk-wk> then my other server just fetch it via normal updates
<patdk-wk> been doing that forever with rhel and ubuntu
<patdk-wk> but not sure what you mean about powerful enough
<eto> patdk-wk: well currently the iron runs vmware and virtualises four servers
<patdk-wk> my builders are normall like 2gigs ram, and 2cores
<patdk-wk> the one I build illumos on though, is 8cores, and 8gigs ram, it takes a long time to build
<eto> patdk-wk: this some is some blade box, there is antoher decomissioned one which returned "home" and is lying here unused. i wanted to try replicate current setup used for production myself on it, but i wanted to give sytemd try
<eto> patdk-wk: seems like there are systemd packages in ubuntu "repos" but those are slightly outdated
<eto> sorry for asking such stupid questions arch and freebsd is everything i used so far
<strixUK> hi.  problems booting a fresh install of ubuntu 13.10 server.  / is on raid1+lvm.  booting  recovery mode shows md starting /dev/md0 okay, but then i get: device-mapper: table: 252:0: linear: dm-linear: device lookup failed etc, and i'm dumped to an initramfs shell.
<strixUK> /proc/mdstat indicates that the device is okay, and lvm pvs/vgs/lvs show the expected output, but /dev/mapper is empty (apart from control); also, booting recovery mode from the installation dvd can mount everything okay
<strixUK> md0 is "degraded" (the second disc is not yet available), which causes boot to have kittens when it tries to assemble the array, so i shrunk md0 to just one member (so md is now happy), but lvm booting off the install is not.
<genii> strixUK: Is your initrd built with raid support?
<TheLordOfTime> does `python-software-properties` get shipped with the server ISOs?
<sarnold> TheLordOfTime: check output of seeded-in-ubuntu software-properties
<TheLordOfTime> sarnold: looks like it's in the dailies in Trusty, any way to see if it's seeded in other releases?
<sarnold> TheLordOfTime: no idea, sorry
<TheLordOfTime> sarnold: maybe -release would know?
<TheLordOfTime> i mean i could pull the manifests but i'm lazy :P
<TheLordOfTime> (because add-apt-repository doesn't come with the 12.04.3 server ISO and i'm wondering if it does in later seeds)
<TheLordOfTime> (and that's part of python-software-properties in the older releases)
<semiosis> jamespage: ping
<strixUK> genii: no idea, but i would hope that the stock initrd had raid+lvm support if the installer allows those options.
<strixUK> genii: in any event, the kernel evidently can /see/ both the RAID array and the LVs, because they are visible in /proc and lvm respectively
#ubuntu-server 2014-01-14
<yolanda> jamespage, the nova-compute-vmware package is correctly tested? i'm having errors when installing nova-compute package after nova-compute-vmware has been installed
<yolanda> http://paste.ubuntu.com/6750184/
<yolanda> jamespage, i saw my problem is related with that bug: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1062336
<uvirtbot> Launchpad bug 1062336 in nova "nova-compute expects libvirtd group" [High,Triaged]
<jamespage> yolanda, its untested
<yolanda> but there is a won't fix from your side , can you explain me why?
<jamespage> and its a hack for < icehouse
<jamespage> yolanda, that's actually fix commited for trusty
<yolanda> ok, i'm testing that on precise machines
<yolanda> jamespage, testing with that version from cloud archive: 1:2013.2-0ubuntu1~cloud0
<yolanda> that needs updating?
<jamespage> yolanda, I suspect it needs a workaround in that charm for the moment
<yolanda> just create the group manually?
<jamespage> yolanda, its going to be horrible - something like creating the group manually
<jamespage> but just for < icehouse
<jamespage> yolanda, the objective is to get this charm running in LXC containers so that we can nest them in amongst other openstack services
<yolanda> you meant that installing these package is a workaround for icehouse? what changes in icehouse?
<jamespage> yolanda, the next drop of icehouse packages fix this
<yolanda> the group issue, you mean
<jamespage> nova-compute no longer depends on libvirt
<yolanda> ok
<yolanda> got it
<jamespage> we have a nova-compute-libvirt package
<jamespage> which -kvm etc.. depend on
<yolanda> ok, i'll create the group just for < icehouse
<jamespage> roaksoax, OK if I assign you some other maas related MIR stuff?
<jamespage> yolanda, fancy doing an MIR alongside your charm work?
<jamespage> https://bugs.launchpad.net/ubuntu/+source/fping/+bug/1268920
<uvirtbot> Launchpad bug 1268920 in qstat "[MIR] fping and qstat, recommends of nagios-plugins" [Undecided,Incomplete]
<jamespage> (its good distro experience)
<roaksoax> jamespage: please do!
<zul> jamespage:  beanstalk got fixed so ill kick off the builds in the lab as well
<jamespage> roaksoax, https://bugs.launchpad.net/ubuntu/+source/pycountry/+bug/1268915
<uvirtbot> Launchpad bug 1268915 in python-dns "[MIR] pycountry and python-dns, b-d's of python-formencode" [Undecided,Incomplete]
<jamespage> ta
<jamespage> zul, good-oh
<jamespage> zul, how are we looking for b2 generally?
<yolanda> jamespage, ok
<jamespage> yolanda, thanks!
<roaksoax> jamespage: thanks!
<zul> jamespage:  ill let you know today
<zul> jamespage:  fping and qstat was not part of nagios-plugins at one point we specifically disabled them at one point
<jamespage> zul, oh - so that might have got re-enabled?
<jamespage> yolanda, ^^
<zul> jamespage:  qstat -  Command-line tool for querying quake (and other) servers ;)
<jamespage> zul, oh ffs
<jamespage> yolanda, thats probably actually a package update for nagios to drop those deps
<jamespage> yolanda, I think that got missed on the last merge (I'll let you read the changelog :-))
<yolanda> so i should do the MIR for those 2 packages, and drop then from nagios, right?
<zul> jamespage:  i feel like abraham simpson now
 * zul ties an obion to his belt
<zul> onion even
<jamespage> yolanda, no - fixup the package and mark those bug reports as invalid
<jamespage> yolanda, I think the problem is that they are reverse-recommends of nagios-plugins-standard
<jamespage> yolanda, xnox did an update on the previous ubuntu version to make them depends of the -extra package which is in universe
<yolanda> and this got lost? i need to take a look at the packages to know about them
<roaksoax> jamespage: hey! so I seek your advice. The latest kombu Depends on python-librabbitmq | python-amqp. This preference over librabbitmq causes that when celery (used by MAAS) install kombu, it installs librabbitmq by default causing celery to crash, meaning a broken MAAS
<jamespage> roaksoax, I'm assuming celery does not like librabbitmq then?
<roaksoax> jamespage: so, given that we also use kombu for openstack, do you think we should make a strong preference for python-amqp over python-librabbitmq (as in Depends on python-amqp | python-librabbitmq ? )
<roaksoax> jamespage: you are correct!
<roaksoax> jamespage: i can work around it in MAAS by depending on python-amqp and possibly conflicting with python-librabbitmq, however, I'm concern of the effect it could also have in openstack the fact that its preference is python-librabbitmq
<jamespage> roaksoax, hmm
<jamespage> roaksoax, why does celery crash?
<jamespage> roaksoax, librabbitmq provides native bindings so should be more performant
<roaksoax> jamespage: http://paste.ubuntu.com/6750300/
<jamespage> roaksoax, well surely that is a bug?
<roaksoax> jamespage: it is indeed. rvba has been looking at it, and it seems he can't figure out why it doesn't like librabbitmq
<jamespage> roaksoax, https://github.com/celery/librabbitmq/commit/3bacd49cdfaa77a318f99b4f02fabe6bf73301a9
<jamespage> roaksoax, we are a couple of point releases out-of-date - I'd suggest updating to 1.0.3 and re-testing
<jamespage> 1.0.2 includes that fix
<jamespage> roaksoax, funny - I can't actually reproduce that issue
<roaksoax> jamespage: uhmm weird.. we have lab integration tests failing because of that
<jamespage> roaksoax, I'd recommend the bump anyway
<roaksoax> jamespage: will do :) thanks for the input
<jamespage> roaksoax, np
<roaksoax> rvba: ^^
<zul> jamespage: https://code.launchpad.net/~zulcss/nova/ftbfs-jan14/+merge/201600
<jamespage> zul, why's the tests failing?
<zul> jamespage:  sqlalchemy
<zul> https://bugs.launchpad.net/nova/+bug/1269008
<uvirtbot> Launchpad bug 1269008 in nova "Icehouse failing with sqlalchemy 0.8.3" [Undecided,New]
<jamespage> zul, I think I saw the same in neutron actually
<jamespage> zul, i'd rather we did not ignore that test error
<jamespage> its actually quite badly broken
<jamespage> so we should fix it properly rather than by-passing the tests IMHO
<zul> jamespage:  not surprising i think the db stuff is being synched from oslo-incubator
<zul> jamespage:  yeah i totally agree but sqlalchemy is not my strong suit
<jamespage> zul, SQLAlchemy>=0.7.8,<=0.7.99
<jamespage> so they won't have seen this upstream right?
<zul> nope
<zul> the mirantis guys usually care about sqlalchemy 0.8
<zul> jamespage:  also seeing this at the end of builds http://pastebin.ubuntu.com/6750843/
<jamespage> zul, oh - ignore that
<jamespage> thats jenkins
<zul> jamespage:  its causing the redballs though ;)
<smoser> jamespage, can you quick sanity check http://paste.ubuntu.com/6750876/
<smoser> just that the format of the commit is right.
<jamespage> zul, dang
<smoser> thats debian/source/format 1.0 and i've not done anything like that in quite a while.
<jamespage> smoser, looks ok
<jamespage> 1.0 urhg
<jamespage> smoser, zul: can you sanity check this for me - http://paste.ubuntu.com/6750912/
<zul> jamespage:  looks ok
<smoser> jamespage, do you not need any version checking in the postinst/postrm on the mv_conffile ?
<smoser> i gues because the older version wouldn't exist if you'd already done it.
<smoser> and i'm guessing mv_conffile does something sane if the new name exists already.
<jamespage> smoser, I think that the helper handles that all - hence the pass of "$@"
<smoser> jamespage, well i dont know how it could possibly know that.
<smoser> it wouldn't have any idea what version supported the new confi file and what supported the old.
<jamespage> thats passed as a param
<smoser> ah. ok. i was thinking that was just a old-conf extension.
<smoser> that makes sense then.
<jamespage> smoser, coolio
 * jamespage waits for 25 mins to be able to test
<yolanda>  do we have some rationaly for fping and qstat, or some main reasons why we want a MIR?
<jamespage> yolanda, they don't need to be MIR'ed
<jamespage> yolanda, just drop them from the Recommends on the -standard package
<yolanda> oh, i misunderstood it
<yolanda> easier then
<jamespage> yolanda, the mir was raised automatically
<jamespage> yolanda, however it should not be required
<yolanda> ok, understand now
<jamespage> zul, fixing up plugins on the jenkins server now
<zul> jamespage:  ack thanks
<zul> jamespage:  i have a fix for the nova problem
<jamespage> zul, OK _ I think jenkins is fixed now
<zul> jamespage:  cool thanks
<jamespage> zul, out of date plugins
<jamespage> for the version in raring at least
<jamespage> zul, OK - better
<zul> jamespage:  coolio
<yolanda> sent debdiff here: https://bugs.launchpad.net/ubuntu/+source/fping/+bug/1268920
<uvirtbot> Launchpad bug 1268920 in qstat "[MIR] fping and qstat, recommends of nagios-plugins" [Undecided,In progress]
<paco1> hi folks!
<paco1> i have an issue with my new openldap servers on ubuntu 12.04.3 x64 > (Too Many Open Files). I put on "/etc/security/limits.conf" "* hard nofile 4096" but when it comes at 1800 (with lsof | wc -l comand), it's the same > (Too Many Open Files).
<paco1> with ulimit comand, come back to 1024 after a reboot
<jamespage> zul, 585M
<zul> jamespage:  hmm?
<jamespage> zul, size of the server iso now!
<zul> jamespage:  wtf?
<jamespage> zul: I applied the seed changes to drop a load of stuff
<zul> jamespage:  ah good...maybe we can get it smaller :)
<zul> jamespage:  i need to do the MIR for workflow
<zul> er...taskflow
<paco1> if anyone can help me, thanks!
<paco1> how can i grow the nomber of open files that by defaults it's 1024?
<TheLordOfTime> what's ulimit -N and why isn't it documented in the manpage?
<glosoli> hey folks, any ideas how could one edit PATH in Ubuntu server with no user available except root ?
<glosoli> I am not sure where the bashrc belongs
<hitsujiTMO> glosoli: as in the global PATH? that should be in /etc/environment
<psivaa> hallyn: bug #1269073 is for tomcat failure that i said in the meeting
<uvirtbot> Launchpad bug 1269073 in tomcat7 "test_tomcat_daemon smoke test failure on images with 3.13 kernel " [Undecided,New] https://launchpad.net/bugs/1269073
<glosoli> hitsujiTMO: Oh thanks sir, is it safe to add smth in there ?
<hallyn> psivaa: ok, i think jamespage sounded interested
<jamespage> thanks hallyn
<psivaa> hallyn: ohh, ack. sorry about that
<jamespage> psivaa, trying to reproduce that but I can't locally
<hitsujiTMO> glosoli: as long as you don't break it. a malformed PATH will cause major headaches.
<psivaa> jamespage: i installed manually and was able to reproduce
<glosoli> hitsujiTMO; ok thanks mr
<psivaa> jamespage: the issue is only with images 20140109 onwards
<hitsujiTMO> glosoli: is it just for one user you want to change or for all users?
<jamespage> psivaa, looking that that bug report the control port is not listening
<jamespage> 8005 normally
<jamespage> on 127.0.0.1
<psivaa> right. when i downgraded the kernel it did
<glosoli> hitsujiTMO: I am the only one behind administrating this my very private server for hosting stuff to show others, and there is only one user which is root and I see no point of creating new user
<glosoli> it's mostly experiment usage like
<glosoli> to deploy project, to check how it works and bla bla
<glosoli> I am not sys admin, just some young dev, trying to play with deploying of stuff
<hitsujiTMO> glosoli: then maybe have it in /root/.profile              as:             PATH=/path/to/new/path:$PATH
<glosoli> hitsujiTMO: aaa I see, thanks!
<hitsujiTMO> glosoli: even just when playing around you should use a normal user with sudo priviledges. Its a much more secure way of doing things
<glosoli> hitsujiTMO: I do understand that, though if someone hacks your server, they probably have all the knowledge to go all the way through, consider is just for testing purposes, I don't see anyone interested in it, at least now, maybe I am just naive
<hitsujiTMO> glosoli: even a tersting server someone will want to hack. they'll want it so they can run their own software on it, may it be spam software or a bot net or what not
<glosoli> I see, it's just for ~4 days I hope it goes well hmm
<jamespage> psivaa, is the securerandom stuff taking longer that normal under 3.13
<jamespage> psivaa, INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [87,453] milliseconds.
<jamespage> and I pushed that in by install havegd
<TheLordOfTime> what's `ulimit -N` for, and why isn't it documented in the manpage?  anyone know?
<jamespage> smb, can you take a glance at bug 1269073
<uvirtbot> Launchpad bug 1269073 in tomcat7 "test_tomcat_daemon smoke test failure on images with 3.13 kernel " [Undecided,New] https://launchpad.net/bugs/1269073
<jamespage> it appears related to the 3.13 kernel bump
<smb> jamespage, yeah, can have a look
<jamespage> smb, thanks - anything that might cause less entropy in /dev/random in virtual machines is probably relevant
<smb> jamespage, Ok, well just something in  a minor kernel version update... :)
<jamespage> smb, I'm sure you will find it easy to ID the issue and resolve :-)
<rbasak> smoser: your thoughts on bug 1258113 please?
<uvirtbot> Launchpad bug 1258113 in cloud-init "Cannot determine boot-finished state reliably" [Undecided,New] https://launchpad.net/bugs/1258113
<semiosis> jamespage: ping
<semiosis> jamespage: https://code.launchpad.net/~semiosis/ubuntu/trusty/glusterfs/fix-for-1268064
<jamespage> semiosis, hello
<semiosis> hi!  i made a merge proposal.  it includes an update to the new (latest) glusterfs release, and also updates the upstart stuff
<semiosis> i figured out the instance line issue btw
<jamespage> semiosis, I think you forgot to add the mounting-glusterfs upstart job to your branch
<semiosis> uhhh
<semiosis> pretty sure i built & tested this
<semiosis> let me check
<semiosis> wow, how did that happen
<jamespage> :-)
<semiosis> my change to the rules file was committed, and the glusterfs-server.mounting-glusterfs.upstart file was removed & re-added verbatim, instead of the glusterfs-server.mounting-glusterfs.upstart being added
<semiosis> i mean instead of the glusterfs-client.mounting-glusterfs.upstart being added
<semiosis> looking at my working dir and i have the right stuff here... so the test build i did with pbuilder was correct.  somehow the commit/push didnt include this change
<semiosis> i never ran bzr add on the new file!
<psivaa> smb: the raid1 installation issue that we are seeing after 3.13 is reported in bug #1269086
<uvirtbot> Launchpad bug 1269086 in linux "RAID1 installations fail to complete on trusty server images with 3.13 " [Undecided,New] https://launchpad.net/bugs/1269086
<semiosis> jamespage: ok i wasnt reading the diff correctly in regards to the glusterfs-server.mounting-glusterfs.upstart being re-added verbatim.  it was removed as it should have been
<semiosis> i've pushed a new commit with the glusterfs-client.mounting-glusterfs.upstart file, the diff shows it now
<smb> psivaa, Thanks
<semiosis> thx for catching this!
<smb> jamespage, psivaa For the tomcat thing... Not really sure whether I just look in the wrong place... Where would be any kernel messages during the daemon start (if there are any)?
<semiosis> jamespage: fixed. https://code.launchpad.net/~semiosis/ubuntu/trusty/glusterfs/fix-for-1268064/+merge/201280
<jamespage> semiosis, yup - got it
<semiosis> ok great
<psivaa> smb: i could not find any specific kernel messages for this in syslog, or kern.log
<jamespage> semiosis, might be tomorrow before i get to upload but looks good
<semiosis> thats great! thanks :D
<semiosis> jamespage: this was a lot easier than i remember it being back in 2012
<jamespage> semiosis, uploaded - thanks!
<semiosis> wow that was fast
<semiosis> you're welcome
<semiosis> jamespage: should i set the bug to Fix Released now?
<jamespage> semiosis, that will happen automatically
<semiosis> oh nice!
<mndo> hi! I am trying to configure openldap to use ssl but these https://help.ubuntu.com/community/SecuringOpenLDAPConnections instructions don't work, anyone has any pointers to put me in the right path? Thank you
<psivaa> smb: jamespage: fyi, port 8005 in fact starts to listen in about 14+ mins after the reboot. checked once. could try a few more times to see the timing if that helps
<psivaa> rewtraw: the tomcat issue that is
<smb> psivaa, I think before spending too much time on those two bugs, there is currently a newer kernel which is still in proposed. Could you re-run the two tests when 3.13.0-3.18 or later becomes current. And if problems persist with that I go back looking at them.
<psivaa> smb: ok, if that's in -proposed i could test that
<smb> psivaa, Yes it sits in proposed right now
<biggdadd73> join #ubuntu
<rharper> smoser: looking for some help debugging maas-import-ephemerals importing trusty images from the daily stream;  right now maas-import-ephemerals doesn't print anything and returns 0; but it doesn't download the trusty image into /var/lib/maas/ephemeral
<Kaffien> anyone here with setting up a scsi target on  ubuntu server?
<Kaffien> iscsci
<zanzacar> My work is finally making the switch from being a Novel server to a ubuntu server. Everything seems to be going alright but the higher ups are worried about tech support/IT support if one of us set up the server and then there isn't anyone to support it if there is any problems. Does anyone know if any Ubuntu/Linux tech support to reassure the higher ups?
<Kaffien> darnit i meant  iscsi.
<genii> zanzacar: You can find out about paid support for Ubuntu Server here: http://www.ubuntu.com/server/management   ( anywhere from $320-$1200 USD  annually) . There's also always this channel where you can ask for free.
<smoser> rharper, it probably thinks it has stuff in /var/lib/maas/ephemeral/.[something]
<smoser> which it shouldnht have.
<smoser> genii, that was a really good answer to zanzacar's question.
<smoser> thanks.
<psivaa> smb: the tomcat issue is still present with kernel version 3.13.0-3.18
<sarnold> zanzacar: paid or unpaid, you can also files bugs into launchpad using 'ubuntu-bug'
<genii> smoser: Maybe I should make a factoid containing the essential for future use :)
<zanzacar> genii: Thanks I did see that but when I contacted them it doesn't seem to be for one off servers and more like larger scale things.
<genii> zanzacar: Most times answers can be had here in the channel for many questions. Did you speak to a Canonical representative in person, or by email, etc, about your specific needs?
<zanzacar> I have my own server at home. I think it is great, I also find this channel very helpful as well. The higher ups want to be able to pay al-a-carte for support as they seem fit. ( Mainly emergencies ). We really are a small firm ( 4 people ) using minor server needs mainly just a file server.
<zanzacar> Its the higher up that want something to help ease their feelings about going this route. Linux to them is a proprietary weird thing that they will never be able to get anyone to work on if I left. So if I can just show them there are people out there that are reasonably trained I can move forward essentially.
<zanzacar> I tried to look up San Diego Linux Support and I can't seem to find very many tech/computer repair places that meet my needs.
<sarnold> zanzacar: it's true that landscape would probably not that useful with only a single machine, but I would hope that the rest of the support and services for a single machine would be pretty straightforward if you wanted it..
<genii> zanzacar: Canonical has certification programs with Linux Professional Institute ( www.lpi.org/ ) , If you contact one of their regional people for your area, they may be able to help you find a qualified person which you can hire on an as-needed basis.
<sarnold> zanzacar: that's not a big surprise; I suspect most linux experts would be professional system administrators or "devops" depending upon if they like the new lingo :) -- I suspect you might be able to find someone through a local users group or stack exchange careers -- the folks behind askubuntu.com
<genii> ( alternately, get someone in the company certified by them)
<zanzacar> genii: Excellent certified and everything. I will look into lpi.org. I would get certified but that doesn't help the company if I leave.
<TJ-> zanzacar: For ad-hoc don't discount remote admins ... often you can get better skills and lower cost and faster response
<zanzacar> That is very true.
<sarnold> which is one of the nice aspects of irc :) free ad-hoc remote debugging advice :)
<zanzacar> I have found that ubuntu has one of the better user communities which is also the reason I am suggesting going with this over redhat or a paid for system of sorts. If only it was my choice.
<zanzacar> Thanks for all the tips/thoughts.
<TheLordOfTime> how can I force a time update on a server off a time server
<hitsujiTMO> TheLordOfTime: ntpupdate ip.of.ntp.server
<hitsujiTMO> TheLordOfTime: with sudo ofc
<TheLordOfTime> hitsujiTMO: do i need to worry about it not giving me any output?
<TheLordOfTime> hitsujiTMO: is there anything I can install to automate this too?
<sarnold> some folks shove ntpdate calls into a cronjob, so if one server doesn't respond, they'll get a chance to call another one soon enough
<hitsujiTMO> TheLordOfTime: set it as a cron job
<TheLordOfTime> i should've read the server guide, ntpd continually calculates the drift and adjusts it, according to the server guide (12.04)
<TheLordOfTime> would ntpd work for what I need without me needing to fuss with cron?
<sarnold> TheLordOfTime: yes, ntpd is preferred if you can use it
<sarnold> TheLordOfTime: the discontinuous time jumps of ntpdate are best tolerated during early boot; e.g. select(2) timeouts can take longer or shorter than expected if ntpdate jumps the time around
<TheLordOfTime> sarnold: ntpd should be fine for what I need.
<sarnold> yay :) use that :)
<TheLordOfTime> sarnold: purely curious, why is the package that provide ntpd called `ntp` and not `ntpd`?
<rharper> smoser: I cleaned the dir out; it literally produces no output; I'm trying to just see what's happening; it doesn't appear that the ephemeral_script.py does any logging what so ever, so it's really hard to tell whats going wrong
<sarnold> TheLordOfTime: guessing, because it provides multiple tools around the network time protocol, and not just the daemon..
<TheLordOfTime> sarnold: looks like ntp, ntp-doc, and ntpdate are all part of the same source package, ntp.
 * TheLordOfTime shrugs
<TheLordOfTime> maybe you're right though
<pmatulis_> TheLordOfTime: yeah, ntpd or openntpd don't work if the time discrepancy is too large (5 minutes?)
<smoser> rharper, i haven't looked at it in a while.
<smoser> that program has all sorts of improvements it could have.
<rharper> smoser: hehe
<smoser> i really suspect that it is finding a cache and thinks its "done"
<TheLordOfTime> pmatulis_: so ntpdate before setting up ntpd is not a bad idea, then
 * TheLordOfTime ran ntpdate prior to ntpd being installed, to grab the server data
<TheLordOfTime> and to update the time :P
<pmatulis_> TheLordOfTime: i've never had to do the cron job thing.  i've only had a problem when running a guest in virtualbox
<pmatulis_> vmware too prolly
<TheLordOfTime> pmatulis_: ah.  considering i have three servers I need the time to be accurate for (one for IRC logs for certain channels, one for bitcoin data timestamps to be accurate, and one for webserver logs to be accurate), I kinda need it updated, so ntpd should work for what I need
<TheLordOfTime> i did use ntpdate to update the time first though, so maybe all shall be good
<bekks> use ntpdate once, and ntpd afterwards.
<bgardner> bekks: +1
<semiosis> my launchpad karma doesnt count any PPA uploads in the last year, since Jan '13.  did something change so PPA uploads no longer add karma?
<Pici> semiosis: You might want to ask in #launchpad (too)
<semiosis> Pici: thx, I will
#ubuntu-server 2014-01-15
<keithzg> This is a bit of a shot in the dark, but does anyone know of a decent way to wait for, and be notified of, specific events on a serial port? Say for instance when you get a RING?
<holstein> script an email?
<hitsujiTMO> keithzg: is anything using that serial port?
<sarnold> keithzg: select() on the filedescriptor, and then read from the port when it's ready?
<sarnold> (noting that I have no idea if select() works on serial devices... I suspect it does..)
<keithzg> hitsujiTMO: Yeah, things are using the serial port, my officemate is trying to catch specific events so he can try and debug what's being passed between two things.
<keithzg> sarnold: Aha, yeah that sounds like it might work. Although I think my officemate is leery of having to actually write something to do this with, was hoping for something prefabbed, heh.
<hitsujiTMO> keithzg: i'm not an expert on this but afaik anything accessing a serial interface will lock the interface
<hitsujiTMO> keithzg: personally i'd look into some sort of man in the middle attack or a splitter cable
<pao> Good Day Everyone, I have a problem with an old ibm eserver xseries 225 using ubuntu server 12.04 at first boot it will only show blank screen after grub and when I hard reset it it will show grub and boot ubuntu and fallback to busybox, when I exit busybox it will load the server and run normally.
<hitsujiTMO> pao: edit the grub entry and remove "quiet splash" from the linux boot line. his should at least give you a move verbose output so you can see the problem
<pao> ok thanks hitsujiTMO
<pao> Anyone here using old ibm eserver xseries 225 with 12.04?
<pao> I have a problem on ioc1 after Attached SCSI disk and it will fallback to BusyBox? Using IBM eServer xseries 225 but after exiting busy box the server will load normally?
<pao> [   19.072506] scsi target2:0:0: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS HMCS (
<pao> 10:32 -!- Irssi: #ubuntu-server: Total of 357 nicks [0 ops, 0 halfops, 0        â6.25 ns, offset 63)
<pao>           voices, 357 normal]                                                   â[   22.576563] sd 2:0:0:0: Attached scsi generic sg1 type 0
<pao> 10:32 -!- Channel #ubuntu-server created Sun Nov 26 14:43:20 2006               â[   22.577275] sd 2:0:0:0: [sda] 286749488 512-byte logical blocks: (146 GB/136
<pao> 10:33 -!- renebarbosa [~rene@unaffiliated/renebarbosa] has joined #ubuntu-serverâ GiB)
<pao> 10:34 -!- Irssi: Join to #ubuntu-server was synced in 77 secs                   â[   22.578455] sd 2:0:0:0: [sda] Write Protect is off
<pao> 10:34 -!- claytonk [~claytonk_@pool-108-6-229-70.nycmny.fios.verizon.net] has   â[   22.578511] sd 2:0:0:0: [sda] Mode Sense: ab 00 10 08 joined #ubuntu-server                                                 â[   22.580409] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, sup
<pao> 10:34 < pao> Anyone here using old ibm eserver xseries 225 with 12.04?          âports DPO and FUA
<pao> 10:36 -!- Guest7381 [~peter@p54820A53.dip0.t-ipconnect.de] has quit [Ping       â[   22.597755]  sda: sda1 sda2 < sda5 > timeout: 252 seconds]                                                 â[   22.602140] sd 2:0:0:0: [sda] Attached SCSI disk
<pao> 10:39 -!- hitsujiTMO [~hitsujitm@unaffiliated/hitsujitmo] has quit [Quit:       â[   33.214960] mptbase: ioc1: ERROR - Wait IOC_READY state (0x20000000) timeout Leaving]                                                              â(15)!
<pao> opps sorry about the flood putty mouse click paste
<pao> â[   19.072506] scsi target2:0:0: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS HMCS ( â6.25 ns, offset 63)
<pao>                                                                                 â[   22.576563] sd 2:0:0:0: Attached scsi generic sg1 type 0
<pao>                                                                                 â[   22.577275] sd 2:0:0:0: [sda] 286749488 512-byte logical blocks: (146 GB/136
<pao>                                                                                 â GiB)
<holstein> !paste | pao
<ubottu> pao: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<pao>                                                                                 â[   22.578455] sd 2:0:0:0: [sda] Write Protect is off
<pao>                                                                                 â[   22.578511] sd 2:0:0:0: [sda] Mode Sense: ab 00 10 08
<sarnold> pao: please, pastebins..
<pao>                                                                                 â[   22.580409] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, sup
<pao>                                                                                 âports DPO and FUA
<pao>                                                                                 â[   22.597755]  sda: sda1 sda2 < sda5 >
<pao>                                                                                 â[   22.602140] sd 2:0:0:0: [sda] Attached SCSI disk
<pao>                                                                                 â[   33.214960] mptbase: ioc1: ERROR - Wait IOC_READY state (0x20000000) timeout
<pao>                                                                                 â(15)!
<TheLordOfTime> !pastebin | pao
<ubottu> pao: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<TheLordOfTime> can someone help me translate iptables ICMP rules into ip6tables ICMP rules?
 * TheLordOfTime is trying to duplicate his ruleset that he has in iptables so it works in ip6tables as well
<TheLordOfTime> these are the icmp rules i have for v4: http://paste.ubuntu.com/6753999/
<TheLordOfTime> if there's any i should have but am missing (for a standard desktop system firewall) please let me know
<Patrickdk> hmm, unlike ipv4, there are a LOT MORE icmp6 types
<pao> here my some of my dsmeg output when it falls to busybox http://paste.ubuntu.com/6754041/
<TheLordOfTime> Patrickdk: so basically, i should just allow all ICMPv6 types?
<Patrickdk> you could
<pao> my dmesg all the fallback will occur at line 307 http://paste.ubuntu.com/6754046/ using IBM eServer xseries 225 maybe scsi drive problem? or something else?
<Patrickdk> want to see mine?
<TheLordOfTime> Patrickdk: if you want to share :)
<Patrickdk> I'll warn you it's short and floppy
<TheLordOfTime> at this point i just need the icmp ruleset
<TheLordOfTime> that's better than having none :P
<Patrickdk> isn't there a *wide* pastebin somewhere?
<Patrickdk> http://pastebin.ca/2540658
<TheLordOfTime> that's a lot of rules o.O
<Patrickdk> not really
<Patrickdk> ip6tables -L -nv | wc -l == 1228 lines
<TheLordOfTime> :P
<Patrickdk> and that is on a *simple* firewall
<ruben231> hi guys ia hve install apache2 on my ubutnu server but i accidentalyl dleted the  default index.html adn index.php <-----------------how do i resolve this gusy somehow
<Patrickdk> ah, the more complex one doesn't make it much more, only 1445 lines
<Patrickdk> it's just the basic 800 or so, that makes it a lot
<TheLordOfTime> mhm
<TheLordOfTime> the ICMP is what i'm really kinda worried about, because this system has pretty much every other port already blocked with a REJECT rule at the end of the INPUT table
<Patrickdk> it's so much easier if you make it it's own chain
<Patrickdk> AllowedICMP6 :)
<TheLordOfTime> Patrickdk: indeed
<pmatulis_> ruben231: download those files again
<MarGul> When I try to upload a file I get the Error code 6 (No temporary folder). So I went into php.ini and changed my upload_tmp_dir to a dir that exists and I also changed permissions to 777 on it. Restarted php and phpinfo() has seen my changes. Still when I try and upload a file I get Error message 6. Any other things I can try?
<CappyT> Hi everyone, I was looking for a good email ecosystem to install on ubuntu, like iRedMail (which use amavis)... anyone know one?
<hXm> hi, does not exist an official package for use google drive?
<ikonia> ask google
<cfhowlett> hXm, not for linux/ubuntu    ask #google
<hXm> but in google I saw there is a community version called grive but not in official repository
<cfhowlett> hXm, and what does that tell you?
<cfhowlett> hXm, nevermind; rhetorical.  short answer; google promised official client.  still waiting on that.
<hXm> how trustable that package is, but I think is not so popular, so I will ask @google
<cfhowlett> hXm, if it didn't come *from* google they likely won't support it.
<hXm> thanks for your respond, cfhowlett  included the question
<hXm> yes
<sander^work> How do I mount a crypted ubuntu root partition?
<yolanda> jamespage: https://code.launchpad.net/~yolanda.robla/charms/precise/glance/ceph_alternatives/+merge/201771
<hitsujiTMO> sander^work: encrypted with what? luks?
<sander^work> hitsujiTMO, It's the default ubuntu way of encrypting root partition.
<Patrickdk> default ways change
<hitsujiTMO> sander^work: http://askubuntu.com/questions/63594/mount-encrypted-volumes-from-command-line
<hitsujiTMO> sander^work: thats for luks, ubuntus default
<sander^work> Patrickdk, it's in the latest ubuntu 13.10
<Patrickdk> yes, but you didn't specify a version, so how would we know
<sander^work> Understand.
<sander^work> How do I figure out the encryption string to use for decryption? I suppose it's stored somewhere encrypted with the root password?
<Patrickdk> no, that is not possible
<Patrickdk> when you encrypted it, you would have had to memorized it
<cfhowlett> sander^work, if you could figure out the encryption string that would rather defeat the purpose, no?
<hitsujiTMO> sander^work: you find it out by discovering the cure to amnesia
<sander^work> I think I didnt write down the encryption string when I installed the os. But it promted me that I also could use the root password some way. But maybe i've misunderstood.
<cfhowlett> sander^work, you did indeed.
<sander^work> cfhowlett, hitsujiTMO Patrickdk: How does the os then decrypts it?
<Patrickdk> you type in the decryption password
<cfhowlett> !encryption
<ubottu> For information on setting up encrypted private directories (8.10+) see https://help.ubuntu.com/community/EncryptedPrivateDirectory
<Patrickdk> wrong factoid
<sander^work> I don't when I boot the os.
<Patrickdk> then you don't have an encrypted root
<hitsujiTMO> sander^work: you either type in the password, or insert the usb containing the key depending on how its set up. by default its a password
<sander^work> I crossed off for encrypted disk when I installed the os. I probably only have an encrypted home dir then?
<Patrickdk> sounds like it
<sander^work> How do I decrypt that then?
<sander^work> Same way?
<Patrickdk> ubottu just posted the url
<ubottu> Patrickdk: I am only a bot, please don't think I'm intelligent :)
<sander^work> Ok, thanks!
<hitsujiTMO> sander^work: look at the recover section https://help.ubuntu.com/community/EncryptedPrivateDirectory
<zul> jamespage:  https://code.launchpad.net/~zulcss/keystone/ftbfs-jan15/+merge/201774
<jamespage> zul, +1
<zul> jamespage:  thanks
<zul> jamespage:  so neutron is still failing?
<jamespage> zul, yes
<zul> jamespage: i have a fix for nova for the issues from yesterday
<zul> jamespage:  ill fix up neutron as well next
<hallyn> sarnold: hi, could I impose on you for a review of lp:~serge-hallyn/+junk/cgmanager?  (will be trying to get it into the archive - and not long after into main - soon)
<rharper> rbasak: uvt-simplestreams-libvirt sync release=lucid arch=amd64  doesn't do anything; though  sstream-query http://cloud-images.ubuntu.com/releases/ release=lucid arch=amd64 returns lots of images.
<strixUK> afternoon all.  i have a problem with / on an md (raid1) + lvm volume on a fresh install of server 13.10.  i've traced things as far as udev, but i have no idea how udev works or where to look next
<strixUK> the specific problem is that lvm says it can't map the root volume (possibly because the raid array isn't yet ready), so i get dumped to an initramfs shell.  the box boots okay after 'vgchange -ay' and ^D.
<strixUK> can anybody help diagnose udev, or recommend a channel that might be able to?
<claytonk> Interested to know how others are managing vmware-tools on their server fleets
<claytonk> The vmware package repos don't keep up with the latest kernel releases
<claytonk> could write a script that updates from the ISO but this seems clunky
<hitsujiTMO> claytonk: you reffering to the kernel modules within vmware-tools?
<claytonk> yes
<ikonia> claytonk: they normally either a.) use a supported long term distro that doens't change kenrel version b.) have a central managment server thats pushes out the vmware install
<ikonia> claytonk: what version of linux are you using ?
<claytonk> trying out open-vm-tools
<claytonk> we're running 12.0.4.4 LTS
<hitsujiTMO> I install vmware tools alright, but generally go without those specific modules. They don't provide anything I need. They should build with kernel 3.2 if you need them
<jrwren> that is 12.04.4
<claytonk> yup
<ikonia> claytonk: with the LTS standard kernel or the enablement stack ?
<zul> jamespage:  https://code.launchpad.net/~zulcss/nova/ftbfs-jan14/+merge/201600
<claytonk> enablement stack
<ikonia> so that's why it's causing you a problem then
<ikonia> as it's jumping to bleeding edge kernels, when vmware tools targets long term / stable distros
<claytonk> ikonia: reading up on the enablement stack now
<claytonk> open-vm-tools package seems to be meeting my needs
<claytonk> other than possible VMware support issues, any known gotchas with open-vm-tools?
<plm> Hi all
<plm> people, anyone can help me with to compile libsimplelog?
<plm> I'm installing libsimplelog and I have this error "make: *** [clean] Error 2" The complete error is here http://dpaste.com/1553061/ any idea?
<hitsujiTMO> plm are you missing the dh-autoreconf package?
<plm> hitsujiTMO: I tried with autoreconf -i and works =D
<plm> hitsujiTMO: thanks
<plm> hitsujiTMO: strange, I configure, make and make install and after try show "tcp-intercept: error while loading shared libraries: libsimplelog.so.1: cannot open shared object file: No such file or directory" Do you know why?
<hitsujiTMO> plm: which command exactly is giving that error?
<plm> hitsujiTMO: tcp-intercept... ohh works, Was miss net-tools =D
<zul> roaksoax: can you do me a bzr review for me in a couple of minutes
<roaksoax> zul: yes sir!
<roaksoax> :P
<zul> roaksoax:  still buidling locally
<roaksoax> zul: I I captian :P
<zul> jamespage:  still around?
<zul> jamespage:  http://pastebin.ubuntu.com/6757676/
<zul> roaksoax:  https://code.launchpad.net/~zulcss/neutron/ftbfs-jan15/+merge/201826
<jamespage> zul, nvp->nsx I suspect
<zul> jamespage: https://code.launchpad.net/~zulcss/neutron/ftbfs-jan15/+merge/201826
<jamespage> zul, +1
<zul> jamespage:  thanks
<zul> jamespage:  neutron needed the same sqlachemy fix
<jamespage> zul, I guessed it might
<nwilson5> if I wanted to run rsync regularly (i.e. every minute) over a directory with thousands of files or hundreds of thousands of files, many of which likely would not have changed, is that going to start taking too long/being too much work for the server. I could make a "smarter" backup strategy over the directory keeping track specifically of what's changed
<bekks> Doing so will mess up the rsync sessions.
<bekks> You dont want to run rsync that often.
<sarnold> nwilson5: yeah you won't like the results of rsyncing every minute; you'd have to go to some effort to only run one rsync at a time, since it'll probably take far longer than a minute to stat all the files ..
<nwilson5> ok assumed as much, was thinking of keeping track of all files appended to the directory and have a 'smarter' script that just backs those up.
<sarnold> nwilson5: you could use incron to monitor a directory and discover new files and modified files, that'd be less painful...
<sarnold> see e.g. http://inotify.aiken.cz/?section=incron&page=doc&lang=en
<Free99> hey everyone. I'm trying to write a script that will email on a RAID error, problem is the mail sender is too simple (ssmtp) to send to multiple people simultaneously (or is it?)
<Free99> test emails to one user works fine, but the docs say /etc/aliases are not supported... really don't want a full MTA
<andol> Free99: Why wouldn't you want to use a full MTA? Unless we are talking an embedded system I really don't see the memory footprint being of much significance.
<Free99> it's not the memory so much as that it's a whole new system to learn... ssmtp is great for when I'm the only person who needs scripts to mail notifications, plus no suid voodoo
<andol> Free99: The default apt-get postfix install provides a few set of fairly straightforward default. As long as you make sure it only ends up listening on localhost there isn't really that much extra which can go wrong.
<Free99> (shrug) andol if it comes down to it, I guess I'll use it, but damn if I'd rather not.
<Free99> andol, so would I need to setup an MX record, or could I just have it send using smtp through my company mail server?
<andol> Free99: A MX record only matters if you want to recieve e-mail, which I would assume isn't the plan?
<Free99> oh, right.
<Free99> nope, just send status of cron jobs and such
<Free99> still would rather through the company server though
<andol> Free99: Then just have postfix use the company server as a relay. There is a debconf option for that during the apt-get install.
<Free99> hmm... I'm writing documentation on how to do all this, soup-to-nuts. How would I set the debconf non-interactively?
<hXm> i install dropbox on ubuntu server and install the daemon using dropbox start -i, it installs something and when I run dropbox it says the daemon is not installed, is an infinite loop
<hXm> what could i do
<paco1> bonjour Ã  tous. J'aimerai limiter l'usage du proc par slapd, parce que ca monte Ã  200%. J'ai tester "* - cpu 90" dans /etc/security/limits.conf, mais visiblement cela ne marche pas.
<Pici> !fr
<ubottu> Nous sommes desoles mais ce canal est en anglais uniquement. Si vous avez besoin d'aide ou voulez discuter en franÃ§ais, veuillez taper /join #ubuntu-fr ou /join #ubuntu-qc. Merci.
<paco1> ah oups, j'ai ouvert le canal -fr juste a cotÃ©...dÃ©solÃ©!
<paco1> hello! i need help to limit the usage of the cpu. I tryed this "* - cpu 90" in "/etc/security/limits.conf", but it doesn't work because my cpus follow to have 200%
<genii> !info cpulimit
<ubottu> cpulimit (source: cpulimit): tool for limiting the CPU usage of a process. In component universe, is optional. Version 1.9-2 (saucy), package size 14 kB, installed size 61 kB
<sarnold> neat, thanks genii :)
<paco1> thanks genii
<paco1> it works very fine!
<genii> paco1: Yer welcome :)
<paco1> genii: yesterday i answer how can i avoid the (Too many Open Files) on my ldap servers. i tried "* - nofile 10000" in /etc/security/limits.conf but it doesn't work. Always, ulimit -n give me 1024.
<sarnold> paco1: how does your ldap server get started? you might need to throw in a ulimit -n 10000 into an initscript or upstart configuration file
<sarnold> paco1: the PAM limits are only applied if a PAM module is called before starting the daemon..
<paco1> sarnold: arghhh
<paco1> ok
<paco1> i'll integrate it in the initscript
<paco1> thanks!
<sarnold> paco1: oh yes; check to make sure your ldap server doesn't use select(). if it does use select() you'll be in a world of hurt if it goes beyond 1024 file descriptors.
<sarnold> paco1: poll() and epoll() are fine though.
<paco1> sarnold: where can i check it? in the initscript?
<sarnold> paco1: I think most likely to work is objdump -T `which ldapd` | grep select
<sarnold> paco1: though reading the source would also work
<paco1> sarnold: but i need to activate the debug mode on the slapd process before to run this comand, right?
<sarnold> paco1: no, just run it, it ought to work
<paco1> it search a.out file "objdump: 'a.out': No such file"
<sarnold> paco1: ah sorry, I dont know the name of the ldapd -- replace `which ldapd` with the actual path the ldap daemon you're using
<paco1> ah no, me, excuse me, i tried it but: "objdump: 'slapd': No such file"
<sarnold> paco1: would that be in /usr/bin or /usr/sbin/ or .. ? be sure to use the right path
<paco1> /ur/local/ldap/libexec/, and it is in /etc/ld.so.conf.d/ldap.conf
#ubuntu-server 2014-01-16
<xibalba> how do you check mbuf's on ubuntu ?
<xibalba> `netstat -m` is what would usually show it
<KI7MT> .
<jkitchen> KI7MT: sup greg.
<jkitchen> didn't even need to guess :(
<KI7MT> Hey what's up .. just writing some Ubuntu QA test cases.
<KI7MT> In fact, doing Virtual Minimal and Virtual Minimal system installs via, server-iso
<KI7MT> minimal system && virtual minimal system .. lol .. even confuzzed myself there fer a minute.
<yolanda> morning jamespage, have a lot of MP ready for you :)
<zul> hallyn:  ill get on libvirt and libvirt-python today
<hallyn> cool
<hallyn> thanks
<rbasak> stgraber: re: bug 1204902, would a bind mount be similiarly objectionable?
<uvirtbot> Launchpad bug 1204902 in lxc "Please add symlink access to a guest's root filesystem" [Wishlist,Won't fix] https://launchpad.net/bugs/1204902
<zul> hallyn:  1.2.1 builds fine locally for me (that was too easy)
<hallyn> zul: that's a pleasant change :)
<hallyn> rbasak: what would we bind mount?
<YamakasY> someone using partman schemes ?
<hallyn> rbasak: Task t1 (lxc-start) clones task t2 (which becomes init) in a new mount ns.  any mounting done by t2 is not seen by t1.  To let t1 see t2's mounts we would have to do a scheme with mounts propagation, which would be ok if we know exctly how we are starting, but in the general upstream sense would be very fragile
<hallyn> look at what we're having to do to account for hosts which either have root in ramfs, or have / mounted ms_shared
<zul> smb/hallyn:  should i put these in a ppa for you to test
<hallyn> zul: sure
<hallyn> one day i'll need to build a new test image with acpi enabled for qrt so i can have 100% tests passing again..
<smb> zul, would be nice. In theory you should have been able to drop two of my recent patches at least
<smb> zul, And hopefully not have to fiddle with the ones we still need
<zul> smb: i did and didnt need to fiddle
<smb> zul, Makes me feel happy :)
<zul> smb: ditto then i can work on other things :)
<smb> hehe
<zul> smb/hallyn: will be in here for trusty https://launchpad.net/~zulcss/+archive/libvirt-testing
<ns5> what version of erlang does 12.04.03 have?
<hallyn> zul: ok
<smb> zul, Ok, I'll give it a whack in a bit
<zul> thanks
<stgraber> rbasak: AFAIK a bind mount is impossible
<stgraber> rbasak: hmm, apparently it's not anymore, odd, I'm pretty sure this failed on ubuntu-touch when we tried...
<ogra_> yep
 * ogra_ remembers that too
<stgraber> rbasak: so anyway, the problem you get with the bind-mount then is that it'll only show you the / of the container, not any of the sub mounts
<phillw> Hi, I've just done do-release-upgrade -d but I do not have the 3.13 kernel (still 3.8) :(
<phillw> https://help.ubuntu.com/12.04/serverguide/installing-upgrading.html
<yctn> does anyone know if this issue still exsist in ubuntu 12.04 https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/875440
<uvirtbot> Launchpad bug 875440 in cyrus-sasl2 "Cannot authenticate with saslauthd and mysql" [High,Confirmed]
<Pici> phillw: so you're on 14.04 now?
<phillw> Pici: that VM was told to upgrade... it ran for  couple of hours and is still on kernel 3.8 ... I'm guessing this may be a bug as my desktop upgrade has pulled in the new kernel series.
<phillw> picking up bugs early is always good, especially as we have a lts --> ;ts release :)
<Pici> phillw: Looks like linux-image-server is still at 3.13 on trusty.
<phillw> Pici: so, how do I tell a server to get it?
<Pici> phillw: You don't, there is not an updated package available.
<phillw> (it is a VM and you are welcome to have a wander aroubd)
<phillw> Pici: how do invoke drwxrwxr-x 23 ali ali     4096 Jan 12 10:04 linux-3.13-rc8
<phillw>  to be used?
<Pici> phillw: What do you mean by invoke?
<phillw> use,... it's okay. I'll pop back to -kernel as there has been some issues with -rc7 that rc8 may have solved. that particular VM is for trialling 14.04 community bulds, so I do expect breakage as we learn how do them :)
<smb> zul, Ok, completed a PXE/HVM install through libvirt-1.2.1/Xen/xl and it did not explode. Sounds good enough from that side ;)
<zul> smb: awesome just need one more +1
<phillw> zul: do you have the link to the test case?
<zul> phillw:  what test case?
<phillw> (16:36:37) smb: zul, Ok, completed a PXE/HVM install through libvirt-1.2.1/Xen/xl and it did not explode. Sounds good enough from that side ;)
<zul> phillw:  no this is testing libvirt
<smb> phillw, This is me running it
<zul> phillw:  we never had a formal test case for libvirt
<phillw> I run KVM, in 14.04 ubuntu and centos 6.4..... what would you like testing (apart from https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1080674 and a couple of others that are no-fix) ? :)
<uvirtbot> Launchpad bug 1080674 in cairo "[QEMU] Corrupted desktop screen for raring desktop installation in QEMU guest (Cirrus graphics).  Affects KVM but not VBox." [Medium,Confirmed]
<zul> uh?
<phillw> smb: I connect to the server using kvm (and libvirt) from 14.04 to a 6.4 CentOS system... no bugs :)
<phillw> virt-manager is a local GUI that makes life a bit easier :) It was the libvirt devs who told me that I was doing it all wrong when connecting :)
<smb> It certainly beats doing most things manually... it has some drawbacks (virt-manager) in the implementation. At least when one is using a lot of lvs
<phillw> smb: I don't know what lots are.... I have 9 VM's running. But, I'm not a crappy company like godadday :P
<smb> phillw, Its not about the number of running VMs. I have 37 LVs defined and virt-manager becomes quite slow displaying them for selection.
<phillw> smb: what do you use? i do dabble with virsh for some admin jobs, but am always open to new ideas :)
<smb> phillw, Partially virsh, or working around that limitation by defining the LVs by hand and type in the path instead of using the search box. For my small scale testing that is good enough
<hallyn> zul: all tests passed, that's a go :)
<zul> hallyn:  cool thanks
<phillw> smb: feel free to ping me if there is ever a requirement for a 2nd kvm to confirm things. I still retain one that is not allocated to any team.
<smb> phillw, The KVM side usually is covered more. But you are always welcome to check out the early daily images for the next release with your use cases. And report bugs (ask bjf said). They really help not to forget things. And you get feedback independently from when things are done
<phillw> smb: I run lubuntu 14.04 on my laptop and centos 6.4 on my server... both machines have kvm running. all any one need do is give me a ping (I also live on #phillw).
<StathisA> anyone have experience with MSMTP?...i did the symbolic link for sendmail - but apticron reports: send-mail: invalid option -- 'r'
<StathisA> msmtp should befully compatible with sendmail switches and exit codes...:-S
<sarnold> StathisA: http://www.sendmail.org/~ca/email/man/sendmail.html
<sarnold> StathisA: "-rname      An alternate and obsolete form of the -f flag."
<sarnold> wow, -rname was listed as obsolete even back in freebsd 1.0 days: http://www.freebsd.org/cgi/man.cgi?query=sendmail&apropos=0&sektion=0&manpath=FreeBSD+1.0-RELEASE&arch=default&format=html
<sarnold> wow, 4.2 BSD NET/2 even. it's been obsolete for a very long time indeed :)
<StathisA> hmmm...how to get around it then...:-S
<sarnold> StathisA: ideally, file a bug on apticron, and then if you've got the ability and inclination, download the sources, find the -r, write a patch to fix it, and ask for help to push the fix through the SRU process: https://wiki.ubuntu.com/StableReleaseUpdates
<sarnold> StathisA: but be sure to file the bug regardless :) hehe
<StathisA> ok thank you!
<blz> Hello, I'm trying to install GRUB to an installation which currently does not boot (doing this from the rescue option of the Ubuntu server installer).  `grub-install /dev/sda` complains that "embedding is not possible, but this is required for cross-disk install".  What should I be doing differently?
<hitsujiTMO> blz: did you chroot to the install os?
<holstein> i always just refer to https://help.ubuntu.com/community/Boot-Repair and use a live CD when i can
<blz> hitsujiTMO, I believe so.  At some point it asked me what I wanted to use as my root and I selected /dev/md0
<hitsujiTMO> blz: wait soory never mind misread you question
<blz> hitsujiTMO, no worries =)
<hitsujiTMO> blz: what partition layout is it?
<hitsujiTMO> mbr or gpt?
<blz> hitsujiTMO, gpt
<blz> hitsujiTMO, they're 3Tb drives (x3)
<hitsujiTMO> then its just grub-install
<blz> hitsujiTMO, haha that simple, huh?
<blz> =)
<blz> hitsujiTMO, hmm actually it's printing the help when I just do `grub-install`
<hitsujiTMO> blz: this is a uefi install right?
<blz> uefi?
<blz> I installed this with  ubuntu-server's text installer
<blz> hitsujiTMO, The thing is, my /  is on a RAID5 partition and my /boot is on /dev/sda1
<blz> So I suspect this is why I'm having issues
<hitsujiTMO> what type of drive is /dev/sda1 ?
<blz> 3 Tb HDD
<blz> hitsujiTMO, let me give you the whole layout... might be clearer
<hitsujiTMO> blz is the a /boot/efi ?
<blz> hitsujiTMO, `ls /boot` returns only a directory called `grub`
<blz> in said directory, there is efiemu.mod, efiemu32.o and efiemu.64.o
<hitsujiTMO> blz ok. then you should have a reserved boot partition.
<blz> hitsujiTMO, yes, that would be /dev/sda1
<hitsujiTMO> blz: thats not /boot right?
<blz> hitsujiTMO, aaaah you have me stumped.  how can i check?
<hitsujiTMO> parted -l
<blz> hitsujiTMO, all I know is that I defined a 256 mb partition on /dev/sda1 and set it's mountpoint to /boot
<blz> but yeah, let me check that
<blz> hitsujiTMO, I have a line that reads `1   1049kb    256mb    ext2                         boot`
<blz> boot being under the 'flags' column... I don't see any indication of it being mounted to /boot, though
<blz> hitsujiTMO, unless I'm missing something obvious
<hitsujiTMO> blz thats just sda1. hmm.
<blz> hitsujiTMO, I only copied one line, there.  There's much more
<hitsujiTMO> blz is there any partition thats only like 1mb in size?
<blz> hitsujiTMO, no
<blz> hitsujiTMO, this is a fresh install, so maybe I should just start over.  I'm just scratching my head at where I went wrong =/
<hitsujiTMO> blz: does the server support uefi at all?
<blz> hitsujiTMO, how can I check?
<hitsujiTMO> blz: how old is it?
<blz> hitsujiTMO, a few years old -- circa 2007, maybe?  It's a socket 775, I believe
<hitsujiTMO> nah then it wont
<blz> well shoot =/
<hitsujiTMO> hmm.. not sure exactly it would have done. on debian it installs to a reserved bios partition on gpt.
<zlatan> Hi! I'm having some trouble opening ports on my VPS to the outside world, would I be able to ask for some guidance here?
<hitsujiTMO> blz: does parted -l list any unusual partitions types?
<sarnold> zlatan: yes, but it might be worthwhile to shoot a question to your vps provider to find out if they're blocking ports in their network
<blz> hitsujiTMO, other than raid partitions? no
<hitsujiTMO> blz: sorry out of ideas then.
<blz> hitsujiTMO, no worries.  thanks for your help =0
<blz> =)
<zlatan> sarnold: that sounds reasonable. I didn't think it would be a probable explanation for the problem, but I'll check with them just to be sure :-)
<hitsujiTMO> blz: anything partition that says bios_boot ?
<sarnold> zlatan: it happens surprisingly often :) hehe
<zlatan> sarnold: thanks, I wouldn't have guessed that haha
<blz> hitsujiTMO, nope
<zlatan> sarnold: btw, is it likely that they seem to block basically all ports except 80?
<sarnold> zlatan: it would be a bit draconian, but I suspect _someone_ out there does just that :) hehe
<hitsujiTMO> blz: maybe this might help: http://bootinfoscript.sourceforge.net/
<blz> hitsujiTMO, great, I'll read through it.  Thanks again!
<hitsujiTMO> zlatan: whats the output of: sudo iptables --list
<zlatan> hitsujiTMO: it's currently a very convoluted list, but I used 'ufw allow 8000' to open port 8000
<zlatan> which didn't seem to work
<hitsujiTMO> zlatan: whats output of: sudo ufw status
<hitsujiTMO> zlatan: there may be a rule that's superseding your rule
<zlatan> hitsujiTMO: it's a very barebones VPS that I just setup, so I deem it highly unlikely, but I'll paste the output here just to be sure
<hitsujiTMO> zlatan: sudo apt-get install pastebinit && sudo ufw status | pastebinit
<sarnold> pastebinit++  :)
<zlatan> hitsujiTMO: as a test, could I use 'ufw disable' and try to access the port (via normal http) to see whether it'd work without any firewall? Or would that still leave some barriers intact?
<hitsujiTMO> zlatan: no that should work if you disable ufw
<zlatan> hitsujiTMO: let me recheck that first, I recall that I tried to do so and it still didn't work
<hitsujiTMO> zlatan: if you disable ufw. whats the output of: sudo iptables --list
<zlatan> hitsujiTMO: it says Status: inactive
<zlatan> hitsujiTMO: sorry, wrong command
<zlatan> hitsujiTMO: http://paste.ubuntu.com/6763942/
<zlatan> hitsujiTMO: I also tried using netcat and tcpdump to listen for incoming packages, but nothing seemed to happen
<hitsujiTMO> zlatan: and its still blocked now?
<hitsujiTMO> zlatan: looks like they've some external firewall up if thats the case
<zlatan> hitsujiTMO: I just ran 'tcpdump port 8000' and tried to access my server ip:8000, but the connection times out and I don't receive any packages...
<zlatan> hitsujiTMO: that certainly seems likely now, yes
<zlatan> hitsujiTMO: just a strange idea: could I try logging on to the server on two separate sessions and trying to send a request to the localhost:8000 from one session and listen to it from the other? To see whether it does accept local connections?
<hXm> hello, I want to create a cloud storage in my server, I know there is openstack but that is a bootable OS no? exists an alternative?
<hXm> something like dropbox could be just perfect
<sarnold> hXm: look into owncloud
<hXm> oh, i'll google that, thanks
<holstein> or, share via ssh or whatever, and connect to the share..
<sarnold> I'm happy enough with sftp but can see why someone would want more :) hehe
<hXm> for me I just use sftp too, but for regular users they just imagine something like \\domain.com\directory and copy,paste,execute from it as a shared folder
<hitsujiTMO> zlatan: no need to do a second sftp session. background the listening app with ctrl + z, send your request to localhost:8000, then foreground the listener with fg
<hXm> owncloud is via web only
<zlatan> ah right
<zlatan> forgot about that
<hitsujiTMO> zlatan: you should also look into screen of tmu
<hitsujiTMO> zlatan: you should also look into screen of tmux
<hXm> ah, ah, desktop clients too, nice
<zlatan> hitsujiTMO: a regular wget should do the trick i guess?
<hitsujiTMO> zlatan: yup
<zlatan> hitsujiTMO: this is interesting. Listening on port 8000 doesn't do anyting whatsoever. However, when I let nginx run on port 80, then execute 'tcpdump port 80' and consequently do 'wget localhost:80', it does retrieve index.html and tcpdump shows that packages were received. However, when nginx is not running, running the same wget command merely returns a 'connection refused'
<hitsujiTMO> zlatan: try: sudo tcpdump -i lo port 8000
<zlatan> hitsujiTMO: sure
<zlatan> hitsujiTMO: when I run 'tcpdump -i lo port 8000' and consequently run 'netstat -ntlp | grep "LISTEN"', I guess I should see an entry for tcpdump listening to port 8000? Since it doesn't show up...
<sarnold> tcpdump won't be listening
<sarnold> it throws the NIC into promiscious mode and reads packets raw through a different mechanism
<zlatan> sarnold: sorry, didn't know that. Anyways, now that I've setup nginx to listen on port 8000, it does in fact work when I approach it locally
<zlatan> sarnold hitsujiTMO: however, it still doesn't listen to my connection from the outside
<sarnold> zlatan: try changing the tcpdump -i lo port 8000 to just tcpdump port 8000  ?
<hitsujiTMO> zlatan: or: tcpdump -i eth0 port 8000                      if the external interface is eth0, but without it should work
<zlatan> sarnold: now tcpdump doesn't see any packages arriving, even though nginx does send back index.html
<miseria> "no estoy de acuerdo con la pena de muerte, al final las leyes sobrenaturales nos tienen condenados a morir" bienvenidos: http://castroruben.com *temo_a_un_ser_sin_rival*
<zlatan> hitsujiTMO sarnold: only when i use '-i lo', it actually shows the packages coming in. Both of the others stay blank when i do 'wget localhost:8000'
<sarnold> zlatan: perhaps when you just run 'tcpdump' it binds to the incorrect network interfae
<sarnold> zlatan: check 'ip' output to find out the interfces on the system; you might need to select a different one
<zlatan> sarnold: just 'ip'? It seems to need parameters?
<zlatan> sarnold: 'ifconfig' maybe?
<sarnold> zlatan: ifconfig also works
<zlatan> sarnold: http://paste.ubuntu.com/6764105/
<sarnold> zlatan: ha, that's easy enough. drat :)
<zlatan> sarnold: just wondering, the things you're seeing so far... does it seem out of the ordinary (meaning that something like an external firewall might actually be in place) or is there still a good possibility that it's just my lack of skills in setting up server systems?
<sarnold> zlatan: I'm not sure; packet captures can be funny things. it sounds like you've got your nginz running on 8000 now and it seems to be working, right?
<zlatan> sarnold: only locally... when I try to approach it via a regular browser, the connection merely times out
<sarnold> zlatan: times out, eh? that does sound like a firewall, one set to DROP packets rather than REJECT packets
<zlatan> sarnold: connections time out on every port except 80, even when the local firewall is set to deny specific ports
<sarnold> zlatan: that sounds very much like the VPS provider to me
<zlatan> sarnold: that's good to know :-)
<sarnold> zlatan: is it by chance amazon? if so you may need to configure new security groups
<zlatan> sarnold: my friend says that it is in fact possible to run directadmin on the vps (via a custom installation process) which listens on port 2222... can this invalidate our conclusion, or might that be a side-effect of the custom installation process they offer?
<zlatan> sarnold: no, a minor Dutch provider ;)
<sarnold> zlatan: sorry, no idea on the direcadmin thing; if it is a web-based administration tool, please be cautious, those are notortiously insecure
<rostam> Hi I am trying to start  dhcp server: service isc-dhcp-server. However, every time, I get the following message: init: isc-dhcp-server main process(...) killed by TERM signal.       why?
<sarnold> rostam: is there anything in the logs that looks related?
<rostam> sarnold, which log exacly I need to look for?
<blz> I'm trying to install ubuntu-server to a software RAID volume, but I keep getting an error when installing grub.  The error reads "executing `grub-install /dev/sda/` failed".  What can I do to fix this?
<blz> This is RAID5 on 3 gpt-partitioned HDDs
<sarnold> rostam: /var/log/syslog -- and if the dhcp server has its own log file, that too..
<zlatan> sarnold: it is indeed a web-based admin tool, but we're not installing that :-)
<rostam> sarnold,  there is nothing about isc-server ...
<sarnold> zlatan: oh, good. :)
<sarnold> rostam: it'd probably have dhcp in the name
<rostam> sarnold,  it seems it worked at some time, because I see DHCPREQUEST and DHCPACK but nothing else...
<tc0nn> rostam: That's pretty normal. The "renewal" process is just that simple.
<sarnold> rostam: hrm, so no messages that look out of the ordinary just before it blows up?
<rostam> sarnold,  yes not other messages.
<rostam> tc0nn, renewal process: how can I stop that..
<tc0nn> That's normal. If it doesn't renew, it loses the DHCP lease.
<tc0nn> Basically that's the DHCP client telling the server "hey dude, I'm still here, don't give away my IP address as I'm still using it"
<rostam> tc0nn,  sarnold  thank you I think I understand now.
<sarnold> rostam: if it happens again, I recommend running ubuntu-bug ich-dhcp-server
<rostam> sarnold, thx
<zlatan> sarnold hitsujiTMO: thanks for helping out, we'll see what our VPS provider can do for us :-) take care!
<blz> Hello, I'm trying to install ubuntu-server to an LVM-on-RAID5 volume.  The installer runs its course and then fails when trying to install the bootloader.  I've tried installing to /dev/sda, /dev/mapper/md-0 and /dev/mapper/md-1, to no avail.  What gives?
<blz> Also please note that these are 3 gpt-partitioned drives (>2Tb)
<ikonia> blz: I assume you have a /boot partition that is a physical partition ?
<blz> ikonia, no, I was under the impression that GRUB2 didn't require one
<blz> ikonia, what's more, I tried it with a seperate /boot earlier and it still failed with the same message (although it was trying to install to /dev/sda, then)
<blz> ikonia, google seems to suggest that using non MSDOS partition tables opens a lot of issues
<maxb> blz: EFI or BIOS booting? Also, are you able to run 'parted --list' or similar and pastebin it to show us the full details of your partition layout?
<blz> maxb, I'm not sure about EFI vs BIOS -- i suspect BIOS as the computer is a few years old.   As for the pastebinning, I'm still in the graphical installer, so cutting&pasting (let alone internetting) is a bit of a challenge
<blz> maxb, but if you tell me what to look for, I can relay the information from parted -l
<blz> Oh also, I should mention that I'm still in the installer.  I can drop to a shell via ctrl+shift+F2
<maxb> So, you have sda, sdb and sdc, each with a GPT? What partitions do they contain? What makes up md-0 and md-1 (cat /proc/mdstat will help for this)
<blz> maxb, yes, sd[abc], each GPT, each containing one partition marked as physical volume for raid
<blz> I built a RAID5 array using the above partitions
<blz> and an LVM on top of that
<blz> maxb, the installer is presently hanging on the final bit where it installs the bootloader
<maxb> Something seems a bit wrong if you have *two* md devices in such a setup
<blz> maxb, yeah i thought that was rather strange, too
<blz> let me copy down the output from ls -l /dev/mapper
<blz> it'll be a bit quick & dirty...
<maxb> Jump to a shell and have a look at /proc/mdstat - it should tell you which underlying devices make up each md device
<blz> http://paste.ubuntu.com/6764728/
<blz> maxb, did I say `md` ?  I meant `dm-0` & `dm-1`
<blz> I think these are the logical volumes on my LVM
<maxb> Oh, right, that makes all the difference :-)
<blz> maxb, my bad =)
<blz> /proc/mdstat appears empty, btw
<blz> but that might be because i'm in the installer's shell ?
<maxb> It sounds to me like /dev/sda would be the correct installation device
<maxb> mdstat will be empty because it turns out you're not using md :-)
<blz> maxb, oh right. yes that makes sense
<blz> maxb, I'll try /dev/sda again, but that failed in the past
<blz> let me try again, though
<maxb> I'm not all that familiar with where the graphical installer logs to. Do you get any messages about *how* it is failing?
<blz> yeah it's throwing an error.
<maxb> which is? :-)
<blz> maxb, well no -- that's the frustrating thing
<blz> it says "Executing grub-install /dev/sda failed.  this is a fatal error"
<maxb> How 'helpful'
<blz> maxb, no kidding
<maxb> Could you run parted -l and tell me what the "Start" value is for the partitions?
<blz> sure, one sec
<maxb> The partitions on sd[abc], that is, ignore any stuff about the dm devices
<blz> hmm it's saying parted not found
<blz> let me reboot into the rescue option
<blz> and drop to a shell there
<maxb> Or try fdisk instead
<blz> just plain `fdisk` ?
<blz> or fdisk -l ?
<blz> eeh, fdisk not found either
<blz> i'll bring up the rescue shell
<blz> maxb, hmm I have some new information
<maxb> ok
<blz> maxb, I ran the 'repair a broken system' option in the ubuntu-server installer and opened a shell in /dev/root/system
<blz> which is my LVM logical volume mapped to /
<blz> and i tried running grub-install /dev/sda from there
<blz> maxb,  I got a more informative error:  "/usr/sbin/grub-setup:  warn:  this GPT partition label has no BIOS Boot Partition; embedding won't be possible!"
<blz> maxb, followed by "Embedding is not possible, but this is required when the root device is on a RAID array or LVM volume
<blz> certainly more "helpful" than "Error. it didn't work" :D
<maxb> Ah, so it is that problem.
<blz> I'm all ears =)
<maxb> GRUB needs space to put the code which actually understands how to boot off LVM - but there is no space available in which to put it
<blz> maxb, ah, so how would I go about fixing this?
<blz> maxb, I'm willing to reinstall if that's simpler/cleaner
<maxb> In a MBR partition table setup, the space is made by leaving unpartitioned space before the first partition. In a GPT setup, it's the same idea, but instead of unpartitioned space, you have to allow a partition of a special type, which GRUB knows belongs to it for this purpose
<maxb> So unfortunately, you will need to repartition
<blz> maxb, ok that's not a problem
<blz> so basically I'll need to make a small partition at the begining of every disk and format it as a specific type of partition?
<blz> how large and what's the type called?
<maxb> If you are creating it using parted, the incantation to mark it as the right type is 'set (number) bios_grub on'
<blz> maxb, i was hoping to create it during the partitioning menu of the installer
<maxb> As for size, I'm not sure, but GRUB seems happy with only 1MiB on my LVM-without-RAID setup
<blz> maxb, ok -- is this something I can do from the installer?
<blz> or should I run parted first?
<maxb> I'm unsure whether the graphical installer is going to give you the flexibility you need.
<ikonia> blz: apologies I had to make a phone call
<ikonia> blz: what's the current situation ?
<blz> ikonia, no worries! Thanks for checking in =)
<maxb> ikonia: Needing to repartition so that GRUB has room for embedding
<ikonia> embedding ?
<blz> what maxb said ^^
<ikonia> apologies, I've missed part of the conversation, I'm certainly interested
<blz> ikonia, I'm not sure how well I can explain it seeing as I just found out that this thing existed
<blz> ikonia, but in a nutshell it would seem that GRUB2 expects a small partition at the beginning of each of my drives from which it can load the stuff it needs to boot from GPT
<blz> and I'm now wondering how to set up such a partition from the installer
<maxb> embedding is when GRUB needs to write some of its support code somewhere on the disk (in this case, the code that it uses to know how to read stuff from LVM)
<ikonia> maxb: are you talking about the stage files ?
<maxb> stages is what Grub 0.9x called it
<ikonia> yes, but in essence the same thing
<ikonia> that's why it needs a /boot partition
<ikonia> (or it's better to have one)
<maxb> It doesn't *need* a /boot partition
<blz> ikonia, oh so this is /boot we're talking about?
<ikonia> maxb: it needs somewhere, so /boot is the logical place.
<ikonia> blz: yes,
<maxb> A /boot partition would be solving the same general problem in a different way
<blz> I tried installing a /boot at one point and I got the same error
<ikonia> blz: a seperate boot partition or a logical volume /boot
<blz> ikonia, seperate /boot partition
<blz> initially I had a 256 mb /boot partiton on sda
<ikonia> blz: that should be fine
<blz> and 256 mb swap partitions on sd[bc]
<ikonia> 256mb swap partition ??
<blz> and then each drive had a (3tb - 256mb) physical volume for raid
<blz> ikonia, two of them
<ikonia> hardly seems worth it
<blz> ikonia, well it was mostly to do something with the extra space
<ikonia> blz: how big is your boot disk ?
<blz> ikonia, I'm trying to boot from a 3-disk RAID5
<ikonia> just put swap on an lv
<ikonia> how big is the physical disk ?
<blz> 3x 3TB
<ikonia> so they are gpt partitions
<sarnold> .. and yet, 256M swaps are 16 times larger than the first swap partitions I had..
<blz> ikonia, yes
<ikonia> is the motherboard using uefi ?
<blz> sarnold, crazy isn't it?
<hushnowquietnow> Quick question for you fine ubuntans
<sarnold> blz: yeah :)
<blz> ikonia, no, BIOS
<ikonia> blz: how is your raid setup, mdadm ? fake raid ? hardware raid ?
<blz> sarnold, my first gen iPod video has more RAM than my mother's PC
<hushnowquietnow> I've got an Apache process that's eating up loads of cpu and memory.  How can I figure out which of my vhosts is causing the problem?
<blz> ikonia, software
<ikonia> blz: mdadm ?
<sarnold> blz: haha, nice
<blz> ikonia, i assume so?
<blz> ikonia, I just went through the partition manager in the ubuntu server installer
<ikonia> blz: the ubuntu installer is creating the raid ?
<ikonia> ok, so mdadm
<blz> and selected "physical volume for raid" and whatnot
<blz> ikonia, yeah
<ikonia> blz: so here is my suggestion
<blz> ikonia, I'm all ears =)
<sarnold> hushnowquietnow: my first thoght is that the vhost that is causing the problems is likely the most active vhost -- can you check logs to get a feeling for which one is most active?
<ikonia> blz: make a 300mb partition on each disk, sda1, sdb1, sdc1 - put it in raid 1 + 1 spare create 1 partition on the other disks filling the whole disk sda2, sdb2, sc2 - raid them in raid 5, put that only (not the sda1/b1/c1 mirror) under lvm control
<ikonia> blz: make the mirror /boot - write the grub to the mbr of your boot disk (probably sda)
<ikonia> I suspect you'll be fine
<blz> ikonia, OK,  let me say it all back to you to make sure I get it...
<blz> ikonia, step 1)  create small partition on all drives, RAID1 it (with one spare drive)
<ikonia> tick
<blz> ikonia, do I make a /boot on top of that raid?
<hushnowquietnow> sarnold: That's a pretty straightforward way to go
<blz> or no?
<ikonia> blz: so the mirror + space = /boot
<ikonia> blz: yes
<ikonia> + spare
<ikonia> not space
<blz> ok cool
<blz> right right
<hushnowquietnow> I was hoping there'd be some sort of command I can feed the pid into and get more info on it though
<maxb> ikonia's method should work, but I still prefer the bios_grub method - it seems less complicated to not have to set up a separate /boot with a different raid level
<blz> step 2:  make a partition using the remaining space on all three drives.  RAID5 that.  LVM on top of that.  install as usual
<blz> step 3:  GRUB2 to /dev/sda
<ikonia> maxb: I don't disagree
<sarnold> hushnowquietnow: well now, you say that.. maybe there is a way to read the apache scoreboard
<ikonia> blz: you got it
<blz> ikonia, cool
<blz> perfect
<blz> maxb, ikonia so i shoudl go with that?  Or should i do the bios_grub approach?
<blz> ikonia, more exactly, why do you recommend this as opposed to maxb's suggestion?
<sarnold> hushnowquietnow: ooh, investigate how this works: http://www.apache.org/server-status
<sarnold> hushnowquietnow: that might do it :)
<ikonia> blz: it's hard to be %100 clear on this, I prefer my approach because I use it, maxb's is correct there is nothing wrong with his approach at all
<blz> ikonia, haha ok, except that i'm not sure I understand how to do his
<hushnowquietnow> sarnold: just might!  Thanks! :)
<blz> oh well.  I'll just try yours, ikonia.  At least I'm clear on what needs to be done =)
<maxb> So I've started the ubuntu server .iso in a VM. Does it even *have* a graphical installer?
<ikonia> maxb: all ncurses based I thought
<maxb> That's what I thought too, but blz was talking about a graphical partitioner
<hushnowquietnow> sarnold: `apachectl fullstatus` looks to be what I want!
<parallel21> maxb: Why do you want a graphical installer?
<maxb> I don't. But blz was asking if it was possible to create a bios_grub partition in it
<sarnold> hushnowquietnow: nice, thanks! :)
<ikonia> maxb: that's half the reason I was sceptical, I'm not sure how the installer would deal with it
<parallel21> maxb: should do it automagically I think. Just curious, is there a difference between a grub partition and a bios_grub partition?
<parallel21> maxb: sorry... I just caught up to the conversation. Disregard
#ubuntu-server 2014-01-17
<blz> maxb, when you say "graphical installer" are you referring to ubiquity?
<blz> maxb, becaues I have a curses/console installer here
<maxb> Oh, I see. I thought you were using the ubiquity partitioner
<blz> maxb, haha nope.  Just the white-text-on-purple one
<blz> ikonia, maxb  if you're still around, I'm getting that same error again
<blz> despite having created the RAID1 + 1 /boot partition
<brightbeat> anyone in here?
<holstein> brightbeat: many are here.. ask if you have a question
<brightbeat>  Hey ALL]
<brightbeat> I followed this guide https://help.ubuntu.com/12.04/serverguide/automatic-updates.html , but I don't have /etc/apt/apt.conf.d/10periodic that file. Can someone help?
<brightbeat> I'm on Ubuntu 12.04
<holstein> i know i dont like automatic updates.. but, asuming you are runing the same version, and you know how to remove that file if things go wrong, you can just put one in placce and test
<brightbeat> holstein: you didn't understand me, after installing that package, I didn't have that file. How will I make automatic updates work, without it?
<holstein> brightbeat: put it there
<brightbeat> holstein: why the hell it's not there?
<holstein> brightbeat: as long as you have the same version as mentioned in the guide, and you know how to remove it, if it breaks something
<brightbeat> holstein: yes, the version is the same, maybe it's a typo in the manual? they just copied from the previous version and something has changed in this one?
<holstein> brightbeat: or, maybe you just need to put it in place
<brightbeat> holstein: have you read the link I posted you? it says it should be there
<holstein> brightbeat: ok.. well, you say its not. have you tried making it? and testing with the one you make?
<holstein> what *is* there?
<brightbeat> holstein: files except that file
<holstein> ah.. good ol files.. well, you should try putting that one im place and test
<brightbeat> are there any ppl in here who make Ubuntu Server 12.04?
<holstein> https://help.ubuntu.com/community/AutomaticSecurityUpdates is what i referred to to disable auto-updates
<brightbeat> holstein: thanks, that may actually help
<brightbeat> I didn't run that command to enable it
<holstein> brightbeat: i didnt either
<holstein> brightbeat: i did it during the install.. and i'll never do it again, so its not a problem or concern anymore
<brightbeat> holstein: so you don't like automatic updates, why?
<holstein> brightbeat: like? i mean, i dont feel like or dislike.. im just not interested in them running automatically. best case, an auto update doesnt break anything. why bother with the risk? why not just do it when im ready.. also on my schedule
<brightbeat> holstein: cause I'm talkin about a server edition here and why would I login everyday just to do those updates or leave my server at risk without updating from time to time?
<holstein> brightbeat: im talking about serer edition as well.. i choose to see the updates, and read them, and know whats happening, and what might break.. and read about whatever i want in preperation. i would rather that than find out an auto update had broken something
<brightbeat> holstein: what can break there? I'm using almost all the default software
<holstein> brightbeat: do what you like, friend.. im not trying to convince you of anything, nor state one is better
<holstein> brightbeat: literally anything can break
<brightbeat> holstein: how would they push those updates without testing?
<holstein> brightbeat: they do.. but they dont have your specific hardware
<holstein> a kernel upate could change the game on any hardware.. support for a hard drive controller.. whatever
<holstein> again, i just choose not to be surprised is all.. do what you like.. the guide above should help you enable auto updates
<brightbeat> holstein: I don't think that I should be concerned about it
<brightbeat> the hardware is good at my hosting
<holstein> brightbeat: i know you should.. but you can choose to do what you like
<brightbeat> holstein: this is not a rocket science, live easily
<holstein> brightbeat: as i said, i'll do as i please, and you can as well.. i consider not being surprised by updates easy living ;)
<brightbeat> the earth will not stop spinning around if you server goes down after automatic updates
<brightbeat> ;)
<holstein> brightbeat: you mean, if yours does
<brightbeat> I don't think that mine will do ;), that's why I'm activating it
<brightbeat> holstein: that's the issue I"m having now http://askubuntu.com/questions/263692/unattended-upgrades-not-running-etc-cron-daily-apt-missing
<brightbeat> holstein: cron file is missing
<brightbeat> guys can anyone help with this https://answers.launchpad.net/ubuntu/+source/unattended-upgrades/+question/218052 ? The file is actually missing and it's still not solved
<brightbeat> in ubuntu 12.04 server edition
<holstein> what hosted VPS? could be its not really ubuntu
<brightbeat> holstein: no it's ubuntu, I checked the packages manually and there is really no that file. I don't know at all, what's happening
<KI7MT> brightbeat, have you tries re-installing unattended-upgrades .. or dpkg-reconfigure --plow unattedned-upgrades
<brightbeat> KI7MT: I JUST installed it. there is no such file in the package! I did dpkg-reconfigure
<KI7MT> brightbeat, So your issue is that the daily ../apt cron is not bing installed with unattended-upgrades, not that unattended is not working yes?
<brightbeat> KI7MT: right. I"m not sure if it's working yet, I just installed it
<KI7MT> Ok, let me have a look around on that one.
<KI7MT> Well, I dont see why it's not there .. Action recommended extractign the .deb .. thats one way to get around this.
<KI7MT> 50unattended-upgrades is in the .deb .. under /etc/apt/apt.conf.d
<brightbeat> KI7MT: I know where 50unattended-upgrades is
<KI7MT> brightbeat, Do you ahve apt-security-updates in cron daily?
<brightbeat> KI7MT: I'm asking about where /etc/cron.daily/apt is? cause it's actually missing
<brightbeat> KI7MT: none of them
<KI7MT> I know what your asking ..
<KI7MT> My recommendation, looking at using cron-apt I'll get you a link shortly.
<KI7MT> *look at ..
<KI7MT> First, have a read of this: https://help.ubuntu.com/12.04/serverguide/automatic-updates.html
<KI7MT> Then see cron-apt method: https://help.ubuntu.com/12.04/serverguide/automatic-updates.html
<KI7MT> brightbeat, Sorry the second link should have been this: https://help.ubuntu.com/community/AutoWeeklyUpdateHowTo
<brightbeat> KI7MT: thanks, but I prefer to stay with  unattended-upgrades
<brightbeat> KI7MT: I wanna know why it's not working
<KI7MT> I don't know why it's not working on your system, but that's solution that will work, your choice.
<brightbeat> KI7MT: it's not working on all systems I believe, because I have a default install
<KI7MT> brightbeat, I just check 3 different 12.04 servers, all three have the apt file under /etc/cron.daily/ .. so I don't know why it's not being installed for you.
<KI7MT> if you want the file I can patebinit for you.
<KI7MT> http://paste.ubuntu.com/6766492/
<brightbeat> KI7MT: thank you
<brightbeat> KI7MT: if you say it exists on other servers, I need to dig deeper into it.
<KI7MT> I would say, yes, something is not right, as there is nothing special I've done with the server install, standard 12.04.3 server ISO
<brightbeat> KI7MT: that's very weird, I have everything default installed, I didn't touch much at all
<KI7MT> Who did the install ?
<KI7MT> If you did it, there's a section in the installer that asks about this specifically, but installing the package after should also resolve this.
<brightbeat> KI7MT: I installed it myself after, have you had it preinstalled? maybe that's the problem
<brightbeat> KI7MT: I'm on media temple, they used their own ISO I believe, but I don't think they modified it like that
<KI7MT> I would think they would re-master it, that's allot of work, but you should ask them what's they've done just to be sure.
<KI7MT> *would not think .. ..
<brightbeat> KI7MT: yea, I will ask them. I doubt they changed something like that
<KI7MT> I would not think so .. but  ya never know.
<brightbeat> KI7MT: what's the point do you think for them changing something like that?
<KI7MT> No idea, maybe they set it to No when the did the initial install, then forgot to turn it back on during their build mods, but who knows.
<brightbeat> KI7MT: when I install new software, it installs from ubuntu servers only
<brightbeat> KI7MT: did you have that option preinstalled when you build your OS on your servers?
<KI7MT> No, the default for Auto-Updates is to ask the user if they want to enable it or not.
<KI7MT> If you want it enables, there's two options you can select, I don't recall off the top of my head what the specifics of those two options are.
<KI7MT> Here's a step by step, w/Pics.
<KI7MT> http://askubuntu.com/questions/340965/how-do-i-install-ubuntu-server-13-04-step-by-step
<KI7MT> while that is 13.04 .. it's virtually the same steps.
<dodgerblue> hello guys! not sure if this is a debian specific question or whether it goes for ubuntu as well, but: do you have any idea where I can get the qemu-user-static package sources?
<Rar9> hi need some help.. for Ubunut 12.04 lts ... my tomcat7 is not autostarting... I can only start manually. and hint?
<Rar9> anyone?
<Swahili> Hi!
<Swahili> Q: I'm going to buy some new hardware to assemble a new computer. I'd like to use RAID1 (software). From what I can remember, I've got the option once installing Ubuntu, is this correct ? Thanks!
<rbasak> Swahili: the Ubuntu Server installer gives you the option of configuration software RAID-1, if that's what you're asking.
<Swahili> rbasak: yes! thanks for looking!
<rbasak> gives you the option of configuring RAID-1.
<Swahili> I'm thinking about having Samba for File Server, so I want 2x 2TB HDD (Raid1)
<rbasak> Make sure to arrange backups.
<Swahili> Then for O/S I'd like to have maybe 2x 256 SSD (Raid1) ? This makes sense?
<Swahili> Is that easy to setup ?
<rbasak> For a file server? I don't think having SSD disks for the OS will help much. Everything that is commonly used will fit in cache easily.
<Swahili> rbasak: oh ok!
<Swahili> so, 2x 2TB HDD (Raid1). Should be Enough
<rbasak> I have 2x3TB disks (I think) and just have a separate RAID-1 partition for the OS.
<rbasak> Note that 3TB is a bit more awkward as you must use GPT.
<Swahili> GPT, never heard about it.
<Swahili> So, if I use 2TB I should be fine ?
<rbasak> I believe so, yes.
<Swahili> rbasak: when you say awkward you mean difficult to setup ?
<rbasak> Yes, potentially. But perhaps the installer deals with it automatically. I don't know.
<jamespage> zul, https://www.redhat.com/archives/libvir-list/2013-December/msg00645.html
<jamespage> zul, would we hold that as a patch in our libvirt? wido thinks it will get upstream
<zul> jamespage:  lemme check
<zul> jamespage:  possibly yeah we can carry it i think
<zul> hallyn:  ^^^
<zul> jamespage:  we should be able to drop a whole bunch of patches in openstack soon
<jamespage> zul, what's bumping upstream to catchup?
<jamespage> sqlalchm?
<zul> sqlachemy
 * jamespage does a cartwheel
<jamespage> w00t
<zul> jamespage:  ill re-activate the webob one today i totally forgot about it
<zul> jamespage:  i broke the concurrency stuff on neutron though :(
<jamespage> zul, for tests?
<zul> yep
<hallyn> zul: our rbd is new enough?
<zul> hallyn:  i think so...jamespage is the ceph master
<jamespage> hallyn, it is
<hallyn> k
<zul> hallyn:  i dont have a problem if we cary it, it means i just have to restart my libvirt fixing for the CA
<hallyn> the CA?
<zul> jamespage:  lemme just finish what im doing here and ill pop it to the top of my list
<zul> hallyn:  cloud archive
<hallyn> oh.
<zul> Daviey:  ping looking for something to do?
<phillw> hi, do we expect the bug that does not use the 3.13 kernel as a an upgrade from 12.04 LTS?
<phillw> s/ expect/ expect a fix to /
<ikonia> what bug ?
<Daviey> zul: hola
<zul> Daviey:  mind reviewing ironic, its in binary-new (when you get a chance)
<Joe_knock> Hello. Does anyone use exim4 here? I am trying to find an email address for someone that has tried to access my online web tool
<Daviey> zul: binary or source new?
<zul> source new
<yolanda> jamespage: https://code.launchpad.net/~yolanda.robla/charms/precise/rabbitmq-server/ha/+merge/202116
<yolanda> works much better now
<soahccc> Hmm is there something special about /root or why can't I access a folder inside which I own?
<ikonia> soahccc: you shouldn't own files in /root
<ikonia> root owns files in /root
<Joe_knock> okay doesn't matter, my app seems to have a log of activities. thanks everyone.
<soahccc> ikonia: I just want to access files in one folder, read would be enough. But chmod doesn't work either
<soahccc> I think I just move the whole thing out of there then
<ikonia> soahccc: why are you trying to access files in /root - there is nothing in there for you, it's for root
<soahccc> ikonia: I started a VM which is in there and I want to access the captured PNGs via sftp
<ikonia> soahccc: you started a vm which is in "there " ? and you want access to png's via sftp ???
<ikonia> that just seems like 3 different random requests
<hXm> hello, I want to install roundcube In my server and use my own server as smtp&imap server, I followed many tutorials and I always get lost at any point
<soahccc> ikonia: I have a VM in /root (I think I just put this somewhere else) and captured screen are getting saved inside the VM's directory. SFTP is of course permitted for root
<hXm> exists a simplified and basic site where I can follow step by step and debug where is my problem?
<soahccc> ikonia: err I mean not permitted
<ikonia> soahccc: ok, lets step back
<ikonia> soahccc: what virtualization are you using ?
<Daviey> zul: done.
<zul> Daviey: geez that was quick thanks!
<soahccc> ikonia: vmware player but it's okay. I was just curious why I couldn't access the directory
<ikonia> you can't access /root as it's for use by the root user
<soahccc> ikonia: So this is a special case? Because I generally can e.g. chmod a single directory in someones /home directory. Then I can cd into only this directory but nothing else
<ikonia> soahccc: you can chmod /root sure
<soahccc> ikonia: I have it /opt now. /opt/vmware has 0700 owned by root. /opt/vmware/foo/screens has 0777. I can cd into it with non-root user. The same doesn't work in /root
<ikonia> soahccc: what is the permissions on /root
<ikonia> soahccc: show me ls -la /root
<soahccc> drwx------ 10 root root  4096 Jan 17 16:23 .
<soahccc> 0700 the same, that's why I thought there would be some special restriction for /root
<zul> hallyn:  do you have anything for libvirt?
<hallyn> zul: nope
<hallyn> well lemme check over here
<hallyn> zul: nope.
<zul> hallyn:  cool thanks
<ikonia> soahccc: are yo kidding ??
<ikonia> soahccc: 700 - that is "only owner" access, the owner is root
<ikonia> soahccc: how do you expect anyone other than root to access it ?
<soahccc> ikonia: for that directory but it normally does not apply for subdirectories with different permissions
<jamespage> yolanda, testing now
<ikonia> soahccc: to be able to see/use subdirectories, the parent directory must have access
<soahccc> ikonia: Like I have it in /opt now... Parent directory has 0700 but I can access subdirectory nevertheless
<ikonia> soahccc: you can't lock /root, but be expecting to access /root/vm
<ikonia> soahccc: ls -la /opt
<soahccc> ikonia: hmm okay I'm able to still list files if I'm already in there but you're right I can't actually enter it :(
<yolanda> ok
<WinstonSmith> hi #sed :). i have lines like "(23:22:04) [0x993fc60] [rb_metadata_dbus_load] rb-metadata-dbus-service.c:74: loading metadata from file:///home/true/Music/soundz/elena/music/mp3/Nirvana/The%20Demo%20Tapes/desktop.ini". i am trying to extract th file path from that. i tried "'s/.*:\/\/(.*)/\1/g'". could somebody please explain what i am doing wrong? i though what i have means: "any char, repea
<WinstonSmith> ted 0 or more times, a colon, 2 slashes. then capture all the rest"
<Swahili> Hi
<Swahili> Q: Does Ubuntu Server support more then 8gb of memory ? Thanks
<jamespage> yolanda, looking at the logs we probably want to limit the unison sync to passwd files only
<jamespage> lots of write errors being ignored
<WinstonSmith> erm sorry wrong chan
<jrwren> Swahili: yes.
<yolanda> yes, i think it tries to do it at every try
<jrwren> Swahili: this is not windows server. linux doesn't put artificial limits in place.
<Swahili> jrwren: thanks for looking :)
<Swahili> Is it safe, as in old software will work, with ubuntu 12.04 LTS 64 Bits ?
<Swahili> not sure what to install, 32 vs 64
<jrwren> Swahili: ubuntu has good support for running 32bit on 64bit too. If you have binary only software, you should consult with that vendor.
<Swahili> jrwren: I will :)
<Swahili> Thank you!
<Daviey> jrwren: try running 32bit kernel with >16GB of RAM. :)
<roaksoax> Daviey: woulnd't that only recognize 4gb?
<Daviey> roaksoax: not the with PAE kernel
<Daviey> roaksoax: With loadsa RAM 32bit just runs dog slow.  As in, unusable.
<Swahili> When people say, something like: I'll have 2x 2TB for data storage and 2x 500GB for Operating system. Where can I learn to do that ?
<roaksoax> Daviey: interesting! I thought it wouldn't even recognize that amount of ram
<Daviey> bug 962992
<uvirtbot> Launchpad bug 962992 in linux "OOM when using a large amount of RAM, on i386/smp, when high disk IO" [High,Expired] https://launchpad.net/bugs/962992
<Daviey> roaksoax: the photo is from the g-maas racks.
<roaksoax> Daviey: fun fun!
<jrwren> roaksoax: see the PAE wikipedia page. intel has support >4GB on 32bit for 10+yrs
<patdk-wk> the issue with 32bit isn't how much ram you can have (unless your running windows), it's about how much ram a single program can have
<jrwren> patdk-wk: exactly.
<zul> jamespage:  btw i applied the patch you wanted
<jamespage> zul, thanks
<patdk-wk> so 32bit mysql server with 32gigs of ram, is pointless :)
<patdk-wk> but a webserver, it would be ok
<hitsujiTMO> patdk-wk: running any kind of server with 32gigs in 32bit would be rather silly to be honest. You loose out in a lot of processing speed from dropping from a 64bit processor
<patdk-wk> hitsujiTMO, who said you had a 64bit cpu?
<patdk-wk> there are lots of 32bit cpu's that you can load in more than 4gigs ram, I've been doing that since around 2000
<hitsujiTMO> patdk-wk: then it might be cheaper to just buy a newer server. I'm sure 64bit cpu with the equivalent speed of that 32bit processor would be consuming enough power that the reduction in power usage costs alone would cover the cost of the new server
<patdk-wk> well, tell him to do that
<patdk-wk> dunno why your telling me
<hitsujiTMO> ahh, sorry, thought you were the OP from what i have on my screen
<jamespage> rbasak, I'm almost at the point where I can upload 5.5.35+dfsg of mysql-5.5. to debian unstable - enabling an easier merge ...
<rbasak> jamespage: cool. I'm still working on php5 - bug 1244343. Haven't got to mysql at all y et.
<uvirtbot> Launchpad bug 1244343 in php5 "Regression in system fallback for date_default_timezone_get()" [High,Triaged] https://launchpad.net/bugs/1244343
<jamespage> rbasak, thats fine
<jamespage> when you get there I don't think it will be that hard tbh
<rbasak> Well, I figure out what's wrong at least. Part of the patch has gone missing - presumably it no longer applies cleanly. I'll see what I can to do to merge it on Monday.
<embiopterid> hello, I'm using ubuntu server in a libvirt vm with file system passthrough (plan 9 net).  I have disabled file system checking in fstab (last column zero) but fsck still tries to check the file system on boot, which fails.  I then must skip mounting, login, mount it at boot (which succeeds) and restart services depending on it.  Any Ideas?
<embiopterid> I have a standard ubuntu running as a vm and it does not have this problem.
<sarnold> same with firefox: https://plus.google.com/+JorgeCastro/posts/UHzs9Vg5tyK
<sarnold> sigh echan
<sprocket888> I have a dumb question.....I have set up an Ubuntu Server on some hardware the way I need it. I want to image this and store it for later deployments. The problem is the sda block device  is like 250GB and / is like 40GB. Only about 5GB of actual data is on there. I am thinking the best way to image is dd piped to a compression tool like pbzip is there a better way so that I don't have an image that is 250GB to store?
<patdk-wk> sprocket888, resize2fs
<patdk-wk> make it as small as possible
<patdk-wk> make image
<patdk-wk> then when you extract it next time, just resize2fs again to make it large
<sprocket888> nice I will look into that thx patdk-wk
<embiopterid> ok, I'm running a ubuntu server through libvirt and it fails to mount a file system pass through in ubuntu server on boot but not in ubuntu desktop.  The mount succeeds after boot.  It says mount is missing a helper application, but I'm pretty sure there isn't one at this time.  The fstab lines are identical except for the mount points.  I tried installing the images for virtualization but that did nothing.  What am I doing w
<embiopterid> rong?
<keithzg> Arghhh, trying to write a quick bash script to spit out a MySQL selection, but whomever created this database decided it would be a good idea to give one of the columns a name that included both a forward slash and a space :(
<sarnold> embiopterid: libvirt and qemu run under apparmor confinement; I wonder if your policies need to be extended? Check /var/log/syslog or dmesg output or /var/log/audit/audit.log for DENIED messages from AppArmor
<keithzg> Okay, I guess I can just use backticks and then escape the backticks from bash. Not hard, but I still shake my fist at whomever created that column.
<embiopterid> sarnold: thanks, but I'm actually using fedora as the host right now.  Also, apparmor shouldn't effect the inside of the virtual machine, and ubuntu-desktop works fine.  I've disabled selinux because it was a pain, but once I get all this stuff set up I might try re-enabling it.
<sarnold> embiopterid: I don't know how the filesystem passthrough works, but if it does what I think it does, I think AppArmor or SELinux could be configured on the host to prevent them from working inside the guest..
<embiopterid> Sarnold: I've completely disabled selinux for now, so it shouldn't.  I do see a difference in the dmesg output.  I'll throw it up on pastebin in a sec.
<sarnold> embiopterid: oh cool :)
<embiopterid> http://pastebin.com/6kqUMYeG
<embiopterid> I didn't put it all up there cuz I'm sure its not all relevant.
<embiopterid> well crap, guess that seems obvious.  The 9p modules are not in the initramfs! (I just unpacked it).  The modules are acturally listed in /etc/modules and are loaded at boot.  How do I force update-initramfs to include them, or do I have to make a custom image?
<sarnold> embiopterid: hrm, I'm surprised your filesystem is being mounted that early..
<embiopterid> guess I had put them in /etc/initramfs-tools/modules on the ubuntu-desktop-vm and forgot :/ Well, at least I wont forget again.
<embiopterid> sarnold: thanks for your help.  I feel sheepish.
<sarnold> embiopterid: thanks for reporting back :) it's always nice to know what helps
<sarnold> embiopterid: have fun! :)
<embiopterid> sarnold: np, thanks.  It kinda seems like update-initramfs should somehow include modules from /etc/modules in the initrd, but heck, I'm no dev ;)
<sarnold> embiopterid: yeah, that'd sure sound plausible; I hope the division is worth it to someone somewhere if it's going to cause this kind of confusion for the rest of us..
<embiopterid> ya, it took me a while to figure it out the first time.  I can't believe I forgot.  I wish there was a way to log al the admin stuff I do cuz this aint the first time.
<sarnold> hehe, yeah; on a previous system I had a ~/notes file that was several hundred lines long..
<embiopterid> I think there probly is a way to log all activity without just using "history", I saw a .bashrc hack like that once.  It just never seems important until this happens.
<sarnold> oh jeeze that'd be nearing embarassment to see all the "cd .. ; ls ; cd foo ; ls ; cd .. ; " I wind up doing..
<embiopterid> Ya, well its just for you.  Mine would be filled with typos and forgotten commands ;)
<sarnold> hehe :)
<embiopterid> Oh, here we go http://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server
<embiopterid> Think I'll probly do that in a sec.
<sarnold> embiopterid: another thing to look into is the auditd pam tty logging. Checking that out has been on my todo list for a few years..
<embiopterid> k. I will
<hallyn> ahs3: hi, are you around?  would you be able to help push http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734633 ?
<uvirtbot> Debian bug 734633 in libcap2 "Merge upstream 2.24" [Normal,Open]
#ubuntu-server 2014-01-18
<rostam> HI I am using 12.04 LTS there is no /etc/apt/apt.conf, ??
<jkitchen> make one
<jkitchen> or use apt.conf.d
<sarnold> rostam: feel free to put what you need into one, or a file under /etc/apt/apt.conf.d/
<rostam> This is for apt-cacher-ng configuration ..
<sarnold> rostam: yikes
<rostam> sarnold,  why?
<sarnold> rostam: https://bugs.launchpad.net/ubuntu/+source/apt-cacher-ng/+bug/1234946
<uvirtbot> Launchpad bug 1234946 in apt-cacher-ng ""Size mismatch" caused by writing wrong data" [Undecided,Confirmed]
<sarnold> rostam: strongly recommend you use squid-deb-proxy instead
<sarnold> (it's faster, too :)
<rostam> sarnold,  thank you  so much I will use that then
<sarnold> have fun :)
<embiopterid> sarnold: jeeze I was about to use apt-cacher, cuz I have 3 ubuntu vms and 3 debian vms just right now, and I'm sure I'm not the only one annoyed by the waste of bandwidth.  Thx dude.
<sarnold> embiopterid: amen; I've got piles of VMs and schroots for building packages; having a local cache or local archive mirror is the only way I can get things done, so when apt-cacher-ng suddenly stopped working for me, it was -miserable-
<sarnold> embiopterid: .. and you can guess how horrible it was to figure out that a cache that had worked fine for three or four releases was suddenly corrupting files.. *sigh* oh well, squid-deb-proxy works better, and though I miss the awesome apt-cacher-ng stats page, squid Just Works. So hooray. :)
<embiopterid> I guess I'll just throw that in another vm so I don't have to reconfigure anything that's working already.  I usually try do do it that way, but I just set this thing up.  Some of this new hardware has some serious issues, what a pain.  I'm still waiting for the kernel dev team to get iommu working along with my stupid marvel sata card and my dual pcie dual-port ethernet card but at least I'm not having spontaneos reboots any
<embiopterid> more.  I'f it wasn't mine I'd just scrap it and start over with new hardware but I'm cheap and don't have that kind of money :\
<SiliconG> Hello all -
<SiliconG> I am trying to build php5.4.23
<SiliconG> and I am getting a really strange error I dont understand
<SiliconG> collect2: ld returned 1 exit status
<SiliconG> make: *** [libphp5.la] Error 1
<SiliconG> any of you seen this?
<SiliconG> here is the complete error
<SiliconG> http://pastebin.com/jXWgZ1bz
<cfhowlett> !php
<ubottu> PHP is an HTML-embedded scripting language. A command-line only version can be installed in Ubuntu with the "php5-cli" package. See also !lamp for integrated server PHP. The Ubuntu server PHP5 guide is found at https://help.ubuntu.com/12.04/serverguide/C/php5.html
<misterjinx> hello, has this happened to anyone before http://serverfault.com/q/568125/39795 ? I don't know what to do to solve the problem.
<TJ-> misterjinx: Obviously you need to find out if the "Broken" entries in the upgrade-log are current or historic, and if they are current, to look at a specimen package from that log and see what its installed version is, and what the current Ubuntu archive version is (see packages.ubuntu.com) to identify if that system is behind the times or otherwise confused
<misterjinx> TJ-: I tried to update some of the packages from there but on each one I get that it is up to date, that it is already the newest version
<misterjinx> what means that the system is confused ? what can I do to "fix" it ?
<TJ-> OK.... so is that log file a result of the latest "do-release-upgrade" - when it is attempting to go from 12.10 to 13.04 ?
<misterjinx> yes
<TJ-> Have you checked you have the latest version of "do-release-upgrade", which is in the package "ubuntu-release-upgrader-core"
<misterjinx> I checked now, it tells me it is already the newest version
<TJ-> OK.. so when you run "sudo do-release-upgrade" what does it say it is going to do? because the 2 screenshots you've posted show it trying to fetch package lists for both raring and quantal? if it does that then you've got some out-of-date entries in the APT sources lists
<TJ-> if do-release-upgrade breaks it can sometimes have replaced the "current" release name with the "target" release name in the sources lists, and you have to manually edit those back to the current release name
<misterjinx> in the sources.lst there are four entries that specify the release name "quantal"
<TJ-> OK ... how about in /etc/apt/sources.list.d/*
<hXm> hi
<hXm> what is the best (or easier configure) imap server?
<misterjinx> TJ-: to answer your first question, when I run do-release-upgrade it starts with "Checking for a new Ubuntu release; Get:1 Upgrade tool signature; Get2: Upgrade tool; Fetched ...; authenticate 'raring.tar.gz' against 'raring.tar.gz.gpg'; extracting 'raring.tar.gz' and then it switches to a new screen when it starts to fetch repositories and so on
<misterjinx> TJ-: and inside /etc/apt/sources.list.d/ there are 2 files: izx-ovz-libc-precise.list and izx-ovz-libc-precise.list.distUpgrade
<TJ-> OK, that looks good then... it doesn't look like it is too confused!
<misterjinx> inside first file there are two lines: 'deb http://ppa.launchpad.net/izx/ovz-libc/ubuntu precise main # disabled on upgrade to quantal
<misterjinx> and deb-src http://ppa.launchpad.net/izx/ovz-libc/ubuntu precise main # disabled on upgrade to quantal
<misterjinx> I think they have to do with OpenVZ
<misterjinx> and libc6 (I read something about it on the web)
<misterjinx> to mention that after the first upgrade (from 12.04 to 12.10) these lines were commented
<TJ-> misterjinx: Check that "izx-ovz-libc-precise.list" make sure any "deb" lines are commented out.... That "ovz" suggests to me that the VPS is a Virtuosso/OpenVZ based system... and I'd hazard a guess your ISP has its own custom Ubuntu repositories, and is somehow interfering with the HTTP fetch to the ubuntu servers, possibly using a transparent proxy
<misterjinx> TJ-: after I did the first upgrade, indeed, the deb lines were commented out
<misterjinx> but I uncommented them thinking that perhas that was the problem
<TJ-> misterjinx: Well, those references in that file to "precise" are wrong for starters, so they ought to be disabled
<misterjinx> turned out that even I uncommented them the upgrade still fails
<misterjinx> ok, I will disable them again
<misterjinx> TJ-: thanks for your time, btw
<TJ-> That system does have full Internet access doesn't it? If so, rerun do-release-upgrade and capture its output to a pastebin so we can read it
<misterjinx> when I ping google.com, for instance, I receive back responses. I'll try to capture the output, but don't know if I will be able to catch it all since it is kinda long
<TJ-> Redirect it to a log-file "do-release-upgrade 2>&1 | tee /tmp/dru-01.log"
<misterjinx> ok, in a minute
<misterjinx> TJ-: I cannot capture the correct output. when I run the do-release-upgrade command it outputs four lines (http://pastebin.com/fQrz5Uad) and then switches to another screen, whos output I cannot capture; to get back to the command line I have to press 'x' when the upgrade finishes (in order to detach the window)
<misterjinx> and that output is lost :(
<TJ-> I'll fix yours... if you can fix mine ... 2 runs of md5sum on the same 1TB backup gave different results :O
<TJ-> Grrrr... OK, we'll have to look at the log-file d-r-u created in /var/log/dist-upgrade/
<misterjinx> in a minute, I have there a file screnlog.0 that has the output
<TJ-> misterjinx: OK :)
<misterjinx> TJ-: here it is, sorry for waiting http://pastebin.com/BR7pB1JA
<TJ-> misterjinx: "E:Unable to correct problems, you have held broken packages"
<TJ-> misterjinx: So what does "apt-get -f install" say/do ?
<misterjinx> TJ-: apt-get -f install doesn't do anything: '0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded'
<TJ-> misterjinx: how about "apt-get dist-upgrade" ?
<misterjinx> TJ-: the response is the same
<TJ-> misterjinx: take a look in /var/log/dist-upgrade/  in case there are more detailed logs available
<TJ-> misterjinx: it has got itself confused somehow
<misterjinx> TJ-: now I was thinkinh, could this problem be related to some dhcp6client (or something like that) package ? I remember that during the first upgrade this was the only package that asked me something, the interface to use, and I left the field blank (didn't know the interface). I think it disabled something because of this. could this be causing the upgrade error by any chance ?
<TJ-> misterjinx: If there were any package issues, apt-get should show them
<misterjinx> yes, you're right
<misterjinx> TJ-: well, unfortunately I don't know if there is a solution to my problem. I now see myself forced to reinstall the machine :(. thanks again for your support
<TJ-> misterjinx: the only time I've seen something like this is when there is a local (network) cache or proxy repository held by the ISP where the packages aren't the versions in the Ubuntu archives.
<misterjinx> could be, don't knnw exactly
<misterjinx> *know
<ExoFlame> hello
<xnc> can someone help me a little with ssl on apache2
<bekks> xnc: That depends on your problem.
<xnc> i have installed ssl and trying to make it work on my webpage
<bekks> "installed ssl" - what exactly does that mean?
<xnc> made certificate and using ssl on apache2
<xnc> on port 443
<xnc> but its not encrypted
<xnc> i have also configured enabled page in apache2/sites-enabled
<xnc> to use ssl
<xnc> as domain im using ip
<xnc> seems like its running ok but it yet doesnt use ssl its something thats missing
<xnc> [Sat Jan 18 10:29:22.802313 2014] [ssl:warn] [pid 7011:tid 140247411410816] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
<xnc> [Sat Jan 18 10:29:22.918665 2014] [ssl:warn] [pid 7012:tid 140247411410816] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
<xnc> [Sat Jan 18 10:29:22.922304 2014] [mpm_event:notice] [pid 7012:tid 140247411410816] AH00489: Apache/2.4.6 (Ubuntu) OpenSSL/1.0.1e configured -- resuming normal operations
<xnc> [Sat Jan 18 10:29:22.922507 2014] [core:notice] [pid 7012:tid 140247411410816] AH00094: Command line: '/usr/sbin/apache2'
<bekks> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<TJ-> xnc "BasicConstraints: CA == TRUE !?" ... says you've installed a CA cert, not a server cert
<xnc> hm
<xnc> what's the difference?
<TJ-> xnc: To test a TLS/SSL connection, use "openssl s_client -connect host:port"
<xnc> did it
<xnc> what should i look for
<TJ-> xnc: you need to do some basic research if you don't know that, for your own safety. CAs are root authorities.
<xnc> but im trying to learn:P
<TJ-> xnc: "s_client" will give you details of the connection and the certificate(s) being presented by the server
<xnc> okey
<TJ-> xnc: see http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html
<xnc> seems like it a well informed page
<xnc> but i cant just read all the time
<xnc> but thanks man
<xnc> for the help
<Diegonat> hello guys... I have a problem with my email server. I hope you can help me. Whenever I try to send an email trough my email server to a gmail account I receive this error message: The IP you're using to send mail is not
<Diegonat>     authorized to 550-5.7.1 send email directly to our servers.     <-- However, I think that my dns config is fine. What can I do to fix it?? Can you help me?
<TJ-> Diegonat: check with Google, it is their server refusing the connection
<Diegonat> TJ i dont know how
<LongCatTH> I upgraded kernel from 3.8.0-31-generic to 3.11.0-14-generic, then some modules are missing
<LongCatTH> from this https://gist.github.com/anonymous/b3932f7a9939c911b23d to this https://gist.github.com/anonymous/2507fe12abc12fa4eb98
<LongCatTH> Im tried to enable them using modprobe but it's say can't find those modules
<James_Epp> In my server I SSH'd as root. (I have earlier done a 'sudo passwd') After this I edited crontab and appended the line â0 2 * * * exec â/root/updates.shââ. The contents of updates.sh are found here (http://pastebin.com/fjLdcLqy). However, after a week I SSH'd back into the box and it said there were required updates. I performed them by doing exec /root/updates.sh and it worked perfectly. Why isn't my schedule working?
<Shapeshifter> Hi. Is there really no ssh client available on the ubuntu server install medium? I went to TTY2, looking around, but there's really not much there to do diagnostics etc.
<hitsujiTMO> shadeslayer: the livecd would be better for diagnostics
<hitsujiTMO> Shapeshifter: ^
<shadeslayer> or just check the manifest
<Meistarin> I need to install vnc on my ubuntu server, I really cant get it to work somehow, is vnc even compilable with ubuntu server ?
<TJ-> shadeslayer: openssh-server is an option at install-time, otherwise you have to install it later yourself
<TJ-> Meistarin: vnc is for X-windows ... if the server isn't running an X server you would use an ssh client
<Shapeshifter> hitsujiTMO: thanks. honestly I find it odd that the install medium doesn't ship with basic diagnostic tools and does not offer to install them ad-hoc.
<aegis> Hi all, any ideas on how I can get a local machine to be able to send mail via another local machine running postfix (with an outside connection to my ISP smtp server)?
<TJ-> aegis: using postfix you can configure it for that, one forwarding all mail to the other
<aegis> TJ-: So, as a quick fix, I just got the localhost to use 'sendmail' and it seems to be working fine now...
<joshu> hi when I try to run sudo apt-get update on 8.04 I get a lot of 404 not found. I haven't made any manual changes to the source.list. Any reason for this?
<TJ-> joshu: is 8.04 still suported?
<joshu> TJ- no idea...this is an old mail server running zimbra
<TJ-> The packages will have been removed from archive.ubuntu.com
<joshu> TJ- OH shit..
<TJ-> joshu: you'll need to change the /etc/apt/sources.list to point instead to "old-releases.ubuntu.com"
<joshu> TJ- so 8.04 no longer gets security updates?
<TJ-> joshu: https://wiki.ubuntu.com/LTS
<joshu> TJ- thanks
<ExoFlame> hello im geting this error anybody know why?
<ExoFlame> ln -s /usr/lib/openssh/sftp-server /home/lighting/yourwebsite/
<ExoFlame> ln: target `/home/lighting/yourwebsite/' is not a directory: No such file or directory
<andol> ExoFlame: What on earth are you trying to accomplish?
<Patrickdk> looks like break his server security
<Patrickdk> and probably attempting to do chroot
<mmpresti_> hello
<mmpresti_> ls
<mmpresti_> cd
<mmpresti_> 1
<miseria> "charlando con un arbol pregunte: porque tenia el cerebro enterrado? responde: la mision es proteger la tierra" bienvenidos: http://castroruben.com *temo_a_un_ser_sin_rival*
<g0tcha> heya guys, can someone help me out setting up a weekly backup for my ubuntu server by any chance?
<bekks> !backup | g0tcha
<ubottu> g0tcha: There are many ways to back your system up. Here's a few: https://help.ubuntu.com/community/BackupYourSystem , https://help.ubuntu.com/community/DuplicityBackupHowto , https://wiki.ubuntu.com/HomeUserBackup , https://help.ubuntu.com/community/MondoMindi - See also !sbackup and !cloning
<g0tcha> thanks bekks.. what do you suggest?
<bekks> g0tcha: I suggest reading the links given.
<g0tcha> bekks, ok.. do all of these methods support backing up the machine while its running?
<bekks> g0tcha: No, thats why it is required to read them.
<g0tcha> bekks, if none of them supports backing up a system while its running, whats the point of reading them?
<g0tcha> im asking out of curiousity, not to be mean or anything
<RoyK> backup is for cowards - real men know their data never dies :D
<bekks> I did not say "none are supporting online backups", I said "no, not every solution supports it".
<g0tcha> RoyK, strange world youre living in
<g0tcha> bekks, can you at least specify which one?
<RoyK> g0tcha: ever heard the word "irony"? ;)
<bekks> g0tcha: Well, I dont know your backup requirements and constraints, so you have to choose the solution that fits best.
<ddsss> Ubuntu 12.04 lts server. Fdisk says 4TB, I mount it  from fstab -> but then df -h says 2TB ???  mistery. any help?
<g0tcha> bekks, thanks for the links, but i really dont need to read each one of them if 90% i do not need
<bekks> g0tcha: It's your choice then.
<RoyK> ddsss: what sort of fs?
<g0tcha> ops, i had my window scrolled up
<g0tcha> ignore what i wrote
<ddsss> RoyK, here's the commands output: http://paste.ubuntu.com/6776851/
<ddsss> RoyK, ext4
<g0tcha> bekks, whati need is simply to backup the whole system and not just the home directory of the user
<hitsujiTMO> ddsss: ubuntu 32bit by anychance?
<bekks> g0tcha: Then read the links.
<g0tcha> lol
<RoyK> ddsss: some partition tables don't support >2TB
<RoyK> ddsss: better don't use partitions
<g0tcha> why dont you just point the one that fits me the most since you already know them all?
<bekks> ddsss: MBR partitions tables do not support partitions > 2TB. Use GPT.
<ddsss> hitsujiTMO,   stan@linsrv:~$ uname -a
<ddsss> Linux linsrv 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
<bekks> g0tcha: Because I am not the one who will read the links given for you.
<g0tcha> bekks, why dont you just point the one that fits me the most since you already know them all?
<RoyK> ddsss: just don't use partitions with LVM
<g0tcha> bekks, ah ok, i guess i assumed you knew about each method in those links
<RoyK> ddsss: just use the whole drive
<g0tcha> anyone else that might shine more details for a noob?
<bekks> g0tcha: Why dont you start reading the links?
<hitsujiTMO> ddsss: pastebin the output of: sudo gdisk -l /dev/sdX
<ddsss> bekks, so the poblem is in MBR partition type. Can I also jsut use the whole drive as RoyK  says?
<bekks> ddsss: Sure.
<g0tcha> bekks, i already read 2 of those links before coming here to ask and they seemed complicated
<g0tcha> i rather focus my reading on a method that i know would work for me and learn that
<bekks> g0tcha: There is no "easy" full backup.
<g0tcha> bekks, uh, trust me, from the search ive been doing, i know that for a fact
<g0tcha> that there is no easy way of doing it
<ddsss> hitsujiTMO, http://paste.ubuntu.com/6776882/
<bekks> g0tcha: Then start reading, as a fact. Start to get into the issue of "a full backup" instead of searching for a copy&paste method.
<TJ-> g0tcha: for whole-system online you need snapshots... so maybe LVM-based system ?
<RoyK> ddsss: if the plan is to use a 4TB drive with LVM, just create a new PV on that drive
<hitsujiTMO> ddsss: there's your problem, mbr partition instead of gpt
<ddsss> hitsujiTMO, daaamn.   do u know by any chance if there is a way to change it in-place?
<g0tcha> TJ-, this is for the server i have here at home and not for a remote system though
<g0tcha> bekki, i didnt ask for a copy/paste way of doing it
<bekks> g0tcha: Anyways, you have been given the starting points for further research.
<hitsujiTMO> ddsss: http://askubuntu.com/questions/84501/how-can-i-change-convert-a-ubuntu-mbr-drive-to-a-gpt-and-make-ubuntu-boot-from
<ddsss> RoyK, i only use lvm on OS drive there. (there are 4 hdds in the system, others 3 are just mounted)
<RoyK> ddsss: I use lvm for all sorts
<RoyK> that is, lvm for the root and var and so on
<RoyK> and lvm on top of the md raid
<g0tcha> bekks, one last question then, in your opinion, to run a full backup of a running system, what would you do? just generally speaking, not a 1.2.3 steps
<bekks> g0tcha: I'd create a full backup with my tool of choice, based on my particular requirements, constraints knowledge.
<g0tcha> bekks, i have to ask, what is your tool of choice?
<bekks> "based on my particular requirements, constraints and knowledge".
<g0tcha> heheh to be honest, i dont understand why youre being so cryptic about this
<hitsujiTMO> !wfm | g0tcha this would be why
<ubottu> g0tcha this would be why: Common Sense: Just because you can, does not mean you should (and especially recommend to others). Think before you do. "Works for me" does not mean it is ok. The latest version of everything is not always useful if you aim for stability. Please see http://geekosophical.net/random/worksforme/
<androidbruce> hey guys i'm going an install and i'm wondering if it is hung or working
<androidbruce> got a good signature from Ubuntu Archive
<androidbruce> now it says ini: starting pid 390. tty '/dev/tty2' " -/bin/sh'
<androidbruce> strike that it's moving along
<g0tcha> thanks for all the help
#ubuntu-server 2014-01-19
<g0tcha> heh i just tested a backup method, supposed to backup a system with 30gb drive, the backup ended up to be 60+ gb!
<g0tcha> something must have went wrong
<ddsss> mmm. so I've converted mbr to gpt on /dev/sda  using gdisk, rebooted and now my home server box doesn't start.  :) Can I get some help guys?
<ddsss> Here's the fdisk, df-h, and fstab output prior to conversion: http://paste.ubuntu.com/6776851/
<TJ-> ddsss: Did you create a GRUB BIOS-boot partition on the GPT?
<ddsss> Ubuntu was installed on /dev/sdd (60 GB ssd drive)
<ddsss> TJ-, I did sudo gdisk /dev/sda
<ddsss> TJ-, then pressed w and it was supposed to save converted gpt table.
<ddsss> TJ-, and gdisk reported that conversion was successfull.
<ddsss> TJ-, so I ahve no clue why would it just not boot after ....
<TJ-> ddsss: As I said ... GRUB will need a BIOS boot partition of around 1MB and you'll need to redo "grub-install" ... not sure if you need additional grub packages on top of grub-pc, though
<ddsss> TJ-, but OS was installed on totally differnt drive.
<ddsss> TJ-, I've just converted one of the 4 data driver in my nas server.
<ddsss> TJ-, server drive wasn't touched at all.
<ddsss> TJ-, I mean - OS drive wasn't touched at all....
<TJ-> ddsss: really? you said MBR so I assumed you meant a boot record, not just partition table typ
<ddsss> TJ-, yeah. here see the drives in my system: http://paste.ubuntu.com/6776851/
<TJ-> ddfs: define "doesn't start" then
<ddsss> TJ-, it just shows: _
<g0tcha> "The dump format is only recommended if you need to backup files that have ACLs or other attributes that tar would miss. "
<g0tcha> what does ACL stand for here?
<ddsss> TJ-, not a command prompt though. Just underscore charachter -> and it just sits there....
<ddsss> TJ-, You know wjhat - looking at my fdisk output. There is 4 drives: sda, sdb,sdc,sdd. OS drive was sdd. But for some reason sda drive that I later converted to GPT was also makred "boot"...
<ddsss> TJ-, so perhaps during conversion it made it "gpt boot" or something?
<TJ-> ddsss: that sounds about right... if it is GPT, and your motherboard is UEFI, it'll boot by default (or try) to a GPT disk... if it can't find an EFI system partition it'll stop
<TJ-> ddsss: you may need to edit the UEFI boot menu order to force CSM boot of the correct drive
<ddsss> ddsss, so I guess ill mount it in ubuntu-resue cd or something and uncheck the boot label.
<TJ-> ddsss: I doubt that is needed... GPT doesn't have the concept of an 'active' partition, unlike MBR
<ddsss> TJ-, how would I edit uefi boot menu>
<ddsss> TJ-, ?
<TJ-> ddsss: reboot, enter the UEFI setup (usually press F2 or similar), then change the boot menu order and save
<ddsss> TJ-, k. let me try that.
<ddsss> TJ-, hmm. so. this is regular BIOS, not UEFI. But I think the problem is that /dev/sda did in fact contain MBR record, while OS was phisically installed onto /dev/sdd....
<ddsss> TJ-, so when I converted MBR->GPT this made it unbootable...
<ddsss> TJ-, im not sure how that happened initially as I went with default Ubuntu server setup options...
<ddsss> TJ-, but there is probably no way to move old mbr onto /dev/sdd?
<TJ-> ddsss: if /dev/sdd is MBR you can just do "grub-install /dev/sdd" then "update-grub" ... and ensure the BIOS boot order chooses sdd first
<ddsss> TJ-, yeah - but it seems like that drive never had mbr, it was on /dev/sda for some reason.
<ddsss> TJ-, but that's ok. i'll just boot from puppy linux or something , backup whatever configs I need and reinstall OS - that's why it was on a separate drive anyways....:)
<TJ-> ddsss: MBR means 2 things, 1) a BIOS partition table in sector 0 with 4 elements, and 2) boot-loader boot-strap code at the beginning of sector 0
<TJ-> "grub-install /dev/sdd" will install the boot-sector code into sector 0. That is what the BIOS looks for and loads and passes execution to.
<TJ-> ddsss: that code know how to find the rest of GRUB
<TJ-> ddsss: so which would you rather do... reinstall several GBs of files, or have "grub-install" write ~ 440 bytes to sector 0 of the correct disk?
<ddsss> TJ-, I dunno:) it was pretty basic ubuntu server install + apache server. not much more. (just a home server)
<ddsss> TJ-, how would one do grub-install? do I run it from recovery cd?
<TJ-> ddsss: Yes
<ddsss> TJ-, Ill give it a try then. Thanks  TJ- !
<TJ-> do you have the bootable server install media? I believe there is/was a recovery option on that.
<TJ-> ddsss: if not, there is a grub rescue ISO image you can use on USB or CD/DVD, or a live ISO desktop image
<a1fa> hello.. anyone running btrfs?
<brightbeat> logrotate on Ubuntu 12.04 server is acting very weird. it archived mail.log to mail.info.0 !! and it does some other weird thing. Does anyone have a problem like that?
<|newbie|> lista
<agentti888> quit
<phillw> Hi good people,  as a for your information.. The partitioner in trusty server install does not function on a KVM... I don't have a actual bit of kit to double check the debian-installer against. The nearest report I saw was able to see was 'no disk space left), which on a newly created 100GB LVM is somewhat unlikely.
<phillw> I double checked by popping 12.04.3 LTS back onto same VM... worked fine.
<Guest17692> Hello, can you tell me where I can find a list of the patches that Ubuntu applies to the Linux Kernel ?
<TJ-> Guest17692: https://wiki.ubuntu.com/Kernel/SourceCode
<lifeless> hi; how can I see what packages are in the cloud-archive? It doesn't look like a regular ppa...
<zul> lifeless: http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/
<lifeless> zul: oh hi :)
<lifeless> zul: I have a weeeird openvswitch issue I'm trying to track down :(
<zul> lifeless:  ah
<zul> is this the one you g+ed about?
<lifeless> http://lists.openstack.org/pipermail/openstack-operators/2014-January/003893.html
<lifeless> zul: no that was me reading the changelog and going WTF
<lifeless> that list post is it
<zul> lifeless:  ah well i would bug jamespage about it tomorrow
<lifeless> jamespage: ^ oh hai :)
<lifeless> zul: cool, will keep poking at it myself; kindof need to get a fix in place :)
<lifeless> huh
<lifeless> tunnelling is in upstream kernel now
<lifeless> so I might try just the ovs 2 userspace
<embiopterid> If I use squid-deb-proxy and have both debian and ubuntu machines, will it still work, or will they try to install the wrong packages?
<lifeless> it will still work
<embiopterid> thx.
<ddsss> so - if I have a drive that I intend to use purely as a data storage -> do I need to create partitions there at all?
<embiopterid> ddsss: yes.  A drive always needs a partition table.  You only need one tho.
<ddsss> embiopterid, hmm. im not sure.
<ddsss> embiopterid, this queestion for example suggests that partition tables are optional: http://unix.stackexchange.com/questions/5162/how-to-install-grub-to-a-whole-ext4-disk-without-partition-table
<embiopterid> OK, ya you can but its not usually a good idea, and making a partition is not difficlult at all so I would just go ahead and do it.
<embiopterid> but thats just me.
<nickenchuggets> Does anyone know of any guides for setting up Virtual Mailboxes with Postfix on Ubuntu 13.04?
<nickenchuggets> I found one, but it said... at the very end of the section... that the above needs to be updated for Ubuntu versions above 12.04.
<dcosnet> nickenchuggets: i just wanted to point out that your irc name is funny
<zanzacar> What are some fun things to do on your headless server? I am currently torrenting a bunch of linux distros for everyone.
<zanzacar> I was just wondering what else really I could do with my server while its not really being used basically.
<Pici> irc
<Pici> irssi
<zanzacar> I got weechat-curses I seem to like it alot
<zanzacar> I have never really looked into irssi.
<zanzacar> Pici: What do you like about irssi? vs weechat?
<Pici> zanzacar: I'm used to it.  weechat is cool too.
<zanzacar> Pici: O ok sounds good. I am use to weechat. I thought I had gone through and tried both at one time and decided on weechat over irssi.
<zanzacar> I think I have tried to do things like lend out my cpu power for good causes but always ran into issues.
#ubuntu-server 2015-01-12
<k2gremlin> Any iptable gurus around?
<lachlanc>  Hey Guys, I'm part of a program that takes ex-gov computers to marginalized communities and does a crash course in computer literacy (stripping all the components out of the box and putting it back together then installing xubuntu and a few packages  from the repos) and we want to setup a package mirror with as little configuration as possible for the client computers from a stock iso install, to be used when the workshop is run in places with no acce
<lachlanc> ssible Internet connection. So far I have pulled a copy of the trusty repo with apt-mirror but am unsure of how to host it with the goal of zero config for the client in mind, any thoughts ?
<pmatulis> lachlanc: zero-config would prolly involve a firewall redirecting client requests to the alternative repository
<lachlanc> pmatulis,  i'm trying dnsmasq at the moment as the package server will also be the DHCP/ DNS server on the isolated lan but am not sure if i'll run into package signing problems? or any others that i have missed
<dtscode> hey guys... ive got a website that im hosting on a vps, and i just setup a teamspeak server on the vps. i can connect fine through the rdns (dtscode,io) but i want to make the server run on teamspeak.dtscode.io how can i do this?
<Thumpxr_> dtscode: do you have any webinterface like ispconfig/confix/cpanel ?
<dtscode> Thumpxr_, i dont believe so
<dtscode> but the vps install set some stuff up for me, so i might
<Thumpxr_> dtscode: please check whether you have such an interface or not
<Thumpxr_> usually they send you a mail with a password once setted up
<dtscode> i didnt get any mail like that, so im guessing not. other than that how can i check?
<Thumpxr_> ispconfig is access able via yourdomain.tld:8080
<Thumpxr_> check this
<dtscode> ok
<dtscode> nope. nothing there
<dtscode> Thumpxr_, so what do i need to do now?
<Thumpxr_> okay. so what you want to do is just create a subdomain. afaik you cant disable the access via dtscode.io, so you will end with 3 ways to connect (ip, dtscode.ip and teamspeak.dtscode.io)
<Thumpxr_> are you running apache or nginx as a webserver ?
<dtscode> apache
<dtscode> and alright. i guess im fine with that for now
<Thumpxr_> dtscode: check this http://httpd.apache.org/docs/2.2/vhosts/examples.html
<dtscode> ok
<dtscode> ty
<dtscode> Thumpxr_, i wrote the file correctly (i think). what would i save it as and where would i save it to?
<Thumpxr_> dtscode: you have this file already on your vps. just need to edit it
<dtscode> oh...
<dtscode> sorry Thumpxr_ not too good at this stuff as you can see. thanks for being patient though :)
<kblin> morning folks
<lordievader> Good morning.
<kblin> morning folks. I'm having trouble getting ubuntu to work on my dell precision system with hardware raid
<kblin> during the install, even though I select "install grub to MBR", it's installing itself to /dev/md126p1
<kblin> now, if I start a live system with a GUI to run e.g. boot repair, that won't load the raid drivers and then fail to find my hdds. how the heck do I fix this?
<jamespage> zul, coreycb: as this is complex I'd appreciate a review - https://code.launchpad.net/~james-page/neutron/systemd-enable/+merge/246144
<jamespage> I've been pushing changes into openstack-pkg-tools to support that as well - they are all uploaded
<coreycb> jamespage, do we need override_dh_systemd_enable in any of the other pkgs?
<jamespage> coreycb, I don't think so - its only required when a binary package want to ship >1 init configuration
<zul> jamespage:  +1
<jamespage> coreycb, heat ftbfs - https://launchpadlibrarian.net/194601912/buildlog_ubuntu-vivid-amd64.heat_2015.1~b1-0ubuntu2_FAILEDTOBUILD.txt.gz
<jamespage> I did not re-check the test execution prior to upload
<coreycb> jamespage, ok I'll take a look at heat.  still scanning your neutron changes.
<jamespage> ta
<jamespage> zul, for Breaks/Replaces need a ~ on the end of the version to deal with backports I think
<zul> jamespage:  k
<zul> jamespage:  ill do that right now
<jamespage> zul, I've fxied i18n
<zul> jamespage:  k
<zul> jamespage:  im just updating deps
<jamespage> zul, ok
<coreycb> jamespage, the only thing I'm seeing in neutron is "Provides:" not always matching "NAME" in init.in files
<jamespage> coreycb, hmm - can you comment please and I'll check this out
<coreycb> jamespage, sure
<jamespage> zul, python-oslo.serializatoin
<jamespage> keystonemiddleware
<zul> jamespage:  hmmm?
<jamespage> zul, typo
<jamespage> zul, http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html
<zul> jamespage:  son of a
<jamespage> zul, and an unsatifiable depends for i18n
<zul> jamespage:  k
<jamespage> coreycb, updated
<coreycb> jamespage, looks good
<Azaril> hey
<Azaril> does ubuntu not use lowmemory?
<jamespage> zul, can you hold on any more oslo namespace uploads please - https://launchpadlibrarian.net/194601912/buildlog_ubuntu-vivid-amd64.heat_2015.1~b1-0ubuntu2_FAILEDTOBUILD.txt.gz
<jamespage> coreycb, that looks like a namespace change issue
<zul> jamespage:  yep
<coreycb> jamespage, sorry, been looking at something else.  taking a look at heat now.
<Azaril> im trying to work out how to monitor for kernel memory leaks. In centos, I seem to be able to monitor lowmemory. Does anyone have any ideas about how i might achieve a similar thing in ubuuntu?
<coreycb> jamespage, zul: I think heat's failing since this oslo.i18n commit: https://github.com/openstack/oslo.i18n/commit/1215edcb8da4d616e0f84ea9c2cfd7cb46d882ea
<coreycb> I'll patch it and looks like it should be submitted upstream
<zul> coreycb:  sorry
<Killall> i need some squid help and since guys there are not answering me :(
<rbasak> Azaril: try asking in #ubuntu-kernel
<coreycb> zul, I think I found a patch upstream
<coreycb> jamespage, zul: update for heat.  can one of you review?   https://code.launchpad.net/~corey.bryant/heat/2015.1-b1-0ubuntu3/+merge/246196
<zul> coreycb:  done
<coreycb> zul, thanks
<hexdsl> Ive been fighting with Virtual box all evening. Got it installed on headless 14.04 server. accessing it via Remmina. every time i install Guest additions on it it stops booting. google was no help so im seeking your wisdom :)
<sarnold> hexdsl: I'd guess that the guest additions are trying to use a video mode / video driver that doesn't go through remmina well.
<sarnold> hexdsl: maybe look around vbox logs and remmina logs and see if you can find anything that might confirm / deny that guess?
<sarnold> hexdsl: .. or there might be logs in the guest, too, now that I think about it.
<hexdsl> sarnold, thanks ill look. seems like an odd problem though, i would have thought headless VM's were pretty common. nothing on google that stuck out :(
<grendal_prime> does anyone know where i can get some assistance with installing touch on like an asus memo pad?
<grendal_prime> nevermind
<tom[]> where does the stdout of an init.d script go during boot time?
<tom[]> i'm trying to debug the script during that phase and resorting to debug echos
<nickander> tom[]: did you try /var/log?
<tom[]> nickander: the only thing i can find in log files is in syslog: init: sphinxsearch main process (3845) terminated with status 1\n init: sphinxsearch main process ended, respawning
<tom[]> which tells me nothing
<tom[]> the sphinxsearch log file is there but isn't written during this process
<tom[]> i added --verbose to start-stop-daemon and options for the daemon to do verbose logging but none of it seems to go anywhere at boot time
<tom[]> the init script works when i run it directly, even without any env, but through service command or at boot, not
<sarnold> tom[]: anything in /var/log/upstart/* ?
<tom[]> sarnold: as you wrote that i tried putting exit 0 at the top of the init.d script. it made no difference
<tom[]> so i thought perhaps it's just a decoy
<tom[]> and there is indeed a log for it
<sarnold> tom[]: ah, I missed the exit 0 bit, that's  scrolled off screen :)
<tom[]> exit 1, i mean
<tom[]> but i've been looking at an init.d script that works but doesn't run at boot
<tom[]> because there's an upstrat script too
<sarnold> tom[]: is there an /etc/init/ that takes precedence?
<sarnold> aha
<tom[]> so annoying
<sarnold> so annoying
<sarnold> haha
 * sarnold ^5s tom[]
 * tom[] slaps sphinx around a bit with a large trout
<tom[]> i think the story is as follows. the sphinxsearch package for 14.04 is ancient, based on sphinx 2.0.4. it's got a bug that caused trouble with my app so i tried updating it with the ubuntu package from sphinx's PPA based on 2.0.10 (also pretty old). the trusty package uses an init.d script. the sphinx ppa one uses upstart. and it has a bug because it's looking for the pid file in a dir that doesn't exist. whereas the trusty init.d creates that dir
<tom[]> what i still don't udnerstand is how the pid files's dir is absent after reboot
<sarnold> which directory? perhaps it's created on a tmpfs or similar
<tom[]>  /var/log/sphinxsearch/searchd.log
<tom[]> the init.d creates it if it is missing, and chowns it too
<tom[]> but after reboot it is gone
<sarnold> o_O
<tom[]> damn. i don't have time to learn upstart today!
<tom[]> all documented here http://sphinxsearch.com/bugs/view.php?id=1326  bugs that were fixed in the downstream and never in the up. maybe that's why debian's package maintainer never updated from 2.0.4
<Stuxnet> Hi all, quick security related question. I just set up public/private key authentication for accessing my headless server via SSH with PuTTY. Do you guys think the passphrase needs to be particularly secure or can it be something easy that I can remember?
<sarnold> Stuxnet: depends upon how 'secure' the system is that has the private key
<sarnold> Stuxnet: you wouldn't want any old email / webpage / MS Office virus to be able to suck it down and crack it quickly
<sarnold> Stuxnet: but if it's on an air-gapped computer, it might not take much to keep it secure
<sarnold> Stuxnet: fwiw, I suspect the passphrase on my ssh key is ~60 bits of security
<Stuxnet> Okay, thanks Sarnold :)
<pmatulis> yeah, beware the ol' microsoft office virus suck trick
<sarnold> pmatulis: <3  :)
<pmatulis> heh heh
<Stuxnet> Alrighty then just changed my passphrase to 256-bit hex key thank ya very much :) I like security even if it's overkill.
<Stuxnet> Password managers make these things easy as pie.
<Stuxnet> Oh nvm, even easier, I can use pagent. :)
#ubuntu-server 2015-01-13
<ruben23> hi guys anyone cna help how to add additonal ssh-keys on an existing ubuntu server -i have na existing one and its pretty working ok..
<ruben23> hi guys when i ssh-keygen -t rsa on  my ubuntu server it generates my public key and copy this to my authorized_keys but how do i ssh putty on the server after..?
<electricfred_> Newbie with a prob.  Installing ubuntu server 12.4 onto ausu eeebox 1030 (reused machine) installs, but does not seem to boot  screen goes off, no keyboard or power switch function.  ISO created using ubuntu startup creator.  Anyone have suggestions?
<electricfred_> seems a common problem on forums, but no one seems to have a solution.
<lordievader> Good morning.
<Alina-malina> any tools to identify browsers of clients for ubuntu?
<lordievader> Alina-malina: Doesn't Apache already note that?
<Alina-malina> it mess the user_agent
<Alina-malina> and cant determine
<Alina-malina> i need something like fingerprints or something like that
<lordievader> Alina-malina: That is what the browser itself sends out...
<Alina-malina> yes, well i thought maybe some additonal things that can inject into browser
<Alina-malina> anyways
<Alina-malina> thanks for help
<Arkns> hi to everyone. I have a acer one with ubuntu server, no gui/desktop just terminal/console. does anyone knows something like teamviewer to share terminal? This computer is behind NAT so I cannot use a ssh.
<xperia> hi all. small question how can i increase the memory allocation for iptables ? at the moment i am getting this error message whenever i try to add a iptables rule to a specific chain => iptables: Memory allocation problem
<lnxmen> hello
<lnxmen> What I need to set up in domain to configure mail server on CDN? CDN has a different IP than productive server.
<adsc> xperia: do you have a multi-cpu system?
<adsc> xperia: because afaik iptables makes a copy of the ruleset for each cpu, so it's possible you simply run out of system memory whith really large rulesets on a multicpu machine
<xperia> adsc: yes i have a quad core cpu. the people at netfilter said i should switch to a 64 Bit Kernel because => "i.e. 1GB limit for kernel memory. moreover, iptables uses vmalloc area which is limited to 128mbyte on 32bit kernel"
<xperia> i ahve also hughe problems with setting up ipset. it looks like ipset is not availble anymore or does not work with ubuntu. at least i am not able to rebuild it anymore on ubuntu.
<adsc> xperia: and you can't switch to a 64bit kernel?
<xperia> adsc: well this will need a total revision of the server as everything need to be switched to 64 Bit i think or i am wrong ? if it is only the kernel it would be easy. guess need a full new install of a new server.
<adsc> yeah, it would be best if you could do a new install
<xperia> adsc: more new additional work ohhhhh ! thank you lot for your replys and answers.  appreciate it.
<coreycb> jamespage, glance systemd updates - https://code.launchpad.net/~corey.bryant/glance/systemd
<jamespage> coreycb, no templating?
<coreycb> jamespage, I just went with what Debian had
<coreycb> jamespage, I can take a stab at templates if you prefer
<jamespage> coreycb, +1
<jamespage> it should be a rename of the files and stripping out most of the content
<coreycb> jamespage, ok I'll work up some templates
<Stuxnet> Hi all. Quick question. I know this isn't a security channel but in the context of SSH'ing to a headless server with PuTTY, is there a way to revoke a private/public key pair generated in puttygen (I don't see the option) or is shredding the private and public key files sufficient?
<Stuxnet> (Redoing keys due to accidentally not saving the passphrase)
<maswan> Stuxnet: it is sufficient to destroy the copies of the private key
<lordievader> Stuxnet: Remove it from the authorized keys file?
<maswan> Stuxnet: you might want to take it out from authorized_keys, that's roughly equivalent to revoking it
<maswan> (if you remember all of them)
<Stuxnet> Okay, I did that first. I'm just going to shred the key file that was saved from puttygen. Thanks guys!
<bananapie> is there a parameter for the dhclient command that allows me to get an IP but ignore all other options OR simply display the IP received by dhclient but not actually set it?
<rbasak> bananapie: you might be able to replace dhclient-script with -sf with a trivial wrapper that just prints arguments and environment. I'm not sure if that'll work but hopefully that's a start if you can't find anything else.
<jamespage> coreycb, hmm horizon - do you have a kilo-1 mp for that?
<coreycb> jamespage, I didn't create an mp yet but I can.  It's waiting on python-pint getting to main.
<jamespage> coreycb, create it now - I'll review and upload
<jamespage> it can sit in the queue and then as soon as the MIR lands, it goes in
<coreycb> jamespage, https://code.launchpad.net/~corey.bryant/horizon/2015.1-b1/+merge/246314
<hxm> hello, i keep getting errors like this datatec named[495]: error (unexpected RCODE REFUSED) resolving 'datatec.es/A/IN': 213.251.188.153#53
<hxm> i was looking in named.conf.* but i dont see anything
<jamespage> coreycb, I can see the pint dependency
<coreycb> jamespage, can't see it?
<jamespage> coreycb, in the upstream requirements files?
<jamespage> coreycb, oh wait I'm being dumb
<coreycb> jamespage, ok
<jamespage> coreycb, horizon uploaded
<jamespage> coreycb, it will build just fine and pull in a runtime dep on pint
<coreycb> jamespage, great, thanks
<jamespage> coreycb, I rebased the download juju env file patch as well
<jamespage> fairly trivial
<coreycb> jamespage, thanks, I must have missed that it was disabled
<jamespage> coreycb, np
<jamespage> smb, talking of kernel problems, we seem to be seeing issues with partition table freshness on vivid
<jamespage> our ceph and swift testing scrubs existing partitions and reformats but we are seeing: http://paste.ubuntu.com/9731880/
<jamespage> 100% of the time
<jamespage> raising a bug now
<smb> jamespage, I was about to ask about lp bugs :)
<smb> jamespage, Also that is with 3.16 or 3.18 already
<jamespage> smb, we only switched on vivid testing today as kilo-1 is nearly done
<jamespage> 3.18 I think
<jamespage> just re-deploying to make sure
<smb> could be if you set up recently
<coreycb> jamespage, glance updated - jamespage, https://code.launchpad.net/~corey.bryant/glance/systemd/+merge/246227
<smb> jamespage, the kernel team ppa has also 3.19 for early testing. If that is of help
<jamespage> smb, 1410363
<jamespage> bug 1410363
<uvirtbot> Launchpad bug 1410363 in linux "partition table updates require a reboot" [Undecided,New] https://launchpad.net/bugs/1410363
<jamespage> rather
<smb> jamespage, oh and btw... was there not a similar thing at some point err last year...
<jamespage> smb, apparently so - beisner remembers
<smb> Hmmm something with umount removing the mount but not releasing the partition...
<jamespage> coreycb, uploaded - thanks!
<smb> which went away at some point...
<nico___> good day all, been googling for an answer wihtout luck, hoping to find some knowledgable assistance on an issue I'm having with my local repository
<nico___> looking for a way to include the packages in a PPA in my local repo.  We use our local repo to host custom versions of packages, for example to have the most up to date zsh available on our servers
<nico___> I'd like to include the packages in a PPA, as opposed to building the packages on my repo.
<nico___> specifically, I want to get the latest build of duplicity on a 12.04 server from my local repo.
<nico___> I can build a duplicty package and make it avialable in my repo, but I'd like to be able to just use packages in the official PPA without having to build the package myself and include it in my repo
<nico___> reason being that I don't wan't to add a PPA to all my servers.  We manage our boxes via chef, so I COULD add the PPA and ensure that the latest duplicty is installed, but that seems havy handed when I've already got a repo on my lan specifically to avoid that kind of PPA proliferation
<apw> jamespage, that error "2015-01-13 16:50:09 INFO mon-relation-changed mkfs.xfs: cannot open /dev/vdb1: Device or resource busy" doesn't that imply the partition is open excl already ?  which would also block the reread ioctl?
<jamespage> apw, the block device gets unmounted, re-paritioned, re-formatted and then re-mounted
<jamespage> it's failing on the re-formatting bit
<jamespage> so its likely the unmount was foo-bar I guess
<apw> jamespage, yes, it is failing in a way that implies it is not unmounted
<apw> so the first things to do is to check that the umount is working
<apw> jamespage, as saking to change partition sizes which are in use will fail, with that reboot required thing, and the subsequent format fails too
<apw> jamespage, and the error handling is non-existant for it to get that far one presumes
<jamespage> apw, the block device does not appear in 'mount' output or the content of /proc/mounts
<apw> could udev be playing with it perhaps
<apw> jamespage, does lsof say anything at that point, also if you do the proceedure by hand, does it work
<apw> as you are mounting it with a vfat or something in it, unmounting, changing the partition tables, (and by here it has gone wrong)
<smb> jamespage, I cannot remember the bug number but a state of where umount would seem to work btu not release the partition... thats was what I remember from last time
<jamespage> apw, smb: http://paste.ubuntu.com/9732538/
<jamespage> that feels familiar
<jamespage> apw, ext4
<jamespage> then switching to xfs
<jamespage> also mbr->gpt
<smb> though I think oh right the jbd process was involved there
<jamespage> smb, I seem to remember this from before
<apw> jamespage, ok so that implies that the journaling block device is holding on to it?
<jamespage> apw: probably
<nico___> found a work around, though I'm still interested in my original question re: mirroring packages from a PPA in my personal apt repo
<smb> apw, Yeah that was the weird state I remember.
<apw> jamespage, so, is it possible to perform these steps on an instance by hand
<apw> to see what happens?
<smb> apw, Which IIRC I could not reproduce locally
<jamespage> apw, so if I just unmount /mnt (where cloud-init put it) I see the vdb parition in lsof
<jamespage> apw, for reference its not partitioned - just /dev/vdb
<apw> jamespage, are you mounting it r/o or r/w ?
<jamespage> e/w
<jamespage> r/w
<jamespage> smb, apw: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1371526
<uvirtbot> Launchpad bug 1371526 in linux "ceph-disk-prepare command always fails; new partition table not avaliable until reboot" [Undecided,Expired]
<apw> jamespage, might be interesting to try mounting it r/o, to see how that fares
<smb> jamespage, Oh right that was the bug
<jamespage> yeah
<jamespage> apw, if I unmount it and then remount it ro, it fails
<jamespage> rw is OK
<apw> fails how ?
<smb> apw, could be trying a second jbd which cannot get exclusive lock
<apw> jamespage, this partition is being mkfs'd "outside" the instance i assume, what version is that space running
<jamespage> apw, trusty
<smb> apw, I wonder whether this might be a race as in when cloud-init does the mount relative to startup...
<apw> jamespage, where can i find the code which prepares this disk outside
<apw> jamespage, or ... can we get a dd of the partition without mounting it
<smb> apw, I would propose I try to try to repro tomorrow with a cloud-image and data on ext4
<apw> smb, sounds reasonable
<apw> smb, i would think just preparing the fs outside, and then trying to mount it in the instance, bear in mind the instance boot has done a resize too
<smb> apw, http://cloud-images.ubuntu.com/
<apw> just done a resize on vda
<smb> apw, Yeah, I think you can dd the cloud-image on any bigger vda and it resizes itself on first boot
<smb> apw, Oh and cloud-localeds might be the tool for the data
<smb> apw, Just from my memory that was restricted to isofs
<apw> smb, yeah we need to know exactly how that things is made, as i suspect it is relevant, note in jamespage's original bug a second vdc disk was not affected when mounted and unmounted from inside, so there likely is a correlation to the outside creation
<smb> apw, Either outside creation or when all that stuff is done relative to the boot sequence
<jamespage> apw, smb: https://github.com/openstack/nova/blob/master/nova/utils.py#L794
<lnxmen> hello
<lnxmen> I installed ispconfig
<lnxmen> And I tried to configure mail server
<lnxmen> I clicked somewhere in ispconfig panel
<lnxmen> and whole site is broken
<lnxmen> server even shows php code.... wtf
<lnxmen> There is no helpful information in log.
<superboot> Hi all. What is the current kernel for Ubuntu serve 14.04 (fully updated install)?
<lordievader> !info linux-image-generic trusty
<ubottu> linux-image-generic (source: linux-meta): Generic Linux kernel image. In component main, is optional. Version 3.13.0.44.51 (trusty), package size 2 kB, installed size 28 kB
<lordievader> superboot: ^
<superboot> lordievader: Thanks a lot. :)
<collizion> I feel like I'm out of date. Is update-rc.d still the way to handle service automatic start/stop?
<fandi> hi all
<fandi> i install apache2 and php5
<fandi> the problem if script cannot parse by php, the webserver will reply respond 500 ?
<fandi> thanks
<lordievader> fandi: Yes, if php crashes Apache will most likely report a  500 error.
<fandi> lordievader: ok .. how to make error not 500 :)
<fandi> lordievader: because i only change simple script and all vhost and all my cluster server respond 500 :)
<fandi> also my varnish :)
<lordievader> fandi: Write non crashing code?
<fandi> lordievader: ok .. :)
<fandi> lordievader: do you familliar with varnish :)
<fandi> lordievader: how to increase hit rate on varnish ?
<lordievader> No, I don't know varnish.
<fandi> lordievader: ok thanks
<Guest1_> I want to compile a library and an app that uses it and have few questions relating to that. How do I update? Do I just compile the new version normally and everything is replaced and leaves no unneeded trash? Also if there're any possible problems when compiling one part (library) and installing other things from repos?
<Aison> after installation of ubuntu server, I end up in initramfs console
<Aison> during installation, the drive was sdb1
<Aison> now it is sda1
<Aison> can I change that somehow in initramfs console
<Aison> cat /proc/cmdline shows the wrong command line
#ubuntu-server 2015-01-14
<cyclobs> hi all, I'm trying to do something which i'm not sure is entirely possible with pam authing against an mysql database. Is it possible to have pam run the plain text passwords into a hashing script that i made before it gets checked against the mysql database?
<sarnold> cyclobs: you may be able to get pam_exec to do it, but I'd be scared about doing it myself
<sarnold> cyclobs: I'd be more inclined to take pam_userdb or a similar module and see if you can slightly modify it
<cyclobs> ah pam_exec might do what i'm looking for. the next option really is to edit the source and add my own crypt function
<lordievader> Good morning.
<stemid> I patched a precise server last monday, january 5th, and for some reason the patching left me without the directory /opt/tivoli. this dir completely vanished and of course all TSM related services stopped working.
<stemid> discovered it now.
<stemid> did anyone else notice this?
<^^rcaskey> hey all, the interactive menus on -server are just too tough for me to figure out, can I instead download the configuration options via http via some kind of argument passed by dhcp?
<tehgooch> So I've got a client with Ubuntu Server 12.04 that hangs on boot. Last think on console is the e1000 NIC showing up. There is an error about remounting / earlier in the boot, but it continues to boot. Initially there wad an error about the encrypted swap so I commented it out in rescue mode and formatted it as regular swap. I'm sure I left details out feel free to ask. I'm on my phone at the console.
<tehgooch> Last thing in dmesg is saying eth0 link not ready
<AdventureTime> Hello everyone
<AdventureTime> I badly need help.
<collizion> AdventureTime: What's up?
<AdventureTime> Oh thanks. Well, I was just wondering what happened with this server. Why the php5-cgi has a high usage. Is it because of the 15,000+ visitors everyday? Here are the screenshots http://imgur.com/a/FSnGc and the specs of the server: http://www.serverloft.eu/rootservers/rootservers-compare.php?server=RootServer-L
<collizion> AdventureTime: Depends on how PHP-heavy your application is.
<AdventureTime> It uses Wordpress with MySQL.
<AdventureTime> Iâm thinking of upgrading to a newer distro but people from reddit said I better not upgrade to a newer distro, instead do a fresh install.
<jamespage> coreycb, zul: we'll need todo a no-change rebuild on most openstack packages - I just fixed a problem with the upstart configuration generation
<collizion> AdventureTime: What distro are you running at the moment? And "nuke and pave" is not always the best solution.
<AdventureTime> I donât understand what ânuke and paveâ is.
<AdventureTime> I think it is the LTS Ubuntu v10
<collizion> AdventureTime: It's an Americanism for completely wiping out what's there and reinstalling a fresh system.
<collizion> AdventureTime: Ubuntu 10.04 LTS?
<AdventureTime> Yes, that is correct. Oh thanks for the FYI :)
<coreycb> jamespage, ok
<collizion> AdventureTime: If you're running a version THAT old, then a full reinstall might be a good idea.
<coreycb> jamespage, want me to handle them?
<jamespage> coreycb, sure - I'm working on neutron so stay clear of that one - but all others +1 that would be great
<AdventureTime> Oh, sorry. They canât afford a downtime. The site is fully functional.
<coreycb> jamespage, ok will do.
<AdventureTime> They are just concerned with the memory usage/processor usage.
<collizion> AdventureTime: I'd look at optimizing the application itself. What are you running? Wordpress, Drupal, etc?
<AdventureTime> just wordpress
<AdventureTime> so this is not a server issue?
<AdventureTime> did you see the screenshots
<collizion> AdventureTime: It may not be. Just because you see high CPU usage in php doesn't mean it's a server problem. There could be something in the actual application itself generating that activity.
<AdventureTime> but disabling the plugins in a production server will procude a  downtime. the owner of the site does not want that :(
<collizion> AdventureTime: I hate to be blunt about this, but... tough? You've got a problem. That requires maintenance.
<collizion> AdventureTime: You've also got the problem that 10.04 goes EOL in three months. You won't receive security updates after that, which is a Bad Thing for a web server.
<collizion> (Someone else please back me up on that. EOL means no more security updates, right?)
<maswan> yeah
<collizion> Thanks.
<AdventureTime> holy crap
<AdventureTime> so downtime is needed?
<maswan> or install a new server, and then move over the laod
<AdventureTime> yeah but they use Plesk.
<coreycb> jamespage, can I get a +1 on this before moving on to the rest?  https://code.launchpad.net/~corey.bryant/ceilometer/2015.1-b1-0ubuntu4/+merge/246437
<jamespage> coreycb, I'd be tempted to bump the version dependency on openstack-pkg-tools  to 21ubuntu6~
<jamespage> that will make sure you get the fix irrespective of the order in which things are built
<coreycb> jamespage, good point, will do
<coreycb> jamespage, I'm seeing 21ubuntu5~ as the latest
<jamespage> coreycb, yep that's the one
<coreycb> jamespage, k
<AdventureTime> do i have to install centos now?
<AdventureTime> or debian maybe?
<collizion> AdventureTime: If you like Ubuntu, use Ubuntu.
<collizion> Just use a current version.
<coreycb> jamespage, mp's for upstart generation rebuilds - http://pastebin.ubuntu.com/9749470/
<jamespage> coreycb, ok most of those done
<jamespage> sahara we can skip as its not built yet...
<coreycb> jamespage, ok thanks
<jamespage> coreycb, btw the cinder disabling of SSL based tests patch could be reworked to make them pass as I did for neutron
<coreycb> jamespage, ok I can do that
<jamespage> coreycb, https://review.openstack.org/#/c/145208/
<jcastro> jamespage, this seem right? http://askubuntu.com/questions/573761/error-instaling-openstack-with-juju-due-to-kvm-ok-not-being-installed/573766
<rbasak> jcastro: good shout that KVM will need to work inside there. But I don't think that failure would cause that error message. He should have kvm-ok installed OK and then see kvm-ok fail if that were the case.
<rbasak> jcastro: sounds like a bug or at least a use case that should be investigated.
<justus_> Hello everybody, I have a question concerning networking and routing. I have a vpn connection running on one machine. Now i want to connect 3 other machines to route all their traffic through the machine with the vpn running...
<jcastro> rbasak, indeed
<jcastro> rbasak, any idea which package I should file that bug in?
<justus_> has anyone experience with routing or ip-forwarding?
<rbasak> jcastro: I'm not sure. Is that the cloud-installer package he's using? I'd start there if so. It might need to be punted to Juju, but I'm not sure how it's setting up the local environment and that looks like the faulty bit.
<rbasak> tych0: ^^ can you help?
<jrwren> justus_: if the vpn connected machine is not the default route for the lan, you don't have many options. You might get away with proxy arp, but typically you'd need your VPN endpoint to be default route or a route along the way.
<justus_> jwren: thank you for the answer. Im not sure if I understood it correct. the target machine itself is running a vpn (it is not an endpoint), but it is still reachable by other machines from the same network. I just want the other machines from the same network to use this machine to connect to the internet so to say...
<jrwren> justus_: you would need to change the default route on all those machines to be that vpn machine. It gets tricky, because that machine would then need to know to route for that subnet. Basically, this is not how ip routing works ;(
<jrwren> justus_: it becomes easy if your node that is already your default route is the same node which does the VPN connection.
<justus_> jrwren: it is not possible to run the vpn on the already configure default route. Do you think an ssh tunnel would be an easier solution? I thought it would be easy to setup a machine, to just channel all incoming and outgoing traffic :/
<jrwren> justus_: maybe we think different things are easy :)
<jrwren> justus_: if you have limited services you are accessing, ssh tunnels might be easier, yes.
<justus_> jrwren: hehe ^^ I actually have no clue about ip routing, but I am here to learn :)
<justus_> jrwren: ok, the only problem i was having with an ssh tunnel was that it was not as stable as i might have wished. And as I do not need the traffic to be encrypted I thought there might be a better solution...
<jrwren> justus_: no need for encryption? In that case, can you use ipv6 at both sides? :)
<justus_> yes
<justus_> jwren: yes
<justus_> jrwren: yes (now i got it right...)
<jrwren> justus_: then do that and you are done. :)
<justus_> jrwren: do what? ^^
<jrwren> justus_: use ipv6.
<justus_> jrwren: how can i use ipv6 to route traffic from one machine to another?
<jrwren> justus_: public ipv6. They should already have routes. That is the luxury of ipv6, there is no nat.
<jrwren> justus_: I should have asked, do you have public ipv6.
<justus_> I actually have public ipv4 addresses
<jrwren> justus_: ah, ok, nevermind.
<jrwren> justus_: do you control LAN at both sides of the connection?
<justus_> jrwren: i only control the machines
<jrwren> justus_: in that case, maybe each machine could connect to VPN?
<justus_> jrwren: yes that is the actual problem :/ only one machine can connect to the vpn. that is the only reason why i want the other machines to use this machine to connect to the internet
<jrwren> justus_: I see. I think it is possible with some tricks.
<jrwren> justus_: you want all traffic to go through VPN, or only to certain subnet?
<justus_> jrwren: I still need to be able to log into the machine via ssh. but that is already configured in the routes if that is sufficient
<X123> Greetings
<X123> I'm trying to track down some weird tcp stalling on initial connections.
<X123> Has anyone seen an issue with that and 3.13+ kernel?
<X123> (example ssh to 127.0.0.1 and put in password, and then it hangs for a minute and sometimes goes through and sometimes resets)
<X123> same with http requests
<jrwren> X123: is dns resolving quickly? is localhost in /etc/hosts and getting used?
<X123> yeah
<X123> that wouldn't stall curls to 127.0.0.1 though
<jrwren> X123: you'd be surprised :)
<X123> it only does it on 3.13+ kernel though lol
<X123> hrm
<X123> I'm also noticing that i can't open a listen socket
<X123> basically rebooting the machine, there's no problem at all for 5-10 mins
<X123> then the problem happens, and i can't even start a new service listening on a port
<X123> and almost all connections hang forever before connecting, or they get reset after a while
<X123> (Broken pipe, reset by peer)
<X123> if i kill a bunch of processes that are listening on ports, i can then start the process that i was trying to start before and it listens
<X123> but the delay /reset is still there
<tych0> rbasak: jcastro: stokachu: just saw this; stokatchu is probably the right guy to help
<X123> something is whacked with 3.13+ :)
<X123> anyone else seeing this?
<X123> 1:~# ssh ::1 root@::1's password: Write failed: Broken pipe
<rbasak> Thanks tych0. I wasn't sure.
<tych0> rbasak: sure, np
<X123> sure is quiet in here :>
<ertyi> hello there
<ertyi> anyone tested with iscsi features ?
<k2gremlin> Anyone around that runs a squid3 proxy transparent on ubuntu server?
<numkem> what is the proper way of reload /etc/sysctl.conf and /etc/sysctl.d/ ?
<numkem> there is a file in /etc/sysctl.d/ that talks about using the procps service. But the service doesn't start, just says stopped
<lnxmen> Hello.
<lnxmen> Could anyone help me with mail server configuration?
<lnxmen> I can't send email to my domain from GMail.
<lnxmen> relay=local, delay=0.08, delays=0.05/0/0/0.03, dsn=5.1.1, status=bounced (unknown user: "admin")
<numkem> lnxmen: do you have a user with that name or with that alias?
<lnxmen> I created admin@domain.com in ispconfig
<lnxmen> numkem: So I have an alias.
<numkem> can you send it locally?
<lnxmen> I will check.
<lnxmen> numkem: No, I can't
<lnxmen> The same error.
<numkem> lnxmen: have you tried doing a newaliases or something along that? I think you problem is the aliases aren't fresh
<numkem> ispconfig is some kind of webmin correct?
<lnxmen> Yes, something like that.
<lnxmen> I tried doing new ones.
<lnxmen> But I want to create mailboxes rather than store everything on one account.
<lnxmen> A z tym na razie ciÄÅ¼ko. ;<
<lnxmen> Uops, sorry.
<numkem> I really don't know how your setup is like mta and such or it's configuration if you did it with ispconfig
<numkem> something that is rather standard is to have unix accounts as mailbox users too
<k2gremlin> Squid3 transparent on Ubuntu 14 anyone?
<lnxmen> numkem: It's mail server for site support.
<numkem> but there is a millions way of configurating the mta
<jrwren> k2gremlin: i've used squid. Do you have a specific question?
<lnxmen> numkem: Is there any file I can paste to let you know how mta is configured?
<numkem> lnxmen: a list of your processes would be a good start
<lnxmen> I'll find postfix, dovecot...
<k2gremlin> jrwren, Im trying to setup a transparent squid. Right now I have a VM with squid running in non transparent.
<k2gremlin> Im making another VM using 2 OTHER vswitches connected to 2 other physical ports.
<k2gremlin> 1 of those ports is connected to a test laptop. the other port is connected on my normal router
<k2gremlin> The part I can't for the life of me figure out is the iptables crap
<k2gremlin> jrwren, I tried following this... http://ubuntuserverguide.com/2012/06/how-to-setup-squid3-as-transparent-proxy-on-ubuntu-server-12-04.html
<jrwren> k2gremlin: you need to run the iptables rules on your default gateway for it to be transparent.
<k2gremlin> Can't this server be the gateway for the lan?
<jrwren> k2gremlin: maybe it could. you'd need to configure it correctly.
<k2gremlin> jrwren, and therein lies the problem... me and iptables have never worked lol
<jrwren> k2gremlin: :)  because packets are never getting to that VM running squid.
<k2gremlin> jrwren, well they are.
<jrwren> k2gremlin: how?
<k2gremlin> My outside is 192.168.1.0   and the LAN side is 192.168.2.0
<k2gremlin> sec ill pastebin my network/infaces file
<k2gremlin> jrwren, http://pastebin.com/bTkXECSD
<k2gremlin> so the laptop is connected to eth0 directly.
<jrwren> k2gremlin: and you want trasparent to work only for the laptop?
<k2gremlin> well this is just a test enviorment. Once I get it working... my router with all clients will be moved to that port
<k2gremlin> and the eth1 port will plug into my cable modem
<k2gremlin> if that makes sense
<jrwren> k2gremlin: sure. these are test nets.
<k2gremlin> correct. Ill probably leave the client net on 192.168.2.0, but the outside net will change to match my ISP
<k2gremlin> Eth1 will probably need to change to dhcp as I don't own a static IP
<k2gremlin> (home network) lol
<jrwren> k2gremlin: lets say your laptop is 192.168.1.31. How is a connect request to 192.0.2.0:80 going to get to this VM running squid?
<k2gremlin> the laptop is 192.168.2.2
<k2gremlin> err 2.10
<k2gremlin> but still
<jrwren> ok, same question :)
<k2gremlin> it is directly connected to the Eth0 interface on the server
<jrwren> k2gremlin: can it talk to anything? because it really shouldn't be able to.
<k2gremlin> Eth0 is on the VM running squid
<k2gremlin> Ok right now, all I have configured on the VM is...
<k2gremlin> those 2 interfaces...
<jrwren> k2gremlin: how does DNS even work on laptop then?
<k2gremlin> idk yet.. lol
<jrwren> k2gremlin: I see.
<k2gremlin> But basic install atm
<k2gremlin> nics are setup and squid3 is in with initial install
<k2gremlin> When I try to goto google.com, I get the squid3 block page
<jrwren> k2gremlin: transparent squid doesn't substitute the need for working inet. Still need basic ipv4 for DNS and connectivity to that squid host.
<k2gremlin> which is expected
<jrwren> I'd not expect that give the config you have described as I understand it.
<k2gremlin> ill draw a visio up... maybe that will help
<jrwren> k2gremlin: it may help to describe everything and maybe ask on askubuntu.com
<k2gremlin> ok
<RoyK> k2gremlin: look at the acl entries in /etc/squid3/squid.conf
<jrwren> k2gremlin: also, a lot of us don't have access to visio, so maybe draw it in text :)
<k2gremlin> RoyK, I know squid really well. I tried a VM 2 days ago and setup the ACL's and such in squid. once it's past the rules in squid the http requests die lol
<k2gremlin> jrwren, I screen shot the visio :)
<k2gremlin> 1 sec
<sarnold> RoyK: jeeze the other day I wasted twenty minutes trying to figure out why my sed -i -e 's/anl.gov/pnl.gov/ for my apt sources failed
<sarnold> RoyK: it culminated in finding that I had previously set acls on squid for the hosts it would cache :)
<RoyK> sarnold: hehehe
<k2gremlin> jrwren, Ok the top is what I have right now for testing. The bottom is the end result I eventually want. http://puu.sh/ew2LH/59f97f043e.png
<jrwren> k2gremlin: I don't think it is possible the way you have documented it.
<k2gremlin> WHOA...
<k2gremlin> I set the acl for src 192.168.2.0/24
<k2gremlin> and allow http_access for that acl
<k2gremlin> it worked..
<k2gremlin> NOTHING is configured for IP tables
<k2gremlin> let me make sure the laptop isnt directed at squid for a proxy
<k2gremlin> shit it is
<k2gremlin> lemme uncheck lol
<k2gremlin> and connection fails lol
<k2gremlin> So I need IPtables to pull traffic from eth1 and force it to squid... then squid to redirect the traffic to eth 0
<k2gremlin> but this is sort of working. Clients cant access the internet without having the proxy setup.
<jrwren> k2gremlin: sounds like you are almost there.
<k2gremlin> My current home setup, if the proxy isnt configre they go straight out to the net
<k2gremlin> which I don't want them to be able to do.
<k2gremlin> Ultimatly, I want them to go through the proxy without having to configure the client
<lnxmen1> numkem: https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
<lnxmen1> I configured this server with this tutorial
<sarnold> utlemming: why do you attach your gpg key to every email message?
<dasjoe> Why should one trust a GPG key received in that way?
<sarnold> dasjoe: well, in some sense, it's better than just requesting a key from the servers with a 32 bit keyid -- you can inspect the headers of the email and make sure that they look similar to previous emails from the sender, the purported sender can complain if seeing the mails on a public list..
<rbasak> Sign every email. Then the recipient doesn't need to inspect the headers - he can just verify that all previous emails were signed by the same key.
<rbasak> That pushes any possible MITM attack back to before the first email.
<sarnold> rbasak: hehe, yeah, I sometimes download a key from the servers with the 32 bit key id, filter mutt to show only messages from that person, and go verify a few dozen emails with it -- then lsign the thing :)
<sarnold> I wish mutt had some kind of interface to let me know when keys change or someone who always signs neglects to sign... but it's a start.
<keithzg> Hmm, I think I'm out of my depth in trying to limit the CPU usage of a libvirtd-run VM. I had assumed I could set a percentage or such, but in <cputune> one needs to set the <quota> in microseconds. I can't claim to have any idea of what a reasonable value would be!
<RoyK> keithzg: perhaps playing with cgroups could help?
<sarnold> keithzg: you could set it to something like 750000 -- if it is measured per-second, as I expected, that'd be a 75% quota..
<keithzg> RoyK: Probably, I guess I just assumed via the KVM settings would be the easier way to go.
<keithzg> sarnold: Thanks, I'll give that a shot.
<keithzg> (this is a VM that still runs a CVSNT server for people to go back and check from time to time, because nobody can be bothered to just find the equivalent commits in SVN I guess :P And CVSNT being CVSNT, it sometimes chews inexplicably high CPU time, making all the other VMs on the same host intermittently slow)
<sarnold> and it's not disk bandwidth?
<keithzg> naw, it's cvslockd jumping up to 100% CPU usage.
<keithzg> And then it just sticks there until I retart either the lock daemon or, if I'm feeling lazy, the entire VM.
<sarnold> *nod*
<sarnold> it probably needs the restart from time to time anyhow :)
<keithzg> That's what I tell myself at least ;)
<k2gremlin> is there any reason an iptable command does not show up when I do iptables -L
<k2gremlin> the command I entered was "sudo iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j DROP"
<teward> k2gremlin: different tables set
<k2gremlin> Yea I see now, iptables -L -t nat
<k2gremlin> but my proxy still not working lol
<k2gremlin> trying to accept packets on one port... bring through the proxy, then forward to another port
<hoogeveen> i'm trying to use a working OEL/redhat kickstart process, which uses NFS based ISO install tree for ubuntu and the ubuntu installer keeps barfing on a missing CD.
<hoogeveen> is there a way of telling ubuntu to get its files from an NFS location instead of a local cd?
<hoogeveen> the doc for auto-install states that this is not supported: "Installation from an archive on a local hard disk or from an NFS archive. "
<hoogeveen> but this doc may be old.
<hoogeveen> the installer has created a dir /var/spool/kickseed/fetch/nfs/A.B.C.D/export/linux/ks/hosts
<hoogeveen> which sort of implies that it is attempting to do something, NFS-wise, since A.B.C.D is the IP of my kickstart server
<hoogeveen> ahhh, kickseed appears to be only the ks config file
<bekks> hoogeveen: How does your kickstart file looks like? And how does your boot entry for booting off that kickstart file looks like?
<hoogeveen> the kickstart file contains an nfs line
<bekks> Please show us both files :)
<hoogeveen> the nfs line looks like this:
<hoogeveen> nfs --server=ni1central-228.us.oracle.com --dir=/export/linux/ubuntu/ubu14.04.1.tls
<hoogeveen> that is in the kickstart file
<AdventureTime> thanks to the guy who helped me out! who ever you are, send me a pm so that i can talk you.
<hoogeveen> i think you mean the command line for the kernel and that looks like:
<sarnold> are you confident that DNS works at that stage of boot?
<hoogeveen> ksdevice=eth0 ip=10.80.228.174 netmask=255.255.255.0 gateway=10.80.228.1 dns=192.135.82.132,130.35.249.41,130.35.249.52 ks=nfs:10.80.228.15:/export/linux/ks/hosts/tbrm-x86 load_ramdisk=1 initrd=pxelinux.cfg/ubu14.04.1.tls/initrd.gz network console=ttyS0,9600 BOOT_IMAGE=pxelinux.cfg/ubu14.04.1.tls/vmlinuz
<hoogeveen> no, not with ubuntu, since it isn't working.  it works with redhat/oel
<hoogeveen> however, i'm not getting dns errors, i'm getting "nothing loaded in cdrom" errors.
<sarnold> ah, right
<hoogeveen> two different auto-install docs mention that nfs doesn't work for the pkgs and peole should use http instead.
<hoogeveen> so, i wanted to verify that before i go down that road.
<hoogeveen> i'm fairly sure that it is probably getting the kickstart file
<hoogeveen> in that the log file mentions it.
<hoogeveen> it is a little odd that the installer can nfs mount and fetch the ks.cfg file, but can't nfs mount and fetch a package.
<hoogeveen> i'm not sure what the difference would be, unless it is just the front-end processing that is missing.
<hoogeveen> the nfs support *appears* to be there...
<hoogeveen> but, this is my first foray into network installs with nfs on ubuntu
<hoogeveen> so i am quite unfamiliar with any restrictions that may be in place.
<hoogeveen> other than the afore mentioned two documents on auto-install which counter indicate nfs & archives
<hoogeveen> do you still want the contents of the ks.cfg file?
<bekks> hoogeveen: That would be helpful too, yes.
<hoogeveen> should i paste it somewhere or splatter it here, getting bits of crap all over everyone?
 * hoogeveen is unfamiliar with this channle.
<hoogeveen> or channel even
<sarnold> hoogeveen: generally pastebins are preferred if it's more than two or three lines
<hoogeveen> ok, i thought so.   wait a bit and i'll whip it up
<sarnold> pastebinit or wgetpaste can make it easier
<hoogeveen> not familiar with those tools on solaris.
<hoogeveen> i'm guessing that is either windows or linux
<hoogeveen> 269 lines
<sarnold> pastebinit requires python3, so it should be portable to solaris -- though if you don't already have python3 installed, it might be too much work
<hoogeveen> i'll look for it later - thanks for the tip
<bekks> You can just upload it to a pastebin with your browser, too.
<cyclob|work> Hi all, can anyone point me into the direction of getting pam_mysql to use hsa512 passwords. Apparently it's supported but i can't find out where i can set it to use it
<hoogeveen> are you ok with me eliding the post-install script?  that isn't really germane to this problem.
<cyclob|work> sha512*
<sarnold> bekks: yeah but copy-paste is such a pain in the ass when it doesn't fit on one terminal window :)
<bekks> sarnold: The even have a file selection button :P
<bekks> *They
<sarnold> bekks: they do? hunh :)
<bekks> :D
<hoogeveen> http://pastebin.com/ab8kKNV2
<hoogeveen> that is the kickstart minus the %post
<hoogeveen> this is the pxe file   http://pastebin.com/eHm5u18J
<hoogeveen> here they are, sarnold bekks
<sarnold> hoogeveen: sorry, I"ve never done kickstart myself :/
<sarnold> hoogeveen: nothing else stands out to me
<hoogeveen> ok.   i suspect that it isn't supported and that i should stand up a web server, but didn't really want to do that if i already had a full NFS install structure set up.
<sarnold> no kidding
<sarnold> NFS is just so easy by comparison
<hoogeveen> i could unroll the initrd and putz around in there with getting the nfs mount point set up, but that seems like a bit more work than it may be worth
 * hoogeveen is unsure if sarnold has the sarcasm flag enabled....
<sarnold> hoogeveen: hehe, no, I don't much like how complicated webservers are
<bekks> I just compared your settings against mine - and the only difference is that I'm actually using a http server for serving all files, instead of a NFS server.
<sarnold> hoogeveen: especially if yo'ure using zfs on a dataset, you probably just get to zfs export dataset ... and the damn thing just works :)
<bekks> And setting up a webserver just for serving that stuff is pretty easy :)
<hoogeveen> ok, i think that you two, plus the people in #ubuntu who didn't know what i was talking about, plus the two docs, plus a couple of other people are enough of a quorum on this
<hoogeveen> yup.
<hoogeveen> zfs is nice
<hoogeveen> well, i live in a big corp, so there are sometimes.... let me say, complications to things like that.
<sarnold> oh, it'd be zfs share, not export, that's something else entirely. :) anyway, I wish there was a similarly easy way to do httpd. hehe.
<hoogeveen> hopefully, i'll just be able to do the simple standup to share these out and be done with it.
<hoogeveen> thanks for the eyeballs on this.
<sarnold> good luck :)
<hoogeveen> oh, one more question.  it looked like it was just http and not https
<hoogeveen> is that correct?
<hoogeveen> or was it just that the examples were http and https was implied?
<cyclob|work> anyone know how how to get pam_mysql hashing with sha512?
<hoogeveen> we've been moving to all htpps internally lately
<sarnold> no idea, sorry; I suspect http, since the 's' part might be difficult to do correctly (trusted CAs, trusted date/time for boot, etc..)
<hoogeveen> yeah, that can be a *big* can of worms.
<hoogeveen> again, thanks for taking the time to indulge me and talk to you later.
<sarnold> the installer verifies signatures with gpg, so https has never been a big priority for anyone
<sarnold> a pleasure hoogeveen :)
<bekks> :)
<cyclob|work> grr. why am i getting permission denied when my user is in an webdev group with rwx permissions
<cyclob|work> oh right have to re-log to make the group take effect.
#ubuntu-server 2015-01-15
<X123> anyone else seeing weird tcp connection problem with 3.13+ kernel
<bearface> define weird
<X123> like..
<X123> ssh to 127.0.0.1 and it hangs for anywhere from 10 seconds to minutes, sometimes connects and sometimes resets broken pipe etc
<X123> same thing with curls and such
<X123> starts happening about 10ish mins after reboot
<X123> works fine until then
<X123> almost like a memleak of some sort
<X123> happens in every kernel 3.13+ i've tried
<X123> seems fine in older ones
<sarnold> I'm on 3.13.0-44-generic and "time ssh localhost date" takes 1.9 seconds for the 'first' run and 0.2 seconds for each additional run
<sarnold> hangs with ssh often mean the server is trying to do a reverse DNS lookup on the client's IP address
<X123> yeah i know but it's not that
<sarnold> but that doesn't make sense re: ten minutes after reboot
<X123> localhost is in the /etc/hosts
<X123> plus it does it with curls (http request)
<X123> and on top of that i can't open any listening sockets either
<X123> like trying to start a service that listens on port 5000
<X123> it won't listen on the port even though nothing else is there
<X123> it's extremely weird problem
<X123> ssh localhost is instant for some time
<X123> it asks for password instantly every time
<X123> and then hangs
<sarnold> is there anything strange in dmesg? how do netstat or ss output look?
<X123> nothing major, it's running several services
<X123> Transport Total     IP        IPv6 *         2108      -         - RAW       0         0         0 UDP       11        8         3 TCP       107       104       3 INET      118       112       6 FRAG      0         0         0
<X123> but not much connections
<X123> sometimes ssh connects in 10-60 seconds
<X123> and sometimes it broken pipe/reset by peer
<X123> after a few mins
<X123> but this is destroying the HTTP services running on the box
<X123> even curl to 127.0.0.1 does same thing so as uc an imagine http doesn't work :)
<X123> once a connection is established (ssh or whatever) it's fine
<X123> nothign in dmesg
<X123> was wondering if it had something to do with apparmor
<sarnold> X123: apparmor would show up with DENIED messages in dmesg or auditd logs
<X123> yeah, and it's not
<X123> but u never know :0
<X123> does same on 3.16
<X123> and multiple servers are doing it
<X123> not just one
<X123> but then again we have a few more servers that aren't AS BAD
<X123> like ssh takes 8-16s
<X123> and always seems to connect
<X123> and it's random that it does that, most of the time it's 1s or so
<X123> but no matter what it should always be instant
<X123> kind of driving a few of us nuts haha
<X123> if you have any clue or direction to figure it out would be appreciated
<X123> sniffing loopback and watching it shows interesting results sometimes
<X123> sometimes it gets stuck retramsitting over and over, and sometimes it gets no response
<X123> is very very odd
<k2gremlin> Can someone help me with an iptable to redirect all traffic from an interface to a port?
<X123> like what?
<X123> i mean you can't redirect ALL traffic from a layer2 interface to a layer3 port
<k2gremlin> all port 80 traffic to a Squid3 server
<X123> so have to be more specific :)
<k2gremlin> I know and iptables are very new to me lol
<X123> so when someone connects to port 80 of the ip address on your interface
<X123> u want it to go to some other ip on anothe rport
<X123> or do u want all traffic that gets forwareded through like a router to be redirected
<k2gremlin> Well the laptop or lan is connected to one port on my server which is vswitched to Eth1 of my Ubuntu serer
<k2gremlin> server
<X123> ok
<k2gremlin> I need all of that web traffic redirected to Squid3 and then on the outside redirected from Squid3 to Eth0 which is Vswitch to another physical port on the server.
<k2gremlin> All other traffic redirected straight from Eth1 to Eth0
<X123> redirected.. as in?
<X123> like NAT
<X123> or routing ?
<cyclob|work> is there an service available that can monitor bandwidth usage?
<k2gremlin> That I am not sure of. Eth0 is on 192.168.1.0 net and Eth1 ison 192.168.2.0 net
<k2gremlin> so a "static" NAT for all the other traffic maybe?
<X123> cyclob|work: like a program you run on the command line, or what?
<X123> you can nat any traffic leaving eth0
<X123> to the ip of eth0
<cyclob|work> yeah so i can stick a box between a switch and router and graph the bandwidth usage over a week
<k2gremlin> X123, I tried this... http://pastebin.com/Lme2GAxU
<X123> why not just graph the bandwidth usage on the router or switch port
<cyclob|work> no snmp or router access sadly
<X123> whaa
<cyclob|work> yeah managed routers
<X123> so you want to insert a server in between it and bridge the interfaces
<cyclob|work> costs $$$$ to chagne anything on them. lol
<sarnold> cyclob|work: check out iptraf or munin or similar
<X123> just run SNMP on the server
<X123> and use cacti or something to graph the interfaces
<k2gremlin> Kind of... I want the Squid3 server to be directly behind my ISP modem and the Lan behind that
<X123> works just like it's a router or switch
<X123> what's the squid server for?
<cyclob|work> cool i'll check them out
<k2gremlin> its a proxy server...
<k2gremlin> to allow or disallow based off of rules.
<X123> yeah just apt-get install snmpd i think
<k2gremlin> Which I then build Dilidele WS on top of that for content filtering
<X123> so you want the squid server to transparent proxy
<X123> everything coming from your lan
<k2gremlin> Yes!
<k2gremlin> And I am familiar with firewall rules and such on ASA's but iptables is a foriegn language to me
<X123> that's easy enough
<k2gremlin> X123, this is for home networking btw
<X123> you really should specify interfaces in iptables
<X123> like postrouting -o eth1
<k2gremlin> and I would prefer that because the ISP side may change
<X123> u don't want to nat everything on every interface
<dts|pokeball> hey,,, if anyone can answer this i would be very appreciative https://askubuntu.com/questions/573904/setting-up-subdomains-for-ubuntu-server-14-04
<k2gremlin> to give you a layout of what I have..
<k2gremlin> Right now is it ISP>Router>Server>Laptop
<k2gremlin> for testing
<X123> server is acting as a switch
<k2gremlin> for the laptop yes.
<k2gremlin> And with NORMAL squid... IE...
<X123> so laptop has an ip from router
<k2gremlin> Directing the laptop to the squid it works
<X123> like eth0 on router goes to ISP
<X123> eth1 goes to server
<k2gremlin> umm ...
<k2gremlin> http://puu.sh/ew2LH/59f97f043e.png
<k2gremlin> top is what I have now
<k2gremlin> and I can't get it working
<k2gremlin> Once I figure it out ill put the server between the IPS and the internal LAN router
<X123> so the server is doing NAT also
<X123> to the router, which is doing nat to the isp lol
<k2gremlin> Server isnt yet...
<k2gremlin> I just have the interfaces on the server configured for those IP's
<X123> then how does the laptop get internet access
<k2gremlin> static
<k2gremlin> atm
<k2gremlin> Ohh umm
<k2gremlin> It doesn't
<k2gremlin> UNLESS
<k2gremlin> I manually put in the proxy info
<k2gremlin> which I don't want to do
<X123> oh so it has no internet at all
<X123> you just want port 80 to work
<X123> and ntohing else?
<k2gremlin> well eventually 80 and 443 to the proxy...
<k2gremlin> everything else straight out
<k2gremlin> if that makes sense lol
<X123> yeah
<k2gremlin> Right now, anything that has a destination port 80
<X123> http://www.tldp.org/HOWTO/TransparentProxy-6.html
<X123> this 6.2 method is the best imo
<k2gremlin> checking it out now
<sarnold> hah, I read that HOWTO back in the ipfwadm days
<sarnold> nice to see it's been updated since then :)
<X123> haha
<X123> it still works :)
<k2gremlin> This sounds like the iptables is a seperate server..
<X123> yeah the iptables is the router
<X123> squid is separate
<k2gremlin> can they be on one?
<X123> sure
<k2gremlin> squid-box = squid server ip right?
<X123> yeah
<X123> but you wouldn't need the extra routing
<k2gremlin> -s near the end of the first command is source?
<X123> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect
<X123> this should be easier to see for one device
<k2gremlin> yea I tried that page
<X123> of course i'd specify interfaces in iptables
<X123> i dunno why they didn't
<X123> i ALWAYS specify interface :)
<X123> -o and -i
<k2gremlin> Actually thats a different page
<X123> masquerade is outbound nat
<k2gremlin> 1 sec..
<X123> it's ip unspecific is why they use it because if eth0 connects to the internet, the ip might change
<X123> so masquade just picks whatever IP is on that interface
<X123> and uses it
<k2gremlin> I don't see an eth0 on that page
<X123> there isn't :)
<X123> there should be.. :)
<X123> if eth0 is internet facing
<X123> then you want -o eth0 for the masq
<k2gremlin> this look good? http://pastebin.com/4PSmMVfw
<X123> just so there's no confusion
<k2gremlin> after masq
<k2gremlin> iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0
<X123> before, but im sure it will move it
<X123> basically means, anything exiting eth0, nat to the ip of eth0
<k2gremlin> iptables -t nat -A POSTROUTING -j -o eth0 MASQUERADE ?
<X123> -A POSTROUTING -o eth0 -j MASQUERADE
<k2gremlin> k ill try
<X123> then the prerouting ones
<X123> u want -i
<k2gremlin> ...
<X123> input interface
<X123> i mean it's not necessary
<X123> i just don't like iptables doing things i don't want it to do
<k2gremlin> on all prerouting?
<X123> prerouting happens before any processing
<k2gremlin> http://pastebin.com/vF5wSbfc
<X123> like the first thing it does when a packet comes in an interface = prerouting
<X123> postrouting happens after it processes the packet in routing table and decides what interface is is going to send the packet out
<X123> i think the last prerouting is -i eth0
<k2gremlin> ill try those commands
<k2gremlin> right sorry
<X123> because it's blokcing people on the internet from accessing the squid port
<k2gremlin> So if the dport isnt 3128 drop it
<X123> that drops everything going to 3128
<X123> if it comes in eth0
<X123> but it's not coming in eth0, it's coming in your lan eth1
<k2gremlin> http://puu.sh/ex2wD/9242aef150.png
<k2gremlin> ill try it
<k2gremlin> nope... not even seeing access on the squid logs
<k2gremlin> is there a way to view traffic on the iptables?
<X123> u can see counters
<k2gremlin> how? lol
<X123> like iptables -t nat -L -vnx
<X123> or whatever table u are using -t mangle -t filter
<k2gremlin> postroute is only one with counters
<X123> well you are accessing a real internet ip from the laptop?
<k2gremlin> cnn.com
<k2gremlin> google.com
<k2gremlin> stuff like that
<k2gremlin> wait
<k2gremlin> Pings work
<k2gremlin> so..........
<k2gremlin> DNS not working
<X123> you'd have to use DNAT for redirecting a real internet ip to the squid proxy
<X123> because redirect of a port will just change the port
<X123> but it will still end up going out
<k2gremlin> ok well getting closer lol
<k2gremlin> I havent been able to get that ping to work in 3 days trying this
<k2gremlin> Sec... gotta change the squid config to intercept
<k2gremlin> duh?
<X123> ping will work because of masq
<k2gremlin> gotcha.. and were not trying to intercept icmp
<k2gremlin> trying to intercept port 80
<X123> actually it intercepts 3128
<k2gremlin> hmm nslookup.. laptop is able to resolve
<X123> and you DNAT port 80 to 3128
<k2gremlin> thats what udp 53?
<X123> aye
<k2gremlin> Ok so DNS is working
<X123> do a tcpdump -n -i eth0
<X123> and try access web site
<X123> i bet you will see it trying to access 3128
<k2gremlin> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:3128
<k2gremlin> try this?
<X123> yeah that's what u need
<X123> that redirects connection attemps to 80 to that ip
<k2gremlin> ok do I have to "restart" iptables?
<X123> not if you typed that from the shell
<X123> it puts it in instantly
<X123> but it appends it to the end
<X123> -A is append
<X123> so u have to look at where you are inserting it
<k2gremlin> ok it dropped it at the bottom.. top down is how it runs so how do I move it up?
<X123> and then u have to redirect the REPLY
<k2gremlin> I don't see anything like sequence numbers in here
<X123> u can do --line-numbers
<X123> to see the sequence #
<X123> honestly i just edit a file
<X123> i do iptables-save >file
<X123> edit file
<k2gremlin> Where is it stored?
<X123> iptables-restore < file
<X123> that's how i do it :)
<X123> i don't even bother with it being saved anywhere
<k2gremlin> so make a new file with what I want then run that command
<X123> just type iptables-save
<X123> u will see
<X123> so u can > that to a file
<X123> edit that file
<X123> then iptables-restore < file
<X123> and it puts in in the order in the file
<X123> it's 100x easier
<X123> imo
<k2gremlin> ok... where did it save to?
<k2gremlin> nvm.. I did iptables-save > iptables.txt
<X123> you just need 2 rules
<X123> in iptables
<X123> plus the masq
<k2gremlin> http://puu.sh/ex4vX/17d898e47b.png
<X123> redirect rule should be lan
<X123> like
<X123> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
<X123> if eth1 is your LAN int
<X123> no wait
<X123> should be eth0
<k2gremlin> yea eth 1
<X123> cuz it has to do it before it goes out eth0
<k2gremlin> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
<k2gremlin> is whats in there
<X123> so you will have two rules like this
<X123> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128                         iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
<X123> or whatever your squid IP is
<X123> in that order
<X123> should work :)
<X123> i never tried it like this tho
<k2gremlin> so the DNAT is the outside
<X123> and then you'll have the masq
<X123> DNAT is LAN eth1
<X123> it redirects anything on your LAN
<X123> that tries to connect to anything on port 80
<X123> routed though this server
<X123> to that squid ip
<k2gremlin> ok so LAN is 192.168.2.0, Squid Eth1 is 192.168.2.1 so use 2.1 on the DNAT
<X123> squid server would be 192.168.1.1 in my example
<k2gremlin> http://puu.sh/ex5cd/95196f94b4.png
<X123> which is running on the local machine
<X123> that's what the -j REDIRECT does
<X123> redirects it to the local machine only
<k2gremlin> that last pic I sent still isnt working :/ lol
<k2gremlin> lemme check squid logs
<k2gremlin> nope. Squid log shows 0 traffic
<X123> http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
<X123> check this
<k2gremlin> so at this point, I need to get port 80 traffic to 3128 just to start
<X123> that looks like it explains it better
<X123> you can verify that with tcpdump
<k2gremlin> but that 3rd rule under the NAT table should do it
<X123> that's how i do it
<X123> maybe rp_filter is on
<X123> and the machine is being a @()#
<X123> make sure rp_filter=0
<X123> edit the /etc/sysctl.d/10-network-security.conf
<X123> and make those 0
<X123> that breaks so much stuff that they default to 1
<X123> soooo much
<X123> syncookie 0 too
<k2gremlin> this looks like my exact setup
<X123> yeah
<X123> but make sure rp filter!
<X123> is 0
<sarnold> if you're going to turn off rp_filter, it's worth making sure your firewall rules enforce something sane
<X123> since u are doing nat tricks
<X123> i always turn it off, it causes more problems than anything
<X123> much easier to iptables stuff
<sarnold> X123: any luck with your problem?
<X123> sarnold no :/
<X123> unfortunately
<sarnold> X123: dang ;(
<X123> it doesn't do it on centos running same thing
<X123> or previous kernels
<sarnold> I hoped I had just missed it in the middle of the rest..
<X123> just 3.13+ so far
<X123> i'm dying to know what it is
<sarnold> X123: please file a bug against "linux"
<X123> well i've only tried the ubuntu kernels
<X123> i might download and compile one myself
<X123> and see
<X123> that's a lot of work though lol
<sarnold> X123: when you file one against linux, there's a robot that will ask you test some 'upstream kernels', all precompiled and ready to go
<X123> ill get one of the techs to do it.. i'm the network engineer :P
<X123> tested 3.16
<X123> same stuff
<X123> rp_filter is the most annoying thing ever
<X123> it just silently discards packets
<X123> wish it was default 0 in every dist
<X123> k2gremlin u get it working
<k2gremlin> X123 nope not yet. Crusing through the iptables to figure out why its not forwading 80 to 3128 :/
<X123> did u disable rp filter
<k2gremlin> That site is old... but I can sort of understand it lol
<k2gremlin> Yes
<k2gremlin> there were 2 commands wiht it
<X123> tcpdump :)
<X123> that is my friend
<X123> there's a script on that site that sets it up
<X123> check out the script, it has a bunch of iptables commands
<k2gremlin> Yea I ran it...
<X123> but some of the block a lot of stuff which u don't want
<k2gremlin> but the config portion for squid is really ol
<k2gremlin> old
<k2gremlin> the squid commands are not valid anymore.
<X123> ah
<X123> never used squid :)
<X123> i use nginx
<k2gremlin> only traffic was ssh with my putty and an arp request
<X123> use tcpdump to trace it
<X123> see what's coming in the lan int
<X123> see what's on lo
<X123> and see what's going out
<k2gremlin> can I grep an interface?
<X123> u can put options on tcpdump
<X123> like what do u want to do
<k2gremlin> see whats coming in eth1
<X123> just tcpdump -n -i eth1
<k2gremlin> 20:36:52.028698 IP 192.168.2.1 > 192.168.2.10: ICMP 192.168.2.1 udp port 53 unreachable, length 65
<k2gremlin> yea see I can't even ping using their rules
<k2gremlin> lol
<X123> yeah like i said
<X123> it blocks pretty much everything
<X123> so u can just edit out all the blocking stuff
<sarnold> ping uses icmp, a different protocol than tcp...
<X123> you should use tcpdump -n -i lo
<X123> to see traffic on local machine
<X123> sarnold, tcpdump shows everything
<X123> even mpls, gre, layer2 info
<X123> everything :)
<X123> not sure why it's called tcpdump but it shows it all
<sarnold> X123: hehe, I meant that more along the lines of "you can't ping because you're only forwarding tcp traffic" ...
<X123> oh eheh
<sarnold> X123: tcpdump and I have a love/hate relationship :)
<k2gremlin> watching lo isnt generating anything
<sarnold> X123: ... I love the stupid thing but hate the language, I have to use the manpage every. single. time.
<X123> it's not tcpdump language
<X123> it's pcap
<X123> so, hate pcap :)
<sarnold> oh I do :)
<X123> hehe
<sarnold> same story with wireshark
<k2gremlin> but ill take another wack at this tomorrow. My eyes are starting to hurt lol
<k2gremlin> Thanks for all of the info/help guys
<X123> yw :)
<sarnold> but why on earth they picked _C_ for the packet disectors...
<X123> right now i have a hate relationship with cisco nexus 5xxx devices
<k2gremlin> Im at the point where I open the server to someone.. they come in and set it up for me haha
<X123> when you are forced to use these instead of a 7k
<X123> grrrr
<k2gremlin> so frustrated with it
<sarnold> X123: heh, I've not heard much good about cisco gear :/
<X123> I love cisco gear :)
<X123> just not the nexus 5k lol
<sarnold> ah :)
<X123> 6500 platform and ASR
<X123> are some of my favorite devices anywhere
<k2gremlin> Well X123 I have another VM running Squid as a direct proxy and its working great. Just can't get this transparent thing working.. lol
<k2gremlin> its even doing https inspection lol
<k2gremlin> but ill be damned if I can get transparent :/
<X123> yeah you can do that without transparent easy
<k2gremlin> right lol
<X123> transparent basically
<X123> the proxy answers the connection
<sarnold> k2gremlin: would it be sufficient to just prevent the clients from getting to the internet at all? i.e., undo the "transparent" bit?
<X123> it checks out the host: header
<k2gremlin> sarnold, its for my kids devices lol
<X123> then connets to that and sends your request
<sarnold> k2gremlin: ahhhh
<sarnold> stuff that's unlikely to let you set http_proxy env variables correctly :)
<k2gremlin> I have Squid3 with Diladele WS (content filter) running
<k2gremlin> well the problem is... if they just turn off the proxy setting they go right around it lol
<X123> which is why it won't work with some older http 1.0 requests
<k2gremlin> Granted they may not be that smart yet.
<k2gremlin> but I want to stay 2 steps ahead
<X123> well, no u can block everything to port 80/443
<X123> going to the tinernet
<X123> except from the proxy
<X123> so if they turn it off they get nothing
<k2gremlin> Can I do that on my Asus router???????
<X123> i'm sure you can
<X123> it prob allows filter rules
<k2gremlin> ill look into it
<X123> most transparent proxies i set up are bridged
<k2gremlin> the only other problem I need to solve.. is how to block changes to iOS WiFi settings lol
<X123> ha
<X123> they might have a kid mode on there
<k2gremlin> Can kids are gonna be smart. They turn off wifi and boom they using their cell service lol
<X123> some way to set an admin pass
<X123> yeah
<k2gremlin> There are a lot of restrictions..
<X123> or they can just leave the house :)
<k2gremlin> except wifi
<X123> and go out of range of the wifi
<k2gremlin> not much I can do there
<X123> and use the cell service :)
<X123> remove data from their account
<X123> lol
<sarnold> yank the SIM? :)
<k2gremlin> I have iOS content filters enabled but yea.. :/
<k2gremlin> And honestly.. this whole server thing is just fun for me lol
<X123> apple could make some good bank
<sarnold> lol
<k2gremlin> kids are going to be kids
<X123> if they integrated some sort of kid protection into the phone
<X123> like forced it to use a proxy server they set up
<X123> even on cell service
<k2gremlin> I did the content filter more so that I can watch what they are doijng on the net
<X123> i did that for my kids
<X123> but i just broke down and bought a router with built in content filtering lol
<k2gremlin> I know they are going to push the boundaries.. but I want to see the red flag so that I can be like oh hell no... lol
<X123> don't have time to mess with all that
<k2gremlin> fun for me.. I love VM's
<X123> another love /hate relationship of mine
<k2gremlin> and it took a week ish to get the proxy with https working lol
<X123> VM's piss me off
<k2gremlin> lol
<X123> but they have such good functionality
<k2gremlin> I have a Plex server and the content filter atm
<k2gremlin> and a GNS3 IOU vm running as well
<k2gremlin> Wanna hear something funny...
<X123> right now im working on two nexus 5548
<X123> want to throw them off the 50th floor
<k2gremlin> I know all this server crap.. granted not well. I know Cisco big time.
<k2gremlin> Networking and all that. Tunnels, ospf, bgp
<X123> yeah me too :>
<k2gremlin> I took ICND1 Monday
<X123> that's what I do
<k2gremlin> failed by 3 points lol
<X123> damn heh
<k2gremlin> fucking trick ass questions lol
<k2gremlin> excuse my language
<X123> i got cisco certs ages ago haha
<k2gremlin> so the internet side of a router running NAT....
<k2gremlin> Global or inside?
<X123> and yes they are stupidly tricky questions
<X123> and the thing that bugged me the most was they are all cisco way
<k2gremlin> I know it as "Global Inside"
<X123> i don't always do things the way cisco "SUGGESTS" them to be done
<k2gremlin> they had a choice.. "Global" or "Inside"
<k2gremlin> RIGHT!
<X123> and all of their questions are based on how they want it done and not 20 other ways u can do it
<k2gremlin> tell me about it
<k2gremlin> trying to think of some other areas I messed up
<k2gremlin> oh.. port security lol
<k2gremlin> IDK how I messed that up
<k2gremlin> was a question on sticky mac..
<X123> lol to me that question would be outside :)
<X123> or external/dmz
<k2gremlin> stick puts the number of max devices mac address in the configs correct?
<k2gremlin> pending the use of a timer
<X123> if you put it there :)
<X123> sticky mac puts the devices in the config on IOS :)
<X123> but it doesn't on nexus 5548
<X123> lol
<k2gremlin> haha
<k2gremlin> im re-taking on the 18th
<X123> and max devices you have to set
<X123> like
<k2gremlin> max 5
<X123> switchport port-security  switchport port-security maximum 8  switchport port-security aging time 60  switchport port-security violation restrict  switchport port-security aging type inactivity  switchport port-security mac-address sticky
<X123> max is whatever you set it to
<k2gremlin> puts first 5 in the config lol
<k2gremlin> exactally.. not sure how I messed up network device security
<X123> firs t 5? :)
<k2gremlin> enable secret 34io5ih398fcfjq is encrypted en pass right? lol
<X123> yeah
<k2gremlin> enable pass cisco is un-encrypted en pass
<k2gremlin> I mean its SO easy
<k2gremlin> yet I failed lol
<X123> hehe
<k2gremlin> and most people would consider ip addressing the hardest part.
<k2gremlin> got 100% on that
<k2gremlin> lol
<X123> it puts a lot more than first 5 :)
<X123> i got some ports with like 20-30
<X123> stickies on it
<X123> for VMs lol
<k2gremlin> someone in networking Saturday tested me..
<k2gremlin> they said 3 offices running 500 pc's and 500 phones in each office. Once office is 2 floors with 500/500 as well.
<X123> i stopped doing dynamic sticky mac and started specifying it
<k2gremlin> so I made this in 15 mins
<k2gremlin> http://puu.sh/emjcr/18d7274617.png
<k2gremlin> I love networking but I hate testing
<k2gremlin> but anyways, going to play some CoD for a bit
<X123> heh
<k2gremlin> thanks again
<X123> did they like that diagram
<X123> i love testing stuff :)
<X123> i hate making diagrams haha
<X123> making big mpls l3 vpns, and dmvpn and such is a nightmare of config
<X123> lots of vrfs and such
<X123> trying to keep track of all that is )!@(*!)
<k2gremlin> right!
<X123> plus all the BGP filters, the security filters, control plane policing
<X123> if someone interrupts me
<X123> or calls me or anything
<X123> when im in the middle of a huge config
<k2gremlin> I hate BGP
<X123> i have to take like an hour to find where i was lol
<k2gremlin> haha
<X123> i do BGP and securityi all day
<X123> and MPLS
<X123> in theory, it's very simple
<X123> in practice, the filters are a nightmare
<collizion> used to work somewhere as a sysadmin where the net admin, who just renewed his CCNA, didn't know how to configure dynamic routing. Large campus, 32 buildings, statically routed.
<X123> shoot if you have one /16 or something
<X123> and just route huge chunks to a few routers
<X123> i static rout a lot of stuff :)
<X123> sometimes just OSPF for loopbacks/links
<collizion>  /8, divided into /16s, /20s, /24s.
<X123> and static rout to loopbacks
<X123> and gg
<X123> but BGP is fairly simple
<X123> if I had more than 2-3 routers i'd prob set up bgp
<X123> or carry the routes in ospf or isis or eigrp or something
<collizion> yeah, we had a lot more.
<X123> at the least
<X123> yeah but with like 1k total routes
<X123> ospf is ok :)
<X123> or eigep
<X123> but when got 500-600k routes in most of the core devices
<X123> no choice have to use bgp :)
<X123> got a bunch of extreme networks hardware too
<X123> very good hardware
<X123> worst CLI EVER
<X123> EVER!
<X123> i wrote scripts to configure it just because the cli is so bad
<cyclob|work> sigh, for a program that's meant to use mysql you'd think they'd let you define your own hashing algorithm
<Datz> Hi, samba server for some reason, is resetting users password after some length of time. I have to reset it every day. Anyone have any ideas about why, or how to fix this?
<lordievader> Good morning.
<cocoa117> with ubuntu preseed, is there any documentation for partman, partman-lvm, partman-auto, partman-* etc so I know all the avaliable variables to use?
<AdventureTime> hi everyone. is there someone available to PM me? i need help with a server. it would be great if we can do teamviewer or something
<jamespage> jacalvo, good morning
<jamespage> jacalvo, not sure whether you saw but we're sprinting on the upstart -> systemd migration for ubuntu vivid today/tomorrow
<jamespage> jacalvo, zentyal uses quite a bit of upstart only configuration; see http://pad.ubuntu.com/systemd-porting-sprint for impacted packages
<jamespage> jacalvo, is this something your team can work on?  if not we'll probably drop the packages from vivid as zentyal has not really been touched in 2 years
<jacalvo> jamespage, I don't think we can work in that in the short term, we're going to stick to the LTS (trusty) for some time...
<rbasak> jacalvo: will you want zentyal packages in the next LTS?
<jacalvo> rbasak, that decision is not made yet, I suppose the safest thing you can do now is drop them, better than leave them broken
<jacalvo> those packages are from a very old zentyal version anyway, as james says they've been unmaintained for more than 2 years (the maintained zentyal packages are in archive.zentyal.org)
<rbasak> jacalvo: OK, thanks. I understand the desire to care only really about LTSes. It's fairly common for server.
<rbasak> jacalvo: the (lack of) maintenance in inter-LTS packages causes some conflict with this I think. It's a consequence of how our releases work - we'd expect or even effectively require the package to continue to be maintained in between, even though end-users may not necessarily care on server.
<rbasak> I'm not sure what we can do about this. It's a dissonance I don't like, though.
<rbasak> jamespage: ^^ - remove I guess then?
<jacalvo> yes, the problem is that zentyal and ubuntu release cycles have never been synced
<jacalvo> usually we have the stable packages ready when the LTS is already out and stable
<jacalvo> it's difficult to have them before the freeze period
<rbasak> I wonder if click packages are the future here.
<rbasak> They're better suited to this I think, but maybe not quite ready for server use yet.
<rbasak> (I don't know if that would require snappy or not - it'd be nice if non-transactional worked with click packages too)
<jacalvo> anyway, for our users is no big deal to add an additional repository, and take into account that we also provide remastered ISOs, that's probably the most typical way to install zentyal :)
<rbasak> Understood. Maybe that's the better model right now. If so, maybe even intentionally avoid having the packages in Ubuntu, so users don't get misguided to the less recommended and less well looked after path?
<jacalvo> yes, I think it's better to remove them
<jacalvo> otherwise the only thing they are going to cause is frustration probably
<jacalvo> in fact some time ago I was already asked about this (because they were blocking some release as they were non-installable or something like that) and I said it was ok to remove them, but finally someone workardounded the issue and they remained there
<sebastianlutter> I want to rate limit access to port 80/443 per IP to avoid simple DoS attacks. I think iptables rate limit is what I want, what do you use? Can someone provide some practical values or some tutorial link? Thanks for any hint
<collizion> sebastianlutter: The answer to that is going to be determined by how much traffic you receive normally.
<collizion> sebastianlutter: As a general resource: http://unix.stackexchange.com/questions/139285/limit-max-connections-per-ip-address-and-new-connections-per-second-with-iptable
<sebastianlutter> collizion, thanks for the general link. It is just medium business homepage that provide company and products infos (about 50 unique visits a day).
<collizion> sebastianlutter: As a starting measure, you could try a bit of traffic analysis. Make a request to your web site. Surf around, etc. See how many concurrent connections are generated to a single client IP per request.
<collizion> sebastianlutter: Multiply that by a reasonable buffer factor, and limit concurrent requests per IP address to that number.
<sebastianlutter> collizion, I will, thanks
<rcaskey> hey all, I've been playing with netbooting (https://github.com/robjcaskey/dotfiles/tree/master/pxeinstall-example/ansible) but... does the installer honor the proxy setting on url?
<ApplesInArrays> I'm getting 100% of /dev/simfs in use. How would I go about resizing?
 * X123 yawns
<cbreak6> Hi when will constant updates stop?  Do the people who write all the programs know what they are doing or is it really that profoundly difficult?
<ApplesInArrays> Don't yawn: I'm getting 100% of /dev/simfs in use. How would I go about resizing?
<teward> cbreak6: define "constant updates"
<cbreak6> like 3 times a week this and that, so and so found that...
<teward> cbreak6: it's less a case of programmers *not* knowing what they're doing and instead security flaws being discovered - in the world of software and security there is always unending research into the stuff to determine vulnerabilities that need fixing
<teward> but you can't assess it as "constant updates"
<cbreak6> also why are updates released to the repos before we read about it?
<teward> because constant updates would be like a git master branch.
<cbreak6> its a pain in the ass :)
<cbreak6> no mal intent
<cbreak6> busy webserver admin here
<cbreak6> teward agree on things being discovered
<ApplesInArrays> cbreak6: How would you resize the said directory?
<ApplesInArrays> If it were an auto-updating program.
<cbreak6> do a fresh install after backup ;)
<rberg-> cbreak6: it might be worth turning on unattended upgrades for the security repo.
<cbreak6> ApplesInArrays resizing on a life site server is not recommended
<cbreak6> live
<ApplesInArrays> It's not really live right now
<ApplesInArrays> It's all dead
<ApplesInArrays> So a frest 14.04, then resize and reload.
<ApplesInArrays> I can do that
<ApplesInArrays> but how do I go about resizing?
<cbreak6> rberg- ty for that, will check it out
<ApplesInArrays> I keep searching, but I can't figure it out
<ApplesInArrays> "resize /dev/simfs"
<cbreak6> ApplesInArrays hire a expert
<cbreak6> I am not
<rberg-> and I dont know what /dev/simfs is
<cbreak6> niether do I
<ApplesInArrays> I don't know, but it's at 100% and I can't do anything because of it.
<ApplesInArrays> I guess it's just a directory
<rberg-> looks like its for openvz
<cbreak6> be nice to see more experts offer services to fix things on the net
<cbreak6> pretty hard to find
<ApplesInArrays> It should be the same as resizing any other directory, no?
<rberg-> ApplesInArrays: is the directory on the host thats providing that full?
<ApplesInArrays> Yes.
<cbreak6> ApplesInArrays your provider should have info
<rberg-> it sounds like simfs is a "proxy-filesystem" provided by the host OS to a container, so I would think you need to expand the volume on the host
<ApplesInArrays> I think I should move my MySQL then
<ApplesInArrays> Since that's what's killing it. My scraper is grabing 20MB/day text
<rberg-> nntp?
<ApplesInArrays> What's nntp?
<pmatulis> have you ever heard of usenet?
<ApplesInArrays> for me?
<bearface> nntp is used for newsgroups/usenet
<collizion> sebastianlutter: Multiply that by a reasonable buffer factor, and limit concurrent requests per IP address to that number.
<collizion> Oops. Stupid buffer.
<teward> cbreak6: if I may make a suggestion?
<teward> cbreak6: given that i too am a busy sysadmin and all :P:
<teward> cbreak6: my suggestion is to perform your updates during regular maintenance periods - schedule the maintenance to occur regularly, and do it by that schedule
<teward> monthly, twice a month, etc.
<ChrisAnubis> Iam having an issue with apache2 on Ubuntu 14.04. I have setup the server and added my user to the /var/www/html group (via the sudo adduser myuser /var/www/html command) - I chmod the html dir to 775, but I still recvd an error when attempting to upload files to the server. Switching to chmod 777 allowed the file to upload.
<ChrisAnubis> So the issue seems to be in my user being added to the group correctly. Can someone offer some guidance on how to do this correctly?
<collizion> ChrisAnubis: There is no '/var/www/html' group. You might try the 'www-data' group instead. You also have to make sure that www-data is the owner user and group on /var/www/html and its subdirectories.
<patdk-wk> as it shouldn't be by default
<collizion> ChrisAnubis: As a rule, never (ever) set anything to 777 on permissions. That's not fixing anything, that's ignoring it.
<ChrisAnubis> Thank you. I will make it the www-data group. Should I not have recvd an error when attempting to add myself to a group that does not exist?
<collizion> ChrisAnubis: You should have, yes.
<ChrisAnubis> collizion: I will check to see if it was the www-data group I added. Turned off the VM. If so, then it is most likely that the www-data group is not the current owner of /var/www/html, correct?
<collizion> ChrisAnubis: It's not by default, because it is a security concession.
<ChrisAnubis> collizion:ok. Thank you for the help.
<ChrisAnubis> collizion:Thank you. That is what the issue was.
<sarnold> will2: was it this security update? http://www.ubuntu.com/usn/usn-2455-1/
<will2> woah... I'll never fully understand irc! that's a lot of text...
<will2> sarnold - I am guessing it was, did a apt-get upgrade on the 11th, so, must be...
<sarnold> will2: heh, that's part of a netsplit -- for a while there were two, three, or even more separate IRC networks; some clients try to compress it into "netsplit" messages, and some clients just show a few hundred quits and then joins...
<wil3> I keep getting disconnected :/ sorry- hope you are not sending messages that I can't see :(
<wil3> sarnold - thanks! and read through that... I don't really get the hack, but, I am guessing that is what it is... everywhere online it states that the correct way to do what I want is to do /usr/bin/mail -s "subject" "message" -- -f <address> -F <name> ... And, this worked for 2 years ... I don't understand the hack but need to find a way to fix this...
<wil3> so...  I found using /usr/bin/mail -a from:address takes care of the -f, but, I can't find an alternative to the -F
<wil2> just got kicked off :/
#ubuntu-server 2015-01-16
<ApplesInArrays> root@Local:/var/www/html# dir shows js.js. /var/www/html# scp root@ForeignIP:/var/www/html/js.js /var/www/html yields scp: /var/www/html/js.js: No such file or directory. Any ideas on how to fix this?
<ApplesInArrays> I thought it'd be really straightforward
<sarnold> ApplesInArrays: how about "ssh root@foreignip ls -l /var/www/html/js.js"
<ApplesInArrays> the file needs to be appended like so: scp myusername@university_computer:/home/myusername/file.odt homeusername@Felix:Desktop/file.odt
<sarnold> ApplesInArrays: I don't think that's it: http://paste.ubuntu.com/9758961/
<ApplesInArrays> sarnold: you're probably right. I was looking at https://help.ubuntu.com/community/SSH/TransferFiles
<F^3> Hey hey. I know this isn't exactly an ubuntu issue, but seeing as we are all sysadmins in here maybe someone has seen this before? I am working on a rather old server that's lenny based giving segfaults (http://pastebin.com/raw.php?i=GXiuCQcj) that don't make any sense to me.
<sarnold> F^3: a few thoughts; most of them happen at the same point in the program, it'd be worth getting core dumps from the thing and the ngetting stack traces
<sarnold> F^3: it might be bad memory modules, memtest86 might help, but it seems too consistent to me
<F^3> I don't even know what app it is.
<F^3> sarnold, Maybe a full stick has gone bad?
<sarnold> F^3: oh? I assumed the 'b' was some anonymization you'd done..
<F^3> sarnold, No :(
<F^3> 'b' was taken directly from dmesg
<sarnold> F^3: you could use a tool like 'execsnoop' here to try to find it: http://www.brendangregg.com/blog/2014-07-28/execsnoop-for-linux.html
<F^3> sarnold, Since this is lenny I can't access repo
<sarnold> F^3: there's a chance the program changes it's name after execution, which might make it harder to spot..
<F^3> 's anymore to install compiling apps.
<sarnold> F^3: ohhhh. so it might be too old to use the kernel's ftrace tools?
<F^3> Possibly. It hasn't been updated in nearly 3 years and this system has been generating abuse reports lately which is why I'm looking into it. All signs point to it not being an intrusion unless they're erasing their specific entries in the logs.
<F^3> There is a squid proxy though so I assume they're using that to make the abuse happen.
<sarnold> if it had a -reasonable- process name I might think it's brute-force exploit testing
<sarnold> probing for correct offsets to use or something similar
<sarnold> but 'b' is just so strange.
<sarnold> intrusion feels plausible for me; you've got t ofigure out what is spawning that 'b' process. That'll answer a lot of questions.
<F^3> I'm probably going to just wipe/rebuild the server if it passes memory tests. Else I'll just move the ip to a new box.
<sarnold> that might be faster :) but my curiousity would eat at me..
<F^3> Since I am a programmer this b proc doesn't intrest me ;P
<F^3> The only thing that interests me is getting the proxy back up to keep my inbox from being flooded.
<gorelative> anyone here help with an LVM question?
<sarnold> F^3: aha :) then happy fixing :)
<gorelative> trying to extend an lvm partition and it cant find /dev/sda*
<gorelative> https://gist.github.com/mikedevita/4ab15b876cab1d69ea79
<gorelative> basically / is 100% utilized..
<F^3> On another note why does the default partition setup for ubuntu server only give /boot 250mb. Old kernels are not getting automatically removed so I keep filling it up.
<F^3> sarnold, I'm going with the server being rooted. Found this in /etc as 1418130075.pl http://pastebin.com/raw.php?i=wzgBPMY1 (one of about 8 different .pl files)
<sarnold> F^3: yup. there's no good reason for that to exist.
<sarnold> F^3: sorry.
<sarnold> F^3: on the plus side, that means your way forward is clear :) new install from scratch.
<F^3> sarnold, But that takes the fun out of upgrading through two eol debian versions.
<sarnold> F^3: oh man. I guess you can always try home dentistry if you really miss it..
<F^3> I'll pass. I don't trust myself using a drill in my mouth using only a mirror to see.
<gorelative> anyone else here using apt-mirror ?
<blackyboy> Now i have Ubuntu 13.04 i want to upgrade to Ubuntu 14.04.1 LTS how can i do ? Will it upgrade to Ubuntu 14.04.1 LTS if i use sudo do-release-upgrade or it will upgrade to 14.10 ?
<MACscr> can i disable gpg checks fo a single repo like i can with yum repos? i dont want to do it per check, i want to do it for all checks on that particular repo. its my private one
<sarnold> MACscr: it's probably easier to sign your own repo...
<DrManhattan> I have upgraded my samba to version 4.1.6 but Im still getting the talloc memory leak error. Is there any way I can keep samba password sync to user accounts and get rid of this memory error? no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
<DrManhattan> I have upgraded my samba to version 4.1.6 but Im still getting the talloc memory leak error. Is there any way I can keep samba password sync to user accounts and get rid of this memory error? no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
<lordieva1er> Good morning.
<bimma> Ciao!
<bimma> I've this question for you :D
<lordievader> bimma: Shoot ;)
<bimma> I would mount via fstab a windows share with  possibility to change permission, with chmod, of the subfolder... with cifs is not possible...
<bimma> windows neetwork share
<lordievader> Makes sense, your Windows share is likely NTFS. NTFS doesn't support Unix file permissions.
<bimma> yeah i know
<bimma> but there isn't a workaround?
<bimma> or another way to mount?
<bimma> :(
<lordievader> No. The solution would be not using NTFS ;)
<bimma> :D
<bimma> ok
<DrManhattan> I have upgraded my samba to version 4.1.6 but Im still getting the talloc memory leak error. Is there any way I can keep samba password sync to user accounts and get rid of this memory error? no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
<jamespage> hallyn, https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1411575 can you give your opinion on that
<jamespage> hallyn, it would nice to have that in vivid; not sure about the backport :-)
<jamespage> zul, coreycb: adding qemu and libvirt to the kilo CA for ppc64el support
<blackyboy> How can i Control a user not to Access crontabÂ Command in Ubuntu Desktop and server
<Craig4who> hello
<Craig4who> how do i enable this?
<Craig4who> http://www.ubuntu.com/usn/usn-2455-1/
<Craig4who> i cant find what the command is
<Craig4who> thanks in advance
<rbasak> Craig4who: instructions are at https://wiki.ubuntu.com/Security/Upgrades
<Codmadnesspro> So I plan on migrating servers but i'm not sure what software to use for this, I don't really want to pay $100 for a migrate, so is there anything free?
<Craig4who> hi rbasak
<Craig4who> what do i search for on that link?
<Craig4who> cant find anything useful i can follow
<Craig4who> yea i dont want to implement the fix
<Craig4who> i have already done this
<Craig4who> i want to reenable it so it works again
<Craig4who> Shell command execution can be re-enabled using the expandaddr option.
<_zxq9_> Does an LTS release receive updates between Postgres minor versions, or only patch updates? As in, 9.3 will forever be 9.3, but 9.3.X are expected updates. Or would 9.4 or 9.5 ever hit an LTS repo?
<shaurya> hell
<shaurya> hello
<shaurya> anyone there?
<shaurya> ..
<shaurya> @ubuntu
<shaurya> #ubuntu
<_zxq9_> shaurya: People are here, just probably most are doing Friday things.
<shaurya> i'm installing the badgekit api from mozilla. anyone know why im getting this error when I run a script? http://pastebin.com/p26qNmVG
<hallyn> jamespage: looks trivial enough
<hallyn> jamespage: also, we have 2.2.0 in a ppa for now,
<hallyn> i'll merge it into vivid soon, but am hoping it goes from experimental into unstable first
<jrwren> _zxq9_: postgres would get minor updates only, afaik.
<jrwren> _zxq9_: there are other ways to get postgresql packages: http://www.postgresql.org/download/linux/ubuntu/
<_zxq9_> jrwren: ty
<hallyn> jamespage: i'll go ahead and push it (well, after testing) to v
<jamespage> hallyn, awesome
<hallyn> jamespage: but i'm having fs corruption issues on my rootfs.  grr.  which doesnt' allow me to create a lv to build in.  this'll slow me down
<hallyn> breakfast first, then deal with it.  bbl
<streulma> hello my dovecot sql roundcube quota is displaying 0MB from unknown
<sudormrf> how easy is it to rebuild a software RAID array in ubuntu using the default software raid setup?
<sudormrf> asking because I am entertaining potential ideas
<ppetraki> sudormrf, https://raid.wiki.kernel.org/index.php/RAID_setup#6._Manage
<sudormrf> ppetraki, ? looked at that wiki entry before coming here.  that wiki entry doesn't talk about rebuilding an array when a disk fails
<ppetraki> sudormrf, you just do an add while in manage mode, the man page has the rest. It's all pretty straight forward. like so http://www.thomas-krenn.com/en/wiki/Mdadm_recover_degraded_Array#Re-adding_the_partition_to_the_array
<sudormrf> ppetraki, thanks.  I am going to test this out in a VM right now (build the array, simulate a failure) to see what happens.  if I like it I will probably use it on my new NAS
<ppetraki> sudormrf, faster to use loopback block devices http://www.thomas-krenn.com/en/wiki/Mdadm_recover_degraded_Array#Re-adding_the_partition_to_the_array
<ppetraki> sudormrf, woops old link http://askubuntu.com/questions/546921/how-to-create-virtual-block-devices
<sudormrf> ppetraki, so here is what I am trying to do -> main FS on SDA, sdb-e will be raided together.  do I need to run through the normal install first and then go back and setup RAID or is there a way I can accomplish this through the normal setup?
<ppetraki> sudormrf, If it were me, I would keep the install simple and script the data array creation after the OS is up
<sudormrf> yeah.  that seems like the way to go
<sudormrf> looking at doing this in cent now.  thank you for your help ppetraki
<ppetraki> sudormrf, np
<RoyK> any idea what this is about? "[504700.275921] IPv4: Oversized IP packet from 192.168.10.254
<RoyK> any idea what this is about? "[504700.275921] IPv4: Oversized IP packet from 192.168.10.254"
<RoyK> the IP address is the address of the machine
<sarnold> RoyK: look slike that error message comes from IP packet fragment re-assembly.
<sarnold> RoyK: someone trying to sneak packets through NIDS is my first guess
<RoyK> NIDS?
<sudormrf> ppetraki, are you familiar with mdadm at all?
<ppetraki> sudormrf, yeah
<sudormrf> ppetraki, ok.  so I have a couple of questions about it, would you mind answering them if you can?
<ppetraki> sudormrf, go ahead
<sudormrf> so to simulate a disk failure, I removed one of the HDDs from the VM
<sudormrf> the system would then not boot (dropped me into maintenance mode)...is this normal behavior?
<sudormrf> first time ever messing with this stuff
<RoyK> sudormrf: IIRC ubuntu still refuses to boot off a degraded raid by default (which is rubbish)
<RoyK> sudormrf: this can be changed easily https://help.ubuntu.com/community/Installation/SoftwareRAID#Boot_from_Degraded_Disk
<rberg_> yeah hang I think I know what you need to boot degraded
<RoyK> refusing to boot from degraded is rubbish
<RoyK> the whole point of a raid is to allow the system to work with a dead drive
<rberg_> in "/etc/initramfs-tools/conf.d/mdadm" set "BOOT_DEGRADED=true" and rebuilt the initrd
<sudormrf> ok so that is normal behavior if you don't change it.  that is good to know.
<ppetraki> sudormrf, RoyK +1
<sarnold> RoyK: network intrusion detectio nsystem
<rberg_> I also set "md-mod.start_dirty_degraded=1" in /etc/default/grub just in case
<RoyK> sarnold: possibly my openvas scans ;)
<sarnold> RoyK: aha :)
<sarnold> RoyK: feels likely
<RoyK> sarnold: thanks
<RoyK> sarnold: any idea how to disable that for outgoing packages?
<sudormrf> thanks, looking in to this some more
<sudormrf> will be back with more ?'s later I am sure :)
<sarnold> RoyK: it was probably -incoming- with faked source address
<RoyK> sarnold: well, it hasn't happened since I paused the scan
<RoyK> sarnold: and the scan is against some computers at work
<RoyK> just trying to open some eyes about computer security at work :P
<RoyK> this guy with a PhD has setup a lot of stuff, but doesn't seem to spend much time patching i
<RoyK> t
<sarnold> RoyK: I'm not sure how a packet could be fragmented on the sending side, but .. i'm not -that- familiar with the networking code, it's pretty finely tuned which sometimes means not easy to reason about :)
<sarnold> RoyK: ugh.
<sudormrf> ok another question...how can I verify that the stuff is actually being mirrored? :X
<rberg_> you could use hdparm to grab the same sector from each drive an diff it
<ppetraki> or dd
<RoyK> sudormrf: just run a check
<RoyK> sudormrf: echo check > /sys/block/mdX/md/sync_action
<RoyK> or perhaps
<RoyK> sudormrf: echo repair > /sys/block/mdX/md/sync_action
<RoyK> sudormrf: mdraid is used in thousands or millions of home NAS systems and in large-scale production systems
<RoyK> sudormrf: it works
<RoyK> sudormrf: https://raid.wiki.kernel.org/index.php/RAID_Administration <-- good docs here
<ppetraki> sudormrf, dd if=/dev/foo skip=$(((17408/512) )) bs=512 count=1 | hexdump -C
 * ppetraki took me a min to find that
<ppetraki> where 17408 is your block number
<ppetraki> sudormrf, so if you were really paranoid you would read say 10 blocks from each disk, create an md5sum and then check
<sarnold> or use cmp to compare them directly
<rcaskey> does the url parameter in kickstart honor the proxy setting?
<bekks> rcaskey: if you want to use a proxy in kickstart, you have to specify it.
 * ppetraki forgot about cmp, uses dd rune to debug metadata format
<rcaskey> bekks, I want to use a proxy for fetching packages only
<rcaskey> and attempted to the line I used was...
<rcaskey> url --url=foo --proxy=192.168.1.2:1234/
<X123> foo!
<rcaskey> err http://192.168.1.2:1234/ (also tried it without the trailing /, although it was present in a lot of examples)
<bekks> rcaskey: For me, that works.
<rcaskey> hrmm
<rcaskey> if it fails to access the proxy server does it try directly or just fail?
<bekks> rcaskey: Thats something you have to find out, since we cant know it :)
<sudormrf> RoyK, thanks!
<rcaskey> well i'm not seeing it go through the proxy so i'm trying to figure out if it was maybe trying and falling back and I had an issue with the proxy or if i don't have the config quite right
<sudormrf> RoyK, yeah, I believe you :).  this is my first time playing with it so I am trying to wrap my head around it so I understand it before I put it to use with my files :D
<sudormrf> basically right now I have 2 NASs + 2 servers
<sudormrf> one of the server is a file server
<sudormrf> the other is just doing stuff
<sudormrf> well the file server is doing more than file serving
<sudormrf> one of the disks on my WD EX2 failed
<RoyK> sudormrf: replace it ;)
<sudormrf> thinking about replacing that with something more beefy and pulling the EX2 + my cloud NAS out of production and putting a 4 disk RAID 1 setup in place.  these things are primarily used as backup devices.
<sudormrf> so I go from 2 plugged in devices down to 1
<sarnold> sudormrf: investigate zfs; this series of blog posts are a nice fast read and will give you a nice overview of how it works: https://pthree.org/2012/04/17/install-zfs-on-debian-gnulinux/
<sudormrf> sarnold, yeah I have.  been toying with the idea of running BSD on this thing with ZFS
<ppetraki> sudormrf, http://www.supermicro.com/products/motherboard/Xeon/C600/X9DRX_-F.cfm beefy?
<sudormrf> but ZFS will require a larger investment for the hardware
<sarnold> sudormrf: don't believe the crap about it -requiring- ECC memory..
<sarnold> sudormrf: ecc just tends to align well with the paranoia levels of the people who like to deploy zfs :)
<sudormrf> ppetraki, don't tempt me :P.  I don't have space for it
<sudormrf> sarnold, has nothing to do with that
<sudormrf> ahd everything to do with ZFS being very RAM hungry
<sarnold> sudormrf: ahhh
<ppetraki> sudormrf, get you some NVDIMMs and run your whole NAS out of ram
<sudormrf> although, it is not off the table, just something I have to consider
<sarnold> sudormrf: whatever you do, do not use de-dupe
<sudormrf> trying to build something under the price of the synology thingy
<sarnold> that'll help memory needs immensely :)
<sudormrf> use dd for what?
<sudormrf> ppetraki, lol
<rcaskey> sudormrf, what kind of workload you got?
<sudormrf> rcaskey, this is a home device that will primarily be used for backing up the main file server and acting as a file server for some other data (which will get sent to the main file server as necessary)
<sudormrf> nothing too crazy
<sudormrf> depending on your definition of crazy, I suppose
<sudormrf> although the WD EX2 is a bit slow for my tastes
<rcaskey> sudormrf, how much space you need?
<sudormrf> rcaskey, this will be an 8TB RAID1 setup when done.  4 disks, raid 1, all 4 disks being 4TB drives
<rcaskey> sudormrf, i'd think basically you can grab anything cheap and do a software raid controller without zfs and be very happy
<sudormrf> software raid controller?  software raid needs a controller?
<rcaskey> a raid needs a controller
<rcaskey> that might just be in software
<sudormrf> I was working under the pretext that software raid needs no controller as it it software
<sudormrf> ah
<sudormrf> gotcha
<sudormrf> let me show you what I was thinking for the build
<rcaskey> also i'd strongly consider at least some ssd storage + bcache
<thor77> how can i change the locale globally?
<sudormrf> http://paste.ubuntu.com/9763496/
<sudormrf> also
<sudormrf> +SSD for system drive
<thor77> i set the local yesterday with update-locale LANG=... but after a reboot, locale still show's no LANG
<sudormrf> 120gb ssd would do nicely
<RoyK> sarnold: ZFS doesn't require ECC
<sarnold> RoyK: that's what I told sudormrf :)
<ppetraki> sudormrf, Micron M500/600 are good
<sarnold> that little norco is cute :)
<sudormrf> ppetraki, I like samsung drives meself
<sudormrf> sarnold, it's a pretty good deal for the money.  hard to find many cases like that.  although I got this link from faug in another channel: http://www.mini-itx.com/store/nas
<ppetraki> sudormrf, we kinda destroy drives a living around here and have found the Micron ones to be the most resilient
<sudormrf> ppetraki, heh noted :)
<ppetraki> sudormrf, low write amp, decent garbage collection
<sudormrf> don't know the quality, but this case looks nice: Chenbro ES34069.  if it is anything like the quality of lian-li, I am not going to touch it.
<sarnold> sudormrf: I've been looking at "larger" systems myself, I'd like to build something with three 3-way mirrors and room to grow by adding another 3 or 6 drives.. and it'd be nice to have space for some SSDs for l2arc and OS
<sudormrf> sarnold, if I had the space I would soooo do that
<sudormrf> basically trying to come in with better specs for cheaper than this: http://www.newegg.com/Product/Product.aspx?Item=N82E16822108183&cm_re=synology-_-22-108-183-_-Product
<sudormrf> I think I have done so.  not sure how the i3 in my parts list compares to the atom in the synology, but typically core i > atom
<sarnold> sudormrf: it's impressive, isn't it? it's just cheap enough to tempt you to do better, but ... :)
<sudormrf> yeah it is heh.  one thing about the synology is there is an app for my phone that would allow me to access the files on my iPhone.  that is a really nice feature to have
<sudormrf> don't think there is any way I can do that with a home built system (not fond of owncloud)
<sarnold> nginx? :)
<sudormrf> I think the problem would be that there needs to be an app for the iPhone to act as the client
<sarnold> I don't blame you about owncloud, I've gotten bad vibes about them..
<sudormrf> I have used it and it just feels clunky on anything but a computer
<ppetraki> and it's written in PHP
<sarnold> yeah, bad vibe #1 :)
<sudormrf> I don't have the development ability to help the project, unfortunately.
<ppetraki> even if you did, it's in PHP :-p, that stuff just repels developers
<sudormrf> there was some other thing similar to owncloud, but it was primarily developed in china, so....pass.
<sudormrf> based on the parts list, do you think I need a beefier CPU?
<sudormrf> I could upgrade the CPU in my main file server to an i7 and pull the i5 that is in that and repurpose
<sudormrf> ;D
<sudormrf> overkill I am sure, but someone was saying that software RAID is pretty CPU intensive.
<sarnold> depends on the services you're going to run; if it's mostly backup and over-the-internet mobile-based accesses, i3 ought to do alright
<ppetraki> sudormrf, probably not... but more cores are better, especially for distributing interrupts
<sudormrf> yeah
<sudormrf> I want to figure out the over the internet mobile based access part :S
<sudormrf> I am sure there is some sort of app that would let me access samba shares somehow
<sudormrf> https://itunes.apple.com/us/app/fileexplorer-free/id510282524?mt=8
<sudormrf> derp
<sudormrf> haha
<ppetraki> sudormrf, if you could get more memory, do that, and add a cache, if read speed matters that is, but it doesn't sound like it. So just pocket the difference and buy yourself an even bigger monitor
<sudormrf> first google hit
<bekks> sudormrf: Yeah, the samba client
<thor77> how to use the locale-command to change the LANG-variable permanently?
<sarnold> I'd be reluctant to expose samba to the whole internet.
<sudormrf> ppetraki, I have no need for a monitor :D.  I don't have a desktop in my place (no space for it).  mobo only has 4 sata ports, so I might be having to find a new mobo.
<sudormrf> sarnold, I wouldn't.  I would vpn back home
<sarnold> sudormrf: good good
<ppetraki> sudormrf, well there is that super micro...
<sudormrf> as long as I can get to it, that is what matters :D.  ppetraki is that supermicro mini-itx?
<sudormrf> has to fit in that norco case
<ppetraki> oh no, there's nothing micro about what I proposed, let me check your link again
<sudormrf> I know of a board that is mini itx with 8 sata ports and dual nics...but it forces you to use an atom CPU
<sudormrf> if my tax return is as big as it is looking right now (still waiting on second w2), then this is going to be built pretty soon
<sudormrf> lol
<ppetraki> sudormrf, what you have looks fine honestly
<ppetraki> sudormrf, you got a 3x PCI slot, you could get a LSI card and do HW RAID
<sudormrf> ppetraki, don't know if that would fit in the norco case.  looking for another mobo with 6 sata ports.  just thought about it since I need 1 sata port for the system drive.
<ppetraki> sudormrf, I mean 16x, v3.0
<ppetraki> sudormrf, they have dimensions maybe not on their site, but I'm sure if you google it you'll find somebody posted it
<sudormrf> like this: http://www.newegg.com/Product/Product.aspx?Item=N82E16813128720&cm_re=mini%2bitx%2bmotherboard-_-13-128-720-_-Product but without all the garbage on it (wifi, bluetooth, etc).  that wouuld be nice.
<vonsyd0w> ppetraki, curious what language you'd prefer owncloud to use? i would assume anything but php, heh?
<sudormrf> dual nic is nice
<ppetraki> vonsyd0w, basically
<vonsyd0w> sudormrf, have you considered the intel avoton boards such as this one? http://www.newegg.com/Product/Product.aspx?Item=N82E16813132230R&cm_re=gigabyte_avoton-_-13-132-230R-_-Product
<ppetraki> vonsyd0w, "go is the future" I suppose
<vonsyd0w> thats what I'm looking at to replace my HP N54L
<vonsyd0w> ppetraki, i'm seeing a lot of projects starting to use "go"
<vonsyd0w> like this new ansible gui i saw on reddit earlier this week uses go
<ppetraki> vonsyd0w, python community isn't doing itself any favors. That whole annotation thing that just came out...
<vonsyd0w> annotation thing? i'm not familiar with that?
<vonsyd0w> link?
<sudormrf> vonsyd0w, price too much out of range
<ppetraki> vonsyd0w, it was on lwn recently
<sudormrf> but nice board :)
<vonsyd0w> sudormrf, it includes the CPU remember that
<ppetraki> vonsyd0w, http://lwn.net/Articles/627418/
<vonsyd0w> thx
<sudormrf> oooohhhh that was one of the ones I think I was looking at before
<ppetraki> I mean I use python everyday but if we were going to build something large in userspace I would probably push Go, especially vs C++ which is the other prevailing camp here
<sudormrf> but has atom
<sudormrf> :S
<sarnold> ppetraki: honestly, if python had -started- with type checking with a better non-hacky syntax from the start, I might have enjoyed using it ;)
<sarnold> ppetraki: but bolting on a bunch of stuff to the side .. sigh
<vonsyd0w> sarnold, whats your preferred language?
<ppetraki> sarnold,  right, that's the thing, and in python's defense it's been around a loooong time
<sarnold> vonsyd0w: I haven't done more than toys in Rust, but it looks very promising.
<ppetraki> Weren't there like exclamation points in the Rust syntax?
<vonsyd0w> sudormrf, there are a bunch of boards with the intel avoton chip to consider as well. give that a search and see if it fits your budget. Here is a case I was looking to get w/ an avoton board: http://www.u-nas.com/cases.html
<sudormrf> if I remove dual NIC from the picture my options are not as limited
<sudormrf> vonsyd0w, but how does that perform vs an i3?
<vonsyd0w> well aren't all i3's dual cores? The intel avoton is a quad or octa-core board. It really depends on your work load. If its a storage box, then the avoton will do just fine. Here is a cpuboss.com comparison between the two that are similarly clocked: http://cpuboss.com/cpus/Intel-Core-i3-3110M-vs-Intel-Atom-C2750
<sarnold> ppetraki: yeah, to differentiate macros from non-macros. I LIKE IT BETTER THAN C AND C++'s WAY OF INDICATING MACROS :)
<gorelative> anyone here familiar with debmirror
<ppetraki> sarnold, heh
<cmircea> Hello
<nickander> hi!
<cmircea> I've just upgraded the packages on a 14.04 server and it hangs with this warning "W: mdadm: /etc/mdadm/mdadm.conf defines no arrays"
<nickander> are you using a software raid?
<cmircea> I have a RAID 10 array configured as /dev/md127 that still works but I'm afraid of issuing a reboot as I might lose it.
<cmircea> Should it be present in mdadm.conf?
<nickander> it looks like something to be concerned about though i'm not familiar with its functionality
<cmircea> mdadm --detail --scan shows the array
<cmircea> should I add it to mdadm.conf?
<nickander> seems like a good idea
<ppetraki> cmircea, theres a copy of it in your ramdisk
<ppetraki> cmircea, mkdir /tmp/foo; cd /tmp/foo; zcat /boot/initrd-BLAH | cpio -id; cat etc/mdadm/mdadm.conf
<cmircea> ppetraki, uh, what ramdisk?
<ppetraki> cmircea, initial ramdisk, Linux needs an early copy of it to assemble your array at boot to form things like booting to an MD
<cmircea> ppetraki, I see. I have several initrd images, one ending in .new which I assume is the one being installed.
<cmircea> Should I zcat the latest non-new?
<ppetraki> cmircea, yup!
<ppetraki> any of the old ones should do, its not something that changes often
<cmircea> ppetraki, looks like the array wasn't mentioned in mdadm.conf
<cmircea> ppetraki, root is not on the array
<ppetraki> cmircea, well, here's what a working config looks like, http://pastebin.ubuntu.com/9763976/
<ppetraki> cmircea, just get your UUIDs from mdadm and you're good.
<cmircea> ppetraki, thanks, I've added mine to mdadm.conf
<ppetraki> cmircea, \o/
 * ppetraki it's so friday
<cmircea> What should I do about the hanged SSH connection from which I ran aptitude upgrade?
<sudormrf> do any of you guys have any experience with time machine on ubuntu server?  setting it up and what not
<cmircea> ppetraki, last thing is said was that mdadm defines no arrays.
<sudormrf> wondering if this is still valid: https://www.64bit.co.uk/ubuntu-as-a-osx-time-machine/
<ppetraki> cmircea, kill it, run it again but this time from within a tmux session but not before you copy your new shiny config file in place
<ppetraki> cmircea, shift  ~ .
<nickander> cmircea: start running long-running commands in screen :P
<nickander> or tmux ^
<ppetraki> sudormrf, don't know much about macs anymore but everything in that article looks reasonable. The mac itself is the biggest variable
<sudormrf> yeah.  I have an OSX vm here I can test with
<thor77> whats the prefered way to set the LANG-variable globally on ubuntu server 10.04?
<sudormrf> ppetraki, for the mdadm setup, would you say the steps listed here: https://www.grumpyland.com/blog/183/installing-software-raid-on-centos-567-via-ssh/ will work in ubuntu server (changing the obvious things like yum)?
<Patrickdk> thor77, to wait 3 more months, when it goes unsupported, so you don't have to?
<thor77> Patrickdk: no good solution
<Patrickdk> just saying, support ends in 3 months, you should be moving off it as quick as possible
<thor77> uh. wtf
<thor77> i meeant 14.04
<thor77> sry
<Patrickdk> :)
<cmircea> ppetraki, SSH connection refused :<
<thor77> my hoster doesnt even provide a 10.04 image^^
<thor77> i tried to set it with update-locale, but after a reboot it was gone
<Patrickdk> thor77, edit /etc/default/locale
<Patrickdk> update-locate updates the *available* locate, it doesn't make one a default
<thor77> http://paste.ubuntu.com/9764044/
<thor77> ^ my /etc/default/locale
<Patrickdk> hmm, maybe it does
<thor77> but after a reboot "locale" -> http://paste.ubuntu.com/9764047/
<thor77> everything's gone
<thor77> i think should set it for every user, right?
<Patrickdk> no
<thor77> uh.
<Patrickdk> that only sets the DEFAULT for system services
<thor77> how can i set it for every user?
<Patrickdk> in /etc/profile.d ?
<thor77> what should i insert there?
<Patrickdk> I would imagine it would inherit it though
<thor77> looks like the users doesnt take the LANG-var from /etc/default/locale
<Patrickdk> it should actually
<thor77> but it doesnt
<Patrickdk> what does, locale -a, show?
<thor77> http://paste.ubuntu.com/9764072/
<thor77> its rly weird
<thor77> there's de_DE.utf8 but locale-gen said de_DE.UTF-8
<thor77> dont know whats the right name
<Patrickdk> looks right
<thor77> ?
<thor77> should i set the default to de_DE.utf8 ?
<Patrickdk> no
<thor77> what should i do then?
<Patrickdk> I am not sure
<Patrickdk> cause everything you did is right, not sure why it didn't work
<Patrickdk> and it should never be empty
<Patrickdk> but it is
<thor77> yes
<thor77> im very confused
<ppetraki> sudormrf, looks right, doesn't talk about updating the initrd though, which should copy the config there too
<ppetraki> sudormrf, which I guess would be dracut
<ppetraki> sudormrf, ... and that's the end of my day, have  a good weekend!
<sudormrf> thanks! laters!
<sudormrf> going to try this tut: https://www.howtoforge.com/how-to-set-up-software-raid1-on-a-running-system-incl-grub2-configuration-ubuntu-10.04
<sudormrf> omitting the whole swap area thing as the drives to be used are not boot drivse
<sudormrf> on this tut: http://feeding.cloud.geek.nz/posts/setting-up-raid-on-existing/
<sudormrf> what is this talking about? Specify these devices explicitly in /etc/mdadm/mdadm.conf:
<sudormrf> DEVICE /dev/sda* /dev/sdb*
<sudormrf> I tried that (using the appropriate devices) then did the check and it said something about unknown something or other
<sudormrf> http://paste.ubuntu.com/9764297/
<sudormrf> looks like it is working to me
<sudormrf> so I don't need that device line?
#ubuntu-server 2015-01-17
<logan2> I am having issues with a pretty straight forward 2 link lacp setup to a juniper stack. debugging/counters on the juniper show no lacp hello packets are being received from the server. I have several other servers on the stack running ubuntu with lacp links and they work fine, but are slightly different network hardware (e1000e driver on working systems, igb nic on non working server). /proc/net/bonding/bond0 shows lacp is active, fast hellos, slaves ad
<sarnold> logan2: irc has line-length limits; you were cut off at "fast hellos, slaves ad"
<logan2> fast hellos, slaves added, etc... same with /sys/class/net/bond0/bonding settings.. everything looks right but no hellos. any ideas?
<rahuldroy> hey guys, can someone help me find and remove a malicious script that generates random processes such as 'fmdxbvuui'
<rahuldroy> killing it and removing it from starup just creates another script on startup
<Ben64> format and reinstall
<rahuldroy> this is a prod server :(
<rahuldroy> on AWS
<Ben64> yeah, which is why you should format and reinstall
<rahuldroy> yeah i'll quickly do that now
<DrManhattan> I'm getting a strange series of errors when I run du with the max-depth option. it doesn't interfere with the command but I am a bit worried about why it would do this http://paste.ubuntu.com/9765950/
<lordievader> Good morning.
<k2gremlin> Hello all. I have an iptables.txt file in my user home directory. When I restart my server, the iptables cleans out and I have to restore from this file evertime. Is there a way to make them stay?
<lordievader> k2gremlin: No, iptables was designed that way. You can add an iptables-restore to your rc.local though.
<k2gremlin> so add iptables-restore < /home/user/iptables.txt before or after the exit 0?
<k2gremlin> lordievader, ??
<lordievader> k2gremlin: Before, read the note in the header of rc.local.
<k2gremlin> lordievader, Thanks, worked like a charm
<k2gremlin> Looking for help in relation to Diladele WS and transparent Squid3. Explained here. http://paste.linuxassist.net/view/b91a062a
<hydrajump> what is the correct way to modify pam.d/common-auth? Is it to modify that file directly or to create a new file in /usr/share/pam-config/mything?
#ubuntu-server 2015-01-18
<jnollette> hey i'm running a nat / firewwall with pf, and wondering about how to enable upnp
<cryptodan> jnollette: dont do it
<jnollette> is it a specifc port i need too allow, i think i am allowing all outbound traffic
<jnollette> im hoping to use bittorrent sync.... is there another way
<jnollette> proxy server?
<jnollette> (that doesn't make any sense)
<cryptodan> jnollette: follow the guidance for the application if it requires uPNP to be enabled dont use it
<avid_fan> I can't seem to get NFS working on 14.04. I had a similar setup with 12.04, and all the HowTos are pretty straightforward. Mounting the NFS export does not produce and error, but accessing the file system returns "cannot access Stale file handle".
<cryptodan> avid_fan: how are you trying to mount?
<avid_fan> cryptodan, command-line/terminal
<cryptodan> can you provide the line
<avid_fan> cryptodan, I've tried several different options, but the latest is 'mount 192.168.123.10:/mnt/export'
<avid_fan> cryptodan, that command takes longer than it used to on 12.04, but it produces no error. It's only when I try to access the mounted filespace that I get "Stale file handle".
<cryptodan> you need to file system time
<cryptodan> type*
<avid_fan> I've tried to add '-t nfs' but it doesn't help.
<cryptodan> so mount -t nfs 192.168.123.10:/mnt/export
<cryptodan> what howtos have you followed
<avid_fan> cryptodan, lol, several. I've run through installing the nfs-kernel-server package, editing the /etc/exports file, and starting/restarting the nfs-kernel-server service.
<cryptodan> have you installed the nfs-common package for the client?
<avid_fan> cryptodan, 'showmount --exports' on the server as well as the client show the exports configured.
<cryptodan> avid_fan: can you share the exports file to dpaste.com
<avid_fan> cryptodan, sure.
<avid_fan> cryptodan, http://dpaste.com/3S5DGR6
<avid_fan> cryptodan, it's surprisingly simple. :-)
<cryptodan> I think you are missing something
<cryptodan> /mnt/lacie/multimedia   *(rw,insecure,async,all_squash,no_subtree_check) should be /mnt/lacie/multimedia   192.168.0.0/16(rw,insecure,async,all_squash,no_subtree_check)
<avid_fan> cryptodan, I've tried 192.168.123.0/24 with no success, but I'll try that subnet prefix.
<cryptodan> here is my exports line /home/cryptodan/public_html 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,sync)
<cryptodan> also I followed this one https://help.ubuntu.com/community/SettingUpNFSHowTo
<avid_fan> cryptodan, yeah, that's one of the HowTos I read. I've done this more than once in the past. But I guess, from what I've read, that was all NFSv3 no v4.
<avid_fan> not v4.
<finchard> Hi
<finchard> Has anyone used Observium before?
<finchard> It's for monitoring servers etc.
<RiCHNET> Anyone here?
<pmatulis> yep
<Ether_Man> Hi I could really do with some help on this. I recently upgraded my server to 14.04, and unfortunately, that broke both webaccess and webapp of zarafa which now has no installation candidate, and trying to install those packages manually, gives that they depend on php5-mapi. Which relies on phpapi-20090626 which I cant seem to find anywhere. Is there an alternative for 14.04 for php5-mapi or phpapi-20090626 so that I can install the
<Ether_Man>  one from the tarball on the site?
<cryptodan> http://i.imgur.com/6LSwBHa.png see my mouse cursor
<Ether_Man> cryptodan, I've seen it yes... It cannot be installed due to phpapi-20090626 is a missing dependancy...
<Ether_Man> Which I've told you now no less than 4 times.
<cryptodan> I do not get that dep error so more than likely you downloaded the wrong one.
<cryptodan> that is for 14.04
<cryptodan> as you can see
<Ether_Man> Then you somehow have gotten that dep. Somewhere. I have yet to find a source that has that.
<cryptodan> Ether_Man: I cant install it on my 386 based server
<hydrajump> how can I redirect the consolue output of a program started as a regular user to /var/log/mylogfile?
<hydrajump> I've tried `/usr/local/bin/myapp | sudo tee /var/log/mylogfile.log` but it doesn't create the log file
<cryptodan> Ether_Man: run the install.sh script
<Ether_Man> cryptodan, 1. The script only supports 10.04 and 12.04, not 14.04. 2. The script relies on the packages already being installed. It's just for configuring them.
<cryptodan> I hit continue
<cryptodan> it will install the packages
<Ether_Man> Sigh... It installs them, the same way that can be done manually... Which fails because of unmet dependancy... Please... If you dont know the answer, dont just make random suggestions
<cryptodan> it worked for me
<cryptodan> and Zarafa started successfully
<Ether_Man> Yes, because as you mentioned before... YOU HAVE THE DEP...
<cryptodan> No I did not
<Ether_Man> Zarafa itself starts just fine... Webaccess and webapp does not...
<cryptodan> I have never installed anything php5 related on my desktop
<Ether_Man> That does not change that you still have the deps from somewhere.
<cryptodan> I downloaded them from the site
<cryptodan> all of them
<Ether_Man> No you didnt, because the site does not provide the dep
<cryptodan> they came in a tarball from the download
<cryptodan> Yes it does
<cryptodan> I showed you a screenshot
<cryptodan> thats all in the tarball
<Ether_Man> Arg... English... Do you speak it?
<Ether_Man> "<Ether_Man> cryptodan, I've seen it yes... It cannot be installed due to phpapi-20090626 is a missing dependancy... "
<cryptodan> You are just ignorant
<cryptodan> I am done trying to help you when I havep rovided it
<cryptodan> You justdont freaking understand
<Ether_Man> phpapi-20090626 is not provided by any of the packages in that tarball... Sorry but it just isnt... You have that from somewhere else...
<cryptodan> Nope
<cryptodan> it is provided
<cryptodan> you are just to bloody ignorant to understand that I got the tarball from the site
<Ether_Man> In which package? The one you pointed at in your screenshot DEPENDS ON IT...
<cryptodan> did you happen to look at the entire picture
<cryptodan> or are you blind as well
<Ether_Man> Yes, I did
<cryptodan> did you not see the file path in the picture because if you did you would have realized the package name
<cryptodan> but I guess you are both blind and ignorant
<cryptodan> so have a good one, and contact the site for help
<Ether_Man> I have that package... IT'S NOT THERE...
<cryptodan> then you got the wrong one
<cryptodan> go back and read
<vonsyd0w> some folks...
<richard4> Is anyone there?
<``PeeR> hi everybody... i have some issue with the 'whois' command on my server...
<``PeeR> google's not really my friend for this one
<``PeeR> anybody for helping me plz? :)
<cryptodan> whats the issue
<richard4> What are your favourite things to host on Ubuntu server?
<``PeeR> cryptodan, the 'whois' command seems to timeout...
<``PeeR> I can't do it anymore
<``PeeR> !ping
<ubottu> pong!
<cryptodan> any error messages ?
<``PeeR> yup, hold on, i'll copy past
<``PeeR> 30-60 seconds
<``PeeR> getaddrinfo(whois.crsnic.net): Temporary failure in name resolution
<cryptodan> that means your DNS servers are not working
<``PeeR> even if apache is ok and websites are opening and teamspeak works fine ?
<cryptodan> yes
<``PeeR> i'm a bit beginner with the DNS server cause a friend installed it... I can manage apache start or restart and enable new sites but if the dns server is not working, I don,t know what to do :S
<``PeeR> do I just have to start it or something like that ?
<cryptodan> ``PeeR: that site is timing out for me too
<``PeeR> lol
<``PeeR> doh
<``PeeR> wait, what site ?
<cryptodan> whois.crsnic.net
<``PeeR> that's not what I whoised ...
<cryptodan> who did you whois?
<cryptodan> can you provide that
<``PeeR> i'll provide the copy past for whois google.com
<``PeeR> [23:31:45] [psimard@xblade ~]$ whois google.com
<``PeeR> getaddrinfo(whois.crsnic.net): Temporary failure in name resolution
<``PeeR> same result
<cryptodan> seems like its the whois thats installed
<``PeeR> yeah I think the queries goes to crsnic.net or something like that
<cryptodan> what version ubuntu?
<``PeeR> 12.04.3
<``PeeR> i think I had to install whois
<``PeeR> but it was working before the last crash
<``PeeR> do I have to start a dns server ?
<``PeeR> sorry for beeing noob
<cryptodan> no
<cryptodan> I would just remove whois and then reinstall it
<``PeeR> k I'll try it
<``PeeR> lol ok I have a serious problem
<cryptodan> what is it?
<``PeeR> Failed to fetch http://ca.archive.ubuntu.com/ubuntu/pool/main/w/whois/whois_5.0.15ubuntu2_i386.deb Temporary failure resolving 'ca.archive.ubuntu.com'
<``PeeR> can't reach internet
<``PeeR> even if internet can reach me
<cryptodan> ``PeeR: you got that right
<cryptodan> so time to either call your ISP or power cycle your modem
<``PeeR> yep hum.. about that...
<``PeeR> my ubuntu server run on a pppoe connexion
<``PeeR> how could I tell you... i'm on a LAN ... the server is on a modem/router which connected via pppoe...
<``PeeR> but on the ubuntu server, there is a ppp0
<``PeeR> with another pppoe user
<``PeeR> my linux machine does not have the same internet IP than all the other PC in my house
<cryptodan> call your ISP
<``PeeR> hehe, they won't do anything about that. but thx for trying. ;)
<``PeeR> have a nice day
<davidd> Hi, I can login via tty1, but I can not login via tty7, it just blink and asks again for my password. Do you know what should I do?
<cryptodan> Only tty1 - tty6 are active
<davidd> cryptodan: No, I have fixed my grub. before I could log in via tty7
<davidd> cryptodan:Do you know what should I do to fix it?
<cryptodan> tty7 for me doesnt work
<davidd> cryptodan:sorry, it is full ubuntu distro
<cryptodan> same here
<davidd> cryptodan: Do you know how to fix it?
<cryptodan> Nope as only tty1 to tty6 via ctrl+alt+f1-6 are available
<davidd> cryptodan: I mean it is not ubuntu server.
<davidd> Any one else can help?
<cryptodan> then go to #ubuntu
<davidd> cryptodan: No one knew there
<davidd> I thought may be people are more knowledgeable here.
<davidd> and are willing to help
<davidd> I am searching google for about 4 hours. But I could not find a solution
<cryptodan> this is for server issues
<davidd> cryptodan: So you do not know?
<soren> davidd: Can you log in on tty1-tty6?
<davidd> soren: yes
<soren> davidd: Then I recommend #ubuntu. No idea why lightdm would authenticate differently than login.
<cryptodan> also tty8 is for the GUI
<davidd> soren: Thanks. I have asked them, but no answer. :(
<lordievader> Good morning.
<Grey_Loki_> Hi. I'm using U-S with byobu and weechat. After performing an update, byobu seems to have taken the alt+arrow left/right shortcut as its own, and uses it to switch between byobu windows. I was originally using it to change buffers in Weechat, and so would like to disable that particular functionality in byobu.
<Grey_Loki_> I've tried commenting out what I think are the correct two lines in /usr/share/byobu/keybindings/common, but still the behaviour persists.
<Annoyed> Greetings..  Running Ubuntu server for a home file/dns/etc. server for the home network. What woould be a good choice for mail software so that system utilities can mail stuff to the root account?
<Annoyed> I do NOT need to provide real mail services of any sort.
<SchrodingersScat> !info ssmtp | Annoyed
<ubottu> Annoyed: ssmtp (source: ssmtp): extremely simple MTA to get mail off the system to a mail hub. In component universe, is extra. Version 2.64-8 (utopic), package size 43 kB, installed size 8 kB
<Annoyed> I don't even want it to talk to the outside. All I want is mail within the system itself; so that various processes can mail their logs, reports and whatever to the system root account.
<Patrickdk> replace sendmail program with a cat >> /var/mail/root
<Patrickdk> and call it done? :)
<Annoyed> A
<Annoyed> Hmmmm.. That's simple enough.
<Annoyed> just create a shell script file and call it sendmail and have it contain "cat >> /var/mail/root" ?
<Annoyed> My concern is I don't want to accidentlly send mail out to the real world with any of the real mail daemons
<Annoyed> Thanks, I'll give that a shot
<Annoyed> Greetings...  Installing postfix on a VM to get a feel for it... during install, there's segment where you can select the server use .. If I choose "local only", will this prevent it from ever sending mail to the real world?
<Patrickdk> unless you reconfigure it, sure
<Annoyed> So,I don't have to worry about it inadvertantly sending mail to the real world ? I do NOT want to send mail, I just want internal to work
<Annoyed> test send to a real address on the VM failed, err. 5.0.0, but I'm still leery of installing it on a "live" machine connected to the 'net
<grendal_prime> i got a werid issue where a machine installs then will not boot Error1962
<grendal_prime> tried two hd's now and the same thing on both.
<bekks> So you get that error even before grub I guess?
<frawg> Has anyone tried deploying using openstack-install on 14.04.1 LTS following the guide (http://www.ubuntu.com/download/cloud/install-ubuntu-openstack) and found that landscape fails to deploy (can't connect to postgresql/0) ?
<frawg> This is backed by 10 nodes on MAAS
<grendal_prime> this is making me crazy, i install and all i get is a 1962 error.  No operating system found
<grendal_prime> I have the right drive selected in the boot order.
<bekks> grendal_prime: So you get that error even before grub I guess?
<grendal_prime> ya, im looking at bootup fix app now\
<bekks> So it cant be an Ubuntu issuethen.
<grendal_prime> ya its something to do with the lenovo machine i think.
<grendal_prime> uefi thing but there is no place to turn that off or nothing that indicates its even turned on.
<bekks> And it isnt the problem you are having :)
<grendal_prime> ?
<grendal_prime> oh its a problem im pretty sure.
<grendal_prime> im experienceing discomfort at this very moment.
<bekks> No. Ubuntu hales UEFI just fine.
<bekks> *handles
<grendal_prime> ive tried 3 different drives on this thing..everything works fine uptell the reboot.
<bekks> So do you get to the grub or not? :)
#ubuntu-server 2016-01-18
<ash_m> so I got an email from someone regarding transfering a website off our server and they asked how much webspace it takes up as well as how much storage... can someone clarify the difference for me?
<ash_m> (maybe not the channel to discuss it; but I'm open to suggestions)
<Sling> for some reason my new ubuntu 14.04 box is ignoring my ipv6 configuration in /etc/network/interfaces and setting a temp address and another one.. relevant info: http://paste2.org/a8O13n2G
<Sling> ipv6 on the autoconfigured addresses works fine, i can ping6 my gateway etc.. but how do I make it set my configured IP instead of the automatically configured one
<Sling> had no trouble with this configuration at another provider
<ash_m> maybe the question would be confusing to anyone.
<Sling> ash_m: 'webspace' is kind of a vague concept
<Sling> ask them what they mean :)
<ash_m> Sling: good; I'm glad I'm not the only one confused by the questions
<lordievader> Good morning.
<Repox> Hello. I have an Ubuntu 14.04 virtualized by vmware. The disk size of that Ubuntu virtual machine has changed, but I can't see the new disk space. Do I need to reboot the virtual server to see the new disk space?
<hateball> Repox: you can rescan the devices online
<hateball> you'll still need to grow the partition(s) obviously
<Repox> hateball, how would I rescan them?
<hateball> Repox: are you using LVM or just raw partitions?
<hateball> Repox: anyhow, here's a nice info http://blog.stastnarodina.com/honza-en/spot/howto-add-disk-to-vmware-ubuntu-guest-without-reboot-using-lvm/
<Repox> hateball, that's a really good question. I'll have to find out.
<hateball> Or you can reboot. If that's an option
<hateball> At any rate, if you use LVM you need to grow the groups and then the filesystems etc. But that guide is pretty good ^
<Repox> hateball, thank you - i'll read up on it. Thank you for your time :-)
<jamespage> cpaelzer, hey - around? getting some odd link test issues with dpdk2.2
<jamespage> cpaelzer, https://launchpadlibrarian.net/234509623/buildlog_ubuntu-xenial-amd64.openvswitch-dpdk_2.5.0~git20160118.eedd0ef-0ubuntu1~ubuntu16.04.1~ppa201601181440_BUILDING.txt.gz
<cpaelzer> jamespage: here
<jamespage> I think I need some extra -l's but not quite sure which
<jamespage> cpaelzer, I'm missing xs_ and pcap_ symbols
<cpaelzer> jamespage: yeah I thnk I know
<cpaelzer> jamespage: give me a second I pull out mine
<cpaelzer> jamespage: those were features I added in the DPDK 2.2 on bug requests
<cpaelzer> jamespage: I added them to the dpdk build itself
<cpaelzer> jamespage: since you are building statically it might be missing for you again now
<cpaelzer> jamespage: back with some -l in a few seconds
<jamespage> ta
<cpaelzer> jamespage: -lpcap -lxenstore should do it
<cpaelzer> jamespage: in terms of build dependencies for your debian/control that should be ...
<cpaelzer> jamespage: libpcap-dev, libxen-dev, libxenstore3.0 to your Build-Depends
<jamespage> cpaelzer, ta - re-tring with that now
<jamespage> cpaelzer, libxenstore3.0 is surpluse as libxen-dev -> libxenstore3.0
<cpaelzer> jamespage: they split the xen-dev libs afaik
<cpaelzer> jamespage: I needed both
<cpaelzer> jamespage: although maybe one depends on the other
<jamespage> cpaelzer, OK built in ppa:james-page/xenial
<cpaelzer> jamespage: it really worked, great - thank you
<cpaelzer> jamespage: I let you know once I was able to test it
<jamespage> cpaelzer, OK
<RFleming> Greetings!
<RFleming> Question.  What makes more sense for multi-server backups?
<RFleming> A) Tar/GZip each server volume and store individual archives
<RFleming> or B) use RSync to a ZFS zpool with compression and deduplication enabled?
<RFleming> either way, I'll need to reiterate through the FS ... I just don't know which would be best.  B) offers easy access to files, while A) offers better file portability
<mfaroukg> why network interfaces naming is weird ?
<mfaroukg> what is going on in the ubuntu 15.10 too many changes and keeps killing my apps
<lordievader> mfaroukg: Are you referring to the new udev naming? That is actually quite logical.
<lordievader> mfaroukg: http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
<mfaroukg> lordievader, this is really annoying . why now and in the middle of my business
<mfaroukg> let me check that
<lordievader> Did you upgrade to 15.10 today or something?
<lordievader> Also see the section about disabeling it ;)
<Tangurin> Hi! I have little bit of a problem with my Apache on my mac right now! When I create a folder and my php application tries to write to files in the folder, I got permission denied. Is that because apache use: _www:_www? I tried to put my username in httpd.conf but it got even worse and my application can't even create a session, do you know what I may do to fix it? :)
<phillw> the default for ubuntu is user and group www-data.
#ubuntu-server 2016-01-19
<TurBoss> hi
<OneM_Industries> Hi!
<TurBoss> I have to setup 2 instances of build-slave one for each build-master 2 in this case :)
<TurBoss> but the init script fails to start
<TurBoss> http://dpaste.com/0TY92CN
<TurBoss> here is the log
<OneM_Industries> Sorry, I am new to ubuntu-server. If I could help I would.
<TurBoss> :) thank you
<lordievader> Good morning.
<Seveas> o/
<kjackal> o/
<gabor_meszaros> hi all, I'm trying to deploy a single node openstack using cloud-install, with --use-nclxd flag but having troubles. Could you help me out a bit?
<gabor_meszaros> logs are pastebinned here: https://pastebin.canonical.com/147920/
<rbasak> zul may be able to help you, but he won't start his day for a while. ^^
<gabor_meszaros> rbasak: ty, I'll still be around for a while
<jamespage> rbasak, hmm
<jamespage> Build system has been completely reworked and now uses erlang.mk. 3rd party plugins must be adapted to the new build system.
<jamespage> rabbitmq 3.6.0 release...
<jamespage> I've done latest 3.5.7 release OK
<jamespage> but that might be to big a bite for me before FF
<rbasak> jamespage: for a rabbitmq merge?
<rbasak> I didn't realise you were working on that. Thanks!
<jamespage> rbasak, no merge - I maintain in debian ;-)
<rbasak> Ah
<pmatulis> tarpman: thanks for driving bug 1532648
<ubottu> bug 1532648 in openldap (Ubuntu) "Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/1532648
<tarpman> pmatulis: :)
<extrememist> 01001001011001100010000001111001011011110111010100100000011011010110000101101110011000010110011101100101011001000010000001110100011011110010000001100100011001010110001101101111011001000110010100100000011101000110100001101001011100110010110000100000011101000110100001100101011011100010000001111001011011110111010100100000011100110110100101110010001000000111001101101000011000010110110001101100001000000111010001100101011011000110110000100000011011
<extrememist> 010110010100100000011010010110111000100000011000110110100001100001011101000010000001100001011011100110010000100000011010010010011101101100011011000010000001110100011010010111000000100000011110010110111101110101001000000011000100110000001100000101010001011000001000000011101001000100
<extrememist> Whoops
<extrememist> tottally didn't do that on purpose
<extrememist> SORRY
 * OerHeks reads octal
<an3k> There are 10 kind of people ...
<jelly> extrememist: I've seldom seen 7-bit ascii expressed in a 14 times expanded encoding like that
<jelly> wait no.  9.14 times, not 14, sorry
<rbasak> nacc: did you want your logwatch merge uploaded, or did you want to check with Debian/upstream first?
<nacc> rbasak: i think you can go ahead and upload it
<nacc> rbasak: sorry, thought I said that last week
<rbasak> nacc: no worries, maybe I missed that. I'll go ahead and upload. Thanks!
<nacc> rbasak: thank you!
<nacc> rbasak: ping?
<nacc> maybe someone else knows too ... so I thought rbasak mentioned to me that if a package is in a PPA, it will be used for building future packages in the same PPA? However, it doesn't seem to be working with the automated builds? https://launchpad.net/~php-ubuntu/+archive/ubuntu/php7.0/+packages specifically. phpab needs to be rebuilt so it doesn't depend on php5, which means using the new pkg-php-tools
<nacc> (from the same PPA)
<ikonia> you need to change the depend on the package
<ikonia> it won't magically not depend on it any more unless you tell it not to
<nacc> ikonia: it's a confusing log, though, it says it can't find pkg-php-tools ... which is available from the regular repos (which will fail as it's a php5 version). I can make it depend on the pkg-php-tools from my repo, but looking at the log, it doesn't even mention the PPA url?
<ikonia> so you're not using your own machine you're using the autobuild system on laundhpad.net
<nacc> ikonia: yeah, on my own machine, i can add the ppa to an schroot and sbuild it fine
<nacc> ikonia: but i'm trying to publish this package on the ppa ... so that others can use the updated version
<ikonia> nacc: that makes sense as it won't have the index file to know the packages are there
<ikonia> my undestanding (i've not used the autobuild system for a while though) that the autobuild system would auto find packages in it's own PPA - if you're doing it on your own box though, you have to define the repo
<nacc> ikonia: yeah, I was told something similar about the autobuild system, which is why i'm confused :) it's like the autobuild in the PPA isn't using the PPA. Even looking at the other logs in the PPA build that succeeded, it seems like no extra repositories are present ... i'll try and dig into the autobuild logs a bit more
<ikonia> get some of the logs somewhere others can see, be interesting to see
<nacc> can you see https://launchpadlibrarian.net/234639697/buildlog_ubuntu-xenial-amd64.phpab_1.21.0-1~ppaubuntu1_BUILDING.txt.gz ?
<nacc> ikonia: ok, i see the ppa in override-sources-list
<nacc> and i guess that's what is showing up as ppa.launchpad.net in the logs
<nacc> nm then! now to figure out why it's not pulling in pkg-php-tools
<ikonia> this sounds silly, but can it not use it's own PPA as the gpg sigs are missing
<ikonia> thats the first thing that stood out from those logs
<ikonia> it can't verify the sigs
<nacc> ikonia: hrm, that's a good point ... not sure how i'd go about resolving that
<ikonia> I can't remember the menus
<ikonia> but there is one where you specify the key name and I think it has to be in the PPA too
<ikonia> or uploaded direct into your launchpad session
<ikonia> I can't remember to be honest
<nacc> np, i appreciate the insight
<rbasak> nacc: looks like you tried to build phpab within just four minutes of pkg-php-tools building?
<rbasak> You might need to give it a bit longer. There is a delay before a built package gets published in a PPA.
<rbasak> nacc: you can retry from https://launchpad.net/~php-ubuntu/+archive/ubuntu/php7.0/+build/8872076 (the build progress/failure page)
<nacc> rbasak: ah let me see if that's all it is
<nacc> rbasak: hrm, locally, sbuild also fails with the PPA enabled ... so let me debug it a bit further
<rbasak> nacc: if you can reproduce locally, try an explicit "apt-get install package=version" in that environment of what you expect. Then apt-get will give you more details of why it refuses to fulfil it.
<rbasak> nacc: eg. "schroot -u root -c xenial-amd64" locally to enter your chroot, and then run apt-get in there.
<nacc> rbasak: yeah, so i just tried it from within my chroot, and while the sbuild failed, apt-get install pkg-php-tools did succeed and pulled in the ppa version
<magicalChicken> rbasak: Hey, about dovecot, it looks like we're already caught up with debian there. There is a new version upstream but the debian maintainers haven't packaged it yet, so I don't think there's a merge to be done
<magicalChicken> rbasak: Should I try to wait until debian pulls in the new version or move on to another merge?
<rbasak> magicalChicken: ah, looks like doko beat us to it at some point
<magicalChicken> Were there any other merges you wanted done soon? I could try to get one done this week
<rbasak> Looking
<rbasak> magicalChicken: grab something from http://reqorts.qa.ubuntu.com/reports/ubuntu-server/merges.html please. Some items in there are in progress or extremely awkward. Others are minor
<magicalChicken> Okay sure, thanks
#ubuntu-server 2016-01-20
<ponyofdeath> can someone help me figure out why apt-get --print-uris is not printing the uris
<genii> ponyofdeath: Are you using it like: apt-get update --print-uris    or some other way?
<ponyofdeath> https://bpaste.net/show/00320d77491e
<ponyofdeath> genii:
<sarnold> my manpage suggests --print-uris is supposed to work with apt-get update and apt-get source
<ponyofdeath> yup
<ponyofdeath> whats funny is that it works fine on another of my servers
<sarnold> ah.. that was "also works"..
<ponyofdeath> i wonder if vagrant is somehow supressing the output or something
<genii> Does not work here with install option in any arrangement, like apt-get --print-uris install blah   , apt-get install blah --print-uris , apt-get install --print-uris blah
<genii> ( 15.04 )
<ponyofdeath> 12.04 server i have it works
<ponyofdeath> this 12.04 vagrant box no worky
<ponyofdeath> works on 14.04 too
<genii> ponyofdeath: Actually, I just found that if the package is already installed, it will not get to the point of processing the --print-uris
<ponyofdeath> yup thats why i use --reinstall
<ponyofdeath> but i test with packages not installed
<genii> It works when I used it with a package that was not already installed, but not with a package that is
<genii> ( whether reinstall was used or not)
<genii> ponyofdeath: Actually, it works when I do it like: apt-get install --reinstall binutils --print-uris
<ponyofdeath> i think i figured it out
<genii> Interesting
<ponyofdeath> vagrant-cachier
<ponyofdeath> it cache apt stuff
<ponyofdeath> and aperently messes with print-uris
<transhuman_> hi has Canonical combined Ubuntu server with MapR? I found one reference to it. Haven
<transhuman_> Haven't found anthing else
<transhuman_> as a platform
<transhuman_> I am trying to figure out if its MapR or Apache Hadoop that is combined with Ubuntu-server as a platform. My idea is that since I have a lot of experience with Ubuntu, that I might learn the version that is for the Ubuntu platform as a specialty...thanks in advance
<sarnold> transhuman_: hopefully useful https://jujucharms.com/big-data
<transhuman_> thanks for that link
<nacc> rbasak: so my current idea is to "break" the connection between some of the PHP packages I need so I can at least get one updated, in order to build the other at the right level (and not pull in any PHP5 dependencies) -- does that seem reasonable to you? We can talk about it more in the morning, if you're around
<ofaq> I just want to say ubuntu server is a turd!
<pmatulis> ofaq: thanks
<raghava> Hi
<raghava> Hi Can any one provide steps to install Openstack HA using autopilot deployment
<lordievader> Good morning.
<rbasak> nacc: so you have some kind of dependency loop? That doesn't surprise me. We had a similar issue with php-json. If so then yes, break the loop by temporarily. Please make a note as we'll need to ask an Ubuntu archive admin to do the same thing when we do it in the archive.
<rbasak> kickinz1: how is the ntp merge going? Can I assign bug 1512980 to you?
<ubottu> bug 1512980 in ntp (Ubuntu) "Please enable PPS in the Ubuntu build of ntpd" [Undecided,In progress] https://launchpad.net/bugs/1512980
<rbasak> rharper: fyi, bug 1535076. I've merged it with your merge bug.
<ubottu> bug 1535951 in strongswan (Ubuntu) "duplicate for #1535076 Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)" [Undecided,Confirmed] https://launchpad.net/bugs/1535951
<kickinz1> rbasak, I've applied the old deltas, forgotten ones, and missed one, I'm now verifying that they are all necessary. Yes you can assign to me.
<rbasak> OK, thanks.
<|TheWolf|> Hi!
<|TheWolf|> I just tried to join #ubuntu, but apparently I'm banned :-O I have no idea why, is there any way to find out and/or get me unbanned from there...?
<hateball> #ubuntu-ops
<|TheWolf|> thx!
<hateball> I think
<hateball> !banned
<ubottu> If you have been banned it is probably because you have not gone along with what is acceptable !behaviour. If you're not sure what acceptable !behaviour is please see !Etiquette and http://wiki.ubuntu.com/IRC/Guidelines - If you think the ban was a mistake, please join #ubuntu-ops
<|TheWolf|away> What I'm actually here for: Am I right in assuming that the patches for CVE-2016-0728 have not been released yet? It's a bit confusing because https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1534887 says that it's fixed in 3.13.0-76.120, and that the fix is released, but the current version according to http://packages.ubuntu.com/search?suite=trusty&searchon=names&keywords=linux-generic is 3.13.0.76.82
<ubottu> Launchpad bug 1534887 in linux (Ubuntu Xenial) "CVE-2016-0728" [High,Incomplete]
<OerHeks> |TheWolf|away, yes, patched 12 hrs ago
<OerHeks> maybe 16 hrs.. but the fix is certainly out
<|TheWolf|away> OerHeks : and this patch should already be available via the package managers?
<OerHeks> just update, or to be sure, apt-dist-upgrade
<OerHeks> err apt dist-upgrade
<|TheWolf|> that's what I did, but I only get the older 3.19.0.47.32, not 3.19.0-47.53, which includes the patch. might that be a caching problem with the mirror of my hosting provider?
<lordievader> You ran apt-get update first, I presume
<|TheWolf|> yes
<lordievader> Where do your sources point to? It might be that your local mirror is slightly out of date.
<OerHeks> maybe your mirror is not synced yet
<OerHeks> try the main
<|TheWolf|> according to the output of apt-get update, it fetches from both http://mirror.hetzner.de (the mirror of the hosting provider) and http://de.archive.ubuntu.com and http://security.ubuntu.com
<|TheWolf|> I'll try and check if the mirror is the problem, thanks for your help so far!
<OerHeks> De.archive.ubuntu.com-archive	http	128 Kbps	One day behind
<OerHeks> https://launchpad.net/ubuntu/+archivemirrors
<|TheWolf|> I've tried a number of other mirrors now (which are supposed to be up to date and verified in the last hours), but none of them have the latest version. I guess I'll just have to wait a couple of hours
<transhuman_> figured I would ask again for clarification is apache hadoop the preferred and supported version of hadoop on Ubuntu server or is it one of the other three MapR, Cloudera, or Hortonworks, I know canonical has partnered with one of them just not sure which
<rharper> rbasak: thanks;  in the request, IKEv2 frag, I'll need to confirm, but I don't think that fix itself is in 5.3.5, rather a bit newer than 5.3.5;  we could look to also cherry pick that in if it's going to help users out
<rbasak> rharper: I'm a little skeptical about cherry-picking anything in a security-sensitive package. Maybe we should unmerge that bug then?
<rharper> it's not security
<rharper> it's a feature
<rbasak> It's a security-sensitive feature though, isn't it?
<rbasak> The whole of IKE is security sensitive.
<rharper> I don't feel qualified to say yes or no
<rbasak> The danger is that either we introduce a security issue, or the security team have trouble patching a future security issue because the later fix conflicts (either literally or logically) with our cherry pick.
<rharper> looks like, there's already some IKEv2 frag support in 5.3.5
<rharper> I was looking at the changes since 5.3.5 was tagged, and there are some additional updates, but the bulk of the feature was introduced in 5.2.1 it appears from strongswan/NEWS
<rharper> so sounds like the user should have something to work with
<rharper> so, no need to cherry pick anything newer at this point
<rharper> post merge, we can look at individual bugs
<rbasak> OK, great!
<rharper> while I have you;  I've got a 5.3.5 with Ubuntu changes in it;  it installs fine, so going to look for testers and then work on re-assembling the ubuntu changelog and a debdiff to pick over;
<sertyui> how to check the number of users present on a server ?
<sertyui> hi
<Pici> sertyui: w, who, users
<sertyui> thanks
<sertyui> now users give me 3 times my username
<sertyui> what that it means ?
<marlinc> Anything you recommend for centralized update management? Something that for example can pull in multiple apt repositories and then allows updates to be picked and deployed
<rbasak> Landscape is Canonical's commercial answer.
<marlinc> We're a bit reluctant of Landscape as its very expensive
<sertyui> in that case you one brilliant solution which not at all expensive
<sertyui> i mean opensource
<sertyui> well how to check the number of user on my system ?
<Pici> sertyui: I've told you. w and who will both list where those users are coming from. Each (v)tty session is actually a separate login, so thats why a user may show up twice.
<hateball> you can awk|uniq to sort it
<sertyui> and pts means ?
<Pici> pseudoterminal
<sertyui> means
<sertyui> putty ?
<sertyui> or kvm ?
<Pici> no, just any terminal created that isn't one of the ctrl-F1-like terminals
<sertyui> i don't understand
<sertyui> on virtuall server
<sertyui> when you see pts1 what it means ?
<Pici> sertyui: it is a terminal created by ssh or perhaps by screen or tmux.
<sertyui> ok
<sertyui> fine
<sertyui> i got a service called assp on my server
<sertyui> sometimes suddently the service get stopped
<sertyui> i m using server : Ubuntu 14.04.3 LTS \n \l
<sertyui> so my question
<sertyui> is  : on the server how i can identify what is the root cause of that incident ?
<nacc> rbasak: yep, it's a build-depends immediate cycle between phpab and phpunit, which prevents me from using the updated pkg-php-tools (which pulls in php7.0 rather than php5.x)
<nacc> rbasak: will work on that today
<eahmedshendy> If you admin users a linux machine, and some of them are developer and needs to edit some files that is related to service - let's say tomcat - and its directories only edited by a user called "tomcat" ... and you need to give him access, what is the best practice to do that ... give him a limited sudo or set access list for the tomcat directory or create a group and add him to that group and change the group of the tomcat directory then ch
<eahmedshendy> ange the permission to rwx?
<ServantGrunt> Good evening everyone, I'm in need of some help with the management of Juju and MaaS, can anyone help me?
<TJ-> eahmedshendy: use ACLs
<eahmedshendy> TJ-: why, can you give a short explanation when I choose between the three options?
<ServantGrunt> My problem consists in the Juju bootstrap, because it tells me when bootstrapping that there aren't avaiable tools. When I use sync-tools to download them, it tells me it can't because the environment is not bootstrapped
<ServantGrunt> I'm in a sort of dead lock I can't figure out
<ServantGrunt> (I'm following the MaaS setup documentation, from https://maas.ubuntu.com/docs1.8/juju-quick-start.html)
<ServantGrunt> ...Anyone?
<TJ-> eahmedshendy: you could put the developer in a group that has write access to the directory entries/files, or you could leave default permissions as-is and use 'setfacl' (1) to add additional fine-grained permissions for users/groups
<eahmedshendy> TJ-: I prefer this ACL way ... but I wanted to learn if there is a reasons that makes me select one more than the other in my case
<TJ-> eahmedshendy: It generally depends on whether the underlying file-system can support ACLs, and if so, if the fine-grained permissions it provides are what is required.
<eahmedshendy> TJ-: got it, thank you
<TJ-> eahmedshendy: the old addage of "Keep It Simple, Stupid" applies - in other words don't over-complicate the solution unless you have to
<eahmedshendy> TJ-: mmm, sorry I didn't get it .. I still can't difference between it gets complicated or not
<TJ-> eahmedshendy: 'complicated' is for you, the admin, to judge. If you can make do with just using user/group membership and permissions then ACLs would over-complicate it
<eahmedshendy> TJ-: got it, for me I need to get much practice on ACL use :)
<TJ-> eahmedshendy: yes. "man setfacl" "man getfacl" and "man acl" will help understand it
<eahmedshendy> TJ-: Thank you for your help
<eahmedshendy> :)
<ServantGrunt> So... Has anybody any idea on how to help me?
<qman__> In my opinion, ACLs add too much complexity, I'd either add the users to the tomcat group or create a new group and grant access via limited sudo or similar
<qman__> depends on how many files and the details
<qman__> I build things based on how easy they are to figure out when you don't know they exist
<qman__> so when you have to come back to it five years later, you can tell how it's set up
<ServantGrunt> Is there really no one who could help me?
<TJ-> ServantGrunt: looks like the key -server folks aren't around right now. There's usually a good complement of them
<patdk-wk> isn't server meeting on wed?
<patdk-wk> probably busy with that
<rbasak> ServantGrunt: I suggest you ask your question, rather than waiting for someone to volunteer to answer a question they don't know yet.
<rbasak> ServantGrunt: also you could try the #maas or #juju channels.
<rbasak> eahmedshendy: I don't think it's appropriate to allow admins to edit files directly on a server except in an emergency. Otherwise you lose the ability to roll back or recover from a disaster. Get them to commit changes they want somewhere else, and arrange a process to get it live.
<eahmedshendy> rbasak: good point
<ServantGrunt> I quitted before by mistake so I'm gonna repeat my question just to be sure: I need help about juju and ubuntu server with maas. When I juju bootstrap it tells me there are no tools available. When I juju sync-tools it tells me it needs the environment to be bootstrapped. That's a dead lock I can't figure out, what should I do?
<rbasak> ServantGrunt: I know there's a "juju bootstrap --upload-tools" option, or at least there used to be. But it depends on your environment I think. Try asking in #juju.
<TJ-> ServantGrunt: have you been following https://maas.ubuntu.com/docs/juju-quick-start.html
<swat30> hallyn, you around?
<swat30> I'm running into an issue migrating VMs from P->T. should have been fixed by https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1374612
<ubottu> Launchpad bug 1374612 in qemu (Ubuntu Trusty) "[FFE] add pc-1.0-precise machine type" [High,Fix released]
<swat30> seems that I have two pc-1.0-qemu-kvm machine types: http://pastebin.com/StVfrj9F
<swat30> and here's the exact error I'm seeing: http://pastebin.com/YvCsY4YW
<swat30> current machine type on precise is pc-1.0-qemu-kvm
<hallyn> swat30: hm
<hallyn> swat30: can you pb the full vm xml?
<swat30> sure, mind if I DM ?
<hallyn> swat30: you can try, not sure how well my end will take it
<swat30> just meant the link
<ServantGrunt> Yes TJ- I've been following the guide
<ServantGrunt> And in the guide it makes it easy, but if I follow the commands execution as the guide does, I get those errors, solving nothing
<ServantGrunt> rbasak I've tried using that option but I couldn't solve anything either.
<sarnold> ServantGrunt: do you have firewall rules that might prevent communication with canonical servers? iirc the bootstrapping process pulls simplestreams data from canonical to describe the available images, juju tools, etc. and uploads those into your cloud's storage services thingy.. not sure how it works when using juju to bootstrap the cloud itself, but presumably maas provides the storage..
<ServantGrunt> sarnold I'm pretty sure no firewall is blocking comunications between my server and canonical
<beisner> coreycb`  o/  - ok, pushed  oslo.messaging 1.4.1-0ubuntu1.2~cloud1 package from juju-staging to juno-proposed in the cloud archive.
<coreycb`> beisner, thanks
<beisner> coreycb`, yw, thx sir
<Valduare> hmm, I got this kingston ssd here that I cant write to
<Valduare> can read the files off it just fine,
<bekks> which filesystem are you using?
<Valduare> tried dd it, no effect after dd finishes the partitions show right up
<Valduare> it has ext4 on it
<bekks> But you arent try to use dd while the filesystem is mounted, are you?
<bekks> *trying
<Valduare> nope
<sarnold> are there any errors in dmesg?
<Valduare> just poped the drive into a workstation that dualboots ubuntu and windows, tried formating it in both
<Valduare> the filesystem just comes right back each time
<bekks> How do you see that it is coming back?
<Valduare> ls
<bekks> ls on what?
<Valduare> lol
#ubuntu-server 2016-01-21
<patdk-lap> Valduare, the ssd is dead
<patdk-lap> when they detect they are dead, they go into read-only mode
<patdk-lap> nothing yo ucan do to save it, it's toast
<patdk-lap> it does that, so you can still recover your infomation from it
<Valduare> stupid ssd :P
<sgraham> i need to create an upstart job.
<sgraham> one for fault_tolerant_router
<sarnold> be sure to have this guide handy :) http://upstart.ubuntu.com/cookbook/
<sarnold> sgraham: that's a neat looking tool. thanks.
<sgraham> fault_tolerant_router ?
<sgraham> sarnold: have you used it?
<sgraham> I think its bloody brilliant!  it has saved my ass 20 times in the last 10 days.
<sgraham> i only have one problem with it. I have to restart the monitor every time i make a change to the config file. I wish it would read the config every time it runs its connectivity sweep.
<sarnold> sgraham: no, I hadn't heard of it before you mentioned it
<sarnold> sgraham: you can probably do something slightly better with upstart -- if you use the "upstart-file-bridge" you ought to be able to restart the service when the configuration file is changed: http://upstart.ubuntu.com/cookbook/#upstart-file-bridge
<sgraham> sometimes i have to take certain uplinks off line. Currently i have to reboot the software router when i make those changes because i start the monitor with a post up line in the interfaces file.
<sgraham> at the time it seemed like the best way to do this process (because its a router so why not reload the configs when the interface reloads)
<sgraham> ive decided the better way though is to make it an upstart job.  That way i make my changes to the config and then i can just run  "service fault_tolerant_router restart"
<sgraham> that seems to work fine...i get this hang though when i try and reboot the physical router after starting it as a service.
<sgraham> this problem does not seem to crop up with the virtual test environment though..(ill figure that out later via the logs)  The problem now is to get openvpn client to reconnect after the service is restarted.
<sgraham> I dont want to wait 60 seconds.
<sgraham> these connections are for a SCADA system and they dont like 300ms of latency.
<sgraham> duuuuude...uses inotify....thats bad ass...
<sgraham> sarnold: ...thank you for doing my research,  In my country...This may mean i have to marry your sister (even if she is not very attractive)
<sarnold> believe me, she isn't
<sarnold> she's also my brother
<sarnold> sorry
<sarnold> try to act surprised though :)
<sgraham> I will do my best.  You will have to also follow the customs of my country though in regards to brother in law duties...
<sarnold> man I hope it's just limited to buying a beer or two at family gatherings
<sgraham> no, also at jousting events, sword competitions and sailing regatas.
<sarnold> hmm, sailing regattas, it's not all bad.
<sgraham> so when will you be comming to visit?
<sarnold> lets make it the summer time
<sgraham> yes...there is lots of wine available in summer here. That is a good planning.
<sarnold> awwww yisss
<sgraham> I have videos by the way of virtual environment with fault_tolerant fail over router in working order. would you like to see....also how will you be ariving in my country Plane? boat?
<sarnold> oh please :)
<sarnold> boat sounds good, might as well get ready for the regattas
<sgraham> yes, good planning again.
<sgraham> I will have to talk to officials and get papers in order for marriage to your sister....um...brother...ish? person?  Good news is this country is quite comfortable with these sorts of marriage.
<sarnold> very progressive place
<sgraham> yep
 * ianorlin ended up thinking ecc gender but hope that will not offend non binary people
<sgraham> We call it California.
<sgraham> :-)
<ianorlin> !loco
<ubottu> Information on Ubuntu Local Community Teams is at http://loco.ubuntu.com/
<sarnold> sgraham: what a crazy name for such a country!
 * ianorlin is one of three leaders for ubuntu california loco and hope to see you if you are at scale
<sgraham> hahaha
<sgraham> that joke works so much better when you ask "what the hell country do you live in!"
<ianorlin> but that is more of a #ubuntu-us-ca question but you seem like a good person to have around
<sarnold> ianorlin: nice, is brendan gregg doing another presentation there this go around? I've seen a few of his talks on youtube, well worth the time..
<sgraham> seriously though...my wife said i cant get married anymore.  Also i have those videos (about an hour because they are pretty through.)
<sgraham> tell you sister/brotherish person im sorry .
<sarnold> oh I'm sure he'll understand, and, hpefully some day, move on with his life.
<ianorlin> but I should get to bed as that conference starts tommorow for talks and yes 1pm on Sunday
<ianorlin> sgraham: ^
<sarnold> ianorlin: woo, have fun
<sarnold> (talks on a sunday?? odd..)
<sgraham> pegans they are everywhere now...godless worka holics...its amazing how much stuff they get done.
<sgraham> and just with one extra day.
<sgraham> sarnold: can you check something for me from the outside (you know...the world outside my network...like where the pizzaman lives?)
<sarnold> hehe sure
<sgraham> resume.booksnmore.com
<sgraham> sorry
<sarnold> "Index of /" -- auto-generated, but blank
<sgraham> mthrfkr...you broke it.
<sgraham> its using a ton of memory..its all jammed up...
<sarnold> reload confirms, 503
<sarnold> that one took a bit of time, not nearly as fast as the first one
<sgraham> i rebooted it..
<sgraham> actually i think its a werid router..issue.
<sarnold> ahh
<sarnold> "Index of /" again
<sgraham> oooo crap..weird thing
<sgraham> upgraded that server from 12.04 and it makes sub dir under www/html
<sarnold> apache 2.2 -> 2.4 changed a fair bit; I spent days once piecing together fixes for some automated tests..
<sgraham> http://resume.booksnmore.com/videos.php?selected_video=dual-backhaul-router-concept.webm
<sgraham> sarnold: stick that crazy stuff in yo browser and watch it!
<sarnold> hey! it works!
<sgraham> fknaright...
<sgraham> you use kvm at all?
<sarnold> a bit; most of the hard work is done by scripts I don't understand around libvirt (which I also don't understand) :/
<sgraham> libvirt is the digital voodoo that does the stuff...as far as im concerned.  Im vmware certified but i never use it because its two damnd expensive
<sgraham> kvm works pretty damn good for something that is free.
<sarnold> I thuoght esxi was free or something?
<sgraham> ya..you can get really screwed around with building things that will eventually need...liscensing.
<sarnold> I've thought breifly about trying to write my own wrappers around kvm; libvirt seems more annoying than it's worth, but..
<sarnold> ahhhhh
<sarnold> much like doing anything with oracle software. heh.
<sgraham> Honestly ive seen vmware tank pretty frequently.  they dont support the free version of it nearly as much as the comunity suppors kvm...thats beside the point..
<sgraham> i was just making sure you knew what was going on there with the virt environment.
<sgraham> im going to look more into that upstart-file-bridge.  Thanks again man.
<sarnold> my pleasure :) it's been fun
<sgraham> yep, by the way i build custom appliances that do multi backhaul backends and openvpn concetrators.
<sgraham> you ever need any work like that done give me a holler.....and if you need somebody to marry your homely sister...sorry wife says im taken.
<sgraham> fault tolerant portion of that process is the next video on the list.
<sarnold> heh, I've wondered what I'd do with my comcast connection if/when google fibre finally arrives.. would I want to keep it and dual-home? or be thrilled to be rid of comcast? :) heh
<sgraham> most my clients would kill for a comcast connection.  I have it at my homeoffice (was one of the major deciding factors of buying this house) Critical apps up here need two sometimes as many as 4 potential connection types to be viable.
<sgraham> snow, rain, rodents, crazy mountain people, fire, all sorts of "little com devils" to muck things up.
<sarnold> don't get me wrong, if it weren't for comcast the next choice would be way worse.
<sgraham> oh and mountains.
<sgraham> trees...those get in the way alot
<sgraham> ive put up my fair share of last mile wireless this year. Im buying stock in Ubiquty
<sarnold> heh you're not kidding, you're a long way from anything :)
<sgraham> sierra foothills.
<sarnold> heh, I've got a ubiquity router 75% configured, just need that last push to install it and find out what I forgot..
<sgraham> that stuffs amazing.
<sgraham> i just did a business the other day..after i was done the diffeence was so obviouse somebody asked me.."dude are we gonna get brain cancer now from this?"
<sarnold> haha
<sgraham> I told them  i didnt know..because...well i honestly dont know .
<sarnold> yeah; if it were vastly more powerful than advertised, well, maybe... but you figure that'd be discovered by someone sooner or later.
<sgraham> I dont know..just from our history and typical complete missunderstanding of whats important...im assuming its all bad  (just because we really dont live long enough to care anyway)  The alien race that finds us are going to point and lol at our bones when they see what we have been doing.
<sgraham> they are probably doing it now
<sgraham> they are all like..."been there done that...like a trillon years ago...got the tshirt and the hat...aww snap!"
<sarnold> hahahaha
<sgraham> somewhere there is a meeting...(probably with like a much more advanced "hangouts"(or maybe just hangouts who knows)) and the conversation is like..."What was the deal with that blue planet again?...Oh ya earth..total waist of time..dont want to go there.  The have this method of time bartering based on paper...made from trees...and they are almost out of trees. They are not very bright."
<sarnold> "mostly harmless"
<sgraham> ya exactly...dude i literally pulled over got out of my car and cried when that dude died.
<sarnold> certainly a hoopy frood who knew where his towel was.
<sgraham> Yep, i carry one with me on my mobile office.
<sgraham> i show you my mobile office?
<sarnold> not yet
<sgraham> damn it mv4 format...let me convert that
<sgraham> so what do you do?
<sarnold> I work on the ubuntu security team
<sgraham> I was a stripper to pay my way through colledge.
<sgraham> never did get my degree.
<sgraham> kept getting hired and couldnt seem to concentrate on the bookwork.
<sgraham> you get paid to work for ubuntu?
<sarnold> sgraham: yeah
<sgraham> sound like a pretty cool gig...ssssh...dont tell anybody
<sarnold> it -is- a cool gig :) work from home, great co-workers, great users, lots of fun things to learn
<sgraham> dude ill bet you get all kinds of cool programs for free!!
<sarnold> hehe yeah :)
<sgraham> kinda like....us..
<sgraham> hehehe
<sarnold> it's easy to get spoiled with tens of thousands of programs just an "apt-get install" away
<sgraham> http://resume.booksnmore.com/videos/new_mobile_office.webm
<sgraham> i just picked up a new toughbook...(well i mean not new but cf-29)
<sgraham> I would up with 2 of those bikes
<sgraham> you ever in the area give me a holler i have access to over 50 miles of private road.
<sarnold> haha, the towel makes a ton of sense :)
<sarnold> you might get wet in your office :)
<sarnold> 50 miles of private road through those mountains. lovely.
<sgraham> ya. this time of year i have to deal with snow..lots of mud
<sarnold> its not all summer days like the video?
<sgraham> no.
<sgraham> we loose com on equipment i have to get to it quick.
<sgraham> sometimes No road left. have to get creative
<sgraham> its a pretty cool job..other days...im just changing out printer cartridges.
<sarnold> printers. ugh.
<sgraham> wishing something else would be wrong.
<sgraham> oooh crap...so dude...when the hell am i going to be able to get a phone out of you guys?
<sgraham> i want an ubuntu phone so bad...
<sarnold> if you grab an old nexus 4 off ebay you can flash that now, though I understand the Real Things from BQ and Meizu are nicer and have more stuff -- I haven't seen one of those yet myself
<sarnold> well, "nicer" -- I think the BQ and Meizu  units may be roughly comparable to the nexus 4 specs, but the ubuntu experience on them should be better.
<sgraham> i got 4 galaxy .....alphas (just did a switch out to verizon from att for municipality)
<sgraham> I do this ride...about 700 miles of desert in death valley every year, i got to drag a damn panasonic toughbook with me the entire time cause i need a true linux os incase my customers have any issues
<sgraham> i would really just prefer the linux phone...duuuu
<sarnold> you'd probably still want to drag it along: there's a huge pile of funny things on the phone, you can't just apt-get install whatever you need..
<sgraham> that toughbook takes up about a gallon of fuel space.
<sarnold> and weighs enough to cost another gallon? :)
<sgraham> its...probably 10 pounds..bike can take it..but the space is the issue
<sgraham> and power..
<sarnold> I think the ssh from the phone -may- work well enough that it might be alright if that's all you need; but it sure isn't a pocket-sized network swiss army knife
<sgraham> i only get 7 hours with the thoughbook..phone ..hell i have charge cord for it.
<sgraham> i can do a spice thing back to office but, there are some things (mostly network stream analysis) i would like to run right from a vpn into a concentrator.
<sgraham> actually i could do that from the spice connection as well...its just another hop and connectivity to have to worry about
<sarnold> *nod* the fewer the moving parts, the better..
<sgraham> yep one less node to worry about
<sgraham> this year i got the wife a new wrangler. Im gonna have her haull all the com stuff i might need. Ill meet up with her and just check in on alarms
<sgraham> ubuntu...where you work from US?
<sarnold> sgraham: portland, or
<sgraham> ahh ...land of no sun
<sgraham> good beer though
<sgraham> you need miserable light and shitty watter to make good beer i think
<sarnold> why yes we've had weeks of rain how'd you know? :)
<sgraham> i remember alot of banana slugs..and just general rotting wet stuff up there...until the city then...wet concreet and drunks.
<sarnold> the water's friggen delicious though, the only better water I've had came from a glacier-fed spring after a ten mile hike, so it's not exactly accessible.. :)
<sgraham> kinda the same thing really
<sgraham> weeks of rain...bastards ...took it from us dint ya!
<sarnold> we've still got the slugs but .. it seems like there were more of them twenty years back. maybe I'm just accustomed to them now, but it seemed like they used to be more prominent. :)
<sarnold> hey not me you've got the wrong guy see!
<sarnold> we didn't touch your rain honest mister
<sarnold> this is the same rain we've always had, ask anyone!
<sgraham> well our watter went somewhere else. and thats all the info we have, Im blaiming anyone else who has more than us...thats just logic man.
<shauno> ireland here.  willing to donate rain!  (buyer collects)
<sarnold> honestly you can have some of it, the other day we had enough that my basement was soggy. I spent the whole day with a shop vac...
<sarnold> $600 worth of pumps later and a few impromptu holes in my backyard and things are looking bette.r.
<sarnold> shauno: heh :)
<sgraham> Took a trip up there when i was a kid...i remember asking my dad.."when does it STOP raining?"  He told me,  These poor bastards forget what the sun looks like. Look at them..they have the same color as tuna! One day we will find they have all turned to fish."
<sarnold> sgraham: and yet, we've got a -huge- amount of skin cancer. when we -do- get sunny days we stand outside, facing the sun, eyes closed.
<sarnold> we've got no melanin so it really packs a wallop
<sarnold> and no sense to stay in the shade
<sgraham> I had a girlfriend from canada...she use to literally HIDE from the sun.  she told me one day.  "We dont have that thing(the sun) where i come from...it causes cancer you best stay in doors when it is about"
<sarnold> see? canadians are smart.
<sgraham> yep...she got ride of me
<sgraham> proof
<sarnold> hehe
<sgraham> damn..pumpkinOclock
<sarnold> man when'd that happen...
<sgraham> time sucks...its just the universes way of keeping us all in its pocket..
<sgraham> its the curency with actual backing
<sarnold> and there's never enough of it..
<sgraham> the universe figured out if it could keep everything from happening all at once they could get monopolisze on life ...and marketing it as a good thing.
<sgraham> like camel cigs..and cokeacola.
<sarnold> haah
<zbouby15> hi all
<zbouby15> i'm trying to install a SFTP with HA/load balancing features, could you please give me your thoughts regarding my LAB ==> http://postimg.org/image/3rtwxt15h/ ?
<roaksoax> win 13
<adun153> Hi, need some Apache2 help. I have this "<VirtualHost 192.168.0.10:35357>", but for some reason, Apache keeps on listening on ALL interfaces, not just on the interface that 192.168.0.10 is assigned to. What am I doing wrong?
<hateball> adun153: and it's listening on 35357 on all interfaces?
<adun153> yes
<adun153> hateball: yes
<rbasak> adun153: iirc, you need a Listen directive outside for the VirtualHosts to tell Apache what to listen on.
<hateball> Yep
<adun153> I tried adding "Listen 192.168.0.10:35357" in /etc/apache2/ports.conf
<rbasak> The virtualhosts definitions are a subset of that so that apache knows where to expect each virtualhost (in case you're serving HTTPS without SNI, for example)
<adun153> Apache2 couldn't start up, stating that there already was something listening on 192.168.0.10:35357
<hateball> This is pretty clear https://httpd.apache.org/docs/2.2/vhosts/examples.html
<rbasak> Use netstat to figure that out.
<hateball> adun153: What does your NameVirtualHost look like?
<adun153> hateball: In which file should that be located?
<adun153> Same as the site config file?
<laskdj> hi
<hateball> adun153: I linked you from the official docs
<hateball> But yes, it should be in the website in question
<adun153> Ah, I get it now
<adun153> Yes
<adun153> Thanks, I guess I just needed someone to help me bounce off ideas, I'm pretty frazzled at this point
<adun153> I had "Listen 35357" on top
<adun153> I just changed it to "Listen 192.168.0.10:35357", and that seemed to fix it.
<adun153> :D
<coreycb`> jamespage, hey, can you sponsor this? https://code.launchpad.net/~corey.bryant/ubuntu/trusty/oslo.messaging/lp1318721/+merge/283304
<jamespage> coreycb`, done
<coreycb`> jamespage, thanks
<Azaril> hello
<Azaril> im getting this weird error
<Azaril> https://gist.github.com/benjfield/4adcf48620da1a8e87ec
<Synx_hm> Having some issues installing openstack (openstack-install) it keeps stalling with 'kvm container creation failed: exit status 1' i dont see anything relevant in commands.log. Ubuntu 14.04.3 LTS on 3.19.0-47-generic (this is run on ESXi host with guest cpu virtualizaion extensions enabled)
<Synx_hm> same issues with both ppa:cloud-install/stable and experimental
<Waheedi> now i have gcc (Ubuntu 4.8.1-2ubuntu1~12.04) 4.8.1 i want to upgrade to gcc 4.8.2
<Waheedi> I was on gcc 4.6 :)
<sgraham> this may be a stupid question...but..ok stupid.
<sgraham> i created an upstart job and it seems to be working just fine, problem is, there are two of these process running now.  Does not seem to cause any issues..but im just trying to figure out if that is normal
<sgraham> the upstart job is for a fault_tolerant_router
<Waheedi> are you sure its not one process forking something else sgraham?
<Waheedi> how can I use this library in presice? http://packages.ubuntu.com/trusty/gcc-4.8-base
<Waheedi> i think that is not possible
<Waheedi> i have to upgrade to 14.04
<Azaril> anyone got any ideas on https://gist.github.com/benjfield/4adcf48620da1a8e87ec?
<dasjoe> Azaril: is this in a VM? See https://bugs.launchpad.net/qemu/+bug/1336794
<ubottu> Launchpad bug 1336794 in QEMU "9pfs does not honor open file handles on unlinked files" [Undecided,New]
<Azaril> yes
<Azaril> not sure i have 9pfs though
<fuzzywuzzy> What are people using for a KVM GUI?
<pmatulis> fuzzywuzzy: virt manager
<fuzzywuzzy> Anyone tried ovirt?
<fuzzywuzzy> I think its still alpha
<fuzzywuzzy> much more feature rich
<fuzzywuzzy> I don't want to use XEN because you have to manually load patches
<fuzzywuzzy> and the crappy Win32 interface requirement
<sgraham> you guys ever had an upstart job that causes the system to hang on shutdown?
<sgraham> by the way kyle i diabled you email on your phone yesterday (forgot to tell you about that) Im still trying to figure out why it is behaving the way it is.
<sgraham> oops wrongwindow
<blizzow> How do I select UTC as the timezone during a server install? The 15.x installs seem to restrict me to a country based timezone.
<RoyK> blizzow: choose Iceland ;)
<RoyK> blizzow: or just run dpkg-reconfigure tzdata, choose Etc and then UTC, after installing
<RoyK> blizzow: but Iceland just uses UTC as it is, no summertime or nothing
<blizzow> Still sucks that it UTC was removed from the choices during installation. :/
<RoyK> blizzow: no idea why. I don't use ubuntu for servers anymore. I just stick around here by old habit
<jonah> Hi I hope someone can please help. My postfix doesn't seem to stay loaded. I can start it and it says OK but then it quits itself. Can anyone help. I also get this error in the syslog: arning: /usr/lib/postfix/smtpd: bad command startup
<sarnold> are there any postfix-specific logs in e.g. /var/log/postfix or /var/log/upstart/postfix* ?
#ubuntu-server 2016-01-22
<jonah> sarnold: ah sorry my fault, it is actually running but for some reason emails are bouncing back with No Such User...
<sarnold> aha :)
<danielthebague> hi i have a LAMP server set up and index.html in /var/www/html , i have now created antoher page and named it othersites.html also stores at /var/www/html .  i have link from index to othersites but on localhost in browser it cant find the page when i clcik the link
<danielthebague> are my paths or storage loctions wrong?
<danielthebague> accessing my phpbb page on localhost works fine
<sarnold> danielthebague: are there any messages in the error.log or access.log that might help indicate the problem?
<danielthebague> 127.0.0.1 - - [22/Jan/2016:00:18:58 +0000] "GET /ext.css HTTP/1.1" 404 494 "http://localhost/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0"
<danielthebague> 127.0.0.1 - - [22/Jan/2016:00:19:01 +0000] "GET /othersites.html/ HTTP/1.1" 404 503 "http://localhost/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0"
<sarnold> the trailing slash is funny; try again without it?
<danielthebague> same problem
<danielthebague> just worked now thanks for that
<danielthebague> be gooing mad for hours
<sarnold> web servers are like that :) hehe
<danielthebague> my localhost/phpbb/ page works fine with the slash
<sarnold> that's loading a "directory", which is then served by an application; when requesting a file, it needs to be the filename.. the slash causes it to look for an index file in a directory, which fails..
<danielthebague> ah thanks how stupid am i
<danielthebague> thank you very much for helping
<danielthebague> now i can sleep easy tonight
<danielthebague> cheerio
<on247> So i configured my OpenVPN server
<on247> and openvpn start server
<on247> work
<on247> when i use it manually
<on247> but i can not get systemctl to start it
<on247> No vpn is running i get
<on247> just need the missing piece that points to my server conf
<on247> but i cant figure it
<on247> out
<Waheedi> whats the best way to get the latest 12.04 image for a kvm use?
<Waheedi> I'm having a lot of troubles using virt-manager from my machine
<Waheedi> especially at the image/cdrom selection step
<phillw> Waheedi: what version of linux are you using to try to do this?
<Waheedi> 14.04
<Waheedi> if you are curious to know what other issues I'm having with virt-manager, whenever I connect to a host it disconnects other hosts :)
<Waheedi> my version is a bit old I think 0.9.5
<Waheedi> i will try again
<CacheMoney> any ideas why my 12.04 VM boots to Stopping System V runtime and just hangs?
<Waheedi> many ideas :)
<Waheedi> how are you connecting to it ?
<Waheedi> guys i just needed this link http://cloud-images.ubuntu.com/releases/12.04.2/release/ubuntu-12.04-server-cloudimg-amd64-disk1.img
<Waheedi> oof
<CacheMoney> well its running in a hyper-v environment
<Waheedi> and
<CacheMoney> thats it, i connect to the console
<CacheMoney> what I would like to do is use ctrl-alt-f1 to switch tty
<CacheMoney> but idk how to issue that via hyper-v lol
<an3k> how to kill a process that doesn't want to get killed?
<hateball> an3k: kill -9
<an3k> doesn't work
<hateball> maybe it has a zombie child
<an3k> It's mv /local/file /mounted/on/cifs/share
<an3k> It's still running, even killing as root doesn't work and I can't umount the share so that the process kills itself ...
<an3k> umount -f also doesn't work, still get "umount2: Device or resource busy"
<hateball> and you're not cd'd into any of the dirs involved?
<an3k> I was
<an3k> nevermind, shutdown -r now
<an3k> haha, even that didn't worked. Had to power cycle the system ...
<an3k> god, bonding on 14.04.3 is so buggy and unstable ...
<rbasak> kickinz1: we can talk about the NTP merge, but can we defer it by another half hour please? I've not quite finished my morning catchup.
<kickinz1> rbasak, no pb
<trippeh_> oh wow, we're getting back into sync with upstream for ntp? :)) finally client-only mode in ntpd
<trippeh_> by upstream I mean ntp.org, not debian.
<trippeh_> ok, upstream is still a little bit ahead but not by much.
<rbasak> kickinz1: http://people.canonical.com/~ubuntu-security/cve/
<rbasak> This is the Ubuntu CVE tracker. YOu can look up status for any CVE there.
<rbasak> eg. http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7852.html
<rbasak> Though it doesn't have completed information about which upstream version has that fixed
<rbasak> So I'd follow the link to http://support.ntp.org/bin/view/Main/SecurityNotice%23October_2015_NTP_Security_Vulner
<rbasak> But the link looks broken.
<rbasak> Anyway, we'd want to chase that down to check which upstream release upstream consider the CVE fixed in.
<kickinz1> rbasak, thanks
<skylite> I have a file that has no acl on it no selinux, nothing. I am unable to open that file via samba share. If i make a  copy of that file into the same folder I can open the copy from the samba share. I can not see any changes in permission in the copied file and still I can open that file from a samba share while I am unable to open the original file what could possibly be the problem?
<rbasak> trippeh_: we're working on it.
<an3k> http://pastebin.com/xMy6m2vx ?!?!
<an3k> VLAN on Bonding on two NICs is obviously a real problem for Server 14.04.3 LTS
<jpastore> hi I set up a new ubuntu server. created some user accounts. when I log in missing the .profile and .bashrc. I copied it from /root over to /home/user and chown'd it but it's not really being used. am I missing a step?
<Schalla> jpastore: Are you using bash as login shell?
<Schalla> .profile is just executed by the desktop manager iirc, not by bash anyway
<jpastore> yes with bash
<jpastore> hmm...but ti seems to run when I sudo -i
<jpastore> Schalla, the profile seems to source the .bashrc only. can I rename to .bash_profile?
<Schalla> jpastore: If your login shell is set to bash (might be worth to check, I am unsure whether useradd defaults to /bin/sh or /bin/bash), .bashrc should work fine
<Schalla> But maybe someone else can confirm / clarify that
<jpastore> Schalla, does not look like it was explicit set in the passwd
<jpastore> thanks
<Schalla> The shell?
<Schalla> What it was set to?
<jpastore> nada
<jpastore> the other users had /bin/bash mine was:  normal crap:
<jpastore> no /bin/bash at the end
<jpastore> thanks! I'll tinker with it when I get back super apprecaite the help
<Schalla> Glad if it works, was just a guess. Good lcuk! :)
<lordievader> jpastore: Is your user able to read those files?
<pmatulis> stgraber: how can lxd be tested on xenial? the ppa only seems to go up to wily
<pmatulis> hallyn: ? â
<stgraber> pmatulis: just install it from the archive?
<pmatulis> stgraber: d'oh
<jpastore> lordievader, yes. interestingly the copy files were already owned by the user when I copied them as root
<rjb> please anyone else with experience with ldap configuration, client side?
<pmatulis> !ask | rjb
<ubottu> rjb: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<rjb> i need help to configure ldap client side Ubuntu 14.04 64 bits
<rjb> thank you
<pmatulis> rjb: you will need to ask a more specific question. hints: â  what are you trying to do, â¡ what did you try, â¢ what problems/errors did you encounter
<jpastore> hi, tried following a guide to set up a tftp server on 14.04 so I can backup my running config on the router and I'm getting a permission denied even though I chmod 777 the target operating folder
<jpastore> btw I did: iptables -I INPUT 1 -s router.ip -j ACCEPT
<jpastore> I tried to tftp from my box and get the permission denied so I do not believe it's a fw issue
<sarnold> are you trying to upload to a tftp server? are you sure that's allowed? if it is allowed does it require any special configuration to allow it?
<jpastore> sarnold, trying to upload from router to tftp server. I'm allowing it, I chmod 777 and chown'd to nobody:nogroup
<sarnold> jpastore: is this bit about --create still true? http://askubuntu.com/a/443129/33812
<jpastore> sarnold, I don't know
<jpastore> bit that's not what I my server args look like
<jpastore> thanks let me try that 1 sec
<jpastore> sarnold, well that did not work
<jpastore> sarnold, checked the man pages and -c is not there
<sarnold> dang :/
#ubuntu-server 2016-01-23
<lordievader> Good morning.
<docmur> I'm trying to upgrade from 12.04 to 14.04.3 and when I run do-release-upgrade, I get No new release found
<jpastore> you are better off backing up and doing a fresh install
<jpastore> ubuntu os updates never seem to go well.
<jpastore> maybe it's better for servers, but for desktops, major point release upgrades seem to hurt every time
<docmur> I've never had a problem in the past doing the upgrade, I've done it one a few other servers and it went fine, I just don't know why I'm getting that error
<jpastore> I would verify the verify the repo is still operational
<jpastore> what is it trying to access?
<Waheedi> whats that error again docmur ?
<cappicard> good evening. anyone running openchange in ubuntu 15.10? every time I try connecting to openchange from openchangeclient or outlook, i keep getting storage backend initialization failure (followed by samba crashing).
<cappicard> it doesn't matter if I'm using LDB or MySQL backends.
#ubuntu-server 2016-01-24
<sloppygagger> hey, is anyone familiar with Storj and their Driveshare gui ?
<sloppygagger> is anyone running Storj's Driveshare on Ubuntu ? I'm about to install it and i have a few questions if anybody is familiar......
<TurBoss> hi
<TurBoss> one of my servers started sending packages tagged as "Gobbles ssh exploit" by the IDS
<TurBoss> did any one hit this issue?
<TurBoss> the thing is that the destinatio of this "attacks" is another machine I know
<yoink> TurBoss or did your IDS rules update and there's an issue there somewhere?
<lordievader> Good morning.
#ubuntu-server 2017-01-16
<fishcooker> how to disable daily cron apt-get update which is get list updated list daily so that i will not get message 77 packages can be updated and 44 updates are security updates.
<pmatulis> fishcooker, edit the cron job. grep for 'apt' under /etc
<JanC> fishcooker: it's part of the update-notifier-common package
<JanC> you can edit /etc/apt/apt.conf.d/10periodic and set APT::Periodic::Update-Package-Lists to "0"
<hallyn> lamont: (you last touched open-iscsi) do you have any objection to http://paste.ubuntu.com/23808904/ as debdiff against open-iscsi?
<fishcooker> noted JanC pmatulis, thanks
<lordievader> Good morning
<cpaelzer> hiho
<Mr_Pan> good morning
<jamespage> Dmitrii-Sh, hey so re https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1656480
<ubottu> Launchpad bug 1656480 in qemu (Ubuntu) "QEMU Does not Send L2 Broadcasts After Live Migration" [High,New]
<jamespage> we'll need to confirm the status of that issue for yakkety and zesty as well - if the later qemu versions in those releases are OK, we need to comment to that effect (you can do that by nominating for those series)
<jamespage> the SRU team will not accept the update into proposed until we know its OK in later releases, to avoid regressions
<Dmitrii-Sh> yakkety was ok the last time I checked. It has 2.6 where it has been patched
<jamespage> Dmitrii-Sh, OK you just need to comment to that effect then
<Dmitrii-Sh> ok
<Dmitrii-Sh> jamespage, well, it looks like the best way to verify is pull-lp-source and grep. I do not see any activity here at all https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/log/?h=ubuntu-dev since June this year.
<cpaelzer> Dmitrii-Sh: that branch is out of date atm
<cpaelzer> Dmitrii-Sh: I'm actively working on giving it some life again atm
<cpaelzer> Dmitrii-Sh: not filling in all in between, but given zesty merge is done that will at least hold that again
<Dmitrii-Sh> cpaelzer: thx for the info. It was a little confusing when I tried to verify that the needed commit is in-place. I tested the functionality but couldn't find the commit there
<cpaelzer> Dmitrii-Sh: for the time being you might fetch from git://git.launchpad.net/~usd-import-team/ubuntu/+source/qemu
<cpaelzer> Dmitrii-Sh: that at least has it on a "per ubuntu version" base
<cpaelzer> Dmitrii-Sh: splitting and cleaning all of that is - as I said - part of my mereg work I'm on atm
<Dmitrii-Sh> cpaelzer: good to know, I'll stash the url somewhere
<lamont> hallyn: I feel exactly zero ownership for open-iscsi -- mine was a driveby :D  -- having said that, your debdiff looks like a good plan, and maybe even a bug fix
<Hakon> Hello. I'm getting "Failed to start nfs-idmapd.service: Unit nfs-server.service not found." when trying to run idmapd on a client. Does it need to run nfs-server to get idmapd?
<Hakon> this is ubuntu 16.04 btw.
<hallyn> lamont: kthx
<j3r0> best way to parse apache log files with python?
<j3r0> wrong channel sorry
<t4nk451> Hello, anyone knows a good rack server? and one that doest use much electricity?
<t4nk451> For low price?
<genii> Of the combination of Good, Efficient, and Inexpensive you can usually find any combination of those two things together but rarely all three
<RoyK> any idea how I can monitor synchronous i/o only to just leave async stuff out of the equation for now?
<RoyK> genii: heh - he left a second after asking
<genii> RoyK: Yeah, I had typed the answer out but not hit enter yet because work distracted me, then just came back and hit the enter without checking joins/parts
<miczac> Hi, why has  'ifdown ensxx' / 'ifup ensxx' no effect after changing /etc/network/interfaces?
<miczac> neither has  'service networking restart'
<s7rawm4n> Hey. I have a fairly fresh install of ubuntu server 16.04.1, and I've been having major issues with connecting to the server over the intranet. Come to find out, my bios is reporting different MAC address for my ethernet card than my operating system. Anyone reason why this would be?
<lucas_ai> pytz is giving me a weird timezone for Los_Angeles. Any ideas why? It should be -08:00 instead of -07:53... 2017-01-17T12:30:00-07:53
<genii> lucas_ai: Looks like same problem as here: https://bytes.com/topic/python/answers/676275-pytz-giving-incorrect-offset-timezone
<genii> ( right down to the 7 minute discrepancy)
<lucas_ai> sounds pretty stupid. Timezones are never 7 minutes off from round numbers. Are they?
<lucas_ai> I don't understand why they'd do something like that
<genii> The page contains a fix if you read it
<lucas_ai> Yeah, the fix works!
<lucas_ai> thanks
<lucas_ai> but I'm still puzzled as to why pytz is so shitty!!!
<Miguel_Ubuntu> Hello. Where can I get some help on an issue related to bootstrapping Juju? Thanks in advance.
<stanford_AI> I'm looking for the most badass linux/robotics programmer. To build an indoor drone with deep learning. Do you know a good one here?
#ubuntu-server 2017-01-17
<compdoc> the only one I knew was so bad ass he beat me up and stole my gf
<stanford_AI> compdoc, sad to hear that :/ - should i stay away from them?
<compdoc> only if your gf is good looking
<misterpink> Is there anyway to backup Ubuntu server and "reload" it similar to restoring a snapshot of a VM?
<misterpink> Or is rsync the way to go?
<Jakethepython1> Hello Room i was wondering if anyone else has had troubleinstalling SAMBA
<fishcooker> is it safe to trim the memory availability to 2Giga RAM only if i have this usage http://vpaste.net/1lSSY ?
<lordievader> Good morning.
<seyeongkim> somebody can sponsor this issue for SRU? https://bugs.launchpad.net/nova/+bug/1298061
<ubottu> Launchpad bug 1298061 in nova (Ubuntu Trusty) "nova should allow evacuate for an instance in the Error state" [Medium,In progress]
<cpaelzer> jamespage: coreycb: ^^ ?
<cpaelzer> rbasak: I've used color-words often enough today that I wanted to thank you to make me aware of it
<rbasak> You're welcome :-)
<davmor2> hey guys quick question on uvtool is there a way I can connect to port 80 to test the nextcloud snap is running correctly from the host, I tried with the ip address and it failed so I'm assuming it needs some port forwarding
<rbasak> davmor2: where is the port 80 listener running? In the guest, as a snap? And from where are you trying to connect?
<davmor2> rbasak: so install 14.04 image in uvtool, connected to it via uvt-kvm ssh install the relevant bits to install snapd in the guest and install nextcloud now I would like to connect to it from the host browser rather than using a text browser in the guest
<rbasak> davmor2: uvtool shouldn't be interfering with that at all, assuming default network settings. Test using nc or something.
<davmor2> rbasak: basically I'm testing 14.04 snapd install and need to ensure the nextcloud snap is running as expected
<rbasak> davmor2: is the snap really listening on the guest's "outside" NIC interface?
<davmor2> rbasak: yeah that is a potential issue but it works in kvm where I manually set 8080 to point to port 80 on guest.  So I think it does
<rbasak> davmor2: "echo yes|nc -l 5555" in the guest, and then "nc <ip> 5555" on the host.
<rbasak> davmor2: and then remove the snap and try it with 80.
<rbasak> davmor2: also check the guest IP as viewed from the host is correct. "uvt-kvm ip <name>" will give you that.
<adrian_1908> I installed PHP7 on my 16.04 VPS and it seems that the php-fpm implementation was chosen. Has this become the default when not specified otherwise?
<davmor2> rbasak: hmm can't connect locally either I'll kill it and try again pre-snapd install incase that is breaking something thanks for the tips
<rbasak> adrian_1908: yes.
<rbasak> davmor2: you're welcome. I'm curious to know what the problem turns out to be.
<adrian_1908> rbasak: ok, thanks. (not complaining, just expected otherwise)
<rbasak> adrian_1908: OOI, why did you expect otherwise? I believe the default comes from Ondrej, the main Debian PHP maintainer. I'm not sure of his reasoning - perhaps what's used most widely or what is recommended upstream?
<davmor2> rbasak: the installation of snapd pulls in lost starting at systemd and working it's way up so it might be that kvm isn't taking it so lightly, if it fails again I'll try on hardware and see if it fails there too
<adrian_1908> I think it used to be more common/popular to run PHP as an Apache module (Last time I used PHP, it was version 5). I assumed this was the conservative choice to this date. The current default seems to be a superior option, so that's great.
<coreycb> seyeongkim, cpaelzer, i'll take a look at that nova sru
<davmor2> rbasak: now it works perfectly I think some setting must of got screwed up somehow :)
<rbasak> davmor2: OK. Thanks for reporting back :)
<coreycb> jamespage, ocata b2 is ready to promote
<coreycb> zul, backported panko to ocata-staging
<jamespage> coreycb, awesome!
<jamespage> coreycb, working that now
<jamespage> staging->proposed
<coreycb> jamespage, thanks
<jamespage> coreycb, its on the list
<jamespage> panko
<coreycb> jamespage, ok thanks
<zul> coreycb:coolio
<zul> coreycb: ahaha.....pypi.debian.net is down
<coreycb> cpaelzer, hi, you don't happen to have a liberty patch for qemu machine type issue do you?
<cpaelzer> coreycb: sorry, no
<coreycb> cpaelzer, just looking at your xenial diff from your ppa.  is the delta shown for debian/patches/ubuntu/define-ubuntu-machine-types.patch everything you had to patch for xenial?
<coreycb> cpaelzer, https://launchpadlibrarian.net/293383980/qemu_1%3A2.5+dfsg-5ubuntu10_1%3A2.5+dfsg-5ubuntu10.7~ppa1.diff.gz
<cpaelzer> coreycb: that has a lot of noise, especially since some types were missing IIRC
<cpaelzer> coreycb: the TL;DR of the change is
<cpaelzer> -+    pc_i440fx_machine_options(m);
<cpaelzer> ++    pc_i440fx_2_0_machine_options(m);
<cpaelzer> and similar
<cpaelzer> coreycb: the rest is work around to make it behave, e.g. it had double defaults and more extra issues
<cpaelzer> coreycb: for liberty if otherwise ok you mainly have to translate that diff above
<cpaelzer> coreycb: since that was before a rewrite it likely comes down to some COMPAT structs
<cpaelzer> coreycb: but that was so "before my time" that I can't tell for sure
<cpaelzer> The Makros like DEFINE_I440FX_MACHINE modularize a lot what the old definitions were like
<coreycb> cpaelzer, ok i'll take a look.  the code seems to be quite a bit different at first glance in 2.3 vs 2.5.
<cpaelzer> yes it does
<cpaelzer> there were two rewrites of this
<cpaelzer> and to make it worse - different archs do it differently
<cpaelzer> coreycb: I'll ping you once I have a qemu 2.8 to test and will refresh the ppa for the bug - if until then we have a ppa fix for Liberty we can try to go along a fully fixed upgrade path
<teward> is someone able to update the server team work page for me to mark the nginx merges as blocked or similar?  there's an fPIE/fPIC problem that causes explosive build failures, and unrelated build failure cases when not building fPIE/fPIC that break the ability to merge.
<teward> and since i had to reinstall my OS I lost the link for the work blueprint... :p;
<alibama> iâve got a server thatâs shooting out spamâ¦ iâm running maldet to see if there are open scripts, but i suspect itâs somehow going through a drupal installâ¦ just not sure, and not entirely sure where to beginâ¦. any advice on this?
<alibama> iâm going through and updating everything, checking all the applicationsâ¦ any other ideas?
<dasjoe> Disable local mail servers
<blueking> I have ubuntu server.. with dual nic intel I210AT that supports vlan tagging...  much work to put in lacp + vlan tagging ?
<genii> !vlan
<genii> Hm
<genii> blueking: https://wiki.ubuntu.com/vlan seems to have pretty comprehensive instructions
<blueking> just wonder, dual NIC onboard.. using lacp + vlan are possibly yes ?
<sarnold> I'm 90% sure I've seen that documented somewhere before
<blueking> and vlan 100 and vlan 200 have routing activaded on router... if add vlan 100 and 200 on pc ubuntu..   there are switch between pc and router.. when a pc on vlan 100 request a file from pc-ubuntu  it doesn't go through router but only switch.. and same to pc on vlan 200 request same file on pc-ubuntu.. ?
<blueking> like watching movies +++
<blueking> hmm  ubuntu have no support for lacp/link aggregation ?
<qman__> it most certainly does
<qman__> https://help.ubuntu.com/community/UbuntuBonding
<blueking> ok  wiki ubuntu said nothing about it :P
<qman__> to combine bonding, bridging, and/or vlan, you just do them together, keeping in mind that bonding happens at the lowest level, then bridging, then vlans
<qman__> so you'd have your physical interfaces part of a bond0 interface, and then a bond0.x interface for the vlan
<blueking> don't need bridge ?
<qman__> if you're bridging, that goes in between, bond0, br0 bridging bond0, br0.x for vlan
<blueking> what's point of bridging ?
<qman__> if you need to bridge to other interfaces
<qman__> my use case, and a common one, is for a VM host, needing to bridge VMs to the bond
<blueking> not many uses to that on a pc setup.. mostly on switches and routers ?
<qman__> mostly for virtual hosts (both servers and PCs in lab scenarios) and stuff that requires very high availability
<blueking> never used vm before
<blueking> no clue about it :P
<blueking> my goal are to reduce load on router
<sarnold> do you have evidence that your router is actually suffering under some kind of load?
<blueking> router have 8 ports.. define a 'vlan' subnet on each interface (no port trunking of vlans on one interface)   give each subnet vlan ID on switch  the router supports 8Gbps
<blueking> no switch chip on router
<blueking> and it would need 3 layer  switch to switch at vlan level I've been told
<qman__> if you're not already running separate vlans, they aren't going to do anything for you here, the purpose of a vlan is network segregation, not performance
<blueking> software switching on routing reduces performance on router...
<blueking> on router
<blueking> reason for vlan's are limit kids access to net by time
<blueking> and have a guest zone
<blueking> if bonding + vlan on fileserver means  pc's on diff vlans can go straight to fileserver and not beeing routed through router ?
<sarnold> you might want to sketch a diagram of your network
<qman__> you would only configure vlans on the ubuntu server if the ubuntu server is connected to a trunked port
<mwhahaha> hey folks, it seems that there has been an update in which /etc/default/libvirt-bin is no longer being shipped in packaging. is this expected? (/etc/default/libvirtd seems to be the spot now)
<mwhahaha> so if anyone cares, it seems to be the alignment with the debian package (libvirt 2.5.0-3ubuntu1~cloud0). the old service name libvirt-bin has an alias but the default file is now /etc/default/libvirtd
<dannf> hey smoser - do you have plans to SRU LP: #1640519 back? I can prepare an upload if you prefer
<ubottu> Launchpad bug 1640519 in curtin (Ubuntu Yakkety) "arm64 xenial maas images don't include u-boot-tools package" [Undecided,Confirmed] https://launchpad.net/bugs/1640519
<smoser> dannf, i think we'd just grab zesty and pull it back.
<dannf> smoser: *nod*
<smoser> i'll talk to rharper tomorrow and we can look at that.
<smoser> dch would look like http://paste.ubuntu.com/23818780/
<smoser> which is all tests or bug fixes so unless there is something else we want in, i think we can proably do that tomorrow.
<dannf> smoser: cool, thanks!
<smoser> dannf, youc ould help by writing an SRU template on that bug
<dannf> smoser: will do
<shygirl> any one seeing my messages?
<shygirl> Oh nvm
<shygirl> hihi
<shygirl> Is this for ubuntu vps (using ubuntu 16.04 OS) as well?
<dasjoe> Most probably, yes
<shygirl> I have some weird processes i don't know about
<shygirl> And never seen before
<shygirl> what's these http://i.imgur.com/mqOhY0H.png :~ ps -x
<dasjoe> Most are related to your block devices
<shygirl> block devices?
<sarnold> kpsmoused?
<shygirl> I've never seen them before until i ran a command and mess up my whole permission system
<sarnold> huh look at that I've got a kpsmoused on my laptop
<shygirl> http://i.imgur.com/szge7Yn.png
<dasjoe> shygirl: your disk(s), storage devices
<shygirl> so why are they showing there
<shygirl> it wasn't like that before
<shygirl> how to fix
<shygirl> .
<sarnold> that's normal
<shygirl> should i close them?
<shygirl> er.. kill?
<sarnold> no, and since those are kernel threads, you probably couldn't even if you tried
<shygirl> I'm looking for a special process
<shygirl> is there a way to search?
<sarnold> pgrep has many, but I'm too lazy to learn it, I just use ps auxw | grep ...
<shygirl> also, how do i fix my permissions system?
<shygirl> I can even do "apt-get" without root now
<sarnold> it depends upon what's broken. btw apt-get on its own doesn't require privileges to run it, but you'll need privileges to use e.g. apt-get update or apt-get upgrade
<shygirl> i usually need sudo to do it
<shygirl> now, it runs without promptng sudo
<shygirl> because of a command i ran b4
<shygirl> need to revert changes
<shygirl> .
#ubuntu-server 2017-01-18
<Guest43> Installing Gazelle torrent tracker with 16.04 apache and php 7.1 - get a white screen upon install.. have php errors on but nothing but a white screen.. any help?
<sarnold> check error logs?
<Guest43> yep
<Guest43> empty
<sarnold> do you get better diagnostics if you connect via localhost rather than a public internet?
<sarnold> s/internet/interface/ stupid fingers
<Guest43> same
<keithzg> Hmm, in the process of upgrading a bunch of servers, and I haven't yet actually upgraded the one that runs apt-cacher-ng for our repo mirroring/caching. But one of the VMs already upgraded is now refusing to update from that mirror because it "does not have a Release file".
<keithzg> Does anybody know if this would be expected to work again once I upgrade the server in question that's running the apt-cache-ng instance to 16.04 as well? Or will there be some further steps I'd have to take? Or, worst-case scenario, is apt-cacher-ng now being left behind by changes to apt security?
<sarnold> even 0.6-1 knew to treat the InRelease files specially https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622272
<ubottu> Debian bug 622272 in apt-cacher-ng "apt-cacher-ng: should treat InRelease as a volatile file" [Important,Fixed]
<sarnold> so I'd hope whatever acng you've got installed is prepared to work with releases that prefer InRelease
<eatingthenight> hello, I have 4 interfaces on my server but only one is plugged in normally ifconfig only shows the interface that is plugged in such as eth0. however on a new server class i got if config is showing all of the interfaces.
<eatingthenight> even though 2 of them are not plugged in
<eatingthenight> currious what is causing this to happen and what i can look into to better understand why this is happening.
<eatingthenight> also cat /sys/class/net/eth1/speed reports -1
<eatingthenight> which as far as i know is not even a valid output
<eatingthenight> this is on bare metal not inside a container/vm where i would expect this kind of strange behavior
<cpaelzer> mwhahaha: thanks for the FYI - I'll take a look at libvirt if that needs a conffile change or even more
<cpaelzer> mwhahaha: that was already the case for yakkety (libvirt 2.1)
<cpaelzer> mwhahaha: but I see you are in the cloud archive version of these things, yet there seems to be a valid set of breaks/replaces between libvirt-bin and libvirt-daemon-system and a debian/libvirt-daemon-system.maintscript that should take care of the move
 * cpaelzer is looking if the version statements in there could cause any issues
<cpaelzer> hmm the mv_confile says 1.3.3-2, while I'd have expected 2.1.0-1ubuntu1~ to be more correct but still, on a normal upgrade cycle this should match as xenial is on 1.3.1-1ubuntu10.6
<cpaelzer> maybe that is special to the upgrade paths you take through ubuntu cloud archive upgrades
<cpaelzer> coreycb: jamespag`: could that be an issue only along the path of versions a cloud archive user traverses on upgrades? ^^
<fishcooker> http://vpaste.net/WKF7A which is the failed one if i have 16 DIMM installed and this configuration http://imgur.com/WjLTxfJ is it C2 or C1 or something else  this is my manual https://data2.manualslib.com/pdf2/33/3250/324995-asus/rs720e7rs12e.pdf?6a64c52263547b881f8e426b24b633a8
<lordievader> Good morning.
<Raboo> morning
<lordievader> Hey Raboo
<Raboo> Hey, how's it going?
<lordievader> Doing okay, waiting for coffee.
<Raboo> hmm, brb gotta make some tea
<Raboo> now i got a hot bewerage
<Raboo> i'm having a problem, and don't really know where to start looking for solutions.
<lordievader> What is the problem?
<Raboo> i wrote a ubuntu cloud image to a hdd on bare metal
<Raboo> but when it boots, it's super slow
<Raboo> takes like 30 minutes
<Raboo> http://i.imgur.com/sr1Aodp.png
<Raboo> i'm trying to build some scripts to make it possible to deploy the cloud images to bare metal
<lordievader> What hypervisor are you using?
<Raboo> no hypervisor, told you, my intention is to push these images to bare metal nodes
<Raboo> i'm using https://theforeman.org/ + pxe to deploy the image
<lordievader> Ah, bare metal. Missed that.
<Raboo> so basically what i do is partition the disk, dd the raw image to rootfs partition
<Raboo> mount it and add som cloud init configs, interfaces + resolv.conf
<Raboo> install grub
<Raboo> unmount, reboot..
<Raboo> and it boots, but it takes forever
<Raboo> and i know it's using linux-image-XXX-generic so it should have support for the hardware
<Raboo> i found one thing, gonna try that, https://bugs.launchpad.net/cloud-images/+bug/1598108
<ubottu> Launchpad bug 1567265 in cloud-images "duplicate for #1598108 ubuntu/xenial64 vagrant box boots up slowly" [Undecided,New]
<qsong> Can ubuntu 16.4 support selinux on s390x?
<lordievader> Ubuntu has Apparmor.
<qsong> Has anyone use selinux to replace apparmor
<qsong> I just want to known whether selinux can be supported on ubuntu
<Raboo> qsong i think selinux is "EL" specific
<Raboo> RHEL, CentOS, SuSE.. etc..
<qsong> Yes, EL support by default
<qsong> but we need to consider whether ubunbu is also support
<Raboo> i don't think you will find anyone that have implemented selinux on Ubuntu
<qsong> our application need to work on ubuntu, need to consider whether it will be blocked by selinux
<Raboo> Apparmor is similar to selinux
<qsong> Does any official document on Ubuntu has listed that selinux is not recommend.
<Raboo> don't think so, I just figure it's not implemented
<qsong> Yes, I know, what I want to do is to verify that our APP can work well even selinux is enabled on Ubunut
<qsong> Thanks Raboo, will pursuade other team members to abandon this test
<Raboo> selinux exists for ubuntu, but my personal believe is that not many use it.
<Raboo> i could be wrong
<qsong> Yes, I agree with you, Apparmor is the default choice.
<xnox> lordievader, Raboo: i think we have all security things enabled (at least in kernel) selinux, apparmor, smack.
<xnox> i think somebody did use selinux... but it's not default and they made their own policies for /everything/ they used.
<xnox> the default is apparmor, but one can use selinux with determination
<cpaelzer> jamespage: Debian now has DPDK 16.11-1 https://buildd.debian.org/status/package.php?p=dpdk
<cpaelzer> jamespage: note that ppc now is also enabled
<cpaelzer> jamespage: I'd like to sync that into zesty, but then I know that openvswitch needs a rebuild after that
<cpaelzer> jamespage: never done a sync, nor a sync caused need for rebuild
<cpaelzer> jamespage: if you'd have a minute to tell me who-does-what in this case that would be great
<cpaelzer> jamespage: btw - that version is (almost) identical to what I tested at https://launchpad.net/~paelzer/+archive/ubuntu/dpdk-packaging-tests
<cpaelzer> seems to be syncpackage + waiting + no-change-rebuild upload of openvswitch
<cpaelzer> yet doing these particular steps the first time a mini-coordination would be nice
<mwhahaha> cpaelzer: it's not so much upgrades as our tooling (puppet) broken because the file location change and also the group changed
<cpaelzer> mwhahaha: ah I see, so the package upgrade makes sure that the old content is transferred (if you had any)
<cpaelzer> mwhahaha: but I see - if you had externel references that is an issue
<mwhahaha> we're updating but it broke a bunch of stuff
<cpaelzer> mwhahaha: :-/
<mwhahaha> there's also some ceilometer and aodh issues we're working through with the last update to the ocata cloud stuff
<cpaelzer> mwhahaha: then at least it broke due to the file no more being there instead of silently going on changing a file that has no effect - that was the bug I first thought would occur
<cpaelzer> conffile changes are a defined thing, I wonder if there is a way to generate a list of all conffile changes along an upgrade so that automation (or at least operators) could be aware
<cpaelzer> mwhahaha: not sure if that would help, but with "dpkg-query -W -f='${Conffiles}\n' | sort" you can get a list of all configfiles on a system
<cpaelzer> mwhahaha: doing so before & after a major upgrade test and diffinf git could identify changed location and/or changed default content (via the checksum)
<cpaelzer> that would allow you to process all changes logically one by one instead of trial&error into whatever shows up
<mwhahaha> unfortunately the way the cloud archive updates are applied it's not possible to understand the diffs between the updates as the previous version of the package no longer exists
<mwhahaha> i'm not dealing with newton->ocata, but rather the live ocata repos
<cpaelzer> ah I see
<mwhahaha> so what worked monday, got broken tuesday because of packaging
<cpaelzer> and your external puppet now needs fixes to be able to handle, gotcha
<mwhahaha> so i'm part of the puppet openstack team and so these are changes that used to work (for many cycles) that were broken with this latest update. and since there's no warning it just breaks all of our ci
<rbasak> mwhahaha: I'm not familiar with most of this, but I believe that we pre-publish all proposed updates before they land for regression testing. Given you have CI, can you hook into that? Then you could report back before updates land, possibly blocking or fixing the update, etc.
<mwhahaha> rbasak: I can look into that as well. But rather than pushing that to us, perhaps it would be more beneficial for you to leverage our CI? we already integrate with RDO so they are aware of possible regressions. It'd be nice to get visibility UCA current work
<rbasak> mwhahaha: not my department, I'm afraid. I'm just suggesting the possibility in the hope that it is helpful.
<coreycb> zul, https://review.openstack.org/#/c/417591/
<rbasak> beisner, jamespage: ^
<zul> coreycb: yeah thats because keystoneauth was hiting the same issue keystone is and they made a backward/forward compatible change https://bugs.launchpad.net/keystone/+bug/1657452
<ubottu> Launchpad bug 1657452 in OpenStack Identity (keystone) "Incompatibility with python-webob 1.7.0" [Undecided,New]
<zul> coreycb: this is my incomplete/perhaps wrong attempt to fix it https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/keystone/tree/debian/patches/webob-1.7-fixes.patch
<coreycb> mwhahaha, sorry i'm just looking, is there a package bug?
<mwhahaha> coreycb: i did not create one as it seems to be intentional, just wasn't sure if people were aware of the impact of these things
<coreycb> mwhahaha, can you catch me up?  i'm missing context.
<mwhahaha> coreycb: new ocata packages, broken puppet openstack due to many new changes. first one we found was libvirt upgrade changed /etc/default/libvirt{-bin,d} and group libvirt{d,}
<mwhahaha> coreycb: still working throught all the other items that were broken by the new packages (ceilometer, aodh are known for ow)
<coreycb> mwhahaha, much of b2 was promoted to ocata-proposed yesterday.  ocata-updates is still the old packages fwiw.  once we get everything promoted i plan to send an announcement.
<coreycb> mwhahaha, we moved a bunch of api's to mod_wsgi
<mwhahaha> coreycb: right we already handle the mod_wsgi bits so the automatic file creation is problematic for us
<mwhahaha> coreycb: we might be running proposed instead of updates i'm still getting spun up for the day so i haven't looked a that yet
<coreycb> mwhahaha, ok I'd need to look into that.  we backported libvirt from zesty to the xenial-ocata cloud archive
<mwhahaha> coreycb: i'm working on updating the puppets to handle the new locations and stuff, i just wanted to raise awareness that these things have impacts on external tooling
<coreycb> mwhahaha, of course :)
<coreycb> mwhahaha, we're definitely aware of that.  we maintain juju charms too so we know there are updates throughout every release that need to be made.
<coreycb> mwhahaha, ok we hit that libvirt one too.  we had to put some logic in the charms to use different groups etc based on what release is being used.
<mwhahaha> coreycb: yea but we don't have that concept, so it makes our puppet-nova incompatible with the previous one. so that breaks our desire to keep modules at least 1 version backwards compatible
<mwhahaha> coreycb: so like i said, we're updating but it's not great for backwards compatibility :(
<coreycb> mwhahaha, we'd have to chat with libvirt folks on that one.  i'm not too up-to-date as to why that stuff changed.
<mwhahaha> probably to align it with the debian version
<cpaelzer> coreycb: to drop a major delta to debian
<cpaelzer> done already in the early yakkety cycle
<cpaelzer> like "big changes post-LTS"
<cpaelzer> to give time to adapt pre next LTS
<coreycb> cpaelzer, ack thanks
<mwhahaha> oh btw we do use proposed
<mwhahaha> so that's why we hit it yesterday
<coreycb> mwhahaha, that makes sense
<jamespage> coreycb, mwhahaha: fwiw it might be worth running the puppet models CI gate against -updates, we a regular test against proposed for early vis of these types of changes
<jamespage> models/modules
<jamespage> gosh I can't type today
<jamespage> we/with
<coreycb> jamespage, mwhahaha: that would make sense. just make sure you run a regular test against proposed to see these changes coming.
<zul> jamespage: btw glance https://bugs.launchpad.net/glance/+bug/1657459
<ubottu> Launchpad bug 1657459 in Glance "WebOb>=1.2.3 requirement for Glance will lead to 0 bytes backing image files on OpenStack Newton, although the image file sent to the python client does not have 0 bytes" [Low,Triaged]
<jamespage> zul, reason for build failures in proposed right?
<zul> jamespage: yeah...
<zul> jamespage: glance/nova probably as well
<mwhahaha> jamespage: so it's kinda when we want to get hit by these, honestly running against updates means we'd just get hit by these later. Since we can't control the promotion process, it's more beneficial to get these sooner than later :D specifically these changes are not backwards compatible so we'd get broken either way. it would just be a matter of time
<coreycb> jamespage, zul: yeah so webob issues with 1.7.0 look like they run deeper than just test failures
<zul> coreycb: gah
<coreycb> zul, well based on that glance bug you posted
<zul> coreycb: yeah...im not too happy about this
<jge> hey all good morning, I'm trying to find out what process is sending a bunch of UDP traffic out onto the network but I'm not getting anything.. I did a tcpdump on the box, found out the local port: 3955 then do a netstat -apn | grep 3955 but nothing
<jge> the connection is active as I'm seeing that traffic flowing
<jge> I'm trying to find out what process (if any) is sending it
<jge> any ideas?
<rbasak> jge: try with --inet6
<rbasak> (even if it's IPv4 traffic you're seeing)
<jge> rbasak: I did a netstat -apn --inet6 | grep 3955 and nothing
<DammitJim> what log tells me information with timestamps of a shutdown?
<DammitJim> I'm trying to figure out why when shutting down a server, it takes close to 10 minutes
<DammitJim> and the last thing I see on the screen is: Stopped LVM2 metadata daemon
<DammitJim> Thanks!
<rbasak> jge: I'm not sure then, sorry. Try without the -a and separately with --inet and --inet6 instead, only because that's what I normally do. If that doesn't work, then the only things I can think of are rootkit and a process that doesn't hold the socket for long, so it's racing you.
<rbasak> There probably a simpler, less serious explanation but I cannot think of one.
<rbasak> iptables can do logging of origin user I think. If not try nftables if you have a new enough system.
<jge> rbasak: it's a bunch of UPnP traffic, which I automatically associate with something up to no good, so I'm not throwing away the idea of a rootkit or malicious process, if iptables do do logging of origin user would it show a PID or the likes?
<jge> I captued about 2-3 minutes worth of traffic and around %50 of it was all UPnP broadcasts, which seems excessive but it could also be that this box doesn't see a lot of traffic flowing
<rbasak> jge: oh. There's a thought. Could it be a raw socket?
<rbasak> UPnP is more likely than average to use raw sockets.
<rbasak> jge: iptables may be able to capture pid as well.
<jge> I used 'ss -w -a' to check that and three connections come up but they're binded to *:icmp and :::ipv6-icmp
<rbasak> jge: if it's using a raw socket, it'll show up in netstat but not under --inet or --inet6 and it won't show you port numbers.
<jge> I did a netstat, under proto all show up as unix
<jge> if it's a rootkit or process that doesnt hold socket for long, would I be able to see it if I fire up the netstat command under "watch 1" for example?
<rbasak> jge: I think your netstat would take orders of magnitude of attempts in order to win the race.
<rbasak> I'm not sure it's that likely though.
<cpaelzer> rbasak: ping, still around?
<jfk-cm> I don't know where to ask this question. I was on #ubuntu and someone suggested this. I'm having problems running Selenium Standalone server on Ubuntu 16.10. It seems to start in Terminal but when I try to create a session it says "Unable to create new session". It works fine in Fedora.
<sarnold> does it have a verbose option that would give some useful information? or an error log?
<DammitJim> what log tells me information with timestamps of a shutdown?
<DammitJim> I'm trying to figure out why when shutting down a server, it takes close to 10 minutes
<DammitJim> and the last thing I see on the screen is: Stopped LVM2 metadata daemon
<jfk-cm> This is what shows when I try to run a Nightwatch test:
<jfk-cm> Error retrieving a new session from the selenium server
<jfk-cm> Connection refused! Is selenium server started?
<jfk-cm> { state: 'unhandled error',
<jfk-cm>   sessionId: null,
<jfk-cm>   hCode: 920681884,
<jfk-cm>   value:
<jfk-cm>    { localizedMessage: 'Could not initialize class sun.security.ssl.SSLContextImpl$TLSContext',
<jfk-cm>      cause: null,
<jfk-cm>      suppressed: [],
<jfk-cm>      message: 'Could not initialize class sun.security.ssl.SSLContextImpl$TLSContext',
<jfk-cm>      hCode: 728090681,
<jfk-cm>      class: 'java.lang.NoClassDefFoundError',
<jfk-cm>      screen: null },
<jfk-cm>   class: 'org.openqa.selenium.remote.Response',
<jfk-cm>   status: 13 }
<jfk-cm> I don't know how to find any logs
<teward> !pastebin | jfk-cm
<ubottu> jfk-cm: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<teward> for the future
<sarnold> oy, if you're going to paste more than about two lines it's best to use a pastebin site :)
<teward> sarnold: ohai
<sarnold> morning teward :)
<jfk-cm> Thanks. I'm new to this.
<teward> sarnold: I assume you saw my pings from over 24 hours ago
<teward> ?
<sarnold> jfk-cm: so, that thing at least says the server isn't running. that's a starting point. use ss or netstat to look for the server on the ports you expect it to be on.
<sarnold> teward: maybe? which ones.. sorry.
<teward> sarnold: in -hardened
<jfk-cm> I can go to the localhost port and see the server is up. But even when I try to create a browser connection through that interface it says "Connection refused"
<sarnold> teward: aha, right, the pie/pic problem :( I really wish they just used bloody makefiles as they were intended rather than trying to generate magic makefiles with scripts that are longer than the things they were generating. I'm sure of it.
<teward> sarnold: well i'm going to *try* and implement a fix that we did back in the 14.04 days to fix some of the Perl compile fails anyways
<teward> but, I'm not sure it'll work
<teward> because even with fPIE disabled, I'm still getting a lot of fails
<sarnold> jfk-cm: just to be clear, when you see 'the server is up', is that the selenium server that you see up? or your website?
<sarnold> teward: ugh
<teward> sarnold: so for now i'm just working on standard builds, without dynamic modules.  For now.
<teward> (next LTS, I want it all merged heh)
<jfk-cm> http://imgur.com/a/lovtd
<kyle__> cleaning up an old server, and noticed an entry in /etc/passwd where the second col starts with 8+.  I'm used to $6$, $5$, $2a$, $2y$, $1$...is .... is that seriously a 3DES password in there?
<sarnold> wow :)
<blacknred0> is there a way to sync ~/.ssh/known_hosts ?
<blacknred0> is rsync my answer :P :)
<sarnold> blacknred0: depending upon what you're trying to do, look into monkeysphere and sshfp
<blacknred0> sarnold: i'll take a look at both, but essentially every time i add a host to one server i would like to have that host sync across other servers
<DammitJim> what is ens160?
<sarnold> DammitJim: looks like a NIC http://www.ehowstuff.com/new-naming-scheme-for-the-network-interface-on-rhel-7centos-7/
<DammitJim> so, I guess we need to learn to use ens now
<sypher> DammitJim: Not always "ens."
<DammitJim> WOOT?
<teward> sarnold: I think i may have found the issue
<teward> maybe
<teward> sarnold: holy crap I think I fixed the build failures...
<teward> it just has to finish compiling a few more modules and I'll know if it worked
<teward> HOLY HELL I GOT IT WORKING
<teward> sarnold: ^ that's... good news, because I only disabled -fPIE in the perl flags heh
<teward> the rest is... working, I think
<teward> gonna push to a PPA and test
<PryMar56> teward, or append to cflags: -fno-pie
<PryMar56> ^^ was it yakkety?
<teward> PryMar56: it was all distros
<teward> PryMar56: it was actually lacking -fPIC as a build flag
<teward> adding that seems to make it work
<teward> while disabling -fPIE in the hardening flags for the perl modules specifically
<sarnold> teward: sweeeet :D
<teward> sarnold: HOLY HELL IT BUILDS!
<sarnold> PryMar56: the thing is, nginx's makefiles are a mess. it's quite hard to just say "please build with -fpic" :(
<sarnold> teward: well done :D
<teward> sarnold: does this look sane?  http://paste.ubuntu.com/23824662/
<teward> 'cause while this lands in the PPAs, it's going to land in the merge delta
<teward> unless I can get Debian to include the -fPIC changes, which will fix a lot of the issues
<teward> (even though it doesn't break in Debian, getting it there will help if something ever *does* break in Debian)
<sarnold> teward: I'm a touch surprised about the hardening=+all, but all that machinery predates me, so I never learned it well
<teward> sarnold: i have an sbuild log if you want to review that too
<teward> sarnold: that's actually still in Debain
<teward> Debian*
<teward> but hey it works and fixes some build explodes, so blarghl
<sarnold> teward: oh right right
<teward> sarnold: some of that is left over from 14.04
<teward> when we implemented to address a wishlist to enable bindnow and PIE
<teward> but hey I have something that builds heh
<sarnold> teward: have you had a chance to run hardening-check on the results?
<teward> sarnold: no, but for the PPAs I'm more concerned about getting that building first
<teward> since the PPAs are, what, three months behind?
<teward> i'll hardening-check that after it's uploaded
<PryMar56> take a look at: dpkg-buildflags --export | sed -e '/fix me/', insert into the debian/rules after importing default.mk
<teward> sarnold: holy crap, look at all the successful builds!  ^.^   https://launchpad.net/~teward/+archive/ubuntu/nginx-stable-testing/+packages
<teward> (except the two that are waiting)
<teward> sarnold: once amd64 builds go through, i'll install and hardening-check it
<sarnold> sweeeet
<teward> sarnold: that means now all I have to do is apply the Ubuntu delta to a base from Debian, and add in the delta for fixing fPIE/fPIC, and boom
<sarnold> teward: heh is there no chance to get debian to accept the different package splits I forced on you?
#ubuntu-server 2017-01-19
<teward> sarnold: there might be after we fuss with the dynamic module stuff
<teward> because we'll have a 'hybrid' build but the core static nginx will have the same modules compiled in for all flavors
<teward> so we have a 'base' set of stuff
<teward> plus additional addon dynamic modules
<teward> hence the clusterf*** that is a hybrid between dynamic and static buildings
<teward> oh fun, looks like it doesn't build in Precise anymore
<teward> Figures.
<sarnold> awww bugger
<sarnold> I was impressed that it looked like it was going to
<sarnold> precise's toolchain is feeling pretty old at this point
<sarnold> even trusty is feeling .. not so trusty. heh.
<teward> sarnold: yeah, well
<teward> sarnold: i already pulled Precise support from the mainline PPA
<teward> several months ago
<teward> just pulled a "Nothing past 1.10.1" on the Stable PPA for Precise"
<teward> but it won't build, so...
<teward> sarnold: it *looks* like it builds everywhere else
<teward> so blah
<teward> but, of course, that's PPAs, not the standard repos
<teward> so I can do what I want there :P
<teward> but it's definitely a nice test bed for a merge build test
<sarnold> teward: but that diff looked promisingly small enough that it's probably also right :)
<teward> sarnold: you're right, but it doesn't want to behave in 12.04
<teward> so blah
<teward> there's a "Please backport" bug in place for Zesty -> Yakkety+Xenial+Trusty
<teward> not sure if that falls under SRU policies
<teward> but even without dynamic modules, it'll need those build flag changes
<AlecTaylor> hi
<AlecTaylor> Any chance someone can assign this bug? - https://bugs.launchpad.net/cloud-images/+bug/1569237
<stanford_AI> What do you think of our Drone product? http://adia.tech/
<lordievader> Good morning.
<cpaelzer> Hi lordievader
<lordievader> Hey cpaelzer, how are you?
<cpaelzer> good, thanks for asking
<cpaelzer> how about you lordievader - day still ok?
<AlecTaylor> Any chance someone can assign this bug? - https://bugs.launchpad.net/cloud-images/+bug/1569237
<ubottu> Launchpad bug 1569237 in cloud-images "vagrant xenial box is not provided with vagrant/vagrant username and password" [Undecided,New]
<cpaelzer> Odd_Bloke: you were on this bug before and it has to much context unknown to me to answer - could you once more look at the bug AlecTaylor pinged about?
<lordievader> cpaelzer: Day is quite okay here, yes :)
<ktechmidas> Anyone here use LXD? I have /var/lib/lxd on a seperate hard drive, I pulled it out of one machine and plugged it into another in the hope it would just work. I see all my containers on the new machine, but just "ERROR" next to all of them
<ktechmidas> how can I get it working on my new machine?
<ktechmidas> I'm using ZFS... but it appears there is nothing in the usual /var/lib/lxd/containers/container directories
<ktechmidas> so it maybe hasn't mounted properly?
<ktechmidas> not sure
<ktechmidas> does it even support offline migration?
<Odd_Bloke> rbasak: Thanks for your response in to that Vagrant bug. :)
<ikonia> win 1
<AlecTaylor> hi
<AlecTaylor> Any chance someone can assign this bug? - https://bugs.launchpad.net/cloud-images/+bug/1569237
<ubottu> Launchpad bug 1569237 in cloud-images "vagrant xenial box is not provided with vagrant/vagrant username and password" [Undecided,New]
<Odd_Bloke> AlecTaylor: o/
<Odd_Bloke> AlecTaylor: rbasak posted a comment with a pointer at IRC logs this morning; did you have a chance to read through that?
<Odd_Bloke> AlecTaylor: The TL;DR is that we have two different classes of users for our Ubuntu box: Ubuntu users who happen to use Vagrant, and Vagrant users who happen to use Ubuntu.  Finding a way to make both parties happy has proved to be challenging, to say the least.
<AlecTaylor> Odd_Bloke: Nope, just scrolled through my logs, I must've been logged out when he replied
<Odd_Bloke> AlecTaylor: It was a bug comment, rather than a comment in IRC. :)
<Odd_Bloke> AlecTaylor: We regularly observe that clouds that ask us to change the default user from ubuntu to something else get push back from Ubuntu users, because they expect the ubuntu user to be present.
<AlecTaylor> Odd_Bloke: Quick question: what's the default Xenial password?
<Odd_Bloke> So switching from ubuntu->vagrant just alienates a different section of our userbase.
<AlecTaylor> Yeah was thinking two builds or something
 * AlecTaylor just surprised himself, `vagrant ssh` just worked :O
<AlecTaylor> That was failing earlier today
<AlecTaylor> Hmm let me try again
<Odd_Bloke> I haven't observed problems with `vagrant ssh` when they've been reported before.
<Odd_Bloke> s/observed/reproduced/
<Odd_Bloke> Which has obviously made fixing them... difficult. ^_^
<AlecTaylor> Odd_Bloke: I was just reading through `man ssh`, looking for a way to quiet the password auth
<AlecTaylor> Anyway `ssh -i ~/tmp/1ed4f71347864691b097db406f555b6a/.vagrant/machines/default/virtualbox/private_key ubuntu@127.0.0.1` is prompting me for a password
<AlecTaylor> But `~/tmp/1ed4f71347864691b097db406f555b6a$ vagrant ssh` works
<AlecTaylor> What am I missing?
<Odd_Bloke> AlecTaylor: @127.0.0.1 would be your host not the Vagrant guest, right?
<AlecTaylor> Ahh silly me
<AlecTaylor> Yeah was just thinking that
<AlecTaylor> Hmm, I know I can find it with `ip addr` or `ifconfig`, but is there a `vagrant` command for it, like `vagrant ssh-config`?
<Odd_Bloke> ssh -i .vagrant/machines/default/virtualbox/private_key ubuntu@127.0.0.1 -p 2222  # WFM
<AlecTaylor> Thanks
<Odd_Bloke> AlecTaylor: FWIW, I worked that out by doing `vagrant ssh --debug` and seeing this line: INFO ssh: Invoking SSH: ssh ["ubuntu@127.0.0.1", "-p", "2222", "-o", "Compression=yes", "-o", "DSAAuthentication=yes", "-o", "LogLevel=FATAL", "-o", "IdentitiesOnly=yes", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null", "-i", "/home/daniel/.vagrant/machines/default/virtualbox/private_key"]
<AlecTaylor> Ahh neat
<Odd_Bloke> I'm not sure if there's a better way to work out that port number.
<AlecTaylor> vagrant port
<Odd_Bloke> Presumably if you have more than one Vagrant machine running it's not the same for all of them?
<AlecTaylor> I'm already parsing all the output in Python so that's fine, so thanks
<saju_m> Hi
<saju_m> I have a doubt related to ubuntu server reboot
<saju_m> I have a node (ubuntu 14.04.03 LTS) which is a part of cassandra, zookeeper and rabbitmq cluster. I what to reboot this node. What are the precautions I should take before restarting this node. Since it part of a cluster, data should auto backup by other nodes in the cluster.But I am afraid to restart it directly. Please suggest some ideas.
<rbasak> saju_m: you're welcome to ask that question here, but it sounds like that's more of a cassandra, zookeeper and rabbitmq question. You might get a better answer asking in their community help areas.
<saju_m> zookeeper
<saju_m> rbasak, thanks, let me check
<saju_m> apache
<coreycb> zul, today is non-client library freeze for ocata
<coreycb> fyi
<zul> coreycb: yeah i know...that *all* im going to be doing today fyi
<coreycb> zul, sounds good
<zul> good morning btw
<zioproto> jamespage: are you familiar with the packages python-networking-l2gw and neutron-l2gateway-agent
<zioproto> looks like to use this neutron feature you need to add more tables to the database
<jamespage> zioproto, rings some bells
<zioproto> I installed the ubuntu packages in Mitaka but the alembic migration fails
<jamespage> zioproto, ah right now I remember
<zioproto> I opened a bug
 * jamespage thinks a bit harder
<zioproto> https://bugs.launchpad.net/networking-l2gw/+bug/1657747
<ubottu> Launchpad bug 1657747 in networking-l2gw "Alembic migration l2gateway_models fails when creating tables" [Undecided,New]
<zioproto> what kind of testing get this stuff when packaged for ubuntu ?
<zioproto> I should expect the alembic migrations to get trough ?
<zioproto> is this some code a vendor packaged just to do some PoC, or it is something worthed trying in production as far as you know ?
<jamespage> zioproto, I think it was put in archive to support vmware-nsx
<jamespage> but that's all a bit of a mess as well atm
<jamespage> these things all fall outside of the core neutron governance so quality and release alignment can be a bit variable
<zioproto> sounds like a plan to abandon the thing
<jamespage> zioproto, I remember that at least at release it worked (I have my fingerprints in the changelog afterall)
<jamespage> its possible we've had some level of drift against mitaka point releases
<zioproto> it look like a foreign check problem
<zioproto> I cant create a table
<zioproto> but even disabling the foreign checks to make a test would not let me create the table
<zioproto> this specific alembic migration did not change a lot in time
<jamespage> zioproto, what db backend are you using?
<zioproto> according to the git repo
<zioproto> mysql
<jamespage> the migrations are working ok for me in a mitaka deployment I had up for testing
<zioproto> so maybe because this is a db
<zioproto> that has been upgrading since icehouse
<zioproto> could be that is different from a fresh mitaka db
<jamespage> zioproto, well that is more than likely
<jamespage> I wonder whether its a networks.id mistmatch on type
<zioproto> varchar(36)
<zioproto> | id                      | varchar(36)  | NO   | PRI | NULL    |       |
<zioproto> this is the output of 'describe networks;'
<jamespage> zioproto, no that matches ok
<jamespage> hmm
<jamespage> puzzling
<jamespage> well you raised the bug in the right place - lets see if it gets some attention
<jamespage> zioproto, fwiw I only packaged it because it was a dep for vmware-nsx; the testing we've done with nsx does not include any l2gw stuff
<zioproto> great
<zioproto> there is any way to get good debug information from mysql ?
<zioproto> telling why the query fails ?
<jamespage> might be something in the mysql error log maybe?
<zioproto> I will check
<zioproto> bingo
<zioproto> the command
<zioproto> SHOW ENGINE INNODB STATUS;
<zioproto> give some good info
<zioproto> http://paste.openstack.org/show/595618/
<zioproto> maybe the key sentence is
<zioproto> such columns in old tables
<zioproto> cannot be referenced by such columns in new tables.
<zioproto> the l2gateway tables are created with the wrong collation
<zioproto> utf8_general_ci
<zioproto> instead of utf8_unicode_ci
<zioproto> I am not expert
<zioproto> I dont know if this is a problem with the query
<zioproto> can I pass to neutron-db-manage the collation value it should use ?
<zioproto> I have this problem https://bugzilla.redhat.com/show_bug.cgi?id=1320243
<ubottu> bugzilla.redhat.com bug 1320243 in mariadb-galera "Change OpenStack db collation from utf_unicode_ci to utf8_general_ci" [Medium,New]
<zioproto> jamespage: if you do show table status; on your mysql neutron db you see all the tables with the same collation ?
<jamespage> zioproto, mine are all utf8_general_ci
<jamespage> zioproto, is is possible that you switched the default collation between original install and now?
<zioproto> FIXED it !!!
<zioproto>  alter database neutron collate utf8_unicode_ci;
<zioproto> and I deleted the tables created by the half run alembic migration
<zioproto> thanks for the help
<zioproto> Cant figure out in ubuntu where to configure openvswitch to start the db with a --remote
<zioproto> I need to run it like
<zioproto> ovsdb-server --remote ptcp:6632:10.225.0.27
<zioproto> do I really have to hack the init script ?
<zul> coreycb: im not a debian developer
<zul> coreycb: jamepsage is
<coreycb> zul, k
<coreycb> jamespage, , any chance you could upload 0.158 of ubuntu-dev-tools to debian?
<zul> coreycb: doing debtcollector
<coreycb> zul, ok i'll start from the bottom of the list and let you know if i get to #20
<zul> coreycb: ok i got like a factory line going on right nwo
<zul> coreycb: fyi oslo.messaging is ftbfs for me right now
<jamespage> er
<teward> sarnold: so, now that I fixed the build issues, on to the merge xD
<zul> coreycb/jamespage: oslo.middleware needs webob fix as well
<coreycb> zul, sigh.. can you add to the bug?
<zul> yeah
<coreycb> zul, everything from 20->36 are uploaded for ocata (minus mox3. not sure we need it)
<zul> coreycb; ok working on 10 - 20
<zul> coreycb: ok all libraries either building locally, been uploaded, in the archive, or need more prodding
<coreycb> zul, awesome
<EmilienM> coreycb, zul: I know mwhahaha already told you but the latest OpenStack package update for ocata broke us a lot
<EmilienM> do you run CI on the packages? We can't even spawn a VM anymore
<LambdaComplex> What init service does Ubuntu Server use?
<tarpman> LambdaComplex: which version?
<coreycb> EmilienM, it's probably because of webob
<coreycb> EmilienM, https://bugs.launchpad.net/ubuntu/+source/python-oslo.middleware/+bug/1657452
<ubottu> Launchpad bug 1657452 in OpenStack Identity (keystone) "Incompatibility with python-webob 1.7.0" [Medium,In progress]
<coreycb> EmilienM, i could use support if you want to help push on that, if in fact that's what you're hitting.
<LambdaComplex> tarpman: 16.04.1 LTS
<tarpman> LambdaComplex: systemd
<coreycb> EmilienM, we do test, there are just so many moving pieces during the dev cycle that are getting auto-backported etc. ie. dependencies like webob that are not really openstack that get synced from debian.
<coreycb> EmilienM, so we test one day and the next day webob is at 1.7.0
<LambdaComplex> tarpman: Exclusively? I talked to someone who said something about it being some combination of systemd and upstart, but I'm wondering if he was mistaken
<tarpman> LambdaComplex: past versions used upstart. ubuntu desktop might still use upstart for some session management stuff - not sure. phone I think still does
<tarpman> LambdaComplex: server should be exclusively systemd at this point AFAIK
<EmilienM> coreycb: yes we hit that
<EmilienM> mwhahaha: ^ fyi
<OerHeks> tarpman +1 , systemd on system level, upstart for user level AFAIK
<EmilienM> coreycb: glance is unable to find the image, and we got this webob error
<LambdaComplex> OerHeks: But Ubuntu Server is exclusively systemd?
<tarpman> LambdaComplex: if you install from a server CD and then "apt get install ubuntu-desktop", what do you call the result
<LambdaComplex> tarpman: ...The Ship of Theseus? :D
<coreycb> EmilienM, that sounds like it.  sigmavirus is fixing glance via a separate bug: https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1657459
<ubottu> Launchpad bug 1657459 in glance (Ubuntu) "WebOb>=1.2.3 requirement for Glance will lead to 0 bytes backing image files on OpenStack Newton, although the image file sent to the python client does not have 0 bytes" [High,Triaged]
<coreycb> EmilienM, it doesn't look like anyone's working on nova though :(
<coreycb> EmilienM, there's a thread on the openstack-dev ML
<lynorian> well check the manifests if it does not have upstart on the manifest than no it does not have upstart
<lynorian> also apt-cache rdepends will tell you what reverse depends on it
#ubuntu-server 2017-01-20
<cmh__> Has anyone run into problems starting AppArmor on Xenial when there are a large number of profiles to load? It's been starting for ~2 hours, seems to be writing to /etc/apparmor.d/cache/usr.sbin.apache2. Kernel: 4.4.0-57-generic, Release: 16.04.1 LTS
<tyhicks> cmh_: hey - that's not a known issue
<tyhicks> cmh_: could you file a bug report?
<tyhicks> cmh_: what version of the apparmor package do you have installed?
<cmh_> tyhicks: apparmor 2.10.95-0ubuntu2.5
<tyhicks> cmh_: does `sudo apparmor_parser -Q /etc/apparmor.d/usr.sbin.apache2` complete? (shouldn't take more than a few seconds at the most)
<cmh_> tyhicks: adding the -v flag shows 'Addition succeeded for "Profile Name"' for the profiles.
<cmh_> On another server (same Kernel/Release) it shows "Cached load succeeded for "/etc/apparmor.d/cache/usr.sbin.apache2"." ...
<cmh_> hm
<zioproto> hello all
<zioproto> when is the next Horizon Newton package refresh gonna happen ? I am interested in this patch https://review.openstack.org/#/c/403160/
<zioproto> also it is not clear to me
<zioproto> when I do
<zioproto> debcheckout --git-track='*' horizon
<zioproto> and then I checkout stable/newton
<zioproto> it looks from the changelog that I am patching the yakkety tree
<zioproto> there are different git repos for xenial and yakkety ?
<zioproto> I understand openstack releases are in different git branches, but what about the target distro ?
<lordievader> Good morning.
<zioproto> jamespage: coreycb any of you here ?
<zioproto> Anyone has experience building Openstack Newton deb packages for Ubuntu Xenial ?
<coreycb> zul, python-webob 1:1.6.2-2 synced from unstable
<coreycb> zioproto, o/
<zul> coreycb: yippe skipee
<zul> coreycb: ill keep an eye on things
<zioproto> coreycb: hey there, did you read what I wrote earlier in the channel ?
<zioproto> debcheckout --git-track='*' horizon
<coreycb> zioproto,  "I understand openstack releases are in different git branches, but what about the target distro ?"
<zioproto> yes
<zioproto> when I see the changelog
<zioproto> in the debian folder
<zioproto> I see yakkety lines
<zioproto> but I am building for xenial
<coreycb> zioproto, ok
<coreycb> zioproto, first, yes we only have branches per openstack release
<zioproto> okay. Now I am working on this repo git://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/horizon
<zioproto> I am in stable/newton
<coreycb> zioproto, xenial corresponds to mitaka.  however it's also an LTS so we support the cloud archive for newton and ocata on xenial as well.
<zioproto> ok, so how do I make newton packages for xenial ?
<zioproto> I mean, I just write yakkety in the changelog ?
<zioproto> and then I build with sbuild-newton
<zioproto> sbuild-newton -d xenial-amd64 -A ../horizon_10.0.1-0ubuntu2.dsc
<coreycb> zioproto, that's correct
<coreycb> zioproto, s/yakkety/xenial-newton/ though
<zioproto> version number of the packages is the same across xenial and yakkety ?
<zioproto> wait I did not understand where I have to replace s/yakkety/xenial-newton/
<coreycb> zioproto, version numbers of the packages are the same on xenial and newton for any package in the cloud archive, IF you have the newton cloud archive enabled on xenial
<coreycb> zioproto, here's the staging ppa for newton if you want to look through some packages: https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/newton-staging
<zioproto> deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton main"
<zioproto> I am using this one
<coreycb> zioproto, it's likely the same for the most part.  packages get backported from yakkety to xenial-staging then promoted to xenial-proposed, then to xenial-updates
<zioproto> ok
<zioproto> we are changing the way we work here
<zioproto> before we had VMs pointing to a internal deb
<zioproto> repo
<zioproto> now we build docker images
<zioproto> so I am trying to install my deb packages
<zioproto> with dpkg
<zioproto> if I have three deb files to install
<zioproto> openstack-dashboard_10.0.1-0ubuntu2_all.deb openstack-dashboard-ubuntu-theme_10.0.1-0ubuntu2_all.deb python-django-horizon_10.0.1-0ubuntu2_all.deb
<zioproto> and they are not in a repo
<zioproto> they are just on my disk
<zioproto> how I install them correcttly
<zioproto> I always get deps problems
<zioproto> because I cant install just 1 at the time
<hateball> zioproto: dpkg -i *.deb ?
<zioproto> ok I fixed it !
<zioproto> maybe
<zioproto> looks like the problem
<zioproto> was that I was missing a apt-get update
<zioproto> in my script
<zioproto> so the repo was there
<zioproto> but not loaded
<zioproto> this xenial was still mitaka
<zioproto> openstack-dashboard-ubuntu-theme depends on openstack-dashboard (= 3:10.0.1-0ubuntu2); however:
<zioproto>   Package openstack-dashboard is not configured yet.
<zioproto> I think the problem is with openstack-dashboard
<zioproto> that fails the configuration step
<zioproto> coreycb: I get this error, there is your name here :) https://bugs.launchpad.net/horizon/+bug/1643964
<ubottu> Launchpad bug 1643964 in horizon (Ubuntu) "compressing static assets fails with xstatic-bootswatch 3.3.7.0" [Undecided,Fix released]
<coreycb> zioproto, are you using ocata?
<zioproto> no
<zioproto> I get the same error
<zioproto> trying to upgrade from
<zioproto> openstack-dashboard (3:10.0.1-0ubuntu1)
<coreycb> zioproto, did you build the package yourself?
<zioproto> to my package
<zioproto> yes
<coreycb> zioproto, did you create a new orig-xstatic.tar.gz?
<zioproto> I added a patch in debian/pachtes
<zioproto> yes I did
<coreycb> zioproto, if so,don't
<zioproto> ahhhhh
<zioproto> I should not ?
<zioproto> the procedure for horizon changed again ?
<coreycb> zioproto, no
<coreycb> zioproto, for ocata we'll regenerate orig-xstatic.tar.gz but for stable releases we don't, because it pulls down the latest xstatic libraries
<coreycb> zioproto, which is probably fine most of the time but it caused you to hit this bug which we've only fixed in ocata
<zioproto> I am trying now
<zioproto> gbp buildpackage -S -us -uc
<zioproto> and then build from the dsc file
<zioproto> without calling any xstatic stuff
<zioproto> build failed
<zioproto> because the xstatic files are missing
<coreycb> zioproto, use debuild with horizon
<coreycb> zioproto, also you need the xstatic-orig tar
<coreycb> zioproto, you can get it from the ppa above
<zioproto> so, I avoid to call ./debian/rules refresh-xstatic
<zioproto> http://ppa.launchpad.net/ubuntu-cloud-archive/newton-staging/ubuntu/pool/main/h/horizon/horizon_10.0.1.orig-xstatic.tar.gz
<coreycb> beisner-afk, when you get in can you promote python-webob to ocata-proposed?
<coreycb> zioproto, correct, just wget that
<zioproto> ok building at the moment
<zioproto> Build success! but I guess no one in the world can build horizon packages for xenial-newton without knowing this issue !
<zioproto> ok but I still get this error
<zioproto> CommandError: An error occurred during rendering /usr/share/openstack-dashboard/openstack_dashboard/templates/horizon/_scripts.html: '\"../bower_components/respond/dest/respond.min.js\"' isn't accessible via COMPRESS_URL ('/horizon/static/') and can't be compressed
<zul> coreycb: yeah webob problems go away
<zioproto> coreycb: I was able to build the package and install it. But maybe the patch I was testing did not work
<zioproto> thanks for the support
<coreycb> zioproto, great, np
<gymdude> I am wondering in linux/unix like os's what is the equivalent of local group/security policy gui in control panel  for  windows  is for linux
<gymdude> or unix
<gymdude> ...I know unix/linux like os's have samba , winbind , openldap , pam and many other security alternatives that model active directory for if on  a domain or local
<gymdude> What i am getting at is my main thing is can one in linux or unix os lock all administrators/ disable them
<gymdude> So one cann't sudo or su to a higher privilage level every again like one can do for windows os's
<gymdude> ...At that point the only way to get complete control back to your unix or linux distro would be to have some password reset program like chntpw is to windows sam analogy
<gymdude> ...I hope you understand what i am talking about and somebody that knows something about this elaborate on it
<gymdude> ...And what would happen if one booted from a live usb and deleted the shadow and password files from the etc folder. When the person booted up again I always wondered that but haven't got around to trying it or have a spare HDD right at the moment
<joelio> gymdude: You're mixing several things there.. there are attibutes on the filesystem for ownership and modes
<gymdude> right so if you deleted the shadow and passwd files what would happen
<dr4c4n> gymdude:
<joelio> gymdude: you wouldn't be able to login
<dr4c4n> https://www.cyberciti.biz/tips/recovering-deleted-etcshadow-password-file.html
<dr4c4n> the system would ask for maintenance root password
<gymdude> for login you don't have any users totally blank or not there and even if you did replace it with failed users you still have to get the ownership , modes , : : : parts of it correct to
<joelio> dr4c4n: where would it get the password from if you've deleted /etc/{passwd,shadow} ?
<joelio> you boot into single user mode, or init bash - there's no password
<joelio> gymdude: not following there
<joelio> basically PAM is the major system here that deals with the UID/GID mapping on the files
<joelio> now PAM is a pluggable system, so there are many backend supported, like ldap, kerberos, sssd etc
<gymdude> wait if one rebooted there machine with out a shadow or password file what would happen would the linux os recreate just the basic root user with blank password , ask you to create a user , throw a error no user to login with ?
<joelio> you need to go in single user and recreate the system for multi user
<joelio> booting into init=/bin/bash *literally* drops you into bash shell
<joelio> as root
<gymdude> I get the software command you gave me can be used to recreate the barebones shadow or password files but that won't help you with all the other users , file attributes ,owners you have destroyed you have to create them all by hand / remember them thats if your lucky
<joelio> gymdude: that's what backups are for.. but I'm not following what you're specifically trying to do :)
<gymdude> But how can single user mode drop you into root you wiped root out because there is not users not even root because the password file is deleted
<joelio> why not try it in a VM and find out
<gymdude> But sure if it some how by dropping to single user mode gives you a root privilage then yes you should beable to addgroup,user, chown ,...etc to get what you want to some extent back
<joelio> that's what single user mode is, root
<joelio> full privilege
<joelio> there are different levels of init in unix, multi-user is one of them
<gymdude> So if any linux distro one can drop to single user mode then how is protect root password or other things doing anything
<joelio> physical security, grub passwords, bios passwords etc etc
<joelio> basically if someone can reboot your systems and has physical access, then the game can be over anyway
<gymdude> One could always drop to single user mode create a sudo user that has root privilage and do pretty much what they want
<joelio> if you can drop to single user mode, games over already, why bother with a sudo user?
<iliv> gymdude not if you restrain physical access to your machines
<joelio> security is like an onion, many layers
<iliv> gymdude security can never be absolute. let that percolate in your mind for a moment.
<joelio> yup
<joelio> security vs. usability -- pick your point
<joelio> most secure system is one turned off buried beneath 6 feet of concrete
<joelio> not very usable though
<gymdude> Ok well to get into single user mode you have to at least beable to customize the grub configuration files under boot which you cann't if you don't know the grub password or if you cann't privilage escalate to a user that can modify the /boot/grub files
<iliv> gymdude there's also BIOS/EUFI password
<joelio> and disk encryption, that requires unlocking
<gymdude> Ya but bios passwords in general aren't a good idea or work for large companies because then they have to remember tons of different bios passwords. If they had them all the same one person leaking it would eventually have a bunch of people knowing it
<joelio> no, not true, there are solutions for MDM fleet management
<gymdude> And also the fact that if one forgot the bios password your screwed just basically smash your machine its done
<joelio> no, not ture
<joelio> *true - reset BIOS with a jumper
<gymdude> ....Usually companies are more concerned not with that but with securing there os they put on ... they already know that one with bios access could boot from a live distro and reformat or reinstall a different os's
<gymdude> Well if the mobo had bios jumpers then why care about setting the password all a person would have to do is reset with the jumps defeating the purpose of the password
<joelio> yea, it's just to stop walkby or maybe a random thief with no knowledge
<joelio> nothing in security is absolute
<gymdude> ... All i am saying is securing at the bios level is really not  a good way unless its a one shot thing where no jumpers or reset can be done
<joelio> again, it's an ensemble of security practices that help, not one specific thing
<gymdude> I get that one could make the motherboard to have a bios on a plug able bios pci like card so when the one shot is over they can just throw out the card and not the whole motherboard
<joelio> well, your bios is in an EEPROM, so technically you can do that anyway
<joelio> it's 'puggable' in that sense
<gymdude> But its integrated on the mobo so your really destroying the whole motherboard if you destroy the bios for it currently
<gymdude> That is a way for company computers to go thru less issue and still secure a bios password not having to worry about leaking because they can uses many different passwords and not worrying about forgetting one because they can just order another replacement bios for the problemed machine that one for gets the password from time to time
<gymdude> ...Because lets face it if the company computers cann't boot live alternative os because a bios password is set that cann't be figured out how could anybody modify anything on that computer ever
<gymdude> ...Never mind they could also take out the sata hard drive and replace it with there own as well
<gymdude> So in this respect bios securing isn't really worth it
<joelio> suer
<gymdude> ...So thats why companies just secure there computers/laptops os by disabling all there local admin's when the person is not on the domain. Which would prevent them from having enough privilage to change there local policy settings
<joelio> maybe in windows land
<joelio> When we roll out laptops for users, they get admin privileges, but we also use dm-crypt
<joelio> we trust the users (mainly devs) to manage themselves, sudo on their own systems is fine
<joelio> we're just concerned about the data, hence encyption policies
<gymdude> Ya makes sense. Curious on linux is there away to do the equivalent of disabling all root privilaged accounts
<gymdude>  Like in windows disabling all local admin accounts
<gymdude> for the sam file
<gymdude> it just be for the shadow or passwd /etc files i would imagine
<joelio> on linux, the only user priveleged is root
<gymdude> not true there is different groups and privilage levels
<gymdude> associated with them
<joelio> different levels of access, not full privilege.
 * joelio has been doing this 20 years
<gymdude> ya but sudo users have full privilage as a root
<joelio> no
<joelio> sudo su -
<joelio> yes,  but sudo is very granular
<joelio> you can choose a single command for example that a single user can run
<joelio> look in /etc/sudoers
<gymdude> ya but by default its usually set up when you sudo you sudo to root privlage
<joelio> no, that's just you assuming
<joelio> sudo su -
<joelio> puts you in full root as you're running su
<gymdude> su does to
<joelio> su *sets* the super user, but you need to run sudo to escalate up
<joelio> try and run su on a machine with no root password set
<gymdude> if i su i just become root i don't need sudo su
<joelio> as I said, try that on ubuntu
<joelio> there is no password set for root, that's why during install it asks you for a user
<genii> Default is no su, recommended is sudo -i for interactive, then exit when admin things are finished being done
<joelio> no you can make it have a password, but default ubuntu has no password set
<greyolla> Hi. So normalling ones setting ethtool settings in the interfaces but I'm testing out libteamd/teaming interfaces. Is there any existing tools that will help manage just ethtool settings (vs me just applying them manually)?
<gymdude> super user is root right
<greyolla> interfaces file
<gymdude> ya su you need a password which fails if its not set up because of /etc file setup
<joelio> greyolla: you can pass post-up commands in /etc/network/interfaces
<joelio> that'll allow you to set at boot/interface bring up time
<joelio> gymdude: UID0 is root :D
<gymdude> ya got you on that
<gymdude> why is it though one can do sudo apt-get  and not sudo su first then apt-get install...etc
<greyolla> teamd requires that the interfaces be off before joining them to the team interfaces. Using the interfaces file / ifupdown seems to auto up them before applying the setting. Is there a way to specify not to bring up the interface but apply the changes still?
<joelio> greyolla: yes use manual
<gymdude> I am wondering sudo executes commands under a different user but how do you know which user it is executing under
<joelio> greyolla:    iface eth0 inet manual ---- kinda thing
<joelio> gymdude: sudo also logs auth escallation as well, when you go full root you lose some of that logging
<gymdude> I could go sudo -u user1 apt-get install ... which would execute that command under user1
<greyolla> I can set it to manual but the settings do not apply until I add "auto eth0" which brings up the interface
<gymdude> i guess i am wondering what sudo defaults to if no switches are used is it root user
<joelio> gymdude: just vanilla sudo {thing} will execute thing as uid 0 *but* you'll retain stuff like SUDO_USER env vars etc
<joelio> so you know what user is executing even though they are doing something as root
<gymdude> what take precedence the env SUDO_USER being set to something other then root  which would make you have to do sudo -u root to get the equivalent of sudo
<joelio> I'm not following, sorry
<gymdude> If you set the SUDO_USER env to something does sudo uses that user by default other then 0 root user
<gymdude> by default when you do sudo
<joelio> the env vars are just used in whatever application needs them, they don't override the calling user from an ACL perspective
<joelio> they're just handlers so an app knows who's instantiated it
<gymdude> yes and that application could be for sudo itself
<gymdude> so you can only have one and only one root account and by disabling this would be like the equivalent of disabling all local administrators is that correct
<gymdude> so one only needs to disable root user
<joelio> no
<joelio> you need uid 0
<joelio> there is (generally) only one root user, the others all escalate their CAPS depending on what's set
<gymdude> But if there is no root how can there be any uid 0 or person using it
<joelio> uid0 == root
<joelio> I'm going home now anyway, enjoy :)
<gymdude> right
<tarpman> gymdude: there has to be root. if you remove (or change) the definition of root in /etc/passwd your entire system will break
<gymdude> So then how does one prevent all users from privilage escalation to uid0
<tarpman> gymdude: in any case, uid 0 is what's special. uid 0 is the superuser regardless of what name /etc/passwd assigns it
<joelio> gymdude: they're not in the sudo group, or not set in sudoers
<joelio> by default
<joelio> you have to add them to sudo (wheel) group or add them in sudoers
<joelio> when you install ubuntu the user is added with sudo group membership automatically
<sypher> The default sudo group is named "sudo," not wheel. Wheel is a Red Hat/BSD-ism.
<joelio> if you add a user manually, they're not added
<joelio> you have to gpasswd -a {user} sudo --- or add to /etc/sudoers etc
<joelio> sypher: I know that
 * sypher shrugs. "Just being clear."
<gymdude> O ok so if i just adduser it won't beable to sudo to uid unless i add it to the group sudo or place the user in the sudoer file
<joelio> exactamundo
<joelio> you'll get an error saying the user is not in the sudoers file
<joelio> and it'll mail root (or whatever the admin email is set to) about the violation
<joelio> sane defaults ftw
<gymdude> Got it now i see so then how is user 1 and user 2 which are in different none sudo groups have different privilages/access levels... is the file system storing the gid and uid exceptable to access the file or resource
<joelio> the filesystem has attributes for storing the file owner/group
<tarpman> gymdude: yes. every file or directory has permissions for a specific user (the owner), a specific group (the owning group), and everyone else
<tarpman> gymdude: see https://en.wikipedia.org/wiki/File_system_permissions#Traditional_Unix_permissions
<joelio> in fact there are a lot of attrivutes it stores
<tarpman> gymdude: and https://en.wikipedia.org/wiki/Modes_(Unix)
<gymdude> This is for HDD resource how does the os keep track of memory blocks a user or group has access to . Because you have 2 main resources HDD and memory
<joelio> CAPS
<gymdude> Since device drivers are controlled via files , programs thats taken care of by HDD resources
<joelio> along with loads of other ways :)
<joelio> "Everything is a file"
<joelio> down the rabbit hole - http://man7.org/linux/man-pages/man7/capabilities.7.html
<gymdude> GDT , paging ,...etc doesn't take into account the user or group just weather the program itself stays with in its memory allocation/ memory resources
<gymdude> so if one can run the program it doesn't care what user or group ran it
<gymdude> So what i am getting at is how can one user have permission to access memory and another user cann't access that same memory  or is that even ever considered
<joelio> well, the kernel manages some part, but the memory management will happen inside a program.. Hence why there are hacks like heartbleed.. bad memory management
<joelio> and why rust is awesome
<joelio> there are 'mitigations' in the kernel which subert this, memory address randomisation, stack protection etc
<gymdude> ...well what i was wondering is they any way directly to restrict particular users or groups to certain memory
<joelio> (ironic as I'm building grsec kernel atm too)
<joelio> it's restircted by default
<gymdude> Obviously indirectly thru program itself or file permissions
<joelio> not sure what you mean by 'certain memory'
<sypher> A user cannot access memory allocated by programs run by other users, with the obvious exception of root.
<gymdude> the memory manager at the kernel or user level doesn't care at a user or group level
<joelio> unless it's a badly written program that reads/writes to an area of memory it shouldn't aka a hack
<gymdude> it only cares about if the block is marked shared , private,...etc
<tarpman> gymdude: a process can only access its own memory. if it tries to access another process' memory, that's a segmentation fault.
<tarpman> gymdude: is there something you're trying to figure out or accomplish that's leading you to all these questions? I have a feeling you're going in a particular direction, but I can't figure out what that direction is
<gymdude> ya got that so its more securing users and groups thru file permissions then thru what user access memory
<gymdude> And the memory manager only cares to keep programs/process separate so they don't violate  one another
<joelio> there's no real 'memory manager' as it were too, malloc and stuff sure but not in the kernel, not in that sense anyway. Programs themselves manage their memory, depending on what language you use you may have to manage it, it could be manageg for you, it might use garbage collection etc etc
<tarpman> joelio: there is absolutely a memory manager in the kernel, translating physical addresses to virtual ones and managing which pages are allocated to which processes
<gymdude> in the task_struct of the kernel there is a memory substructure it uses but thats just to check if the task running can access this memory... is sharable block ,..etc
<joelio> tarpman: I mean in the sense that gymdude was describing
<joelio> tarpman: aware of that, otherwise how would KSM work ;)
<gymdude> fs_struct is the substructure for what files the process uses , weather there locked ,..etc and the HDD file system contains the permissions/privilages for the user/groups for accessing/denying them
<gymdude> So permissions and privilages are all part of the HDD drive nothing more
<joelio> righ
<gymdude> regardless of what os's for the most part
<sypher> This is why physical access to a system can render the majority of security protections immediately moot.
<joelio> righ
<joelio> right, time to go home, laters :)
<gymdude> unless of course they put more into a sub structure of the task_struct for process
<gymdude> at some point
<gymdude> either way that wouldn't be worth it because you be chewing up memory at the same time as needing it stored on the HDD for permissions to be persistant over boot ups
<gymdude> so not really a point to put it in the task_struct for individual user or groups so much
<gymdude> ...That gets me to another point if you cann't get root privilages cann't you always boot a live cd and change the permission of the file you want to access without even having to mess with the passwd file or user anyway just change it to user 1 as owner instead of root on the HDD drive ...
<gymdude> provided you know where on the ext 4 or so you need to change to do this
<tarpman> yes. as sypher said, physical access lets you do pretty much anything
<gymdude> equivalent of sudo chown  ... but directly modifying HDD bits
<tarpman> that sounds like a lot of effort. I'd boot a liveCD/liveUSB and use chown :P
<tarpman> or use passwd and reset the root password, or, or, or, ...
<sypher> gymdude: I feel compelled to observe that you're going through an awful lot of effort to appear knowledgeable about disk and memory data structures, without even a basic understanding of how permissions are managed by the system itself. This seems... backwards.
<tarpman> indeed
<gymdude> ya your right i am over complicating things
<sypher> gymdude: If I had a recommendation, it would be to set aside what you think you know about how these data structures function, and start at the foundations. Learn the operating system and how permissions and privileges are managed. Only then can you put the more advanced topics in the proper context.
<sypher> gymdude: To be clear, I'm not trying to offend or otherwise demean. I do, however, have a number of years' experience teaching these sorts of topics, and I don't want you to trip yourself up while you're trying to learn.
<gymdude> there managed by the file system driver program
<gymdude> and the ext4  file structure
<gymdude> or in general the file system driver and file structure
<gymdude> Just different file systems store the permissions and privilages in different ways i.e registers , databases , cluster fields for fat , ntfs MFT or directory entries
<gymdude> just over thinking it thanks
<genii> Might want to read http://tldp.org/HOWTO/html_single/Security-HOWTO/
<gymdude> And LSA secrets whas before the invention of syskey for encrypting the same either way one can obtain these with bkhive and other register scrubbing programs
<gymdude> But i am curious if one has bitlocker or whole HDD encryption  How can one ever do password reset thru bkhive, chntpw ,...etc like programs
<sypher> gymdude: Without the key, you don't.
<gymdude> but wait whole drive encryption or bitlocker encryption doesn't encrypt the system partition and thats where the sam file is so one should beable to password rest a user without decrypting the data paritions
<gymdude> So adds no additional difficulty in changing the sam or changing passwords for the user
<gymdude> i would think
<gymdude> kind of confused on this if the system files aren;t encrypted and its not at the bios level for decrypting the HDD then how is it going to provided any more security
<tarpman> gymdude: maybe there's a channel for discussing bitlocker and windows security, but I don't think this is it
<gymdude> ok last question if one did change the sam file with an encrypted drive  what would happen the partition isn't being encrypted just the data so the os should boot and you should beable to change the password to use the machine except it won't decrypt your other paritions
<gymdude> ...so you won't get the data but you should beable to get a usable working os's
<sarnold> if you want a usable working OS just stick in a USB stick or something
<gymdude> true good point
<sypher> gymdude: None of this is on topic for this channel, so we're clear.
<gymdude> but was curious of that
<tarpman> gymdude: depends entirely on which partitions you encrypt. if / and /home are on different partitions, and you encrypt /home but not /, then yes, you'd have a working system but no access to data
<asrockus> hola
<asrockus> hay algn canal de ubuntu server espaÃ±ol ?
<sypher> If he's discussing SAM files, he's not talking about Ubuntu (or any Linux) anymore.
<tarpman> gymdude: ... but in that case you'd also have a perfect opportunity to sneak in a rootkit or something. so IMO you want to encrypt everything, all of /
<sypher> !es
<ubottu> En la mayorÃ­a de los canales de Ubuntu, se habla sÃ³lo en inglÃ©s. Si busca ayuda en espaÃ±ol entre al canal #ubuntu-es; escriba " /join #ubuntu-es " (sin comillas) y presione intro.
<sarnold> asrockus: #ubuntu-es XD
<asrockus> sarnold muchas gracias !
<sarnold> de nada :D
<asrockus> xD
<gymdude> but can you encrypt the system paritions as well thus the complete HDD and have the bios some how decrypt and encrypt the whole thing at boot up so its like boot up---> decrypt os system paritions   ---> decrypt data partitions/others --> run the os
<asrockus> estoy tratando de configurar ubuntu server pero se me es muy complicado jajaja
<gymdude> Because thats the only true way to stop password resets or any uses of that particular installment to the person that has the key
<sypher> gymdude: It doesn't decrypt it on the disk at all. Data read is decrypted in memory, data written is automatically encrypted on write.
<tarpman> gymdude: not that I know of. every setup I've seen, you need the bootloader and /boot (kernel and initramfs) available and not encrypted
<tarpman> gymdude: if you want to ensure no one has snuck a rootkit into your bootloader or kernel, you're looking at TPM and/or Secure Boot
<sypher> tarpman: Newer versions of grub support an encrypted /boot.
<tarpman> sypher: nifty! noted, will look into that
<tarpman> so s/bootloader or kernel/bootloader/ above :)
<gymdude> but for going one level higher encrypting / that would take firmware or bios to do it
<gymdude> just curious if they have that
<tarpman> gymdude: no, encrypting / does not require firmware support
<sypher> gymdude: No, it would take a bootloader, which is ... what I just said.
<gymdude> its definitely not need in most cases over kill just curious
<sypher> It's not overkill at all.
<sypher> gymdude: Where are you getting these opinions/observations?
<gymdude> No i meant not / but the whole HDD when i said that so MBR and partition tables encrypted
<gymdude> to
<tomreyn> it's possible, but involves manual adjustments and it's easy to break it. http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
<tomreyn> this is not with "secureboot" / TPM involved, though, though this may also be possible.
<gymdude> ya i get you but i was think more local not thru a network resource just a whole internal HDD  being encrypted by itself standalone
<gymdude> that link isn't quiet that
<sypher> gymdude: It's recommended that you create one container partition for the encrypted data, then store everything else insite that container.
<sypher> Trying to just encrypt a whole disk device is a recipe for something between aggravation and disaster.
<tomreyn> gymdude: if you're tlaking self-encrypting storage media (so, in hardware / drive / controlelr firmware), this would be something for ##hardware rather than here.
<gymdude> so you basically have grub unencrypted but password protected and the other paritions holding different os with data and system files or other thing completely encrypted
<gymdude> But your still relying on the boot loader at the top level being unencrypted
<tarpman> which is why I was talking about secure boot - to ensure the boot loader stays trustworthy
<sypher> That's really the only good way to do it.
<gymdude> ... I want to know if there is away to complete encrypt that to and do the encryption / decryption of the boot loader from the bios or firmware level thus making it one layer more secure
<gymdude> what does secure boot do
<tarpman> one layer more secure? one layer more fragile, more like
<tarpman> gymdude: don't make me LMGTFY you.
<sypher> gymdude: You really are taking this to an extreme without understanding any of the components.
<tarpman> gymdude: go away and read every single post on mjg59.dreamwidth.org and then come back and we can talk
<sypher> gymdude: And from the tone of the responses you're getting, I'm not the only one getting a bit annoyed by the fact that you're not doing your own homework/learning.
<gymdude> I just wondering if manufactures ever made one not it would be useful as much more for research
<sarnold> gymdude: many hard drives have variants that support on-disk encryption. Most people don't trust these drives entirelly because firmware authors have a tendency to suck at their jobs and write terrible firmware, but it is an option
<tarpman> don't get me wrong, I love talking about this stuff
<sypher> sarnold: 100% truth, there...
<sypher> tarpman: pm okay?
<tomreyn> this discusses the "secure boot" process http://www.linuxjournal.com/content/take-control-your-pc-uefi-secure-boot
<tarpman> sypher: yeah, I'll take the noise elsewhere. sorry.
<gymdude> O ya secure boot is the bios thing i am talking about to some extent
<teward> sarnold: ping
<teward> sarnold: http://paste.ubuntu.com/23834943/
<sarnold> teward: excellent! :D
<teward> sarnold: so we *know* it builds here right
<teward> so now I can work on the merge.
<teward> ... but not this weekend
<teward> got plans
<teward> sarnold: so yes, at least the executable and such is all PIE/PIC enabled
<teward> but I *did* have to compile it with -fPIC flags to make it obey for the module builds :/
<teward> sarnold: is there a reason dpkg-buildflags' CPPFLAGS or CFLAGS, when +pie is enabled in the hardening flags, that it ***doesn't*** put -fPIC into the flags?
<teward> a security-specific reason
<sarnold> teward: PIC forces a huge number of variable refernces through the global offset table. or procedure linkage table. Or something like that. It typically introduces a larger performance penalty.
<sarnold> teward: but there's possible changes afoot. see the huge thread here, and especially the paper https://sourceware.org/ml/libc-alpha/2016-12/msg00954.html
<ubottu> sourceware.org bug 2016 in libc "argp --help infloop, via ARGP_HELP_FMT envvar" [Normal,Reopened]
<sarnold> ubottu: shush you got it wrong
<ubottu> sarnold: I am only a bot, please don't think I'm intelligent :)
<teward> sarnold: ah, OK.  I have no choice but to either enable PIC with PIE, or disable PIE altogether for the merge
<teward> and I presume you would rater PIE+PIC than -PIE
<sarnold> teward: absolutely
<teward> OK
<teward> we'll add that to release notes then about the potential performance hit
<sarnold> it might be worth benchmarking it first :)
<teward> if I get it in before FF
<sarnold> x86 will probably suffer more than x86-64
<teward> sarnold: we already have this issue noted with +PIE since Xenial
<teward> and others
<teward> I don't have a choice here, though, on building.  It's either +PIE+PIC or -PIE.
<teward> performance impacts aside
<teward> (since most server installs I know of are 64bit, I'm less concerned about i386)
<teward> i think this was discussed a long while ago when we first got the request to turn on PIE on it
<teward> sarnold: I'm more inclined to just enable it and make a note there may be a performance impact, especially on 32bit.
<teward> since +PIE+PIC is better than not having either
<teward> sarnold: at least, according to you.  If they get changes working that'd be great
<teward> to reduce that impact for fPIC, but apparently it's needed for nginx currently.
<sarnold> teward: works for me. typically if someone really cares about eeking out the last few percentages of performance, they'll recompile with their specific architecture in the compilation flags and use profile-driven optimizations anyway. they can do what they want with the pic/pie on their own systems. :D
<teward> yup
<teward> sarnold: that's the argument we made when we enabled PIE in the builds for Trusty or something
<teward> 'twas a feature request :P
<teward> but got it approved
<sarnold> woot
<teward> and we'll make sure to make a note in the release options
<teward> s/options/notes/
<teward> this weekend I have plans though so it's a "Not caring much" weekend :P
<sarnold> FF is still ages away, no real rush yet :)
<teward> sarnold: well, i have other obligations too, time wise
<teward> so :P
<teward> but the *hard* part is done
<teward> the PPA builds as-is are Debian, so I just have to add the Ubuntu delta to that
<teward> though I think I found a critical install-from-scratch bug
<teward> so i have to test that further
<gymdude> also curious how does the andriod linux os on a phone do set it up so there is no root user?
<gymdude> Linked with the uid 0
<tarpman> gymdude: sounds like a question for #android
<gymdude> but its a general unix/linux os question
<tarpman> this is #ubuntu-server, not #general-unix-linux-os-questions
<gymdude> like how to remove root
<Pici> or ##linux
<gymdude> obviously you cann't remove uid 0 but the username associated with it seems to be
<gymdude> so how do you disassociated any username with uid 0
<gymdude> another words
<tarpman> my android phone certainly seems to have uid 0 named 'root'
<tarpman> 'id root' says uid=0(root) gid=0(root) groups=0(root)
<gymdude> that would answer my question in general for any unix/linux like os weather it be for a phone/embedded device or for a compute
<gymdude> r
<gymdude> So then whats stopping you from rooting or sudo su to the root?
<tarpman> there's definitely no sudo on my phone
<gymdude> If you copy over a sudo program
<tarpman> and su - I don't think root has a password, and if it does I don't know it
<tarpman> if I copy over a sudo program, I have to be root in order to set the suid bit
<gymdude> Ya so how does one copy over a sudo or any program and set it to an owner of root  uid 0  without actually being able to sudo chmod , chown ,..etc
 * lynorian wishes she understood what these flags were 
<tarpman> you don't :) that's the whole point
<tarpman> lynxman: which ones? suid/sgid?
<tarpman> lynxman: excuse me
<tarpman> lynorian: ^
<lynorian> tarpman, That was not in response to you sorry I was scrolled up
<gymdude> you should beable to edit the sudoer and other files in /etc if you go from a live cd right
<tarpman> gymdude: sure
<gymdude> O but these parititions are internal so you would kind of need an adb to connect to which is not at uid 0 privilage level anyway
<tarpman> right, adb doesn't give you a root shell unless the phone is already rooted/otherwise had 'adb root' enabled
<sypher> How is this related to Ubuntu server support?
<gymdude> so how does one enable adb root
<sypher> Please take this to offtopic.
<genii> Alternately, #android or #android-root
<sypher> or that.
<gymdude> why cann't you just leave the sudo , su programs on the sd card and change them to the right permission with your live cd distro
<gymdude> ...Why do they need to be executed under the internal paritions thru adb
<gymdude> shell
<gymdude> in the first place
<sarnold> gymdude: man 8 mount -- look for nosuid
<gymdude> O wait the terminal your going to need to execute them in would need to be thru adb never mind. So the only true way is to fastboot to an image file ... then mount the imagine changing the permissions and reflash it
<sarnold> gymdude: of course modern androids also use selinux to further confine processes beyond the usual unix security model
<sypher> Guys, please. This is off-topic for this channel. Please find a more suitable forum.
#ubuntu-server 2017-01-21
<rizonz> is it true that 14.04 doÃ©sn't honer apt-update scheduling and 16.04 does ?
<greyolla> Does the kernel in xenial support any 25gbe nics out of the box?
<lordievader> Good morning.
#ubuntu-server 2017-01-22
<samba35> do i require vt-d / iommu for dpdk to use with pci nic even ?
<samba35> using 16.04
<jonah> Hi can anyone please help, I can't start MySQL after a server upgrade
<jonah> I get "apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=4418 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=102 ouid=0
<jonah> and similar errors like that
<jonah> hi turns out ibdata1 is filling my var partition! Does anyone know what causes this or how to fix it please?
<jonah> Hi does anyone please know if it is safe to shrink my /home partition which is a logical volume lvm, then add the spare space to /var?
<sypher> jonah: Depends entirely on what filesystem /home is.
<marlinc> Is there a alternative for apt-check to programatically check for updates and security updates in Xenial?
<bekks> Why do you need an alternative?
<marlinc> Does it still exist? I can't find it that's why :)
<marlinc> Oh it does still exist, great!
<Village> Good time, i want help, don't understand how too activate Failover (New IP to DS system)
<RoyK> Village: what sort of failover?
<RoyK> Village: I mean - whole server, or some service, virtualisation or physical (etc)
<Village> If really something don't happening, i don't know where issue, i try link new IP with existing DS system
<Village> But it's don't works, so i afraid write to support becuase i don't know from what side issue
<madratrace> I am trying to logprof the apache profile but I am getting into a loop where it doesn't seem to go anywhere unless I abort the process. more specific the offending entry is about the default hat : default URI , no matter what option I choose unless i choose abo(r)t it keeps asking for input
<madratrace> anyone tried to train apache on apparmor?
<JanC> madratrace: I think there is a preliminary profile in the 'apparmor-profiles-extra' package?
<JanC> most likely it needs changes for local configuration though...
<madratrace> JanC: haven't installed this tbh nor apparmor-profiles
<madratrace> JanC: only thing i tried was installing the apache apparmor mod
<madratrace> JanC: but profiling gives me exactly the same behaviour, it gets stuck at hat policies
<madratrace> JanC: So I uninstalled it
#ubuntu-server 2018-01-15
<mbff> Hello! I've just setup pfsense in KVM on Ubuntu server as the host however my clients cannot ping or curl pfsense and they aren't getting internet. pfsense on the other hand has internet, but cannot ping lan devices.
<mbff> The folks over at #pfsense believe it is a KVM/bridge issue. My interfaces file is https://gist.github.com/marshallford/cbf917a9cf8cbd8d23c641b04c193569
<mbff> My KVM Nics look like https://imgur.com/a/y5HrC  My question in short is: Am I configuring the bridge (br0) correctly?
<mason> mbff: Doesn't look like you're bridging.
<mason> mbff: I have: Network source: Bridge br0: Host device whatever.
<mason> Do you have your bridge set up?
<mbff> ok... I'm not following completely
<mbff> mason, what do you mean setup?
<mason> https://bpaste.net/show/aa80dcd3347f
<mason> If you have a bridge set up, then you just pick that off the list. If it's not set up, it won't be there.
<mbff> I have a bridge setup, see https://gist.github.com/marshallford/cbf917a9cf8cbd8d23c641b04c193569
<mbff> I am telling kvm to use the bridge. So when the guest boots, vnet0 is created and added to the bridge (br0)
<mason> kk, so, creating a vm, if you're doing it in virt-manager, on the last screen before you click "finish" there's a network selection drop-down.
<mbff> mason, right see https://imgur.com/a/y5HrC
<mason> You should see "Bridge br0: Host device enp8s0" based on what you show.
<mason> Now we circle.
<mbff> circle?
<mason> Host device foo: macvtap isn't the bridging you wanted. See my first two notes.
<mbff> There are two screenshots in the link
<mbff> The first is the WAN NIC
<mason> Oh, didn't look at the second.
<mbff> I am using macvtap to pass though the WAN NIC has the host OS has no need for "raw" internet
<mbff> The screenshot is slightly out of date. It now reads br0 not br1
<mason> Ah, that's fancier than what I do, so I'm not qualified to comment. Sorry.
<mbff> dang
<mbff> thanks anyway
<lordievader> Good morning
<cpaelzer> rbasak: for 1738062 and 1740160 I linked MPs, but since seed changes are not a daily task for me I always feel unsure
<cpaelzer> it is only demotions, so it should be simple - but I'd appreciate if you could take a look
<cpaelzer> I already run germinate and see that the effective delta will be what I want
<rbasak> ack
<cpaelzer> jamespage: https://github.com/canonical-server/dev-summary
<cpaelzer> jamespage: I think we got your issue
<cpaelzer> jamespage: can you re-run that on a 4.15-rc8 mainline kernel build?
<lwizardl> I was wondering if there is a similar service that can be self hosted on a server that acts similar to discord?
<keithzg> lwizardl: Matrix/Riot.im is not entirely dissimilar to Discord.
<lwizardl> keithzg, okay thanks I will look into them
#ubuntu-server 2018-01-16
<keithzg> lwizardl: Yeah it's pretty snazzy, although I'm not sure if you're looking into purely the audio chat portion of Discord or into the more chat-channel nature, which is more what Matrix does, with both web and native clients; you can also do voice communication between users but I've never actually tried it. They have a repo though and it's *super* easy to set up on an Ubuntu server, so it's worth trying it out!
<lwizardl> keithzg, I have never used discord but someone told me you can share files, chat, etc. Sort of like how irc does also. but in a single setup and i wan to try and get a similar setup
<keithzg> lwizardl: Ah, yeah Matrix, especially the Riot.im clients for it, can let you do all precisely that. It's very much designed as a more contemporary take on IRC.
<lwizardl> awesome thanks for the info :)
<keithzg> lwizardl: No problem :)
<H1d3> anyone here
<keithzg> Nope
 * keithzg calls it a day, puts on his coat, heads home
<Neo4> I installed LAMP and have used this code https://hastebin.com/quzaqebugo.php
<Neo4> and have got message error is not send
<Neo4> might I install mail server?
<Pinkamena_D> Hello. I have a lubuntu headless machine. In /etc/network/interfaces I specify the config. The ip address and network are used, but the dns-nameservers line is not propogated to the resolveconf file, so I end up manually overwriting it at every boot. Any common reason the dns-nameservers line would be ignored?
<lordievader> Good morning
<lordievader> Pinkamena_D: What is it pointing towards, before you edit it?
<ahasenack> rbasak: is there a tool to check a package's Depends (or Build-depends) and tell from which pocket they come from?
<ahasenack> case in point is I want to check the dependencies of a main package and make sure none come from non-main
<mdeslaur> ahasenack: check-mir
<ahasenack> oh, convenient, thx
<mdeslaur> yw
<rbasak> ahasenack: yeah, check-mir is the best tool we have. Note though that it doesn't always give you a perfect answer.
<ahasenack> I found a build dep on python-distutils-extra which is in universe, for a main package
<ahasenack> yet the package is in the archive
<ahasenack> is that an exception?
<ahasenack> case is landscape-client. Check xenial, for example
<ahasenack> python-distutils-extra was in main in the trusty days
 * ahasenack reads https://lists.ubuntu.com/archives/ubuntu-devel-announce/2016-April/001179.html
<rbasak> ahasenack: how do you feel about bug 1717040 currently, given my comment 30 and Yann's reply?
<ubottu> bug 1717040 in libzstd (Ubuntu Zesty) "Please backport libzstd 1.3.1+dfsg-1 (universe) from artful" [Undecided,In progress] https://launchpad.net/bugs/1717040
<ahasenack> I was going to ask you the same :)
<rbasak> I'm not comfortable accepting an SRU that we know will break user behaviour (admittedly the number of users is low but unknown, may be nonzero) when I know there's a way round it and nobody else has an opinion.
<ahasenack> then so be it
<ahasenack> we version the dev package
<rbasak> Might be worth checking with someone that the Conflicts will work correctly on upgrade.
<rbasak> I wonder if there should be a Replaces somewhere for example.
<ahasenack> I will need assistance from somebody for that
<rbasak> https://wiki.debian.org/PackageTransition may be relevant
<ahasenack> relevant yes, trivial not
<rbasak> Case #2 perhaps?
<ahasenack> not that simple, I looked at other similar cases
<ahasenack> there is a virtual "libfoo-dev" provides
<ahasenack> involved
<ahasenack> meaning the default dev pkg
<ahasenack> there is definitely a pattern to follow
<ahasenack> I just need to know what is a good package to look at
<rbasak> Perhaps ask infinity for help on this one
<rbasak> And also, if thinks this is unnecessary, then I'll trust his judgement :)
<ahasenack> rbasak: should we also provide a zstd1 (with soname) package for the cli linked against the new lib?
<ahasenack> otherwise, if you have zstd (the 0.5 cli) installed, and upgrade, it will pull in libzstd1 (1.x) with the new zstd 1.x package
<ahasenack> but leave libzstd (assumed soname 0) and respetive -dev (if installed) alone
<rbasak> ahasenack: I don't follow your question. I'd expect the SRU to ship a libzstd1 only. libzstd0 would still be shipped in the release pocket. Users could end up with both co-installed if they need.
<rbasak> The new zstd CLI would depend on libzstd1
<nacc> (and would need to manually remove it, i believe, if they no longer wanted it)
<nacc> (the *zstd0 packages)
<nacc> rbasak: you around still?
<rbasak> nacc: yes
<nacc> rbasak: mind joining the standup HO briefly?
<rbasak> nacc: omw
<kneeki> If I want to set up a subdomain like: api.foo.bar.com, would I use a CNAME record? api > CNAME > foo.bar.com
<kneeki> Nevermind, I got it. * > CNAME > foo.bar.com
<ahasenack> rbasak: question was about the zstd cli, if we should ship one in a package named zstd1 which would either conflict or be co-locatable with zstd
<ahasenack> but given the new cli can handle files produced by the old library, I think no need for a zstd1 (separate) package, and just let zstd 0.5 upgrade to zstd 1.x
<rbasak> ahasenack: I assumed the latter.
<rbasak> No need to ship two zstd binaries, AIUI.
<ahasenack> sounds good
<ahasenack> hm, I copied ~/.gnupg to a container I have running (lxd), but gpg --list-keys on the container shows no output, as if there were no keys
<ahasenack> I checked ~/.gnupg/*.conf files, nothing obvious
<ahasenack> any idea what could be wrong?
<ahasenack> I'm at the strace level now
<ahasenack> I can see it opening several files in ~/.gnupg inside the container, but that's it, no output from the tool
<ahasenack> both the host and the container are the same ubuntu release (artful)
<ahasenack> ok, worked now
<ahasenack> cosmic rays for sure
<nacc> ahasenack: did you restart teh agent?
<nacc> ahasenack: or perhaps sighup or something
<ahasenack> there was no agent inside the container
<nacc> ahasenack: what os was the container?
<ahasenack> or shouldn't be, at least
<ahasenack> artful too
<ahasenack> I actually tried starting one
<nacc> ahasenack: hrm, if it's gpg2 (which i think artfull was), there's always an agent
<nacc> ahasenack: or were you specifically invoking gpg1?
<ahasenack> then maybe I inadvertently restarted it when I tried to start a new one
<ahasenack> no, just "gpg"
<ahasenack> also removed "use-agent" from the conf file in ~/.gnupg at some point
<nacc> yeah, that's gpg2 in artful
<nacc> ahasenack: per `man gpg2`, that has no effect any longer :)
<nacc> "gpg always requires the agent"
<nacc> ahasenack: that optionn, that is
<ahasenack> ok
<nacc> i spent some time dealing with this when we had it in the snap before
<nacc> yeah looks like zesty+ is gpg2 by default
<nacc> xnox: is there a way with sysv to say that if corosync starts that it should start pacemaker, if pacemaker is available? The phrasing of "Should-Start" is close, but then I think it's semantics don't make a ton of sense (or I misunderstand them)
<xnox> nacc, i do not speak sysv init... my first linux machine ran upstart; my first unix machine ran launchd
<nacc> xnox: ok :/
<xnox> maybe slangasek can help, but he is not on this channel.
<xnox> try on #ubuntu-devel
<nacc> xnox: we could switch the packages to upstart, but that's a bigger SRU, of course
<nacc> xnox: ack
<micalexander> I have a newly installed version of ubuntu 16.0.4 installed on a 2010 imac in efforts to get better at sever administration, lol, however I can not seem to be able to gain access to it via ssh on my local network. I have installed openssh-server and openssh-client, allowed port 22 with ufw and iptables and still nothing. It just hangs on ssh. Is there something obvious that I am missing?
<mason> micalexander: Test basic networking before you start using fancier things.
<mason> Can you ping it? Can you telnet to port 22 and see a listener?
<mason> From the console, make sure your network is configured properly.
<micalexander> mason: yes I can ping it
<Ussat> is it in a VM or direct hardware ?
<micalexander> direct
<mason> It's a virtual 2010 imac. :P
<micalexander> mason:  " From the console, make sure your network is configured properly."
<mason> More or less, yes. :)
<micalexander> I can ping it but telneting it seems to hang
<mason> So, can you ping out from it?
<micalexander> you mean telnet from another computer on the same network right?
<mason> Yes.
<micalexander> wait not out from it
<micalexander> let me try
<Ussat> does it have a IP ?
<Ussat> ifconfig
<mason> If you can ping, then the next thing is, is the service you want running? Is it holding a port listener? Is there firewalling blocking you?
<mason> If you set it up to learn, this is the perfect sort of problem to have. :)
<micalexander> right!
<micalexander> I can ping a web address
<mason> That's useful then. So, you want ssh - is it installed? Is it running?
<micalexander> and nstat seems to show port 22
<mason> ps axuww | grep ssh
<micalexander> yes
<mason> Do you have telnet installed on it? Can you telnet localhost 22 ?
<mason> Also, a random note, wifi can be flaky - you might have a happier time, especially on Mac hardware, if you're plugged in.
<mason> I installed on a macboot5,1 the other day, and wireless performance is disappointingly spotty.
<micalexander> I am plugged in
<mason> good
<micalexander> looks like its connected to 22. said connecting and just hanging out there
<Ussat> reverse dns
<mason> micalexander: But if nothing answers that's no good. You should see "SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2" or similar.
<mason> from your telnet localhost 22
<micalexander> yes
<micalexander> that is what I see
<micalexander> also...
<mason> Ah, good.
<micalexander> I can not seem to ping my local ip of my macbook from it. Is that a problem? Seems li it,
<micalexander> like
<mason> micalexander: So, if you can ping out but not ping yourself, that's probably some sort of issue. I'd make sure you don't have firewall rules next.
<mason> sudo iptables -n --list
<mason> But with that I have to take off. You're making progress though. I'll check back later.
<micalexander> iptables show 22
<micalexander> K, so it was because I was not on the wifi 5g connection on the computer I was sshing from.
#ubuntu-server 2018-01-17
<HyD3> If i have a ubuntu 16 server and a vm how can i make the vm have access to internet but exclude host machine..just need a nudge in right direction
<HyD3> I want host to have no access at all
<keithzg> HyD3: Since the host is providing the network device to the guest I don't even know if that'd be possible, at least not to the degree I'm aware of with the hypervisors I've used (KVM and VirtualBox).
<keithzg> (Not provably and completely, at least; obviously you could get this *apparently* true just with firewall rules and such)
<patdk-lap> there are MANY ways to do it
<patdk-lap> but with that limited amount of info, no idea what way you need, or if any of them would work for you
<patdk-lap> you are talking about network design
<patdk-lap> or you can take the real way
<patdk-lap> and just pass the network card through to the vm, and not have a network card even installed on the host
<keithzg> patdk-lap: Fair enough; I just haven't seen any ways to pass PCI (or such) devices to VirtualBox or KVM guests, I mean I know it's possible in some scenarios but don't you need additional hardware support too? Although I suppose if you're willing to use a USB network adapter, *that* is super simple in the shiny GUI interfaces, even. Although yeah it was an ambiguously made request from someone who then quit the channel, so Â¯\_(ã)_/Â¯
<lordievader> Good morning
<ahasenack> rbasak: hi, good morning, around?
<rbasak> ahasenack: o/
<ahasenack> rbasak: got some prelim results for the zstd packaging, lemme paste
<ahasenack> rbasak: xenial: https://pastebin.ubuntu.com/26404010/
<ahasenack> rbasak: artful: https://pastebin.ubuntu.com/26404013/
<ahasenack> rbasak: I'm now testing a release upgrade
<ahasenack> might just use dist-upgrade with sources pointed at artful, tbh
<ahasenack> bionic will be like artful
<rbasak> Looks good so far I think?
<ahasenack> yes
<Neo4> hi
<Neo4> what might I install for send mail on ubuntu?
<ahasenack> Neo4: as a server, or do you mean an email client?
<Neo4> ahasenack: I don't know, on my ubuntu server, mail php function doesn't send messages
<Neo4> it doesn't work
<ahasenack> ah, you need "/usr/bin/sendmail"
<ahasenack> I'd suggest postfix
<Neo4> postfix? it's MTA
<Neo4> mail transfer agent
<ahasenack> but it provides that binary which php is calling, and can be configured to just send email out
<ahasenack> there are simpler alternatives, of course
<Neo4> I want also have mail like name.mydome
<ahasenack> note that you will need a "smart relay" for these alternatives, as they only know how to deliver to the next hop, not to the internet at large
<Neo4> if I install postfix shall I have mails?
<Neo4> ahasenack: well, I'll customize droplet on digitalocean now and will install there all needed app
<Neo4> will do it for test
<Neo4> I'm going install there roundcobe
<Neo4> http://roundcobe.net
<Neo4> https://roundcube.net/
<ahasenack> rbasak: release upgrade results look good as well, I will update the bug
<tobasco> jamespage: coreycb sorry if i've asked this before, im working on keeping ubuntu supported in upstream openstack puppet modules and for the ocata packages panko-api and nova-placement-api depends libapache2-mod-wsgi
<tobasco> like this: nova-placement-api : Depends: libapache2-mod-wsgi but it is not going to be installed
<tobasco> /usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install nova-placement-api
<tobasco> should i interpret this as the modules must make sure all apache requirements is met before installing that package? so dropping the eventlet support for those two would probably be it
<tobasco> *queens not ocata, seems like im tired today
<rbasak> tobasco: "...but it is not going to be installed" usually is apt being unable to resolve a conflicts.
<rbasak> If (for debugging) you give apt an explicit list that includes libapache2-mod-wsgi, it should tell you exactly what the reason is.
<tobasco> rbasak: ty i will test
<tobasco> rbasak: didn't get much more help from the output but seems to be some dependency issues
<tobasco> https://pastebin.com/KyQNhC90
<tobasco> or it seems to be a conflict because of the first "removing gnocchi", "removing libapache2-mod-wsgi-py3
<tobasco> conflict when it needs libapache2-mod-wsgi but it already has libapache2-mod-wsgi-py3 installed
<Neo4> I've got error http://pix.toile-libre.org/?img=1516196072.png
<Neo4> now let encript doesnt work?
<rbasak> tobasco: OK so your problem is that libapache2-mod-wsgi-py3 and libapache2-mod-wsgi conflict and both can't be installed at once.
<rbasak> I think that is probably because Apache can't embed both Python 2 and Python 3 at once.
<Neo4> I do it, now works https://american-chat.ru/
<ahasenack> rbasak: hi, could you please reimport libzstd? In bionic, the archive has 1.3.3, but ubuntu/devel has 1.3.2 in git. Same for ubuntu/bionic-devel (only 1.3.2)
<rbasak> ahasenack: ack
<ahasenack> thx
<ahasenack> rbasak: you know, this sru story is making this package grow a delta now :/
<rbasak> Yeah
<rbasak> It's only for the transtiional purpose though, right? It will be able to be synced post Bionic.
<ahasenack> I think so
<ahasenack> rbasak: could you please accept my two new nominations in https://bugs.launchpad.net/ubuntu/+source/libzstd/+bug/1717040 ?
<ubottu> Launchpad bug 1717040 in libzstd (Ubuntu Zesty) "Please backport libzstd 1.3.1+dfsg-1 (universe) from artful" [Undecided,In progress]
<tobasco> rbasak: thanks for your help :)
<rbasak> tobasco: you're welcome!
<rbasak> ahasenack: Accepted Artful. But I'm not sure we need it for Bionic. Use the main task to track Bionic. Otherwise when C opens we'll get another task which can be confusing.
<ahasenack> the main one was marked fix released already, I didn't want to change that, but I can if you think it's better
<rbasak> Reopen it
<rbasak> Adding a Bionic task wouldn't work around that. The main one would just disappear (it'd say "Tracked in Bionic")
<ahasenack> ok
<rbasak> ahasenack: import done
<tobasco> jamespage: what
<tobasco> *what's the reason for forcing installation apache for gnocchi-api package?
<tobasco> i understand forcing python3 to use it, but forcing operators to run under apache will need them to run gnocchi on another node and it cannot be colocated with other services because it depends on libapache2-mod-wsgi-py3 package
<jamespage> tobasco: tl;dr don't install gnocchi-api - use python3-gnocchi and gnocchi-common instead
<jamespage> gnocchi-api *is* the apache configuration for gnocchi with mod-wsgi-py3
<tobasco> that makes more sense, thanks :)
<Neo4> who know how to send mail? I installed postfixe and have tried send mail using this
<Neo4> echo "This is the body of the email" | mail -s "This is the subject line" neovichnn@gmail.com
<Neo4> I didn't see males
<mason> Neo4: http://www.postfix.org/docs.html is useful
<Neo4> mason: I used this guide and 3 step doesn't work https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04
<mason> Neo4: Oh. Heh. Just occurred to me... If this is a fresh install on a DO machine, you might have had bad luck with your IP address assignment.
<mason> Look at /var/log/mail.log to see if the system delivered your email. It might have been flagged as spam.
<Neo4> yes fresh
<Neo4> how to test bad luck or good?
<Neo4> my ip on DO 165.227.148.94
<mason> Neo4: Well. One thing you can do is install rblcheck.
<mason> But it shows you as not-listed, so that's good.
<mason> Check your logs to see what happened when you sent the mail.
<Neo4> I don't know how
<mason> less /var/log/mail.log
<tobasco> jamespage: but gnocchi-api systemd unit files are still in gnocchi-api package right? so either way it's a lot of customization or forcing to install apache
<tobasco> atleast i don't get one, so i assume so
<ahasenack> rbasak: hm, zstd uses d-shlibmove in d/rules, and on xenial it's complaining:
<ahasenack> E: line [Provides:.*libzstd-dev] not found in debian/control section for libzstd1-dev
<ahasenack> build log: https://launchpadlibrarian.net/353790577/buildlog_ubuntu-xenial-amd64.libzstd_1.3.1+dfsg-1~ubuntu0.16.04.1~ppa4_BUILDING.txt.gz
<ahasenack> rbasak: do you know why athat is?
<ahasenack> that*
<ahasenack> do I need a Provides: libzstd-dev in the libzstd1-dev package? It has a conflicts with libzstd-dev, btw
<rbasak> I'd never heard of d-shlibmove before, sorry.
<Neo4> mason: I got this in folder /var/mail/ in file neo
<Neo4> http://dpaste.com/1HGMRS4
<mason> Neo4: Ah, yeah. Are you setting this up as a spam cannon or something?
<mason> If not, you've got an abused IP address.
<Neo4> I set nothing
<Neo4> I didn't get spam even
<Neo4> spam folder is empty
<jamespage> tobasco: no - its only apache config and maintainer scripts
<mason> Neo4: Right. GMail refused delivery because of your IP reputation.
<jamespage> tobasco: http://paste.ubuntu.com/26404947/
<Neo4> mason: why do you think so?
<mason> Neo4: This is out of your control. Try a new IP address. If you're very new to mail you don't want to try tackling rehabilitating your IP address rep.
<mason> Neo4: I think so because I read the message you put on the pastebin. :)
<Neo4> I change host name
<Neo4> neo@ubuntu-s-1vcpu-1gb-fra1-01 seems it's wrong?
<Neo4> well, know install it on my second VPS
<mason> Neo4: Nothing to do with your hostname.
<mason> But yes, try on a different VM.
<Neo4> why that doesn't work?
<Neo4> it should be in spam
<mason> Read the message you put in the pastebin. They refused deliery for the reasons they state.
<mason> That's a complete and thorough answer.
<Neo4> there exists firewall
<Neo4> ufw
<Neo4> suddenly he is block postfix?
<mason> Neo4: No, Google blocked you. Not your firewall.
<tobasco> jamespage: okok
<tobasco> ty
<tobasco> could we add a systemd unit files in the gnocchi-common package?
<tobasco> if you use gnocchi-api for apache config what if you want to run it standalone, then it would cover all use cases, custom wsgi, apache wsgi or standalone
<Neo4> mason: yes, I got message from other vps
<tobasco> might already be supplied for the other packages, i assume only gnocchi-api is apache backed
<Neo4> mason: why google block my vps on digitalocean?
<rbasak> systemd unit files in a -common package in general sounds inappropriate. I don't know the specifics in this case though.
<rbasak> Since we usually want multiple things to consume -common packages, including things that may not want services.
<rbasak> For example, mysql-server-5.7 depends on mysql-common, amongst other things.
<rbasak> So does mysql-server-core-5.7.
<mason> Neo4: They included their reasoning in the pastebin you shared. It's really that easy, unfortunately.
<rbasak> Users can consume mysql-server-core-5.7 if they want the binaries but no service.
<rbasak> The systemd unit exists in mysql-server-5.7 only.
<tobasco> rbasak: i totally agree, however i think the overall forcing users to run apache py3 which cannot be un on the same node as other py2 apache wsgi stuff is a bad idea
<Neo4> mason: and what shall I do?
<Neo4> rbasak: it means google is bad mail server?
<mason> Neo4: No, it means the IPs you've tried are problematic.
<mason> Google being a bad mail server is a separate issue. :)
<rbasak> tobasco: AIUI, that isn't what's going on here though. You aren't forced to install that particular package.
<Neo4> mason: why my ip is problematic?
<Neo4> it's new IP
<mason> Neo4: Someone has used it before you then.
<Neo4> mason: and it means I can't send any message? Other servers will accept my massage  s
<Neo4> not google
<tobasco> rbasak: somewhat true, it's still not a complete usable package. it's alot of work when trying to support multiple os in puppet modules if rhel supply systemd files or py2 with apache and ubuntu supplies py3 apache and no systemd files. that means i have to add custom systemd files to puppet modules instead of them being in the package
<mason> Neo4: Correct.
<tobasco> custom systemd files for a specific os even so
<mason> Neo4: Look at SPF and DKIM. Maybe you can rehab what you've got.
<tobasco> so instead of breaking existing packages why not add a gnocchi-api-apache package that depends on gnocchi-api and supplies the dependencies and configs that breaks usage alongside other stuff
<rbasak> tobasco: sounds like a feature request.
<rbasak> tobasco: AIUI, it doesn't break existing packages.
<rbasak> It's just that two particular packages aren't co-installable. But they never were. And presumably everything still works if you use multiple machines, containers or VMs so co-installability isn't a problem in that case.
<rbasak> So the packages are still usable; just not in the particular way that you want.
<Neo4> mason: see I got message from adress www-data@v119512.kvm.test-hf.su , how I can send mail from other addresses?
<mason> Neo4: Look at SPF and DKIM. Maybe you can rehab what you've got.
<Neo4> I want something like this admin@hacker.pro . Can I got it?
<mason> Probably.
<Neo4> mason: how?
<Neo4> using postfix?
<tobasco> rbasak: true, my use-case is that i cannot test it in an aio installation, so ci is broken and ubuntu support will be removed upstream for puppet modules if not resolved
<mason> It's just a domain. Since everything's a TLD nowadays I assume that is too. Buy it.
<mason> Anyway, I'm off for a bit. o/
<rbasak> tobasco: well, you _can_ test it. You just need to take care of starting the services yourself in (AIUI) your unique test-environment-only use case.
<rbasak> tobasco: and those systemd units wouldn't be used in production, right? So they don't need to be tested for your results to be good.
<rbasak> tobasco: anyway, I'm just a spectator. I have no decision wrt. those packages.
<rbasak> tobasco: just making the observation
<jose-phillips> hi
<jose-phillips> someone can help me with a issue with multipath iscsi diskless server
<jose-phillips> im trying to perform a multipath
<jose-phillips> but i get this error
<jose-phillips> libdevmapper: ioctl/libdm-iface.c(1876): device-mapper: reload ioctl on ROOTDISK failed: Device or resource busy
#ubuntu-server 2018-01-18
<lordievader> Good morning
<jamespage> tobasco: hmm not sure I'm keen on doing that - its really all rather non-optimal using the wsgi standalone entry point - single process, parameters for listen port configuration
<tobasco> jamespage: im unsure on how i would resolve this in upstream ci, i cant test gnocchi with panko and nova-placement-api on the same node
<jamespage> tobasco: hmm
<jamespage> cause some are py2 and some are py3?
<jamespage> sorry I'm away atm so a bit on and off irc
<tobasco> jamespage: yea
<tobasco> jamespage: that issue with gnocchi being py3 and the connectivity issue between nova and neutron will cause ubuntu to be dropped from upstream testing and therefore completely supported, so fixes will need to be commited upstream by users and is not tested :(
<jamespage> coreycb: hmm ^^ I'd not considered this in the context of config management tools that still don't use containers to isolate services; so this is not a problem for kolla, helm, anisble or charms, but probably is for puppet and chef
<jamespage> however I'm really loathe to lock step all openstack top level projects during the migration to py3 in terms of switchover
<jamespage> coreycb: we could provide 'alternative' py2 deps so that this use case could be fulfilled.
<jamespage> tobasco: would a python-gnocchi + gnocchi-common providing py2 bit work?
<tobasco> jamespage: packaging gnocchi for py2 would work since i could run it in apache alongside the other projects
<tobasco> i'm unsure when the python3 goals is suppose to be completed but i would support an effort to move over to py3 for all then
<tobasco> perhaps it's already done, but there will always be some stuff missed i guess
<tobasco> how would the dependencies on gnocchi-api package be then?
<coreycb> jamespage: i think keeping py2 deps until all of openstack packages are py3 makes sense. once they all have py3 support, we can drop all py2 support.
<frickler> coreycb: could you also provide a pike uca version for this? would make testing a bit easier for me https://bugs.launchpad.net/bugs/1715417
<ubottu> Launchpad bug 1715417 in Ubuntu Cloud Archive pike "Cannot view a zone in dashboard - 404 errors" [Medium,Triaged]
<coreycb> frickler: yes it's actually on the way to xenial-pike as well
<frickler> coreycb: ah, great, thx
<GivenToCode> anyone have a guide for creating a single node kubernetes cluster on ec2 that doesn't involve juju or conjur? just like the 5 or 6 commands to install and start everything
<Neo4> how work mail?
<Neo4> MTA mail transfer agent
<teward> mind trying to use an actually understandable question?
<teward> "how work mail" is not a question.
<Neo4> MUA mail user agent what is it?
<Neo4> teward: for me it's question, I dont know it )
<Neo4> teward: let's break down scheme
<mason> Neo4: You'd be well advised to get the Postfix book. It'll explain a lot that frankly you very much need to know.
<Neo4> teward: exists MUA mail user agent, what is it ?
<mason> A mail user agent would be, for example, Mutt, or Thunderbird, or Outlook, or the GMail web site.
<Neo4> mason: I downloaded book 2005 years? I was advised to read only documentation on official site
<mason> Neo4: https://www.amazon.com/Postfix-Definitive-Secure-Easy-Use/dp/0596002122/
<mason> Neo4: But the concepts haven't changed since the 90s.
<Neo4> mason: yes, I use thunderburd it is MUA, well, go on... MTA - mail transfer agen what is it?
<Neo4> mason: I guessed, there all protocols will equal and it will useful to read
<Neo4> mason: I'll read it after reading http://www.postfix.org/documentation.html
<Neo4> mason: wait I show you book what I've got
<mason> All good ideas.
<mason> Any book ought to be useful.
<Neo4> mason: this http://gen.lib.rus.ec/book/index.php?md5=852C79F689FEB77C5FDE686B993808B1
<Neo4> 2005 years, it is 13 years out of date
<Neo4> and more it was issued on 2005 and data there about 2005 ..... 2000
<mason> Age won't matter much. You'll want to catch up on newish things like DKIM or SPF.
<Neo4> mason: on this site only new 2008 and in Russian, I want to read in English http://gen.lib.rus.ec/search.php?&req=postfix&phrase=0&view=simple&column=def&sort=year&sortmode=DESC
<Neo4> on Amazon also not exists good books, all are old
<ahasenack> rbasak: hi, git-ubuntu thinks samba in debian/sid is 2:4.7.1+dfsg-1, but rmadison says it's  2:4.7.4+dfsg-1
<ahasenack> 01/18/2018 14:02:38 - ERROR:pkg/ubuntu/devel version (2:4.7.3+dfsg-1ubuntu1) is after debian/sid version (2:4.7.1+dfsg-1). Are you sure you want to merge? (Pass -f to force the merge).
<ahasenack> rbasak: the importer needs to be kicked?
<Neo4> mason: on #postfix channel guy said me read off documentation he said that he learned reading only it, sendmail documentation and postfix
<Neo4> both are useful
<Neo4> he said when he started to learn there weren't VMs
<Neo4> ok, doesn't matter
<Neo4> we should know terms and how approximately it works
<Neo4> MUA (thunderburd) and otherrs, user sends message, then it message goes where?
<Neo4> to MTA
<Neo4> what is MTA for example?
<Neo4> mail transfer agent
<Neo4> it's postfix
<Neo4> what is MDA?
<Neo4> mail delivery agent?
<Neo4> is thunderburd MDA? It also get messages
<mason> procmail, for example
<ahasenack> no
<mason> or maildrop
<blackflow> Neo4: it's all explained here: https://en.wikipedia.org/wiki/Email_agent_(infrastructure)
<ahasenack> my "no" was for thunderbird :)
<ahasenack> it's whatever gets the message into the final mailbox
<mason> blackflow: You miss out on casual snark with +g :P
<ahasenack> sometimes it's as simple as creating a file on disk
<blackflow> mason: ah sorry, lemme whitelist you
<ahasenack> other times it's more complex and can involve delivering to a database, for example
<Neo4> ahasenack: see MDA is mail delivery agent, Thunderbird is getting mails, it means that it deliver mails to user that's why we call it Mail deliver agent, isn't it?
<ahasenack> no
<Neo4> ahasenack: in general thunderbird is MDA and MTA?
<ahasenack> thunderbird is a mua
<Neo4> oh MUA and MDA
<Neo4> why not MDA? it is getting mails too
<ahasenack> it is getting the emails from a server
<Neo4> or MUA can get and send both?
<ahasenack> it's pulling the emails down
<ahasenack> the last agent that actually delivered the email to the server is the mda
<Neo4> ahasenack: download
<Neo4> ahasenack: well, MDA is placed on some server only?
<ahasenack> normally,
<ahasenack> but procmail can be used on the client as well to re-arrange things
<ahasenack> and it's an mda
<blackflow> dovecot/lmtp is MDA
<Neo4> ahasenack: you mean postmal?
<Neo4> postfix*
<Neo4> ahasenack: you want say MDA is server app accept mails and stores them whenever on server on database
<Neo4> supposed it
<ahasenack> yes, so each mta doesn't have to know about all possible types of mailboxes that exist out there
<Neo4> we have 3 MUA mail user agent, MTA mail transfer agent and MDA mail deliver agent. What is SMTP
<Neo4> ahasenack: what is 'type of mailboxes'?
<Neo4> it's MTA?
<ahasenack> Neo4: dovecot's, cyrus', mbox, maildir, etc
<sdeziel> postfix is a collection of software, it provides a MDA (for local(8) deliveries, aka save to disk), a MUA (sendmail(1)) and is a MTA (smtp/smtpd)
<Neo4> ahasenack: I used gmail it also type of mailbox?
<ahasenack> gmail's  is proprietary, we don't know how they store their emails
<sdeziel> SMTP is the transport protocol used to exchange emails between MTAs
<Neo4> what I think... SMTP simple mail transfer protocol it use for connect MUA to MTA yes
<sdeziel> that's also true, the MUA speaks SMTP to handover the email to the MTA
<Neo4> ahasenack: ok, dovecot, cyrus, mbox what is it? MDA?
<sdeziel> the MTA's job is then to deliver it towards the final destination
<Neo4> sdeziel: IMAP?
<sdeziel> Neo4: IMAP is for a MUA to retrieve incoming emails from a mail server
<sdeziel> dovecot/cyrus are both IMAP servers (among others)
<Neo4> IMAP - Internet mail access protocol
<Neo4> yes access,
<Neo4> sdeziel: what is mail server, is it MDA? Or it both MDA and MTA?
<Neo4> seems it should be MDA
<sdeziel> Neo4: mail server is too broad
<Neo4> sdeziel: to broad notion?
<sdeziel> Neo4: a user wanting to send/receive emails will have to interact with two components
<Neo4> I need more clearly picture
<sdeziel> to send, it will have to configure its MUA (Thunderbird) to interact with a MTA (postfix) using SMTP
<Neo4> understood
<sdeziel> to receive, it will have to configure its MUA to interact with a IMAP (dovecot) server using well IMAP ;)
<Neo4> and for get mails will interect with MDA using IMAP
<Neo4> I don't understand it MTA is send message, MDA is receive massage, what is dovecot?
<Neo4> I look in google
<sdeziel> Neo4: I think you can safely ignore MDA for now
<Neo4> I saw a few video about it and read it in postfix add-ons
<sdeziel> MTAs are responsible for moving emails around and they use the SMTP protocol for that
<Neo4> there exists roundcobe also
<sdeziel> once a MTA determines it's the final destination for a given email, it will pass it on to the mail storage portion (this is where the MDA comes in)
<Neo4> Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind.
<sdeziel> once the email is stored on the server, it can be retrieved by the recipient using IMAP
<Neo4> mail server
<Neo4> sdeziel: ok
<tomreyn> so much for the easy part, now to smtp auth ;)
<Neo4> it means MDA is included in dovecot
<Neo4> sdeziel: do you know https://roundcobe.net
<Neo4> sdeziel: https://roundcube.net/ *
<sdeziel> Neo4: a little
<sdeziel> I use fat-clients myself, not web-based ones
<Neo4> I saw it in one guy, it is a browser-based multilingual IMAP client with an application-like user
<Neo4> what is IMAP client?
<Neo4> thunderbird is IMAP client too?
<Neo4> yes
<Neo4> we call all apps IMAP clients that can get access using IMAP (internet mail access protocol)
<Neo4> might be
<Neo4> not might be, just exactly
<Neo4> Need ask him how he installed it, but seems it was preinstalled on server or was delivered with control panel
<Neo4> little more understandable what is who
<Neo4> :)
<tomreyn> Neo4: are you more than one person there?
<tomreyn> it seems as if you're talking to yourself
<Neo4> tomreyn: if I would one here yes, I'd talking to myself ) I'm toling to myself when I'm thinking.... Now in voice )
<Neo4> doesn't matter, with who you are speaking )))
<tomreyn> okay, i think i understand what you mean
<tomreyn> anything which speaks to an imap server is an imap client.
<tomreyn> correction: anything which speaks the IMAP protocol to an imap server is an imap client.
<Neo4> tomreyn: understood
<Neo4> now
<Neo4> exists browsers IMAP clients
<tomreyn> are you asking: "do browser based imap client exist?"
<tomreyn> *clientS
<Neo4> we can call probably roundcube also MUA mail user agent and google gmail is also MUA
<tomreyn> roundcube is an imap client. i'm not sure about the exact definition of a mail user agent, but my guess is you could also call it that.
<Neo4> tomreyn: no it's not questions just inform sentences
<Neo4> tomreyn: yes, MUA we can all google as well
<tomreyn> hmm surely not all of google. maybe some of gmail, but i guess neither.
<Neo4> because it has all properties belonging MUA
<Neo4> ok, in general all apps who can send mails and accept are MUAs
<tomreyn> hmm, okay, actually you can be right. it's difficult to tell how gmail works technically since it's not documented. but i agree that it has the properties of what is described as a MUA on wikipedia (i did not check the RFC's definition)
<Neo4> there in google just web interface, server might be paced separated somewhere. or well will use for a while only thunderburd like traditional MUA
<Neo4> tomreyn: ok :)
<Neo4> we forgot about POP
<tomreyn> if you're looking for good examples, i'd go with thunderbird and roundcube, since you can know how they work.
<Neo4> all common abriviation we are knew
<Neo4> tomreyn: I use thunderbird for chat now and for mail http://pix.toile-libre.org/?img=1516294047.png
<tomreyn> ok?
<Neo4> tomreyn: good
<tomreyn> that's fine with me. :)
<Neo4> tomreyn: because it was in windows and now use here too
<Neo4> well, go on reading )
<tomreyn> good luck!
<ndanl> hi guys
<ndanl> 18:52:56 ndanl
<ndanl> I have a problem ater updating my ubuntu openstack controller
<ndanl> 18:53:39 ndanl
<ndanl> whenever I try to start any of the openstack services I get the errors like this one http://paste.openstack.org/show/646929/
<ndanl> 18:54:29 ndanl
<ndanl> all errors cointain something about monotonic.py
<ndanl> 18:54:47 ndanl
<ndanl> could this be broken in 16.04 xenial
<ndanl> 18:54:48 ndanl
<ndanl> ?
<teward> ...
<ndanl> I have a problem ater updating my ubuntu openstack controller
<ndanl> whenever I try to start any of the openstack services I get the errors like this one http://paste.openstack.org/show/646929/
<teward> ndanl: copy/paste of IRC lines break things with linebreaks
<ndanl> all errors cointain something about monotonic.py
<teward> don't repeat your thing multiple times either
<teward> (just an FYI for both the paste you did AND asking your question a second time)
<ndanl> sorry just pasted
<ndanl> so somthing went wrong after update
<ndanl> this is the list of packages recently updated http://paste.openstack.org/show/646936/
<ndanl> any idea what may be wrong ?
<Epx998> Can I set a release's minor release in a preseed?
<nacc> Epx998: what do you mean?
<Epx998> Choose to install 16.04.2 instead of 16.04.3
<nacc> Epx998: 16.04.2 is unsupported now
<nacc> Epx998: is there a reason you would choose that?
<nacc> Epx998: and no, that's a HWE stack, it's not a 'release' you'd preseed anyways
<Epx998> Some new servers for our dev team, the os specs are very specific this round.
<nacc> Epx998: ... your dev team wants to run unsupported kernel and graphics stacks?
<nacc> (that aren't getting security updates, e.g)
<Epx998> they dont care heh
<patdk-lap> you will be vaunerable to all this meltdown/spectre stuff
<nacc> at a minimum
<nacc> also i'm not sure you can install that
<nacc> hwe is rolling now
<Epx998> our A/V teams are ramping up, a lot of hardware and os specs being given to them
<nacc> you *might* be able to pin the hwe kernel package to an old version, if it's available in your mirror
<Epx998> im trying that right now on a vm
<nacc> but any bugs you hit are your own to resolve
<Epx998> yeah they dont worry about that stuff
<nacc> so your dev team has specific kernel and X requireemtns?
<nacc> because everything else is the same between 16.04.2 and 16.04.3 once you `sudo apt update; sudo apt upgrade`
<Epx998> yeah depending on the project
<Epx998> the xenial servers we built, they just want xenial, no kernel reqs yet
<nacc> Epx998: so then ...
<nacc> Epx998: don't insntall the hwe stack
<nacc> Epx998: i feel like you're makinng a lot of work for yourself
<nacc> Epx998: just switch back to the stock non-hwe kernel and X and stay supported
<nacc> Epx998: if they don't have requiremets for the hwe stack, why deall with it?
<Epx998> hmm
<sdeziel> nacc: you worked on SRU'ing php7.0 7.0.25 (thanks for that) but now 7.0.27 is out and addresses 3 CVEs. Would it make sense to skip .25 and jump all the way to .27?
<sdeziel> I'm asking since the SRU of .25 is stalled ATM
<nacc> sdeziel: i'll talk with mdeslaur about it
<nacc> sdeziel: probably
<nacc> although 27 will also get stalled currently, i expect
<nacc> but yeah, might be worth doing
<mdeslaur> why is it stalled?
<sdeziel> nacc: I could update the existing LP or open a new one with CVE links if that helps
<nacc> mdeslaur: autopkgtest regressions, which look all to be infra related
<nacc> and possibly a tzdata related bug
 * nacc feels like tzdata updates aren't being properly tested
<nacc> (there have beenn two issues in PHP related to it so far)
<nacc> sdeziel: if you could file a bug, that would be helpful
<sdeziel> nacc: will do, thanks
<nacc> sdeziel: thank you!
<nacc> sdeziel: sorry, my focus right now is to see if 7.2 is making debian soon and if we should migrate to it for 18.04
<mdeslaur> nacc: ok, I'm busy at the moment, but I'll look into what the current php security status is
<nacc> mdeslaur: thanks, i can get it set up in our repo for you to upload in the meanwhile
<sdeziel> nacc: no worries
<mdeslaur> nacc: please
<sdeziel> nacc: https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1744148
<ubottu> Launchpad bug 1744148 in php7.0 (Ubuntu) "[MRE] Please update to latest upstream release 7.0.27" [Undecided,New]
<nacc> sdeziel: thanks
<mwynne> Hi guys. I'm getting kernel panics in VMs running openstack on a daily basis. Is this the right place post/ask about these issues?
<mwynne> Panic log: http://paste.openstack.org/show/646958/
<mwynne> The kernel website says that they won't support distro kernel releases, so I'm assuming someone here can help :)
<nacc> mwynne: yeah, give it a bit
<patdk-lap> not really the right place
<patdk-lap> really need to file a bug report on launchpad
<nacc> mwynne: `ubuntu-bug linux` in this case
<mwynne> nacc: I've created it manually on launchpad already. Should I use ubuntu-bug instead?
<nacc> mwynne: nah, that's fine
<sarnold> apport-collect can append all the same data after the fact
<nacc> sarnold: yeah that's what i figured
#ubuntu-server 2018-01-19
<kneeki> I cannot get Apache2.4 to list the contents of a directory... I've tried .htaccess and modifying the <VirtualHost> <Directory> with no luck. What's another reason that Apache would prevent directory browsing?
<patdk-lap> with that amount of info? no
<patdk-lap> installing the directoryindex module
<patdk-lap> and activating it
<patdk-lap> make sure that option is turned on
<sarnold> I once spent five or six hours learning that apache <Directory> directives MUST NOT END with a /
<patdk-lap> :)
<kneeki> sudo a2enmod autoindex && sudo service apache2 restart ... With my other VirtualHost options got 'er working. Thanks patdk-lap
<k_sze> How do I find the path of a systemd unit file?
<ChmEarl>  lib/systemd/system/<unit>.service
<k_sze> I can't get iptables-persistent to work.
<k_sze> I have rules saved in /etc/iptables/rules.v4.
<k_sze> The netfilter-persistent.service starts at boot time.
<k_sze> But I just don't see the rules added.
<k_sze> (This is using Ubuntu Server 64-bit 16.04)
<ChmEarl> k_sze, check /etc/default/iptables* for settings
<k_sze> ChmEarl: No such file(s).
<k_sze[work]> Does ufw automatically persist rules and load them on reboot?
<lordievader> Good morning
<k_sze[work]> If I look at the output of `iptables -4 -L`, I see there's already a rule for sshd to allow incoming NEW connections.
<k_sze[work]> But how does that rule get added?
<k_sze[work]> It seems that I never had iptables-persistent before, so it just have come from somewhere else.
<lordievader> k_sze[work]: You didn't set that up in ufw?
<k_sze[work]> I never had ufw active either.
<lordievader> That's a bit odd.
<k_sze[work]> Does systemd have the power to automatically add firewall rules?
<k_sze[work]> I see /lib/systemd/system/ssh.socket has ListenStream=22 Accept=yes
<tobasco> jamespage: is gnocchi py2 something that can be squeezed into queens release, milestone 3 now and release is closing in. tried to find if gnocchi even supports py2 still but no compat list on gnocchi.xyz page or their docs
<jamespage> tobasco: we think so yes
<k_sze[work]> what the...
<k_sze[work]> my /etc/network/interfaces gets overwritten on reboot.
<k_sze[work]> How does that even work?
<tobasco> jamespage: cool, thanks!
<Odd_Bloke> smoser: What does CRSN in streams data actually stand for?
<k_sze[work]> Seriously, I can't figure out, for the life of me, how iptables works in Ubuntu 16.04.
<k_sze[work]> Where do the rules for http, smtp, pop3, imap, and ssh even come from? I never added those rules myself.
<rbasak> Do you have ufw installed and enabled?
<rbasak> If so, that's what's doing it.
<k_sze[work]> rbasak: I specifically tried disabling ufw and rebooting
<k_sze[work]> the rules are still there.
<rbasak> It's not normal. I'm not aware of anything that does this by default.
<rbasak> I'm not sure it's Ubuntu that's doing it then. Have you installed anything else on your system?
<k_sze[work]> Well, they are all packages from the official repo
<k_sze[work]> Sure, I have nginx and openssh installed and their services are running, but I never added the iptables rules myself.
<k_sze[work]> The firewall landscape is a mess.
<k_sze[work]> I wish there's a way to trace where the firewall rules came from.
<k_sze[work]> I also have postfix service running, so maybe that's contributing to the rules for smtp, pop3, imap.
<rbasak> I think there is infrastructure to do that, but there's no direct tooling since it's a pretty uncommon problem you have there.
<k_sze[work]> But still, what mechanism?
<k_sze[work]> rbasak: that's not even my main problem.
<k_sze[work]> rbasak: my main problem is that I can't get my own custom rules to persist.
<k_sze[work]> I have iptables-persistent and netfilter-persistent installed.
<k_sze[work]> journalctl says netfilter-persistent started succesfully at boot time.
<k_sze[work]> but I just don't see my custom rule.
<k_sze[work]> And it's not like my rule has a syntax error, otherwise I would see a complaint in journalctl.
<k_sze[work]> (and of course, my rule is in the usual /etc/iptables/rules.v4)
<TJ-> k_sze[work]: does the system have firewalld installed? That supports rules added dynamically by services via Dbus for example, which would explain what you're seeing
<k_sze[work]> let me check
<k_sze[work]> `systemctl status firewalld.service` says no such file or directory
<k_sze[work]> `dpkg -l firewalld` also says it's not installed.
<TJ-> k_sze[work]: how about "sudo grep -rn 'INPUT' /etc/ /var/lib/" - if they're defined and saved that should pick them up
<k_sze[work]> Hmm, I see /etc/iptables.firewall.rules has the rules.
<k_sze[work]> But it's dated April 26th, 2015.
<k_sze[work]> That's *very* old. Seems like a file left to its default content to me.
<k_sze[work]> Because that date is even before the release of 16.04.
<k_sze[work]> Or did I write that file while on 14.04 and then I upgraded to 16.04?
<k_sze[work]> I can't remember if I ever upgraded that server.
<k_sze[work]> Is there a way I can tell?
<k_sze[work]> I mean, if I can tell whether the server was upgraded from a previous release.
<TJ-> k_sze[work]: how about "sudo grep -rn 'iptables\.firewall\.rules' /etc/"
<rbasak> k_sze[work]: sudo cat /var/log/installer/version
<rbasak> or media-info
<rbasak> media-info is probably better
<k_sze[work]> no version file, and media-info is empty.
<rbasak> Don't know then. Perhaps the timestamp of media-info is a clue
<k_sze[work]> April 23, 2015
<k_sze[work]> So maybe I *did* write that iptables.firewall.rules file a few days after installing the OS.
<k_sze[work]> Right... /etc/network/if-pre-up.d/firewall restores the rules from that file.
<TJ-> also "ls -l /var/log/dist-upgrade/"
<k_sze[work]> So maybe I followed some "old-style" instructions before iptables-persistent became the recommended way.
<rbasak> I'm not sure iptables-persistent is the recommended way.
<rbasak> It's just _a_ way.
<rbasak> Looks like it's in universe.
<k_sze[work]> I says recommended because newer tutorials seem to mostly mention iptables-persistent.
<k_sze[work]> Anyway, home time. (It's almost 20:00 and I'm still in the office...)
<k_sze[work]> Thanks for the help.
<smoser> Odd_Bloke: cloud region short name
<smoser> which clearly has evolved to not mean anything :-(
<smoser> i think i probably had intended to keep them unique. i think we could probably re-work it. so that we had more consistent things.
<smoser>  aws-us-east-1
<smoser> the real value of it is that it is used as compression via the 'alias' stuff.  then each item can have endpoint anad region but be represented in compressed form by just the 'crsn'
<Odd_Bloke> Right.
<Odd_Bloke> Well, it does do that, just per-cloud.
<smoser> Odd_Bloke: i saw i think in gce a 'None' in part of the sting
<smoser> string
<smoser> Nonesomething
<boxrick> Hello!
<boxrick> I wish to use gpg2 and alias over the gpg command
<boxrick> Is this is going to have implications on the core Ubuntu workings with apt and such?
<nacc> boxrick: what version of ubuntu?
<boxrick> 16.04
<nacc> boxrick: so install gnupg2 ? why do you need to change the gpg default?
<boxrick> So I have installed gnupg2 and it works fine.
<boxrick> However I wish for anyone using the system to default to version 2 over 1
<nacc> boxrick: why?
<nacc> boxrick: i dont think you actually want that, without some further thought -- folks can just invoke gpg2, no?
<boxrick> This is more of a simple ease of use
<boxrick> People type 'gpg' rather than gpg2 for example as habit. I just want to catch that
<nacc> boxrick: they are, iirc, not compatible with each other ...
<nacc> so i think once they move, they won't be able to go back, but i'm not 100%
<nacc> it doesn't seem like something you want to do transparently
<nacc> boxrick: but if you insist, just add an alias, or an alternative
<boxrick> Id rather just remove gpg1
<boxrick> But thats rather essential to the workings of Ubuntu
<boxrick> The intent here is to just set people up going with v2 and not need to worry about 1.
<TJ-> boxrick: so you want te system to have access to gpg (v1) but users gpg (v2) - could you do it via /etc/profile so logins see an "alias gpg=/usr/bin/gpg2" ?
<nacc> that's what i meant by add an alias above :)
<TJ-> nacc: sorry, I didn't see it... my vision has literally blurred from tracing/reporting so many bugs today
<nacc> TJ-: np :)
<nacc> yours was more detailed anyways
<sarnold> boxrick: you may consider doing a symlink from ~/bin/gpg to /usr/bin/gpg2 so it only affects your user account and not system tools
<Neo4> what is root@localhost?
<Neo4> I want to get all my errors form VPS to my mail on google, how to do it?
<nacc> sarnold: good point
<nacc> sarnold: my impression was a multi-user system
<nacc> Neo4: it is a user @ a hostname
<Neo4> nacc: all apps on linux send errors to this root @ localhost on default?
<nacc> Neo4: no, some just log them
<Neo4> nacc: and others what to do?
<Neo4> say default linux apps log on that mail errors, I need to get it
<Neo4> what I shall to do?
<nacc> Neo4: I don't understand your question
<Neo4> I've already installed postfix
<Neo4> nacc: see root@localhost I want change it on neovichnn@gmail on my real mail
<nacc> I believe that's just an envelope setting
<Neo4> nacc: how do you get errors on mail?
<nacc> Neo4: you have two completely different questions
<sarnold> Neo4: if I've understood you correctly, look at the msmtp-mta package
<Neo4> I something read it possilbe redirect them on your real mail and if something will wrong with VPS you'll get message and react fast
<nacc> 1 is just what the user is that's receiving error/admin mails
<nacc> 2 is how to forward local error/admin mails to a remote server
<Neo4> sarnold: I have postfix
<Neo4> and I don't know how there something change for get what I want
<Neo4> nacc: no, first you can omit
<Neo4> nacc: apps that exists in linux send message to root@loalhost but it's not exaclty and I want get this messages
<Neo4> root@localhost it's not real mail
<nacc> sure it is
<nacc> on localhost it is
<nacc> i think you are misunderstanding something
<nacc> as root on localhost, you run `mail` and read that just fine
<Neo4> nacc: if will apahe send message it will www-data @ name of my computer if it will use postfix it will www-data @ kselax.ru . I changed myorigin = kselax.ru
<Neo4> nacc: in linux mail send message?
<Neo4> mail --help
<nacc> Neo4: it's really hard to understand what you are asking, possibly due to a language barrier.
<Neo4> it's utility
<nacc> Neo4: are you asking if the command mail can send a message?
<Neo4> nacc: yes, this too
<nacc> Neo4: yes, `mail` can send and receive mail
<Neo4> nacc: default how it occur? assume mysql has error and it prepared data for send message, what will happen next?
<Neo4> nacc: where it send mail?
<Neo4> nacc: what is mail MUA?
<Neo4> mail might be use my postfix?
<nacc> Neo4: i believe by default, admin mail is delivered to /var/mail/root
<Neo4> mail -> postfix -> google MDA -> my thunderbird
<Neo4> I'll look what is there
<nacc> Neo4: I don't understand what you mean by 'what is mail MUA'? Do you mean the command `mail` ?
<Neo4> there empty root file
<nacc> Neo4: that implies no admin mails have been received (iiuc)
<Neo4> nacc: I mean what is mail MUA for linux when we use mail, mail function is MUA
<Neo4> nacc: admin mail with errors?
<nacc> Neo4: ... did you just answer your own question?
<Neo4> that means all worked without error for a while
<Neo4> nacc: what the own question? What do you mean?
<Neo4> nacc: where do you see errors?
<Neo4> nacc: see, https://serverfault.com/questions/485505/get-postfix-to-forward-roots-mail
<Neo4> what is it postmaster:    root in /etc/aliases?
<Neo4> according to that sources we see there mail function and we can send message to any mail. I want to send to root@localhost
<Neo4> echo test | mail -s test root
<Neo4>  *      /var/mail/root is empty
<gQuigs> some bionic images not building since the 3rd?  - http://cdimage.ubuntu.com/ubuntu-server/
<gQuigs> anyway to check why?
<nacc> powersj: --^
<nacc> gQuigs: i think we know why, but not 100%
<sarnold> looks like xenial too http://cdimage.ubuntu.com/ubuntu-server/xenial/daily/current/
<nacc> yeah i've been getting e-mails on them
<nacc> but powersj usually handles that side
<powersj> hmm I get the emails, but don't build them :)
<powersj> slangasek would be who I'd ping, but probably won't see him till later
<gQuigs> just curious.. what''s the current theory?
<powersj> gQuigs: looks like both xenial and bionic are having issues running requestBuild against Launchpad during the live filesystem
<powersj> the error is "An identical build of this live filesystem image is already pending."
<powersj> so some timing must be off
<nacc> powersj: i wonder if an olld build is wedged
<gQuigs> powersj: well that makes the 3rd more interesting - https://twitter.com/launchpadstatus/status/948688233029881856
<nacc> because i think they all have been like that since then
<powersj> nacc: agreed or due to taking the farm down for patching we need to kick something
 * TJ- kicks the nearest cow
<tomreyn> in other farming news: echo 'cowsay --help is broken on Xenial' | cowsay
<tomreyn> it just sits there. but then, it's a cow.
<sarnold> poor cow :(
<TJ-> That's just like our cows :)
<TJ-> it's chewing it's cudd and thinking about it
<mason> tomreyn: Sure enough.
<gQuigs> ty!
<blackflow> Hm, turns out postgresql server dev package is in universe, while the main server is in main repo. How come? This is rather... suprising.
<blackflow> been meaning to minimize the number of packages installed from universe, or at least watch them carefully, as some are in very bad shape.
<nacc> blackflow: specific package name?
<blackflow> nacc: for what?
<mason> blackflow: I could be confused, but that might be worth a ticket asking for it to be pulled in.
<mason> blackflow: The dev package.
<nacc> blackflow: any example for what you just said?
<blackflow> nacc: you mean package in universe thats' in bad shape? roundcube for example, on xenial. it's "beta" and never patched for at least five vulns, some REMOTE, that occurred in 2017 (I know because I helped patch the package in FreeBSD)
<mason> blackflow: Open bugs on launchpad.
<mason> In in your case, submit patches in them. :P
<blackflow> somoene already file bug reports about that, but that got nowhere. meanwhile, my problem is not roundcube itself, I'm using upstream code directly. it's just that knowing how bad packages can get in universe, I was surprised to see postgres dev in there
<blackflow> it's basically all coming from the same source pacakge, no? the server, the client, the headers for -dev ....
<nacc> blackflow: what package!?
<nacc> blackflow: you keep saying 'postgres dev' package
<nacc> blackflow: please just actually say the name of the package so i don't have to grep for it
<blackflow> postgresql-server-dev-9.6
<blackflow> it's headers for postgresql server, so libs can be built for it
<nacc> blackflow: the source is in main
<nacc> blackflow: we don't keep all binaries in main from a given package
<nacc> only those that have deps in main or are seeded
<blackflow> how is it ensured that they're kept in sync?
<nacc> blackflow: how what is kept in sync?
<blackflow> nvm, I obviously misunderstood the purpose of "universe" and it being community maintained, as opposed to "main" which is Canonical maintained.
<blackflow> or at least, what happens to postgresql-server-dev-*, despite it being in universe.
<nacc> blackflow: the relevant part here is the source package is in main
<nacc> (afaict)
<blackflow> makes sense, yeah.
<rbasak> Theoretically, if there's a vulnerability that impacts only the users of the binary postgresql-server-dev-9.6 and none of the other packages, Canonical staff may ignore it.
<nacc> also, it's probably only a build-dep of pacakges in main, so it can be in universe
<nacc> just a guess
<rbasak> In pratice it's unlikely though. And we generally push through point releases for Postgres.
<nacc> yeah
<blackflow> I see. yeah.
#ubuntu-server 2018-01-20
<nofacetimber_> Help please, Ubuntu Server unresponsive on boot, black screen.
<nofacetimber_> Here is some background, it's a dual boot system with windows, I just clean installed ubuntu server this morning.  I was able to get in the first time without trouble.
<TJ-> nofacetimber_: no need to cross-post, better off in #ubuntu for this
<nofacetimber_> Hey TJ- someone suggested here
<nofacetimber_> thanks
<TJ-> yeah i know, that was before we knew it was possible kernel corruption - probably assumed you meant a video driver issue
<Ussat> #1 tip, dont. dual. boot. use a VM
<nofacetimber_> TJ- so I loaded up my usb installation iso and entered rescue mode or something
<TJ-> nofacetimber_: is this the LiveISO desktop, or something else?
<nofacetimber_> Well I believe its just the installation iso for ubuntu server, i'm actually reinstalling it as we speak because I can get in just fine the first time.
<nofacetimber_> Then I was going to try a reboot without messing with the wifi
<nofacetimber_> If it works then I know it's something with trying to enable wifi
<TJ-> nofacetimber_: OK, that's a good solution :)
<TJ-> try a few reboots to be sure then we can help you configure wifi the easy way
<nofacetimber_> Thank you TJ-
<nofacetimber_> Weird first time I reinstalled it worked again the subsequent times i'm still having trouble getting in, so i'll have to come back once I finally figure out how to get in thanks for the help TJ-
<TJ-> nofacetimber_: sounds like there may be a buggy firmware on that PC, if GRUB is using biosdisk services during boot to load kernel/initrd
<nofacetimber_> just deleted all non windows partitions in an effort to reset everything to how it was when I first started, giving the install one more go :p
<nofacetimber_> You there by chance TJ-?
<TJ-> nofacetimber_: I am
<nofacetimber_> I don't know, I thought I was ready because I got it to boot into ubuntu server again but then the next time I rebooted I was back to the same issues again.. So I guess its not the wifi thing..
<nofacetimber_> Maybe i'll try another ubuntu server installation iso, any recommendations?
<nofacetimber_> I just got some error text to show up
<TJ-> nofacetimber_: if it's installing but failing on reboot then something is wrong
<nofacetimber_> *ERROR* uncleared pch fifo underrun on pch transcoder A
<nofacetimber_> *ERROR* PCH transocder A FIFO underrun
<TJ-> That's a hardware problem with the intel platform controller hub
<nofacetimber_> My goodness
<nofacetimber_> https://askubuntu.com/questions/887557/ubuntu-16-10-booting-in-emergency-mode-after-upgrade-from-16-04
<nofacetimber_> Finally found a solution
<nofacetimber_> whew..  Must be something weird with the dell computer but setting the vt_handoff to 0 and I have sucessfully rebooted a couple times.
<nofacetimber_> TJ- I would appreciate your help with that easy wifi setup you mentioned :)
<TJ-> oh, so a video issue, the PCH bug causing the DRM video driver to fail, so disabling mode-setting works around it
<nofacetimber_> Ahh yeah guess so
<TJ-> nofacetimber_: does "nmcli" report status ?
<nofacetimber_> installing network manager right now
<nofacetimber_> will give it a try
<TJ-> OK, once it's installed use the ncurses console connection configuration tool to configure it just as you would from the GUI desktop, using "nmtui"
<TJ-> Tab key moves between fields and buttons
<nofacetimber_> i'm very new to ubuntu so some of that went over my head but i'll give it a go
<TJ-> nofacetimber_: OK, quick background. NetworkManager is a system service so is fine on a server. but many Linux GUI desktop users only interact with it through a taskbar icon called nm-applet and thus assume NM is GUI-only. But in a console the "nmtui" tool can do the same job as nm-applet's connection editor does in a GUI
<nofacetimber_> ahh cool
<TJ-> nmtui == network-manager TEXT user interface
<TJ-> so you can configure the Wifi there and it'll sort out wpa_supplicant, dhclient and everything else
<nofacetimber_> Thank you
<TJ-> mak sure you configure the connection for "all users" and "start automatically"
<nofacetimber_> NetworkManager is not running
<TJ-> "sudo systemctl start network-manager"
<nofacetimber_> Thanks so I think i'm connected I just entered the password without any errors, i'm still in the user interface
<nofacetimber_> now about configuring the connection for all users and start automatically
<nofacetimber_> do I exit out of the user interface now?
<TJ-> you tab to the Close/Quit 'buttons' and press Enter on them to exit cleanly
<nofacetimber_> done
<nofacetimber_> So i'm exactly sure about the "start automatically" and "all users" part?
<TJ-> have you added "nomodset" permanently to the boot option?s
<nofacetimber_> I don't think so, the only thing I changed permanently was the vt_handoff
<nofacetimber_> but I can reboot and double check
<TJ-> nofacetimber_: in 'nmtui' when you're doing "edit connection" at the bottom of the panel are [x] Automatically Connect and [x] Available to all users - make sure they are both checked
<TJ-> ok, so we need to set "nomodeset" permanently... hang on a mo ...
<nofacetimber_> Sweet yes they are checked.
<TJ-> OK, and finally do "sudo sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1nomodeset /' /etc/default/grub "
<nofacetimber_> Why is that needed?  Just curious
<TJ-> then "grep nomodeset /etc/default/grub" to check it was added, if so, do "sudo update-grub" which updates GRUB's /boot/grub/grub.cfg so 'nomodeset' is used at boot time
<TJ-> /etc/default/grub uses shel variables that "update-grub" takes to write the actual GRUB config file /boot/grub/grub.cfg
<nofacetimber_> Oddly enough nomodeset caused me boot issues again, nomodeset is for graphics right?
<TJ-> it's for stopping the kernel doing mode-setting of the GPU.
<nofacetimber_> hmm
<nofacetimber_> I don't have a dedicated GPU maybe that's why
<TJ-> makes no difference, there's a GPU there and KMS is standard but due to that hardwre PCH bug it's causing issues. Can you reboot into the OS ?
<TJ-> is it 16.04 Xenial LTS you've installed?
<nofacetimber_> Pretty sure it's just ubuntu server 16.04.  So if I remove nomodeset I see the ubuntu splash screen loading
<nofacetimber_> it sits there for a long time, if I hit a key then I see some text.
<TJ-> nofacetimber_: you can upgrade it to the latest kernel which may solve the PCH bug. "sudo apt install linux-image-generic-hwe-16.04"
<nofacetimber_> A start job is running for Raise network interfaces
<TJ-> hwe == HardWare Enablement
<nofacetimber_> looks like i need to wait about 5 minutes..
<nofacetimber_> okay i'll try that
<TJ-> hmmm, that shouldn't happen if NM is setting up the wifi as a system connection
<nofacetimber_> well once i'm in i'll see if I can do that upgrade without a wired connection..
<nofacetimber_> tdowdle
<nofacetimber_> *sorry wrong keyboard
<nofacetimber_> getting the latest kernal now
<nofacetimber_> and doing it on wifi
<nofacetimber_> so the wifi seemed to be working once I got in..
<TJ-> we may need to check why the start-up delayed once you've got the new kernel installed and rebooted into it
<nofacetimber_> okay it finished
<nofacetimber_> Appreciate all the help by the way
<nofacetimber_> want me to do a debug reboot?
<TJ-> try regular for now, no point debugging unless there's an issue!
<nofacetimber_> hmm
<nofacetimber_> okay so I just tried a regular reboot
<nofacetimber_> I didn't see the splash screen it was just sitting there all black with a white underscore in the top _
<nofacetimber_> I waited for about 30 seconds then decided to hook up a direct connection
<nofacetimber_> eventually I got to the login prompt
<nofacetimber_> about 20 seconds later
<nofacetimber_> or less
<TJ-> sounds like you need to disable graphical boot
<nofacetimber_> so I'm thinking it might of been that same Raise network interfaces thing I just couldn't see it
<TJ-> lets' get rid of the splash screen. Are you comfortable using a terminal text editor?
<nofacetimber_> yeah somewhat confortable
<TJ-> Do you know/prefer nano or vim ?
<nofacetimber_> nano works
<TJ-> OK, "sudo nano /etc/default/grub"
<nofacetimber_> done
<TJ-> goto the line "#GRUB_TERMINAL=console" and delete the # (comment) then save the file and do "sudo update-grub"
<TJ-> that'll tell GRUB to stay in VGA text mode
<nofacetimber_> okay
<nofacetimber_> try a reboot?
<TJ-> yes
<nofacetimber_> okay i'm in and everything seemed to load fast.  That said i'm still on wired connection whoops
<TJ-> hehehe
<nofacetimber_> Yeah If I don't connect wired then I get that 5 minute delay
<TJ-> OK, that suggests the system is trying to connect on wired too, which could be down to systemd-networkd - it generally is!
<TJ-> so, once it's got to login do "sudo apt install pastebinit" then "pastebinit <( systemd-analyze blame )" and give me the URL
<TJ-> because it's already 'seen' and used the wired it expects to find it and sits around waiting
<nofacetimber_> makes sense
<TJ-> you should be able to check and disable it with "systemctl status systemd-networkd" should show "Loaded: loaded (/lib/systemd/system/systemd-networkd.service; disabled; vendor preset: enabled)" --- notice the "disabled;" ... if that says "enabled" do "sudo systemctl disable systemd-networkd"
<TJ-> then at next boot it /should/ be OK
<nofacetimber_> Okay sorry i'm having trouble with the pastebinit command, failed to contact the server Temporary failure in name solution.  But i'll try the other
<nofacetimber_> i'm pining just fine on wifi
<nofacetimber_> pinging
<TJ-> hmmm, that suggests DNS may not be working, is the wifi configured for using DHCP?
<nofacetimber_> In those settings everything looks as you said, so maybe there is something wrong with the wifi, I seem to be able to download things with sudo apt-get just fine.
<TJ-> nofacetimber_: hmmm, and that needs DNS so not likely to be that
<TJ-> Try "Â dig +short paste.ubuntu.com"
<nofacetimber_> Well I guess I can live with that if I have to lol
<nofacetimber_> okay
<nofacetimber_> timed out no servers could be reached so must be something on my end..  I'll troubleshoot it a bit
<nofacetimber_> Appreciate the help TJ- I'm a lot further along then I was before, will take a break and work on it some more later.  Have a good evening!
#ubuntu-server 2018-01-21
<Neo4> hi
<Neo4> read this "The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine." and let's break down this together
<Neo4> what will mean if I do (mydestination = kselax.ru)??? I read here and don't understand anything https://rudd-o.com/linux-and-free-software/setting-up-a-mail-server-using-postfix-in-5-minutes
<Neo4> http://pix.toile-libre.org/?img=1516512124.png
<Neo4> let's postfix know which domail will delivered?
<Neo4> don't know how in practice test it
<Neo4> I have real domain kselax.ru
<Neo4> if I put it there it will mean postfix will delivered my message from this domain? And what is it on practice, Who can bring a real examples?
<Neo4> Just simple examples who he/she consider it must be?
<Neo4> what does mean deliver mail direct and indirect?
<Neo4> indirect we use relay-host? What is it?
<Neo4> What is relay-host?
<Neo4> Can we call any domain like FQDN?
<Neo4> blabla@gmail.com is it FQDN?
<Neo4> What is USE ?
<Neo4> USE ( unsolicited commercial email )
<Neo4> SPAM in other words
<Neo4> send USE )
<Neo4> 90% of mails are USE (unsolicited commercial email)s
<Neo4> UCE*
<Neo4> exists UCE policy restriction
<Neo4> my postmaster is admin on my mailserver?
<Neo4> he must accept all server errors
<Neo4> might be in ubuntu many apps inform or log errors on root + @ + hostname and post server only postmaster + @ + hostname
<Neo4> hostname and domainname is differ notions
<Neo4> domain server name DNS
<Neo4> and hostname is name of your computer
<Neo4> what is localhost? is it hostname?
<Neo4> what is this ip 127.0.0.1?
<Neo1> horde vs squirrelmail vs roundcube?
<Neo1> this is equal software?
<Neo1> What is we called "webmail"?
<Neo1> Webmail is any email client implemented as a web application running on a web server.
<Neo1> is it real mail term?
<Neo1> webmail any software that is running on mail server
<Neo1> I'm wrong
<Neo1> webmail is email client running on web server
<Neo1> php client
<Neo1> webmail apps are squirrelmail, hord and roundcube
<Neo1> the most popular is roundcube
<rostam> Hello I am using ubuntu server version 16.04, I have set up a static ip address in /etc/network/interface and have set up the gateway, netmask, broad case, dns server addresses. I can ssh in and out of the system. But some one address resolution fails, I have to hard code ipaddress. Not sure what or where else I should check. I have set up another system eaclty the same way with no issue.  Please help, many thanks in advance.
#ubuntu-server 2019-01-14
<lunaphyte> i got disconnected, sorry
<lunaphyte> TJ-: it looks like it's usb 1 and usb 2
<lunaphyte> there are two black ports on the front, which i suppose should be usb 2?  and two white ports on the back, which would i guess then probably be usb 1?
<lunaphyte> it's an older dell poweredge server
<lunaphyte> [sorry if those are repeats]
<lunaphyte> i'd been using the usb 2 socket, so i can try the usb 1 socket
<lunaphyte> TJ-: right now i have a shell to the system, having booted from a flash drive - is there anything useful i might do before rebooting?
<TJ-> lunaphyte: oooo... ability to play, so wait!
<TJ-> lunaphyte: firstly, you can determine how the keyboard is currently connected (what devices/drivers it requires)
<lunaphyte> here's what lsusb says: http://dpaste.com/0MQEZRM.txt
<TJ-> lunaphyte: I'd start with "ls -l /sys/class/input/ | grep usb "
<lunaphyte> ok, one moment
<TJ-> lunaphyte: then you can drill down in the path(s) that reveals to figure out which kernel modules are required
<lunaphyte> http://dpaste.com/29Y89J3.txt
<lunaphyte> fwiw, the drac virtual keyboard doesn't work in initramfs either
<TJ-> lunaphyte: DRAC! that explains it
<TJ-> lunaphyte: is the DRAC input not working right now?
<lunaphyt_> ugh, i keep getting disconnected
<lunaphyt_> ideally, i'd like to get the drac remote console keyboard working
<lunaphyt_> oops, that sys/class/input paste was useless, i'd forgotten to plug the keyboard back in
<lunaphyt_> http://dpaste.com/3KET45Z.txt
<tomreyn> lunaphyte: the "recue broken install" option is an option provided by the "debian installer" type installer, now dubbed the ubuntu alternative server installer.
<tomreyn> (those server ISOs without "live" in the file name)
<lunaphyt_> tomreyn: oh, ok, thanks
<TJ-> lunaphyt_: hmmm, I was just trying to figure out if the DRAC is regular usbhid - it seems to be from what I can see in the kernel source, there is no specific driver for it
<TJ-> lunaphyt_: so when there is a keyboard plugged into it there is no system input?
<lunaphyt_> sorry, i'm not sure i'm following the question
<TJ-> lunaphyt_: presumably you're connecting to DRAC5 via a management station?
<lunaphyt_> oh, i connect to the drac5 via a java application
<lunaphyt_> i run a jnlp java file on my computer here, which then connects via the network to the drac
<TJ-> right, and does it bring up the poweredge console correctly, showing the video output?
<lunaphyt_> oh, yes, it does
<TJ-> I'm just trying to get an idea as to where the issues are
<lunaphyt_> the drac5 remote console works fine, up until the kernel gets involved
<TJ-> lunaphyt_: right, that is what I wanted to get at
<lunaphyt_> so i can interact with bios, and with grub, and that all is working as it should be
<lunaphyt_> ok
<TJ-> lunaphyt_: does it continue OK with video but lose keyboard input?
<lunaphyt_> yes
<tomreyn> try this (instructions for idrac8, but might also apply): in the iDRAC, go to Virtual Console under Server, and the bottom option is for the Keyboard/Mouse Attach State. Make sure this is not set to Detached. If it is, change it to auto or plain attached and hit apply.
<TJ-> lunaphyt_: Here's another possibility: https://www.itdroplets.com/idrac-remote-keyboard-not-working/
<tomreyn> also this: Right above the "attach state" is an option for "Automatic System Lock", disabling this may help if you loose keyboard functionality after getting disconnected
<tomreyn> (last post on https://www.dell.com/community/PowerEdge-Hardware-General/Keyboard-and-mouse-not-working-in-iDRAC8/td-p/5169237# )
<TJ-> I also found one, saying "I just had the same issue.  Login to your DRAC and change the console type from Native to Java."
<TJ-> This was in relation to multiple identical PowerEdge + CentOS where only 1 had this problem
<lunaphyt_> it doesn't look like this system has the settings described for drac8
<lunaphyt_> it does have the console type setting, though.  it's currently set to java - that's what i'm using now
<TJ-> lunaphyt_: is it worth changing it to native then?
<TJ-> lunaphyt_: as a test at least
<lunaphyt_> yeah, i'll try
<TJ-> what web browser are you using to access DRAC?
<lunaphyt_> firefox
<TJ-> this issue could affect FF too I guess: https://help.serversaustralia.com.au/hc/en-us/articles/202436724-Keyboard-not-working-in-Dell-DRAC-Console-on-Internet-Explorer
<TJ-> however, no, since it works for BIOS/GRUB! forget that one
<lunaphyt_> yeah, i think if i solve my physical usb keyboard issue, i have a feeling it will solve the drac5 keyboard issue too
<TJ-> lunaphyt_: If Linux is seeing the DRAC input devices and attaching them it does point to an issue on the DRAC side
<TJ-> lunaphyt_: as for the external keyboard, it's a Logitech isn't it?
<lunaphyt_> but when i boot, both physical and drac work, in bios, in grub, and both stop working once i get to initramfs
<lunaphyt_> TJ-: it's a dell
<lunaphyt_> http://dpaste.com/37CFC5C.txt
<TJ-> The 046D:1017 device shown in your last pastebin needs the module hid_logitech_hidpp which I bet isn't included in the initrd.img by default
<lunaphyt_> "Dell Computer Corp. SK-8125 Keyboard"
<lunaphyt_> if i'm not mistaken, that would seem to indicate it's using the usbhid driver?
<TJ-> lunaphyt_: is the SK-8125 a wired keyboard ?
<lunaphyt_> yes, a usb wired keyboard
<TJ-> so presumably you've also attached a Logitech unifying receiver ?
<lunaphyt_> yes, i have a wireless mouse connected at the moment
<TJ-> Ahhh, I just picked the wrong device! Because all the others were Dell (046D) I ignored them!
<lunaphyt_> that was just so i could navigate the ubuntu desktop i'd booted into from a flash drive
<lunaphyt_> oh, hah :)
<lunaphyt_> sorry for the red herring
<TJ-> OK, and this wired keyboard also doesn't work?
<lunaphyt_> that's right
<lunaphyt_> it works in bios and grub, but stops working in busybox/initramfs
<TJ-> lunaphyt_: this USB boot you currently have, is it the LiveISO ?
<lunaphyt_> it's ubuntu-18.10-desktop-amd64.iso
<TJ-> right, so it's running 'live' in memory, not as an installed OS
<lunaphyt_> right
<TJ-> lunaphyt_: OK! so, let is set things up to do a chroot investigation and fix
<lunaphyt_> sounds good
<TJ-> lunaphyt_: in a terminal gain root ("sudo -i")
<lunaphyt_> done
<TJ-> lunaphyt_: then "mkdir /target" which we'll use to mount the rootfs of the poweredge later
<TJ-> lunaphyt_: then do "lsblk | nc termbin.com 9999" so I can see what block devices we are dealing with
<lunaphyt_> just so i'm not being inconsiderate, i'll have to run for a bit in about 10 minutes again - i don't want you to invest too much just to get interrupted
<TJ-> OK. We should be able to do this pretty quickly
<lunaphyt_> ok
<lunaphyt_> https://termbin.com/rlwx
<TJ-> basically, we're going to check what kernel modules are in the initrd.img, and if needed add the usbhid etc
<lunaphyt_> for background, it's 4 disks, in a raid 1+0 setup, with lvm on top of that
<lunaphyt_> oh - no, wait
<lunaphyt_> sorry, it's raid 5 across all 4
<TJ-> Now everything is making more sense, and see the /usr/ file-system there
<lunaphyt_> my mistake
<lunaphyt_> https://termbin.com/z9e2e
<TJ-> OK, let's get going: "mount /dev/mapper/vg_1-root /target"
<TJ-> oh and lets get a handy pastebin helper: "apt install pastebinit"
<lunaphyt_> done
<lunaphyt_> should i mount the rest of the filesystems as well?
<TJ-> what are the 95MB partitions for on sda/b/c/d ?
<TJ-> No
<lunaphyt_> ok
<lunaphyt_> those are bios grub partitions
<TJ-> sda1 etc
<TJ-> really!? You know that never uses more than about 1MB ? I was thinking they might be for /boot/ :)
<lunaphyt_> https://termbin.com/0aag
<lunaphyt_> yeah, i know it's way overkill
<TJ-> OK so we've already got /boot/ mounted at /target/boot/, so "pastebinit <( ls -latr /target/boot/)
<lunaphyt_> i've had some issues in the past where grub didn't fit in the mbr
<lunaphyt_> it's just me being overly cautious
<lunaphyt_> http://paste.ubuntu.com/p/WMhDgHGMsP/
<TJ-> usually that's due, on MBR, to partition #1 starting early (not being aligned to sector 2048) and thus no space for GRUB's core
<lunaphyt_> oh, hmm
<TJ-> OK, now let's look at the initrd. "pastebinit <( lsinitramfs /target/boot/initrd.img-3.13.0-164-generic )"
<lunaphyt_> http://paste.ubuntu.com/p/BmGvXR2tyy/
<TJ-> No usbhid
<lunaphyt_> oh - also, if it's of value, i've tried both kernels, and both suffer the same symptom
<lunaphyt_> where should usbhid be shown?
<TJ-> let's just check it isn't a builtin - "pastebinit <( find /target/lib/modules -name usbhid.ko -ls )"
<TJ-> I just did a grep, the usbhid.ko module should have shown up
<lunaphyt_> http://paste.ubuntu.com/p/JR3MGzPK2m/
<lunaphyt_> i see
<TJ-> At one time it was builtin to the kernel so I'm checking this isn't the case for you
<lunaphyt_> ah ok
<TJ-> OK, confirmed, it is needed. So "echo usbhid >> /target/etc/initramfs-tools/modules"
<TJ-> Now we build the chroot fully.
<TJ-> "for n in proc sys dev dev/pts run etc/resolv.conf; do mount --bind /$n /target/$n; done "
<lunaphyt_> so since lib/modules/3.13.0-164-generic/kernel/drivers/hid/usbhid/usbhid.ko is there, that implies usbhid is a module and not built in?
<TJ-> lunaphyt_: correct
<lunaphyt_> i see
<TJ-> lunaphyt_: but isn't in initrd.img, ergo, no usb keyboard
<lunaphyt_> got it
<lunaphyt_> whose silly idea was that :)
<TJ-> done the for ... command?
<lunaphyt_> catching up, one moment
<TJ-> after that, enter the chroot with "chroot /target" then do "mount -a" to have it mount all the file-systems from its /etc/fstab automatically
<lunaphyt_> chroot /target returned "bash: groups: command not found"
<lunaphyt_> is that safe to ignore?
<TJ-> hmmm, possibly due to the /usr/ outside rootfs
<lunaphyt_> oh
<TJ-> if it has entered the chroot, do "exit" and drop back to the host shell
<lunaphyt_> it had.  i've exited and am back to the host shell
<TJ-> then you can do "mount /dev/mapper/vg_1-usr /target/usr" then re-enter with "chroot /target" and "mount -a"
<lunaphyt_> that looks better
<lunaphyt_> shoot, i've got to run :( - sorry!
<TJ-> Now finally do "update-initramfs -vu -k 3.13.0-164-generic |& tee /tmp/initrd.log "
<lunaphyt_> oh, ok
<TJ-> This is the LAST step :)
<lunaphyt_> ok, done
<TJ-> once that has completed just check the module has been added, with "grep usbhid /tmp/initrd.log"
<lunaphyt_> "Adding module /lib/modules/3.13.0-164-generic/kernel/drivers/hid/usbhid/usbhid.ko"
<TJ-> lunaphyt_: sorted :)
<lunaphyt_> nice!
<TJ-> next boot you should have USB keyboard
<TJ-> "exit" and shutdown
<lunaphyt_> i really appreciate this
<lunaphyt_> i'll give it a try as soon as i get back
<TJ-> It's gone 1am here so I'll likely hear about it tomorrow
<lunaphyt_> ah, then have a good night, and thanks again
<lordievader> Good morning
<ahasenack> good morning
<nascentmind> Hi. I am setting up Ubuntu server on a machine and I am having trouble with networking. My ethernet interface has 2 IP addresses. I have a 50-cloud-init.yaml file in netplan directory and have set 99-disable-network-config.cfg with network: {config: disabled}. I still get a static IP and a dhcp address set on the interface.
<nascentmind> How can I fix it?
<rbasak> nascentmind: how do you expect to configure your server's IP addresses?
<kstenerud> I'm getting a strange error when calling git ubuntu lint: https://pastebin.ubuntu.com/p/PHgGcyGvQx/
<kstenerud> I'm not sure what it means about an unexpected file change
<Hackerpcs> I'm on 18.10. I have a problem with DNS as it doesn't work (ping google.com, Temporary failure in name resolution. systemd-resolved is running and I have netplan configured to CF DNS (systemd-resolve --status shows it). What could be the problem? /etc/resolv.conf shows 127.0.0.1
<teward> that sounds like it's wrong, IIRC resolved listens on 127.0.0.53; how did your /etc/resolv.conf get set up?  Did you alter it at all?
<cyphermox> Hackerpcs: you have dnsmasq or bind running and probably confusing things for systemd-resolved
<lordcirth> Hackerpcs, /etc/resolv.conf contains "nameserver 127.0.0.53" on my 18.04 system
<Hackerpcs> cyphermox: both aren't installed
<cyphermox> easiest is to start with making sure systemd-resolved can indeed resolve google.com (ie. systemd-resolve google.com)
<teward> ^ this, also on my 18.10 system and containers
<cyphermox> and then yeah, it should be 127.0.0.53; maybe the file was immutable if you did an upgrade from previous releases?
<lordcirth> Hackerpcs, ls -l /etc/resolv.conf?
<Hackerpcs> yes, I upgraded from 18.04 but to be honest I don't remember if it was a clean install on 18.04 or 17.XX
<lordcirth> Should be a symlink to ../run/systemd/resolve/stub-resolv.conf
<Hackerpcs> yes it's linked to there
<Hackerpcs> cyphermox: yes it can resolve it
<cyphermox> probably should check if anything else is currently running and listening on port 53
<cyphermox> (ss --listen -u)
<Hackerpcs> nothing seems relevant, only mdns (isn't it 5353?)
<cyphermox> right, 53 is 'domain'
<cyphermox> systemd-resolved should pretty much just be 127.0.0.53%lo:domain
<cyphermox> so, something might have modified that file; but if it's not running and you upgraded it could be because of attributes -- people did that for some releases
<Hackerpcs> https://pastebin.com/jfNawi1k
<Hackerpcs> nothing relevant I think
<Hackerpcs> removing the resolv.conf and rebooting doesn't restore it
<Hackerpcs> something's off
<TJ-> Hackerpcs: have you checked nsswitch 'hosts' ?
<sdeziel> Hackerpcs: resolved won't recreate the resolv.conf symlink if you rm'ed it
<Hackerpcs> re-linked it, edited it and it get fixed to 127.0.0.53 after reboot
<Hackerpcs> TJ-: hosts: files mdns4_minimal [NOTFOUND=return] dns
<TJ-> Hackerpcs: that looks sane
<Hackerpcs> I've tried a pihole installation some weeks ago but it didn't work (I think it's not compatible with systemd resolved) but removed it, don't know if it matters
<Hackerpcs> I started having the problem today, no problems before
<lunaphyte> TJ-: no luck with the keyboard so far, unfortunately
<Hackerpcs> I really don't get how did this happen, everything seems normal
<TJ-> lunaphyte: you dropped to the initialramfs shell?
<Hackerpcs> guess I'll just edit resolv.conf manually to CF DNS and don't bother more with it
<lunaphyte> TJ-: oh, wait - i just realized, i forgot to do the break=premount bit, but when /usr fails to mount and it drops to initramfs, there's still no keyboard
<sdeziel> Hackerpcs: you could tell systemd-resolved to use CF DNS instead, if you want
<Hackerpcs> it has it
<Hackerpcs> but it doesn't work
<sdeziel> you said you configured it this way but also that your resolv.conf was pointing to 127.0.0.1 (!= 127.0.0.53) so I'm wondering if you were really hitting resolved
<Hackerpcs> I deleted it, re-linked it, tried to edit it to see if resolved really touched and after a reboot it changes to .53
<TJ-> lunaphyte: right; at that point it should be available. The list in /etc/initramfs-tools/modules is included in the initrd.img (as we checked yesterday) and are supposed to be loaded when the /init script is running
<Hackerpcs> 127.0.0.53
<Hackerpcs> but the damn thing doesn't work
<sdeziel> Hackerpcs: define doesn't work please
<Hackerpcs> https://pastebin.com/0uGvfwux my netplan
<Hackerpcs> ping: google.com: Temporary failure in name resolution
<sdeziel> Hackerpcs: OK, please share systemd-resolve --status
<Hackerpcs> if resolv.conf is set to 127.0.0.53
<Hackerpcs> https://pastebin.com/XEWFwC0B systemd-resolve --status
<sdeziel> Hackerpcs: paste the output of systemd-resolve google.com
<sdeziel> Hackerpcs: any idea where the "fe80::1" resolver is coming from?
<Hackerpcs> netplan doesn't indicate anything
<lunaphyte> TJ-: yeah, i thought that was the expectation
<Hackerpcs> google.com: 172.217.21.206 -- Information acquired via protocol DNS in 17.7ms. -- Data is authenticated: no
<TJ-> I'd assume a link-local router advertisement
<TJ-> lunaphyte: So... it probably also needs some intermediate modules for the USB chipset
<sdeziel> Hackerpcs: that seems to be working. Maybe the problem is that fe80::1 not responding and being asked once in a while by resolved
<TJ-> lunaphyte: Does the system take a traditional PS/2 style keyboard, and if so, do you have one?
<Hackerpcs> where could it be coming from? Can I see that somehow?
<TJ-> Hackerpcs: check "journalctl -u systemd-resolved"
<TJ-> Hackerpcs: that may contain clues as to what is going wrong
<sdeziel> Hackerpcs: could be coming from a Router Advertisement (RDNS IIRC)
<sdeziel> Hackerpcs: if you have dig available, please paste the output of the following: dig google.com @fe80::1%enp5s0
<TJ-> lunaphyte: if it does not, then I think we have to tackle this in 2 stages 1) add a verbose script that displays the loaded modules and hardware and waits so you get time to photograph its output, and 2) add whatever modules we see are missing compared with the Live boot list
<Hackerpcs> https://pastebin.com/a2FY15br
<lunaphyte> TJ-: it's usb only, no ps/2
<Hackerpcs> I don't see something relevant on resolved systemd log
<sdeziel> Hackerpcs: OK so that theory was wrong, fe80::1 behaves normally
<TJ-> lunaphyte: so the latter process then
<sdeziel> Hackerpcs: when ping cannot resolve, could you check if dig @127.0.0.53 works?
<Hackerpcs> connection timed out; no servers could be reached
<TJ-> sdeziel: it really looks like nsswitch teritory if ping is failing - presumable gethostbyname()/getnameinfo()
<sdeziel> Hackerpcs: ss -nlu
<Hackerpcs> well any program from curl to rtorrent can't resolve
<Hackerpcs> not just ping
<sdeziel> Hackerpcs: your resolved should be listening on that socket otherwise we'll need to check how you did the symlink
<TJ-> Hackerpcs: yes, my point is any program relying on the standard library resolver functions is failing, and those rely on nsswitch
<Hackerpcs> https://pastebin.com/Sx5PWuvT
<Hackerpcs> ss -nlu
<sdeziel> Hackerpcs: please paste /etc/systemd/resolved.conf
<sdeziel> Hackerpcs: would you mind sharing resolved's journal output as well?
<Hackerpcs> w8 a sec, I might accidentally ln'ed stub resolved
<lunaphyte> TJ-: understood, just on a phone call atm
<Hackerpcs> sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf insted of plain resolved.conf
<sdeziel> Hackerpcs: that's the one you want AFAIK
<Hackerpcs> stub?
<Hackerpcs> well with /run/systemd/resolve/resolv.conf resolving works
<Hackerpcs> it uses the DNS servers provided by netplan
<Hackerpcs> on /etc/resolv.conf
<sdeziel> but this bypasses resolved for programs using resolv.conf directly
<Hackerpcs> https://wiki.archlinux.org/index.php/Systemd-resolved#DNS -- I must be on 2nd case
<sdeziel> Hackerpcs: please paste /etc/systemd/resolved.conf
<Hackerpcs> https://pastebin.com/ur5wKgqV
<sdeziel> Hackerpcs: you added "DNSStubListener=no", which is why resolved doesn't listen on 127.0.0.53
<sdeziel> Hackerpcs: the default is to have that line set to yes and commented out
<sdeziel> and resolv.conf pointing to the stub- version of the file
<Hackerpcs> hm, I don't remember when (because I should have) fiddled with it
<sdeziel> Hackerpcs: maybe when playing the pihole?
<Hackerpcs> maybe its automated script modifies it
<Hackerpcs> but I didn't have a problem
<Hackerpcs> even though I haven't rebooted for like 10-12 days till today
<Hackerpcs> so that must have been it
<sdeziel> Hackerpcs: I don't know pihole but if it's meant to be a local resolver then it could very well be the culprit
<Hackerpcs> rm'ed etc/resolved, ln'ed to stub, commented out and set to yes the stub setting and reboot
<sdeziel> Hackerpcs: that should get you back to the "default" setup
<Hackerpcs> alright it works
<Hackerpcs> sorry for being a PIA :P
<Hackerpcs> PITA*
<sdeziel> Hackerpcs: glad it's working again!
<Hackerpcs> yeah pihole is a adblocker on dns level
<Hackerpcs> but it seems doesn't play well with netplan and resolved
<Hackerpcs> https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh#L1485
<Hackerpcs> here's the cause
<sdeziel> Hackerpcs: It's OK to disable the stub resolver socket of resolved but in that case, the pihole server needs to fill in the role of DNS resolver
<Hackerpcs> https://discourse.pi-hole.net/t/cant-install-pi-hole-v4-0-on-ubuntu-server-18-04/11616 "Ubuntu 18.04 removes some of the packages that we need for the installation process. dialog and dhcpcd5 are no longer in Ubuntu 18.04, so at this time we are unable to install to that distribution."
<sdeziel> Hackerpcs: presumably, when you removed pihole, it didn't undo the resolved.conf change leaving you with a broken setup
<Hackerpcs> pihole -uninstall seems to have that oversight
<sdeziel> Hackerpcs: would be nice if you reported this bug :)
<sdeziel> Hackerpcs: hmm, looks like it does attempt to cleanup: https://github.com/pi-hole/pi-hole/blob/master/automated%20install/uninstall.sh#L155
<Hackerpcs> hm the file is there but it wasn't reset
<Hackerpcs> strange
<sdeziel> Hackerpcs: what's its content? Maybe you ran the installer twice and the .orig file got overwitten
<Hackerpcs> the corrent one, stub commented out and yes
<Hackerpcs> diff is empty between the two :P
<sdeziel> Hackerpcs: OK then yeah, it's worth reporting to them
<Hackerpcs> well I don't have the logs but I'll try to report it to look into it
<Hackerpcs> "The issue I am reporting can be replicated." -- not sure about that :P
<Hackerpcs> maybe I'll run pihole in a docker to not mess up my host system
<lunaphyte> TJ-: it's mostly just a hypothesis right now, i need to look closer, but at a glance, it almost seems like the initrd is recognizing the hub in the keyboard, but not recognizing the actual keyboard itself
<lunaphyte> at the initramfs shell, when i plug in the keyboard, it prints output about "recognized usb device, etc", so it seems to be seeing something and recognizing it, but obviously there's still something missing since the keyboard isn't functioning
<TJ-> lunaphyte: from our investigation yesterday we showed in the Live environment the required modules so I'm struggling to think of what more could be missing to prevent console input. I don't suppose the kernel command-line has a param setting the console to a serial terminal or some such?
<lunaphyte> it might, but i'd have to track down a serial port somewhere else to use it
<TJ-> lunaphyte: no, I meant, is it set to use a serial tty now - you'd see if it was on the kernel command-line because it'd have console=ttyS0,115200n8 or similar
<TJ-> lunaphyte: I doubt you do but its one long-shot possibility
<lunaphyte> oh, i see.  no i don't believe so - at least i don't recall seeing that on the kernel command line
<TJ-> No, I don't but I was mostly asleep at the keys last night so forgotten a lot of what we saw :)
<lunaphyte> no worries, you weren't the only one!
<TJ-> lunaphyte: it's annoying because without that working, we can't chase down the /usr problem
<lunaphyte> you're telling me :)
<lunaphyte> TJ-: i'm just in the process of trying to get a little bit more useful recovery boot drive
<lunaphyte> i've just booted from ubuntu-18.10-server-amd64.iso, and so far the rescue environment is working via the drac5 remote console
<lunaphyte> hopefully this will work better
<lunaphyte> if it does, it will at least make this process way less burdensome
<TJ-> lunaphyte: definitely :)
<lunaphyte> i can't reference the notes in my wiki for all of this :p
<lunaphyte> the wiki is on the server :)
<lunaphyte> sigh
<lunaphyte> no bonding module on the iso, it seems like
<lunaphyte> oh, wait, no
<lunaphyte> that's my filesystem i'm in
<lunaphyte> hmm
<TJ-> lunaphyte: Why not make an install onto a USB, and have it boot from that, rather than an installer/live environment
<lunaphyte> i was just thinking about that earlier
<lunaphyte> doing that now
#ubuntu-server 2019-01-15
<lordievader> Good morning
<ahasenack> good morning
<ahasenack> rbasak: sru question,
<ahasenack> rbasak: the only fix needed is the first hunk at https://pagure.io/SSSD/sssd/c/2952de7
<ahasenack> a one liner
<ahasenack> the other changes are a) whitespace; b) tests
<ahasenack> we don't run those particular tests
<ahasenack> normally I wouldn't include them
<ahasenack> in this case, the whole patch applies, though, including the whitespace changes and the test changes
<ahasenack> do you have any preference whether I should just add the one line fix, or the whole thing?
<ahasenack> oh, hang on
<ahasenack> I stand corrected
<ahasenack> tests are run at pkg build time
<sven_> Hello, I have a ubuntu 18.04 LTS server (update from 15.??) running on a board with only 2 ethernet ports. how can i work with netplan, i can not find the yaml?
<TJ-> sven_: the YAML files should be added in /etc/netplan/
 * tomreyn got /etc/netplan/01-netcfg.yaml
<tomreyn> it may not get created on upgrades, you may need to do so yourself
<sven_> -bash: cd: netplan: No such file or directory
<sven_> can someone help me with this? i have done it 2 times but i loss the ssh and need to restart everything
<sven_> i have no display or input on the device itself
<tomreyn> is netplan.io installed?
<sven_> i don't think it
<teward> sven_: you said you upgraded from 15.x?  Is this a 'fresh install' or did youa ctually upgrade from 15.x to 16.04 and then to 18.04?
<teward> IIRC there's no 15.x -> 18.04 direct migration path
<sven_> over 16.04
<sven_> it's a orange pi R1, i have not the skill for building a image so i update one of them to the new version
<rbasak> How did you get Ubuntu Server on the device in the first place?
<teward> rbasak: might've had an OLD image back in the 15.x days?
<sven_> yes i had the old image from the orange pi website
<sven_> i did the installation as said here https://askubuntu.com/questions/1034711/how-to-enable-netplan-on-ubuntu-server-upgraded-from-16-04-to-18-04 with dhcp yaml
<sven_> after apply the ssh connection droped
<tomreyn> most soc dev boards provide a console you can attach via gpio, usb2serial or similar
<tomreyn> sort this out first. and then try a clean install using netinstall.
<tomreyn> or debootstrap
<tomreyn> or connect the storage to another system, urnning it in a VM.
<sdeziel> sven_: If you upgraded from 16.04, I believe your 18.04 install will still be using ifupdown by default. The transition to netplan is a manual process IIRC
<sven_> ok thanks i will first look the console op
<mybalzitch> netplan is default in 18.10
<cyphermox> mybalzitch: is default in 18.10; but only for new installs. upgrades from previous releases remain on ifupdown.
<teward> cyphermox: is there documentation to switch to Netplan from ifupdown from those upgrades?
<teward> just curious since I have two 14.04 boxes I"mma be updating soon enough :P
<teward> 16.04 *
<teward> bah stupid AUTOCORRECT
<cyphermox> teward: to switch you install netplan.io and write the new configuration file; and then remove /etc/network/interfac*
<teward> huh, simple.  nice.
<teward> thought it'd be harder, having to rip out the remaining ifupdown stuff xD
<teward> cyphermox: does Netplan also handle `lo` config?
<teward> because I'm still seeing the loopback interface being configged by /etc/network/interfaces on 18.04...
<teward> and my 18.10 container too it seems
<cyphermox> networkd handles that by itself
<teward> ah nice
<lunaphyte> why won't the installer let me use the flash drive in this list?  it's ghosted: https://ibin.co/4Td2rknFrVNv.png
<lunaphyte> it sure would be nice if it would tell me why
<teward> is the flash drive your installation media?
<teward> lunaphyte: if not, it's < 1GB in size, that may be why.
<sarnold> lunaphyte: could you file that for a bug report?
<teward> *and* should probably be a bug
<teward> blah beaten by seconds!
<sarnold> lunaphyte: I could guess at a few reasons but, like you said, ti'd be nice to know *why*
<lunaphyte> sarnold: sure, which package?
<teward> probably subiquity?
<lunaphyte> teward: yeah, that was my guess too.  just would be nice to not have to guess
<sarnold> yes, I think subiquity
<lunaphyte> ok
<sarnold> well three guesses is plenty good start :) hehe
<lunaphyte> i have a larger flash drive i'll use to compare, so i can include that detail
<lunaphyte> seems to support the hypothesis: https://ibin.co/4TdCk0t6YdE7.png
<sarnold> lunaphyte: how did you boot the installer? just to doublecheck it's not on the small drive, is it?
<lunaphyte> it's not, yeah
<sarnold> also .. that corruption at the top, is that in the 'real' screen too?
<sarnold> okay, cool
<lunaphyte> it is.  that's just the crappy idrac avocent remote console crappiness
<sarnold> sigh :) 2019...
<lunaphyte> ha :)  well in my world, sometimes it's not 2019 :p  this is an old poweredge 1950
<sarnold> hah, predating fortran and cobol!
 * sarnold runs
<lunaphyte> i wish i could log into launchpad with my firefox configuration
<lunaphyte> something about a couple of my extensions makes it not work, without fiddling around a bunch
<sdeziel> lunaphyte: it's a long shot but I noticed that LP is allergic to referrer stripping, maybe that's your case?
<lunaphyte> it probably is
<lunaphyte> i just haven't had the motivation to poke at it
<lunaphyte> enthusiasm?
<lunaphyte> that's probably a better word
<tops> i get 404 on http://releases.ubuntu.com/16.04/ubuntu-16.04.4-server-amd64.iso
<teward> because that's not a valid link anymore, it's 16.04.5 now
<teward> use http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso
<tops> thanks teward
<lunaphyte> i feel like i'm on the truman show
<lunaphyte> now the flash drive i finally got 18.10 installed on causes the server to pause during post
<lunaphyte> however that's even possible
<lunaphyte> and it took probably close to 2 hours to even do the install in the first place.  just sat on "installing kernel" for probably a good hour and a half
<lunaphyte> i thought it was locked up
<TJ-> lunaphyte: you're not having a lot of luck
<lunaphyte> it really has just been one thing after another
#ubuntu-server 2019-01-16
<Srgjames> Should i be serving the /var/www as root or another user
<sarnold> what does it mean to serve a directory "as a user"?
<Srgjames> IE apache web files under /var/www permissions are Root root  and not sure if i should keep that or supposed to change it
<sarnold> that's probably fine
<sarnold> sometimes people like to have a user account or group specifically for "web content" of some sort, in case a subset of users should be able to modify the content
<sarnold> when it's all owned by root then you've got to use root privileges to work on those files -- which is probably fine if you're the only real user of the machine and you trust yourself to not screw up
<sarnold> but it's increasingly less fine if you have to share those privileges with other people
<Srgjames> ok ty
<jayjo> i am planning on storing
<lunaphyte> i've disabled all of my firefox extensions, and gone through the preferences in as much i know how, and i still can't log into launchpad
<sarnold> :(
<lunaphyte> "Your page was stale"
<sarnold> can you get to login.ubuntu.com ?
<lunaphyte> and fixed!  :)
<lunaphyte> sigh
<lunaphyte> Network.http.sendRefererHeader
<sarnold> typical :) ask for help on irc and it goes away :)
<sarnold> aha, yeah, that sounds important
<lunaphyte> of course :)
<lunaphyte> what good is irc if not to make me look foolish?
<sarnold> :D
<lunaphyte> i must have set that at some point in the past during one of my neutering escapades
<lunaphyte> an arrogant attempt at protecting my privacy
<lunaphyte> but this just means i now have another problem to solve.  finding an extension to let me selectively set this parameter
<sarnold> given the new webextesions mess I'm not optimstic :/
<lunaphyte> "an error has occurred during installation"
<lunaphyte> "read-only filesystem"
<lunaphyte> how the heck does that happen?
<sarnold> the quickest way is to have a sata/sas error
<sarnold> dmesg should have a bunch of things in curly brackets if that's what happened
<lunaphyte> it looks like it got to the point where it installed grub, and seems to have been able to do that successfully ["installation finished. no error reported"], then cmd-curthooks failed
<lunaphyte> no sata/sas for this install
<lunaphyte> from usb flash drive to usb flash drive
<lunaphyte> ah, sigh
<sarnold> oh right
<lunaphyte> i/o error, dev sdf
<lunaphyte> grr
<lunaphyte> https://ibin.co/4TfFl5aHzG6u.png
<lunaphyte> any thoughts on this
<lunaphyte> it sounds like the consensus is largely, "usb pretty much just sucks sometimes, but maybe you'll be ok"
<sarnold> heh, sounds fair
<sarnold> what I've found suggests that it really looks like the device left momentarily
<sarnold> *one* bug report suggested maybe udisks or udisks2 or smartd might also be able to do that, but perhaps that's me finding an unrelaetd but similar bug..
<lunaphyte> i guess i'll try the usb 1 ports and see if that goes better
<lunaphyte> the installer sits on "installing kernel" for ages
<lunaphyte> darn.  it's done it again.  at the exact same point in the installation process
<chilli0> Has anyone had any luck following the openstack workstation deployment on ubuntu 18.10 server? I am having issues running lxd migrate after the initial installation. LXD seems to be running as lxc list works
<lordievader> Good morning
<Lope> I'm trying to set "lease-file-name foo;" in isc-dhcp-server inside /etc/dhcp/dhcpd.conf on Ubuntu 18.04. Can't get any sanity out of it. Anyone have experience with it?
<Lope> nvm, i found a workaround
<ahasenack> rbasak: hi, sru question. I'm working on a bionic sssd sru, and sssd in that ubuntu release has no dep8 tests at all. Is it ok to include the current dep8 tests in that sru, along with the fix that motivated the sru?
<ahasenack> there will be no new dep8 test specifically for the issue being fixed
<rbasak> ahasenack: I think that's fine. Assuming they pass :)  Please point out that you did it in the SRU information somewhere.
<rbasak> ahasenack: no separate bug needed.
<rbasak> ahasenack: just so the reviewer knows it's deliberate. No other justification needed IMHO.
<rbasak> (and in the changelog of course)
<frickler> jamespage: coreycb: fyi, https://bugs.launchpad.net/neutron/+bug/1787919 affects pike+queens, upgrading neutron from 11.0.5 to 11.0.6 just broke our IPv6 completely
<ubottu> Launchpad bug 1787919 in neutron "Upgrade router to L3 HA broke IPv6" [High,Fix released]
<ahasenack> rbasak: yeah, I was also going to ask about the sru bug requirement, if I had to file one just for adding the dep8 tests
<ahasenack> I got srus rejected in the past because of a missing bug #, but it was not a dep8 one, it was actually an important bug
<rbasak> Test fixes and additions are generally OK with no further explanation. Assuming they're not used in production.
<ahasenack> ok
<rbasak> (apart from "yeah I meant to do that")
<muhaha> has anyone experience with 'at' ? /var/spool/at/spool is queue ? This must be persistent?
<sdeziel> muhaha: if by persistent you mean survive a reboot then yes
<muhaha> sdeziel: yes, I am wondering if I can access spool by multiple at 'clients'
<sdeziel> muhaha: do you mean schedule multiple jobs to fire in the future?
<rbasak> at clients or atd clients?
<muhaha> multiple docker containers with at , with same volume mounted... Will it work?
<muhaha> volume will be /var/spool/at/spool
<rbasak> I reckon it'll probably work for the at client.
<rbasak> Not for the atd server. You'll want only one of those running.
<rbasak> However it's pretty hack.
<rbasak> hacky
<rbasak> What are you actually trying to achieve?
<rbasak> http://xyproblem.info/ etc
<muhaha> I am running webhook server which will translate reqeuest to command, I want to run this command at specific time even after reboot. -> this is ok, but when I want to do HA, run multiple services, my webhook server is ok, but I am not sure if some lightweight scheduler can handle shared config , for example spool for at
<rbasak> I wouldn't use an at hack to implement HA.
<rbasak> You'll probably end up with lower availability due to edge cases around the hack.
<rbasak> If you mean that you want a single operation to run on a schedule but want to make sure that if one host is down then another will do it, then I think the CAP theorem may apply and that is impossible.
<rbasak> Save for maintaining state of whether it was run or not on an HA database.
<muhaha> ah :/ spool should be a 'database'
<rbasak> You might find a message queuing system helpful. They typically have HA capability.
<sdeziel> that ^ sounds like a good idea
<muhaha> I know, but I need something lightweight
<muhaha> nvm, thanks
<rbasak> zeromq is lightweight, but it doesn't support persistence
<rbasak> You can however implement something using sqlite easily enough
<Hackerpcs> if systemd-resolve is stopped/disabled, what's the role of netplan on dns? from testing it seems that without systemd-resolved /etc/resolv.conf is solely used
<xnox> depends on the backend.
<xnox> i.e. NetworkManager writes one out.
<Hackerpcs> wasn't network manager phased out on >=17.10?
<xnox> or in case of networkd backend nothing is written... and hence well, static/external /etc/resolv.conf is used.
<xnox> netplan supports networkd and networkmanager as backends.
<Hackerpcs> networkd is the backened for >=17.10 right?
<xnox> and networkmanager is still preffered for e.g. wifi, 3G/4G/LTE/5G connections
<xnox> Hackerpcs, i don't understand your question. netplan's default backend is networkd, and always has been.....
<cyphermox> NetworkManager isn't phased out; desktops are setup to use that by default, despite having netplan installed
<Hackerpcs> I see on netplan yaml that I'm on networkd on 18.10 so xnox you answered my question
<Hackerpcs> I haven't used desktop ever so that's that
<coreycb> frickler: sorry for the delay. do you know if upstream neutron is releasing new point releases anytime soon? it's a whole lot easier to process SRUs that way.
<theGoat> afternoon all.
<theGoat> i have an ubuntu 14.04 server on esxi 6.5, but any time i reboot it, it seems to hang on bring up the ethernet interfaces.  i get that message about waiting an additional 60 seconds, then it fails.  I end up having to bring up the interfaces manually with ifconfig, etc.  not sure what could be hanging it
<sdeziel> theGoat: is the virtual cable connected?
<theGoat> yes. that's where i can see it hang when it boots
<sdeziel> theGoat: so once you get the console, "ifup $IFNAME" works?
<theGoat> i haven't tried it with ifup.  i usually just do ifconfig to assign the address
<theGoat> will ifup error out of there are any errors in /etc/network/interfaces?
<sdeziel> yes
<sdeziel> theGoat: ifup is what's called during bootup
<sdeziel> so if /etc/network/interfaces has errors, I'd fix them
<theGoat> ifdown is erroring out with misplaced option
<theGoat> https://pastebin.com/c6zhUkX9
<sdeziel> theGoat: the inet6 stanza looks suspicious. You have /100 and also netmask 100
<sdeziel> theGoat: I think it's one or the other, not both
<sdeziel> theGoat: also, for the inet ones, you can drop the network and broadcast lines as they don't add any information that's not available from the address+netmask
<sdeziel> theGoat: oh and the probable error is "auto eth0:0" without "iface eth0:0" stanza
<sdeziel> theGoat: my suggested version: https://paste.ubuntu.com/p/8JgYjF3krT/
<theGoat> so what's the difference in adding the secondary IP via ip addr add instead of a virtual interface?
<sarnold> the eth0:0 thing has been deprecated for 18~19 years
<theGoat> ah....shows you how old school i am ;-)
<sdeziel> theGoat: obligatory reminder that 14.04 is close to EOL so you should plan an upgrade soon ;)
<theGoat> did the trick, thanks much.  i think it was not havving the iface eth0:0 inet static missing, but i did it your suggested way and it's working
<theGoat> sdeziel: yeah i know. :-(. i probably will rebuild this VM from scratch.  not sure how much i will break doing a do-release-upgrade
<sdeziel> theGoat: cool
<lordcirth_> theGoat, I recommend using config management, eg Saltstack
<theGoat> this is my lab environment.  not really big enough for salt.
<lordcirth_> "big enough"? I've run Salt on single machines.
#ubuntu-server 2019-01-17
<lunaphyte> TJ-: i had to give up on making a bootable recovery flash drive for now
<lunaphyte> i was just hitting too many roadblocks, and for some reason the install process was painfully slow, so each time i'd try again with a different method, it was costing me a ton of time
<TJ-> lunaphyte: you've not had any luck!
<lunaphyte> i'm keeping the complaints to myself - but i am beyond irritated :)
<lunaphyte> right now i've just booted to a rescue shell, using the traditional server installer, and have a crude environment functioning, if you've got any interest in where things last left off
<lunaphyte> i think you had suggested including some logging to validate the driver that might still be missing for the usb keyboard?
<lunaphyte> just reading back through the channel logs
<lunaphyte> at least now with this installer, and nomodeset, i have a functional remote console
<lunaphyte> ah, right.  "add a verbose script that displays the loaded modules and hardware and waits so you get time to photograph its output"
<lunaphyte> let me see what i can find on doing that
<lunaphyte> this is what's logged to dmesg when plugging in the keyboard: http://dpaste.com/1WNK0F7.txt
<lunaphyte> i see usbhid.ko and hid-generic.ko.  if i am understanding the dmesg info right, it may be using hid-generic?
<lunaphyte> according to lsinitramfs, the initrd has usbhid.ko, but not hid-generic.ko.  i'll try adding that
<lunaphyte> time to cross my fingers
<lunaphyte> omfg
<lunaphyte> it's working
<lunaphyte> and now it's booting
<lunaphyte> or at least trying to
<lunaphyte> TJ-: success!
<lunaphyte> i have some issues to sort out, but it boots :)
<lunaphyte> at initramfs, i had to activate the volume groups.  it seems that the initrd didn't do so?
<TJ-> lunaphyte: OK, so you've solved the keyboard issue! Time to party :D
<lunaphyte> huge progress, yes - thanks to you :D
<lunaphyte> lots of questions to come back to, but for now the next thing i need to figure out is why i have to active the volume groups manually, instead of the initrd doing it
<lunaphyte> is lvm a kernel module, like the usb/hid stuff?
<TJ-> lunaphyte: lvm hooks should be installing the lvm tools in the initrd, AND the scripts should run "vgchange -ay" automatically
<lunaphyte> hmm, ok
<ahasenack> good morning
<maeud> Hi, is anyone familiar with gnome and kerberos? I'm trying to mount shares using pam_mount and krb5i. It works fine for SSH logins but using the desktop environment it fails with error: "mount error(126): Required key not available"
<maeud> but if I open a terminal in the desktop environment and run klist, I have a ticket
<maeud> got it working, I had to add "user=%(USER),cruid=%(USER),uid=%(USERUID),gid=%(USERGID)" to the pam_mount volume option for each share
<theGoat> i just spun up an ubuntu 18.04 vm,  and i have the IP and DNS configured in netplan (50-clout-init), but the system keeps setting the dns server to 127.0.0.53
<sdeziel> theGoat: that's the default way
<sdeziel> theGoat: 127.0.0.53 is systemd-resolved and it's the one who received the real nameservers
<theGoat> ok, just wanted to make sure..  things have really changed ;-)
<sdeziel> theGoat: you can confirm with "systemd-resolve --status"
<sdeziel> theGoat: yeah, indeed. Introducing a local caching resolver by default is slightly disruptive
<sdeziel> I for one welcome the change, even if I'm not a huge fan of resolved... I'm sure it will get better over time
<theGoat> i'l just need work with 18.04 more, to get use to all the changes
<lunaphyte> during a do-release-upgrade, this sort of thing happens from time to time:  http://dpaste.com/0ZQNT29.txt
<lunaphyte> what's the correct way to proceed in a scenario like this?
<TJ-> lunaphyte: what were the starting and target release versions?
<lunaphyte> 16.04 -> 18.04
<phaidros> ehlo, hown can I disable a network device in a netplan yaml config?
<tomreyn> lunaphyte: with 3rd party packages / repos? which?
<tomreyn> all of those are in "main" if they'Re the original packages
<cyphermox> phaidros: just remove the configuration from the file
<lunaphyte> tomreyn: i do have a couple of third party repos, but they're just for some other software like vnc, prosody, etc.
<lunaphyte> all of the standard stuff is all from the distribution repos
<lunaphyte> i'm just wanting to know what the right way to proceed is with this
<lunaphyte> it's like a half installed upgrade
<phaidros> cyphermox: hm, not very deterministic, but works .. thanks :)
<lunaphyte> lsb_release now says 18.04, but it hasn't done cleanup yet, hasn't done the reboot yet, etc
<lunaphyte> and it's also said "The upgrade has aborted. Your system could be in an unusable state. A
<lunaphyte> recovery will run now (dpkg --configure -a)"
<shubjero> lol
<lunaphyte> so what does that mean?  what state is it in now?  should i be trying to do do-release-upgrade again?  should i just be doing like an apt-get install for the packages that failed and work my way through to get them installed successfully one at a time?
<phaidros> lunaphyte: I would run: dpkg --configure -a and then another apt update/dist-upgrade (provided that sources.list(s) are set to bionic yet)
<tomreyn> same
<tomreyn> running do-release-upgrade again is *not* what you want to do in this situation since it would then try to initate an upgrade to next release.
<cyphermox> phaidros: it's meant to be that way -- no config, interface isn't touched
<cyphermox> phaidros: if OTOH you mean you want to keep a config, but say "hey, I want this one to be kept offline until I say so"; then that will be a feature in the future, but not yet
<lunaphyte> phaidros: just to double check, you said i should expect sources.list to not be set to bionic?
<sarnold> lunaphyte: I think I'd do what phaidros recommends, perhaps an apt-get install -f  as well
<lunaphyte> sarnold: makes sense, thanks.  just wanted to be sure i'm understand right about the sources.list
<sarnold> lunaphyte: you may be right that you would need to fix it up by hand..
<tomreyn> lunaphyte: ensure that apt sources point to bionic, then apt-get install -f; apt-get upgrade; apt-get full-upgrade; apt-get autoremove # maybe with --purge
<tomreyn> /usr/lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py contains the code run by do-release-upgrade if you'd like to take a closer look at what it missed.
<lunaphyte> ok, great, thanks
<rbasak> kstenerud: https://dep-team.pages.debian.net/deps/dep8/ is the canonical location of the dep8 spec
<tomreyn> lunaphyte: http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/dist-upgrader-all/current/bionic.tar.gz is the actual upgrader
<tomreyn> lunaphyte: have a look at demoted.cf.xenial, you want to remove these packages if installed.
<lunaphyte> demoted.cf.xenial is inside bionic.tar.gz?
<tomreyn> yes
<lunaphyte> ok, thanks
<Lope> A guy on another channel claims that luks'ing a hard drive directly, without any partition table, will misalign data with respect to the hard drive's 4k block size. Is that true?
<tomreyn> lunaphyte: and maybe use https://github.com/tomreyn/scripts#foreign_packages (or the other utilities mentioned there) to identify other packages you should remove (should only be relevant if you had ppas installed and removed them but not packages installed from there)
<lunaphyte> tomreyn: i use deborphan heavily - thanks, i didn't know about the others
<sarnold> Lope: that feels pretty plausible to me but can't confirm or deny it
<Lope> sarnold, ok
<tomreyn>       --align-payload=SECTORS           Align payload at <n> sector boundaries - for luksFormat
<sarnold> tomreyn: awesome! :)
<tomreyn> i guess you set this to 4 then
<tomreyn> Lope: ^
<TJ-> tomreyn: surely 8 ?
<tomreyn> err, right
<tomreyn> thanks
<Lope> tomreyn, wow, cool, but unfortunately I've already formatted it.
<Lope> tomreyn, how will luks normally align data?
<tomreyn> Lope: probably in 512 byte blocks, but i'm only guessing
<TJ-> Yes, it specifically uses 512-byte sectors as its base measurement
<Lope> tomreyn, check this out: https://unix.stackexchange.com/questions/421587/dmsetup-luksformat-creating-an-alignment-inconsistency
<TJ-> " --align-payload <number of 512 byte sectors> "
<Lope> I've googled the issue and seen that it can be a false warning, especially when using a USB enclosure, (as I am doing)
<Lope> It's a 500G mechanical HDD in a USB enclosure)
<TJ-> Lope: that is possible if the USB<>SATA bridge chip is faking it
<Lope> device mapper says: device-mapper: table: 253:0: adding target device sda caused an alignment inconsistency: physical_block_size=4096, logical_block_size=512, alignment_offset=0, start=2097152
<TJ-> Lope: is it presenting as 4096/4096 (logical/physical)
<TJ-> Lope: OK, so 512/4096 - that's probably passing through the drives native translation
<Lope> Since 4096/512 ^ 4 = 0, perhaps I should not worry?
<Lope> Oops
<Lope> I meant to say: Since 4096 % 512 == 0, perhaps I should not worry?
<TJ-> Lope: check with (set X appropriately): "sudo hdparm -I /dev/sdX | grep 'Sector size' "
<Lope> brb
<TJ-> Lope: The best arrangement is to align with the device's underlying physical block size, since that is the minimum bytes the drive can read/write. Alignment means that it can avoid having to read/write 2 blocks (16 x 512-bytes) if they straddle the alignment border and then discard some of them.
<tomreyn> if you have 4k physical / imposed (by some translation) sector size then you want 4k everywhere or you'll introduce unneccessary overhead.
<Lope> tomreyn, fair enough. Can I change ext4 to be 4k block size?
<Lope> okay, the block size of my ext4 is already 4k
<Lope> So it's all good.
<Lope> Also, I'm using the disk to store big files, so it wouldn't be an issue anyway, even if there was a 512/4096 mismatch.
<sarnold> misalignment is terrible enough that the only use case that could tolerate it "I never use this filesystem"
<tomreyn> there's -I and -E stride=stride-size
<tomreyn> (to tune2fs)
<Lope> sarnold, I've realized that the USB HDD enclosure probably imposes a 4k block size. I've checked my filesystems have 4k block sizes. So I'm not going to worry. I only use the fs for storing big files anyway.
<Lope> thanks tomreyn
<tomreyn> yw
<TJ-> sarnold: try saying that for shingled drives!
<sarnold> TJ-: "the only use case that could tolerate shingled drives is 'I never use this filesystem'" :)
<TJ-> :D
<tomreyn> is rasdaemon the right tooling to detect ecc ram errors?
<tomreyn> with 18.04, that is
<sarnold> tomreyn: I believe so, yes
<tomreyn> i have this issue with "No dimm labels for" (my (Desktop-like) mainboard): http://paste.ubuntu.com/p/nYzJcjNrmV/
<tomreyn> this is ecc ram, i'd like to make use of it, and the platform (ryzen 7 1800X) can do it, at least for detecting 1-bit errors
<sarnold> tomreyn: interesting, I'd never noticed that in my logs before; both my laptop and supermicro server have the same message (though only the supermicro has ecc)
<tomreyn> detect + correct that is
<tomreyn> i *think* it means that detection wont actually happen, unless the hardware handles it fully
<sarnold> it was my assumption that the hardware would handle it but also write the event to a log that rasdaemon can read. hmm.
<tomreyn> s/hardware/firmware/
<tomreyn> yes, thats how it should be, and that's what you'd expect for server hardware
<tomreyn> now... this is not not server hardware, i'd need the OS / user space to help it out there to powerdown on 2-bit errors
<tomreyn> i.e. the ryzen platform doesn't come with firmware which handles 2-bit errors.
<tomreyn> http://www.hardwarecanucks.com/forum/hardware-canucks-reviews/75030-ecc-memory-amds-ryzen-deep-dive.html
<sarnold> tomreyn: once in a while I'm reminded just how little I understand... :)
<tomreyn> :) same issue here
<shubjero> Hey all, I'm using Ubuntu cloud images on Openstack in kvm and I've noticed that with 14.04 and 16.04 that I can deploy very large instances (5+TB disk) and they work but if they are rebooted they are dumped at the grub rescue and unable to boot. I do NOT have this issue with the 18.04 cloud image. Any guesses?
<lunaphyte> i'm looking at demoted.cfg.xenial in http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/dist-upgrader-all/current/bionic.tar.gz - what does demoted mean?
<lunaphyte> i see things like makedev, and ntp listed, which seems a little bit odd
<lunaphyte> https://packages.ubuntu.com/search?suite=all&section=all&arch=any&keywords=makedev&searchon=names seems to indicate that makedev is part of 18.04?
<sdeziel> lunaphyte: ntp was replaced by chrony if you really want a ntp daemon, otherwise the default is now to use systemd-timesyncd as ntp client
<teward> sdeziel: i think they're asking more about what the demoted part mean
<teward> and IIRC that' means no longer in 'main'
<teward> but i'm not the expert there :p
<sdeziel> chrony is in main now ;)
<teward> sdeziel: i know *that* but I meant in response to "what does demoted mean?" which was asked by lunaphyte
<teward> who was asking about ntp, makedev, etc.
<teward> :P
<sdeziel> teward: ah, OK
<lunaphyte> sdeziel: using the ntp example - replaced in what way, exactly?
<lunaphyte> both ntp and chrony are present and valid packages in the repo, right?
<sdeziel> lunaphyte: what teward says seems to make sense. I took a quick look at that demoted.cfg.xenial file and it seems to list packages that were in main before but are now in universe
<lunaphyte> oh, ok
<sdeziel> lunaphyte: yes, present and valid but main vs universe refers to the support of those packages
<sdeziel> lunaphyte: packages in main are supported by Canonical, those in universe by the community
<sdeziel> of course, the community can also provide support for packages in main
<lunaphyte> so would that then seem to imply that if makedev isn't in main any longer, your typical system shouldn't need it?
<sdeziel> lunaphyte: that's a correct interpretation
<lunaphyte> ok
<lunaphyte> thanks
<sdeziel> lunaphyte: a default/stock install/image only have packages coming from main, it's a policy at Canonical I think
<lunaphyte> makes sense
<tomreyn> now the really interesting question there is: does the upgrader uninstall those packages if it finds them installed.
<tomreyn> i previously claimed it does, but haven'T actually checked that
<tomreyn> does anyone know this OTOH?
<sdeziel> tomreyn: in the past I found that I needed to cleanup after the upgrader. At least my Puppet manifest takes care of purging ntpdate-debian from boxes that went from 14.04 to 16.04
<tomreyn> i've also had such situations, but during the 16.04 -> 18.04 desktop upgrade i went through the upgrader did actually purge ntp for me.
<tomreyn> ...i think
<tomreyn> (so that's package "ntp", not "ntpdate*"
#ubuntu-server 2019-01-18
<lordievader> Good morning
<frickler> coreycb: sorry, I was away yesterday. I have no feedback yet regarding new releases, I'm going to try to ask in the next meeting
<kstenerud> I'm a bit confused as to when to squash commits for a merge
<kstenerud> I have the following commit pairs that need to be squashed:
<kstenerud>     Fix DKIM signing in 2.11.0 (LP: #1770532)
<kstenerud>     d/p/patches/105_amavisd_fix_originating_dkim_signing.patch: correctly reference related Debian bug
<kstenerud> and
<ubottu> Launchpad bug 1770532 in amavisd-new (Debian) "DKIM signing not working in bionic" [Unknown,Confirmed] https://launchpad.net/bugs/1770532
<kstenerud>     Fix Debian/Ubuntu pathing in amavisd-release (LP: #1792293)
<kstenerud>     d/p/patches/100_more_amavisd_helpers_fixes: correctly reference related Debian bug
<ubottu> Launchpad bug 1792293 in amavisd-new (Ubuntu Cosmic) "amavisd-release use wrong socketname" [Undecided,Fix released] https://launchpad.net/bugs/1792293
<kstenerud> Also, the second pair need to be dropped since 100_more_amavisd_helpers_fixes has been fixed upstream
<kstenerud> So my question is: At what point in the merge process do I do the squashes?
<ahasenack> logical
<ahasenack> we want the logical to be, what's the word,
<ahasenack> ...
<ahasenack> in https://wiki.ubuntu.com/UbuntuDevelopment/Merging/GitWorkflow
<ahasenack> search for step "5. git rebase -i old/debian"
<ahasenack> that's the logical step
<ahasenack> the particular step that talks about consolidating the delta is
<ahasenack> "An additional goal in this step is to consolidate the delta, e.g. sometimes a change is added in one Ubuntu release and then removed in a subsequent Ubuntu release. The changes, in this case, should simply be dropped.
<ahasenack> "
<ahasenack> the example it gives is about a change being added and then dropped, so net result is zero
<ahasenack> the case above is a small fixup for a patch
<ahasenack> which also doesn't make sense to keep as a separate part of the logical
<ahasenack> "logical" represents the ubuntu delta that was added on top of the debian package
<ahasenack> note the logical tag has a version, so it means the ubuntu delta at that version
<ahasenack> the last step in the merge process it to apply the delta to the new debian package (new/debian tag)
<ahasenack> that's when the delta can change, due to several reasons
<ahasenack> patch already applied (so drop it), patch doesn't apply (needs refreshing), etc
<arooni> without doing a lot of setup/learning; is there a *high* level server performance app i can run alongside htop for a given server? (ubuntu 16.04)
<arooni> would tell me high level metrics for server performance / hard drive space etc/
<sarnold> arooni: when I'm curious about a system I normally check /proc/cpuinfo ; free -g ; and df -h
<tomreyn> arooni: maybe netdata / prometheus is roughly what you're thinking of, but "high level" could mean a lot of things.
#ubuntu-server 2019-01-19
<JanC> arooni: byobu can also show some very high level statistics...
<fallenour> hey everybody! Im having an odd issue with my install from 18.04LTS base image. I installed via bootable usb, installed Ubuntu using disk option "using * with LVM", and it installed, but added my primary disk space to sda3, used almost none of the availble space, installed all of my snaps at 100% disk usage for the /dev/loop/* instances, respective to each snap instance, and now Im unable to finish any snap configurations. A
<leftyfb> fallenour: again, the snaps using 100% of their read-only mounted containers is normal and not related to your issue at all
<leftyfb> Your issue is you only partitioned out 4gb of space to your root filesystem. You need to resize it
<fallenour> leftyfb: I understand that, but at some point, I need to be able to finish the application configuration install, which is part of the app, which is the snap. If the snap configuration file is whats being referenced in the snap instance itself, then it would have to be modifying the snap. "/var/snap/nextcloud/common/nextcloud/data " is the filespace referenced for the configuration change, which to the best of my knowledge, 
<leftyfb> No
<fallenour> know if that will interact directlly with teh stored space for that specific snap instance though, only that I do know its going to change the snap configuration.
<fallenour> leftyfb: No? I was told that /var/snap is where all snaps install, and thats where all the configuration files for snap are held. is there another place they are located?
<leftyfb> Your issue you need to address is resizing your / partition
<fallenour> leftyfb: Ok, we can at the very least digest this one issue at a time. Whats the safest way for us to resize the / directory size to the other 400+ GB avialble in sda3?
<fallenour> leftyfb: can we rob from peter to pay paul so to speak?
<leftyfb> boot a live CD and use the lvm tools and maybe gparted
<fallenour> leftyfb: yea I found this, but I dont know if I can do that with / : https://unix.stackexchange.com/questions/351961/moving-space-from-one-partition-to-another
<leftyfb> you're running what sounds like a production system with high availability and lvm and don't know how to use lvm or how to resize partitions?
<leftyfb> https://help.ubuntu.com/community/ResizeEncryptedPartitions # first result on Google for "lvm resize root partition"
<fallenour> leftyfb: to be perfectly honest? No. Not the slightest. I usually use Ceph for everythign storage related, but I want to at least try to be better. I havent used LVM in a long time now because I would simply work within ceph and use ceph osd pools instead of lvm, and so ive gotten really rusty with lvm.
<leftyfb> Time to catch up
<leftyfb> https://www.google.com/amp/s/computingforgeeks.com/extending-root-filesystem-using-lvm-linux/amp/
<leftyfb> Probably a better link
<fallenour> leftyfb: yea, its about time to pull out that polishing rag. I just want to make sure I dont damage anything. Once I get things up and running, its full production helping a lot of people who realyl need it. I dotn want to be the cause of lost data, and then the peopel we are helping end up suffering for it.
<leftyfb> To be honest, it's been many years since I've actually used lvm to resize anything. But I do remember funding documentation on it was easy
<leftyfb> If that's the case, then you need to understand how to manage these systems 100% in the case of failure
<leftyfb> Good luck
<fallenour> leftyfb: Yea, thats why im working on it. Production will allow for 0% margin of error, which is totally crushing me morale wise. Its a lot of stress, but its goign to be totalyl worth it in the end, I just need to get there. If I had known 18.04 direct build would have been this much hassle, I would have built 16.04 and upgraded from there.
<leftyfb> I've done 18.04 installs with no issue. It must have been something you did during the install
<fallenour> leftyfb: wiat, thats actualyl a good point. I can just rebuild, theres no data on it currently. What would I need to do in the build menu to fix this issue? All ILl need to rebuild is 2 servers.
<leftyfb> wipe the drive and so a normal install. Read what it says and make sure your selections are doing what you want
<fallenour> leftyfb: I went with all the default options, configured lan, gateway, dns, and selected which packages to install. Do you think that was the issue? Also, how much space would you recommend I give to root? I have no idea whats a good allocation for that.
<leftyfb> All of it
<fallenour> leftyfb: so all of the availble space?
<leftyfb> Do you have any reason not to?
<fallenour> leftyfb: no to the best of my knowledge. The web app servers will only server to host the applications in HA, with a 2 pair base for now, with the database HA clusters serving all of the data via the load balancers (HAProxy). to the best of my knowledge, Im not sure PostgreSQL (database chosen) will have to be on its own logical volume, and Ive seen no documentation recommending that as a best practice.
<Intelo>  What are the top 3 fastest email delivery (speed/bursts) providers?
<leftyfb> Intelo: looking to get into the spam game?
<Intelo> leftyfb,  analyzing their power
<leftyfb> Intelo: for what purpose? What does this have to do with ubuntu server?
<Intelo> ubuntu will be the host os
<Intelo> if I do it
<leftyfb> what's the purpose?
<Intelo> study?
<Intelo> discuss
<Intelo> info
<Intelo> curiousity
<Intelo> interest
<Intelo> anyone with a real answer/interest?
<mybalzitch> in spamming?
<Intelo> welcomed
<leftyfb> You might want to contact said companies to inform them of your testing. Some of them might have a ToS against what you're trying to do with their servide.
<leftyfb> service*
#ubuntu-server 2019-01-20
<Intelo> mailgun offers 250,000 mails per second. I wonder how many email servers it would have to ensure that
<leftyfb> Intelo: bottom line, I don't think you're going to get help with any of it here.
<Intelo> thats ok
<Intelo> I can wait for people who share the interest/knowledge
<leftyfb> Intelo: The point is, this isn't the place to discuss your intentions of bulk email/spamming.
<leftyfb> Intelo: this is a support channel for help with issues running an Ubuntu server.
<Intelo> leftyfb,  why did you dared to speculate my intentions?
<leftyfb> Intelo: see my last post. Your intentions are offtopic here. If you need help with issues you are having with your ubuntu server, feel free to ask. Otherwise, you'd be better suited discussion your goals elsewhere.
<leftyfb> discussing*
<Intelo> leftyfb,  will rephrase my question to show ubuntu relations in a minute. My objection was you using the word spaming for me
<mybalzitch> jesus christ
<leftyfb> Intelo: dancing around actual intentions, talking about 250k emails/s and coming from tor, I stand by my speculation 100%.
<Intelo> Question: I am curious and in search of being able to setup a comercial email server(s) on "Ubuntu" plateform (finger finger) with postfix as MTA. What things do I need to take care of (in regard to the OS; finger finger) to scale up for large volumes. Appreciate tips
<Intelo> leftyfb,  thats being rude and make speculations. Just speculations
<leftyfb> what company is this for?
<mybalzitch> Intelo: instead of speculating wildly, why not set up a test environment and see what issues you run in to. I imagine most of your questions will be postfix related, not so much ubuntu.
<Intelo> leftyfb,  leafline corp
<leftyfb> Intelo: "Leafline Corp" brings up zero results on google.
<Intelo> mybalzitch,  a) I have b) thats for me c) good to have experienced advice 'before' stepping. Otherwise schools would be pointles
<mybalzitch> Intelo: pointless for those who are unable to teach themselves?
<Intelo> leftyfb, its in china and off the google boundaries. BY THE WAY, why in the world someone wants the company name of which I am employed/related? rediculous
<leftyfb> Intelo: go test it yourself. If you run into issues with Ubuntu, feel free to ask for help here.
<Intelo> leftyfb, thats not the name of my company anyway.
<Intelo> typical..
<leftyfb> Intelo: I know
<Intelo> I also knew you were going to say "thats not on google. duh"
<Intelo> typical..
<Intelo> Question: how MTA smtp works? how can I send emails? Answer: You are going to spam? right? You are a spammer. Where  you work? your address? company? country? <- I have an F word now
<Intelo> nevermind. Ignore. Peace
<Intelo> waste of time. Go do something else. Don't waste time if not interested in the topic. Don't assume things if you either don't have knowledge/or interest on topic
<leftyfb> The liars are always the most defensive
<mybalzitch> goddamn what a toolshed
<mybalzitch> they just wanted to argue
<leftyfb> They originally wanted help with spamming. Then wanted to vehemently deny it
<Ool> imho, just a troll, better ignore, yesterday, in this chan or an other, it was the same
<typnix> Hello. I'm trying to install SElinux on 18.04. After disabling and removing apparmor and installing SElinux it is staying 'disabled'. Is there a way to solve this?
<typnix> I rebooted the server btw
<OerHeks> yes, good luck
<Th0th> I don't know if this is appropriate but I just picked up and old Dell 2950 and 2850.
<Th0th> I have the 2950 running Ubuntu server with a SSD i had to make shift in but I'm not too sure what i wanna do with it first.
<Th0th> any suggestions?
<bindi> electronic waste
<Th0th> Funny
<Th0th> Nah I think ill hold on to it for a bit
<Th0th> Its kind of fun to mess around with
<Th0th> nice to have and learn on for a beginner like me in networking and administration
<Th0th> Better that then a brand new system I'm prolly just gunna run into the ground
<runelind_q> I was thinking about migrating my FreeBSD system to Ubuntu.  I have several zpools with GPT partitioned drives.  Will Ubuntu be able to read those without issues?
<TJ-> runelind_q: I'd test that using the LiveISO first, but in theory yes it should
<runelind_q> that's a good idea
<JanC> runelind_q: ZoF supports some features that ZoL doesn't have yet, I think (and maybe vice-versa)
<JanC> like, I read somewhere that ZoF has support for NFSv4 ACLs while ZoL doesn't have it yet
<JanC> although that might be outdated by now  :)
#ubuntu-server 2020-01-13
<CyberFingers> I am not able to update "sudo apt update|more
<CyberFingers> WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
<CyberFingers> Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
<CyberFingers>   Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1560:8001::11). - co
<CyberFingers> nnect (101: Network is unreachable)"
<cpaelzer> good morning
<lordievader> Good morning
<coreycb> jamespage: sahid: I'm working through promotions to -updates across the cloud archives for anything that's verified
<sahid> coreycb: ack, can i help on anything?
<coreycb> sahid: I think at the moment we're ok, thanks. got a lot of things verified last week and just need to get them released.
<sahid> ack, i'm trying to fix packages that are failling autopkgtest so
<jamespage> coreycb: awesome thanks
<coreycb> sahid: thanks, good idea. if you come across networkx, I have that covered. I'm working on fixing up the component mismatches for that but also hitting other issues with it.
<shubjero> coreycb: Are you aware of these deprecation warnings for train cinder on 18.04? https://paste.ubuntu.com/p/Svw5CsZpsM/
<shubjero> coreycb: I guess they are more of OpenStack's problem and not Ubuntu. The one about policy enforcement is annoying though because I don't even use a cinder policy file and just rely on the built in "sane defaults".. which maybe are deprecated and causing this warning too?
<coreycb> shubjero: hi, I don't think I've seen those. yes that would be my next question is whether they are an upstream issue or limited to our package code.
<coreycb> shubjero: we try to use upstream config by default as much as possible whether that be the static copy from usptream source or a generated copy based on how upstream generates (ie. tox.ini)
<coreycb> shubjero: right and policy is in code mostly now
<shubjero> coreycb: Yeah, it looks like I probably have to ignore these warnings for now and drop them from my ELK stack as its fairly frequent and clutters the logs
<coreycb> shubjero: it'd be worth getting a bug opened upstream if it looks it's not yet fixed in master and there isn't already a bug open. unless your deployment tooling is possibly laying down any policy config.
<shubjero> coreycb: yeah ill look at upstream
<shubjero> coreycb: thanks
<vlm> how could i make sure i actually write to a disk mounted at mount point rather than the mount point itself in root disk or how does it work? I could do a conditional in my script and grep output of mount command is there another way though??
<lordcirth> vlm, what does this script do, and how will it be run?
<lordcirth> vlm, an easier way might be to touch a flag file inside the mount, and check for its existence. Alternatively, if this will be run as a systemd service, you can have systemd check
<vlm> lordcirth: ohh you mean like create a lock file of some sort?That ive done before didnt remember ,thats actually good enough for thanks!
<lordcirth> vlm, you could lock it as well, but simply "if this file is here, then it's mounted, because this is only on the mount" works
<vlm> lordcirth: ive done that before thats just whats needed then i just exit script if its not present
<sdeziel> vlm: you might want to use "mountpoint" to test if the dir is a mountpoint or not
<vlm> sdeziel: thats another good suggestion aswell thanks,always these usefull commands laying around always forget about or dont discover
<fluvvel> Q: if I clone a partition with hard links, am I going to have any issues on the new drive?
<fluvvel> I've been trying to rsync -avrH the contents and I'm 4 days into a 1.4TB copy, its killing me
<sweb> i i forward all syslog to services is all logs of my system will be captured ?
<sweb> is there any thing else to capture ?
<sdeziel> fluvvel: you should have no issue with the new drive but yeah, rsync can take a while (newer rsync versions (3+) are better)
<sdeziel> fluvvel: are you rsync'ing a BackupPC pool or a rsnapshot partition?
<sarnold> sweb: some things may be logged only to the systemd journal; other applications will log to their own files without using any other logging framework. auditd logs aren't included in syslog either.
#ubuntu-server 2020-01-14
<Kyoku> is the ubuntu core image for IoT fully encrypted?
 * tomreyn pointed Kyoku to #snappy in #ubuntu-arm (CP)
<mybalzitch> since you can install from it, I doubt it
<genii> If it was, the passphrase/key would be identical on every machine it got installed to, defeating the purpose of having encryption
<Kyoku> trying to find a guide to fully encrypt an ubuntu core image for Pi4 but not much luck, the general ones for ubuntu don't list core as a valid option
<Kyoku> unless docs are just out of date
<tomreyn> ubuntu desktop/server on the one hand and core on the other are really rather different systems, at least at this time.
<tomreyn> see also https://ubuntu.com/core -> "Add-ons to SMART START" -> "Full Disk Encryption"
<Kyoku> oh great, a $30,000 plugin just to get encryption
<Kyoku> no thanks
<lordievader> Good morning
<cpaelzer> hiho lordievader
<cpaelzer> how are you today?
<lordievader> Hey cpaelzer, doing good here. How are you?
<cpaelzer> good while fighting the world (of bugs)
<lordievader> As regular ;)
<coreycb> jamespage: sahid: I updated the dh-python patch in ca-patches. it switches python2-* to python-* binaries. something to keep an eye on if we get any odd behavior in that area. it should fix up the current sphinx backport failure.
<jamespage> coreycb: great thanks for the headsup
<sahid> coreycb: ack thanks
<Olof_szary> hello, I am trying to install ubuntu server. The installer crashed in probert/storage.py on line 169. fdisk -l seems to see all the drives correctly
<tomreyn> which version of ubuntu server is this, can you tell by the .iso name?
<Olof_szary> is there any way to tell if from inside the boot system?
<Olof_szary> 4.15.0-55-generic kernel, #60 Ubuntu
<ChmEarl> bionic
<Olof_szary> yes
<ChmEarl> Eoan 19.10 has kernel-5.3+
<Olof_szary> oh, I thought you meant the numeric number. It is bionic
<tomreyn> bionic is now at linux-image-4.15.0-74-generic - so this *may* be 18.04.3
<ChmEarl> its easy to tell from kernel version what release
<tomreyn> so which is it?
<Olof_szary> bionic. (as seen from /etc/apt )
<Olof_szary> seems from Jul 2019
<tomreyn> that'd be 18.04.3 indeed
<tomreyn> now, is your goal identifying the root cause or getting the installation working?
<ChmEarl> Olof_szary, might want to write zeros to the MBR of your install drive
<Olof_szary> the ultimate goal is to have ubuntu server running on that machine
<tomreyn> https://github.com/CanonicalLtd/probert/issues/77 https://bugs.launchpad.net/subiquity/+bug/1858447
<ubottu> Launchpad bug 1858447 in subiquity "subiquity calls probert's Storage.probe with incorrectly typed probe_types" [Undecided,New]
<Olof_szary> I believe the best bet is to get a newer version and try again. but also: since I am here in server room and don't want to go back to office to redownliad it, i was wondering if it's well know bug
<Olof_szary> so, it was reported
<tomreyn> do you have similar hardware (HW RAID, dell poweredge server) there?
<Olof_szary> yes
<tomreyn> it's a rather young report and there's no indication that it's been fixed yet so the workaround i had in mind, updating subiquity, may not help.
<tomreyn> you could still try though ("snap refresh subiquity" from another tty)
<Odd_Bloke> Some of the comments in that report suggest that it has been fixed already, so a refresh might do it.
<tomreyn> Olof_szary: either way, please add what you can to qualify this report further, since it could use more info.
<Olof_szary> what is interesting is that my collegue was able to install ubuntu desktop version here.
<tomreyn> they use different installers, so it's not too surprising
<Olof_szary> but ubuntu server fais
<Olof_szary> ok
<tomreyn> Odd_Bloke: right i missed comment 2
<tomreyn> https://github.com/CanonicalLtd/subiquity/commit/8097ad62bf2072729bdee44c6d0e7e73e7b10429
<Olof_szary> is gpm missing in ubuntu server?
<Odd_Bloke> That does look like it would have fixed it.
<tomreyn> a server with a mouse?
<Odd_Bloke> Olof_szary: GPM?  (There is a package named gpm.)
<Olof_szary> ok, it was not in the default installer, but apt-get update got the package
<Olof_szary> https://github.com/CanonicalLtd/subiquity/commit/8097ad62bf2072729bdee44c6d0e7e73e7b10429
<Olof_szary> sorry
<Olof_szary> using elinks + gpm combo to follow the links
<Olof_szary> ok, how to restart the installer?
<tomreyn> you don't strictly need to view those web sites. either refreshing the snap helps or not
<Olof_szary> error: requested a non-existing branch on latest/stable for snap "subiquity": ubuntu-18.04.3
<Olof_szary> on: sudo snap refresh subiquity
<tomreyn> oh interesting, it vanished off the snap store
<Olof_szary> it seems that the bug in python is with using list instead of dictionary.
<Olof_szary> but the file is not editable, since it is there: /dev/loop6       51M   51M     0 100% /snap/subiquity/1093
<Olof_szary> So, best way to re-download the installer then, isn't it?
<tomreyn> https://github.com/CanonicalLtd/subiquity discusses how to build your own installer
<tomreyn> you could also try a daily image if there still are any, but those can be broken
<tomreyn> or try your luck again here suring UK business hours
<tomreyn> *during
<Olof_szary> well, thanks
<tomreyn> that would have been http://cdimage.ubuntu.com/ubuntu-server/bionic/daily-live/current/
#ubuntu-server 2020-01-15
<dirtycajun> So i have a zfs mount that is mounted at /mnt/media and a ext4 mount mounted at /mnt/media/storage. I need to ensure that the ext4 mount does not mount until zfs mounts. Is there a more graceful way then @reboot crontab hacky script
<tds> dirtycajun: what version of ubuntu and zfs?
<sarnold> dirtycajun: if /mnt/media is mounted by zfs and /mnt/media/storage is listed in /etc/fstab, there's a pretty good chance the right thing will already happen
<sarnold> dirtycajun: if /mnt/media is LEGACY then you ought to be able to stick both lines in /etc/fstab and I'd expect that to work too
<dirtycajun> Ubuntu 18.04.3 and zfs 0.7.5-1ubuntu16.4
<dirtycajun> unfortunately it literally NEVER does it in the right order. And since the second happens first, the first cannot happen as its in use
<dirtycajun> and yes, zfs is mounted by zfs and ext4 is mounted by fstab in this case
<tds> ah, so before zfs-mount-generator, i think that's only in 0.8 (and actually fixes this)
<tds> you could probably use the x-systemd options in fstab so your mount only happens after zfs-mount.service though?
<dirtycajun> ,x-systemd.requires=zfs-mount.service
<dirtycajun> i have that currently tho
<dirtycajun> and damn. does 20.04 bundle with 8.* zfs ?
<dirtycajun> erm 0.8.*
<sarnold> yes, that the moment it's a 0.8.2 https://launchpad.net/ubuntu/+source/zfs-linux
<dirtycajun> so hack it for 4 months then upgrade. could be worse
<dirtycajun> thank yall.
<tds> hmm, that is odd - and the generated mount unit has requires set properly and everything?
<sarnold> dirtycajun: if you've got the time this might be worth a bug report; 18.04 will live on for a while, and maybe it'd be nice for this to be fixed (no promises of course, but an unfiled bug can't be fixed :)
<dirtycajun> True. I would need to dig through bootup and logs to see exactly where its shitting the bed though to file the report. Its a longstanding issue. It actually causes castcading problems that i have fixed like docker starting which lets k8s pods schedule which cant reach a mount etc
<dirtycajun> tds looks like 0.7.13 is the release of zfs-mount-generator
<dirtycajun> still not at that freeze but an fyi
<sarnold> dirtycajun: ubuntu-bug zfsutils-linux    will probably get to the right place
<lordievader> Good morning
<tilerendering> not sure whether this is the right channel to ask, but: am I correct in the assumption that Ryzen-based servers are not really made for that purpose? i.e. the Ryzen being a workstation cpu (low latency) rather than one assuring high throughput?
<tomreyn> tilerendering: Yes, that's correct. As Intels has a server CPU line, Xeon, AMD also has one, called Epyc.
<tomreyn> this said, there are also companies running datacenters with intel desktop/workstation cpu based dedicated 'servers', since this can still be worthwhile for the cheaper segment.
<tomreyn> oh, you cross-posted :-/
<tilerendering> tomreyn: I wonder whether I should migrate my proxmox on ryzen to proxmox on xeon
<tomreyn> tilerendering: i don't think i can help you make this decision.
<dannf> where can i find docs on netbooting subiquity? google wasn't much help there
<albech> just spun up a backup of an old server. Within that snapshot is the system disk which is accessible, but there is also another disk which is marked data on the hypervisor.. That particular disk doesnt appear in fstab and when i try to mount it i get an error that it is: wrong fs type, bad option, bad superblock. Looking and the disk in fstab doesnt reveal anything else.. Could this some encrypted partition.?
<albech> Note that I had to chroot into the system and create a new sudo user
<albech> and I didnt build the system initially
<albech> went through old history and no signs of mounting this other drive
<ahasenack> what does fdisk -l say about that disk?
<albech> ahasenack: https://paste.ubuntu.com/p/bC4xqbPTsn/
#ubuntu-server 2020-01-16
<lordievader> Good morning
<kierank> Is there a way of having grub-installer/bootdev and partman-auto/disk fallback
<kierank> I'm having problems with nvme drives trashing my usb stick installer
<dannf> Odd_Bloke: not sure if you'd know, but are there docs available somewhere on booting subiquity via PXE?
<Odd_Bloke> dannf: I'm sure I wouldn't. ;)  mwhudson is your best bet, though I think he's on vacation ATM.  Maybe ping mclemenceau on internal IRC to figure out who to bug?
<dannf> Odd_Bloke: ok, thx!
<Odd_Bloke> (I don't mean "bug" in a derogatory way!  Sorry if it read that way. :)
<TwistedBlizzard> Hi all, I just installed Ubuntu Server using PXE and my machine boots fine but I'm not presented with a login prompt. I can access the TTY using the keyboard shortcut.
<tomreyn> TwistedBlizzard: there can be a lot of console spam from cloud init, i assume you pressed enter to check whether it's just that?
<tomreyn> if it's not that, maybe provide more details on how you installed.
<TwistedBlizzard> I didn't try that - I'll reboot and see
<sarnold> hah, that'd make a ton of sense
<TwistedBlizzard> It was that, cheers!
<sarnold> tomreyn: well done :)
<tomreyn> hehe
<Odd_Bloke> I have 100% power-cycled a machine multiple times before thinking to try that. >.<
<Odd_Bloke> Black screen?  RIP I guess
<TwistedBlizzard> I removed quiet splash and now I don't even need to hit enter
<TwistedBlizzard> Odd_Bloke I ended up going one further and reinstalling.
<Odd_Bloke> TwistedBlizzard: It's good to be thorough. ;)
<TwistedBlizzard> Odd_Bloke: with GRUB not showing by default I was sure I'd borked the install
#ubuntu-server 2020-01-17
<dpill11> Hello! Wondering if anyone can help me with an installation issue I'm having. I'm trying to install Ubuntu 18.04.3 LTS on a HP ProLiant DL360 G7. During the initial boot I receive the error "can't load firmware file bnx2/bnx2-mips-09-6.2.1b.fw" ... I was able to locate the firmware files and I've tried placing them in the root directory and into
<dpill11> /firmware directory that I made on the USB drive that has the install for Ubuntu. For some reason the install can't find the file and I'm wondering if anyone has some suggestions on how to get the install to see the firmware file.  Thanks in advanced.
<lordievader> Good morning
<shubjero> ping ?
<genii> shubjero: Yes, we see what you type
#ubuntu-server 2020-01-18
<calcmandan> i host my own groupware server (citadel) and it works really well for me. i also subscribe to newsgroups and use them across a variety of computers/pda/tablets. know of any good servers that i can have collect the newsgroups i subscribe to and can sync? something like imap but for newsgrouops?
<calcmandan> citadel doesn't support nntp yet.
<calcmandan> it would be on a ubuntu server host, of course.
<tomreyn> someone younger than me would probably ask "newsgroups, is this something like twitter or instagram?" now.
<tomreyn> chances are that if citadel hasn't yet learnt nntp, it also won't in the future
<JanC> there are tools to sync from NNTP to IMAP folders also
<JanC> calcmandan: maybe leafnode is what you are looking for
<JanC> or maybe sn
<Teikoman_fi> Would someone happen to know if this patch( https://bugs.launchpad.net/uvtool/+bug/1781785 ) is possible to have on Ubuntu 18.04 instead of using 3rd party patch script to install as the network-config is for example required if wanting to use additional ipv4 subnet for the vms on Hetzner(but this does have the sad side effect that the usual
<Teikoman_fi> `uvt-kvm ip <vm>` is unable to get the assigned IP address though this is not issue if using domiflist and arp -a to verify connection and IP address)
<ubottu> Launchpad bug 1781785 in uvtool "Unable to set network-config" [Wishlist,Fix committed]
<Ussat> does anyone know what version of redis is avaliable in Ubuntu ?
<tomreyn> Teikoman_fi: unlikely, unless you do it, i'd say. it's in universe, so community maintained, making it less likely that there'll be officially matained backports. i'd consider it a feature which will only be introduced in 20.04 LTS (or is already in starting 19.10 if you use that on servers), but still community maintained.
<tomreyn> Ussat: use https://packages.ubuntu.com or the rmadison command (devtools)
<tomreyn> i mean package "devscripts"
<Ussat> I found it, 4.09
<tomreyn> there's also https://qa.debian.org/madison.php?package=redis&table=ubuntu
<tomreyn> apparently "ubuntu" == "Ubuntu 18.04 LTS" then
<Teikoman_fi> tomreyn: well the patch can be installed on ubuntu 18.04 but um I have absolute 0 knowlege on how to even request such feature to be merged into 18.04. For example this guide ( https://blog.adamretter.org.uk/bridged-kvm-virtualisation-at-hetzer/ ) had the patch for those that were using earlier version than 19.10 so I already verified that it indeed works with 18.04 but would be amazing to see it added to
<Teikoman_fi> 18.04 world. also that same person had the launchpad bug request had second last comment that they may stop backports but also had no verification if it could be added(not sure what the mentioned python 3 stuff would mean but Ubuntu 18.04 should not be "that old" to not support them)
<Teikoman_fi> Sure I really wait for 20.04 to arrive but ofc it's always it's own pain to try direct upgrade jump from 18.04 to 20.04 and learn what has completely changed with the addition on the guides will appear slowly for them not to mention what bugs could be found
<tomreyn> Teikoman_fi: this was just my interpretation, you're welcome to interpret it differently. ;-) The comment you are referring to is that of a regular here, but I don't see them offering to ensure support in 18.04 so you'll probably need to ensure this on your own - just requesting it is probably not enough (though it might be if you have a support contract with canonical, i could not tell)
<Teikoman_fi> tomrey: like mentioned that I lack the knowledge and skills to do anything related to that really so yeah it probably is going to be impossible for which I am glad the 3rd party patch works. In the end I just hope this patch works til 20.04 is out and battle tested as I usually prefer using the latest LTS if possible(it also is going to have the new network-manager update containing bridge stuff assuming
<Teikoman_fi> features from 19.10 will find their way there). Life without that patch currently is just impossible for me when playing around with KVM + Uvtool :)
<tomreyn> Teikoman_fi: i didn't mean to blame you for not knowing how to, i haven't contributed in this way either. this is how you could get started if you would like to try: https://wiki.ubuntu.com/ContributeToUbuntu
<tomreyn> i see how uvtool needing this 3rd party patch poses a problem for anyone working in hetzners' or comparable environments
<jayjo> I'm trying to setup an ubuntu server cluster to require either a google authenticator or yubikey 2fa when ssh is established. Does this require two different PAM modules? Can I enable both modules, but require a user to use one or the other? That way, if one is lost, the other can be still be used?
<faekjarz> Hi, anyone with a Zen2/Rome EPYC CPU in here? I'd like to know the results of 'cryptsetup benchmark'. (in particular, the single-socket P variant CPU, any other will do
<faekjarz> )
#ubuntu-server 2020-01-19
<calcmandan> jayjo: no it doesn't. there's a great article on setting this up. let me find you a link
<calcmandan> i followed this when i setup google authenticator and it worked like a charm
<calcmandan> jayjo: https://askubuntu.com/questions/609117/how-to-setup-two-factor-authentication-in-ubuntu-for-ubuntu-users-using-google-a
<calcmandan> jayjo: anytime you login via ssh it'll challenge.
<calcmandan> JanC: thanks i'll look into both.
<prappl93> Hey all, I have a server I'm running that has 2 NICs, one configured using a static IP and the other using DHCP. I have the DHCP one in a bridge for 2 VMs, but I'm unable to access the static IP from outside of the server itself. Anyone have any suggestions or would be able to look at my interfaces configuration? This is on Ubuntu Server 16.04
<tomreyn> i suggest posting you configuration, this could increase chances of someone responding.
<prappl93> https://pastebin.com/MVGqW4dx
<teward> prappl93: normally, not forwarding between the two interfaces is a result of either ipv4 forwarding not being enabled at sysctl and overly restrictive rules on your firewall
<teward> since you need the FORWARD chain of netfilter to accept forwarding traffic to/from interfaces within the system
<teward> or NAT rules being wrong and exfil from your system over the DHCP's gateway instead of staying internally
<Wally> I'm having some issues binding a Ubuntu machine via realmd / adcli/ it's complaining about keytab authenication - This is what the logs spit out https://pastebin.com/3dS08mDp
<tomreyn> see bug 1842951
<ubottu> bug 1842951 in adcli (Ubuntu) "adcli join fails " [Undecided,Confirmed] https://launchpad.net/bugs/1842951
<Wally> You're fast ;)
<Teikoman_fi> Does someone know how big of an job would it be to decipher uvtool python code into bash/command sequences? Been trying to figure out what it does and how plus what the config files look like if I would want to do it using the virsh way and I am so reliant on the network-config & bridge part because of Hetzne
<Wally> Great I need to do more work :P
<Wally> Cheers. That worked
<tomreyn> yw
<Teikoman_fi> Because of Hetzner side of things and would like to someday see if the uvtool easyness of vm creation could be ported to virt-manager(nowadays Cockpip)
